Binance logo displays on a mobile phone screen

CFTC sues Binance, CZ for ‘calculated’ violations of US regulations

Getting your Trinity Audio player ready...

Binance has been slapped with a civil suit accusing the world’s largest digital asset exchange of taking a “calculated, phased approach” to violate U.S. commodities regulations.

On Monday, the Commodity Futures Trading Commission (CFTC) filed a civil suit in the U.S. District Court for the Northern District of Illinois against multiple Binance entities, as well as its founder Changpeng ‘CZ’ Zhao and its former chief compliance officer Samuel Lim.

The CFTC says the accused “violated core provisions” of the Commodity Exchange Act (CEA) and CFTC regulations governing commodities trading by, amongst other crimes, offering unregistered derivatives products to U.S. customers. The suit seeks disgorgement, civil monetary penalties, permanent trading and registration bans, and a permanent injunction against further such violations.

CFTC Chairman Rosnim Behnam said: “For years, Binance knew they were violating CFTC rules, working actively to both keep the money flowing and avoid compliance.” Gretchen Lowe, deputy director of the CFTC’s enforcement division, added that “the defendants’ own emails and chats reflect that Binance’s compliance efforts have been a sham and Binance deliberately chose – over and over – to place profits over following the law.”

While we encourage you to read the entire suit, our coverage will focus on Lowe’s reference to the defendants’ communications. Without disclosing their methods, the CFTC somehow managed to obtain a litany of internal Binance communications, including private chats and the contents of CZ’s own phone.

The suit notes that these communications show that CZ is “responsible for all major strategic decisions, business development, and management of the Binance enterprise,” including “whether and how to implement and enforce anti-money laundering (AML) controls and Know Your Customer (KYC) procedures.”

CZ’s hands-on involvement isn’t limited to high-level decisions. The suit cites him personally approving a $60 office furniture expense in January 2021. The CFTC spells it out plainly: “Zhao answers to no one but himself.”

Late Monday, CZ issued a blog post slamming the CFTC’s “unexpected and disappointing civil complaint,” which he claimed contains “an incomplete recitation of facts.” The rest of the post is Binance’s standard ‘Non-compliance? Us? Never!’ schtick, insisting that its compliance efforts are second to none, yada yada yada.

But on-chain data shows plenty of Binance customers frantically hammering the ‘withdrawal’ button on fears that other federal agencies—including those able to file criminal charges—may be prepping their own bombshell releases.

One possible impact of Monday’s news was a U.S. federal court temporarily overruling a bankruptcy court’s decision to permit the acquisition of Voyager Digital’s assets to Binance.US. Late Monday, U.S. District Judge Jennifer Rearden granted the U.S. Department of Justice’s emergency application for a stay of the Bankruptcy Court’s confirmation order for the DoJ to pursue its appeal of the order.

Tai Chi vs. a punch in the face

Much of the suit focuses on Binance’s highly publicized pretend exit from the U.S. market in 2019, a strategy the company dubbed ‘Tai Chi.’ American customers were supposed to transfer their affections to the allegedly ‘independent’ U.S.-licensed Binance.US exchange, which claimed to merely license Binance’s technology and brand, without any further involvement by the dot-com mothership or CZ.

The suit notes that Binance.com took no steps to limit or restrict U.S. customers from trading on its platform in the two years following its 2017 launch. During the summer of 2019, just weeks before the launch of Binance.US, internal Binance reporting showed the U.S. accounted for 19% of all trading revenue.

Keen to maintain this U.S. revenue, Binance failed to block U.S. customers from accessing its dot-com site after Binance.US launched. The exchange “simply added a pop-up window” that appeared when customers attempted to log in from a U.S.-associated IP address, but only required a single click to bypass and fully access account services.

Internal reports showed that, as late as June 2020, 17.8% of Binance.com customers were still located in the U.S., and these customers generated 22% of Binance’s revenue. One year earlier, CZ told in a meeting with senior staff that Binance’s “message is never about Binance blocking U.S. users, because our public stance is we never had any U.S. users.”

In March 2019, CZ warned certain Binance staff about limiting who saw internal data regarding U.S. customers. Specific reports were for his eyes only, with staff told to “not distribute it, especially [to] guys who have to deal with U.S. regulators.”

Very poor notion

Binance’s promotion of virtual private network (VPN) technology to evade geographic restrictions began the same year Binance.US launched. In March 2019, compliance chief Lim told colleagues, “CZ wants people to have a way to know how to vpn … it’s a biz decision.”

Lim told Binance’s CFO the following month that the company was “pretty explicit” about encouraging VPN use to dodge restrictions. “Hence CZ is okay with blocking even usa.” In February 2020, Lim educated a co-worker thusly: “On the surface we cannot be seen to have U.S. users but in reality we should get them through other creative means.”

This workaround was even more of a priority for customers with money to burn. In July 2020, Lim told a staffer, “we always have a way for whales” to transition from Binance.US to Binance.com. “CZ will definitely agree to this lol.” Later that month, Lim declared that “if the volumes are good, we can find a way to backdoor them to .com.”

To minimize the risk of exposing Binance’s subterfuge, CZ informed staff in October 2020 that any communications regarding the “U.S. ban” should be done via the Signal encrypted messaging application, which offers an auto-delete option. The suit cites a long list of “Signal text chains or group chats collected from Zhao’s telephone [that] were among those set to auto-delete.”

To further limit the risk of exposure, CZ directed staff to geographically reclassify all of Binance.com’s U.S.-based customers as UKNWN. From September to October 2020, Binance’s number of UNKWN customers jumped from 310,000 to 2.83 million.

And yet, as of May 2022, Binance hadn’t filed a single suspicious activity report (SAR) in the U.S., despite filing such reports in other jurisdictions.

The secret ingredient is crime

According to an internal chat log from October 2020, Lim told other compliance personnel that the company’s compliance department was limited to “email sending and no action … for media pickup … I guess you can say its ‘fo sho.'”

In August 2019, Lim assured a U.S. state financial regulator that Binance “screens all its customers prior to the establishment of a business relations or undertaking a transaction against [Office of Foreign Assets Control (OFAC)], EU, U.K. and Hong Kong sanctions … Binance performs customer due diligence anytime … there is suspicion of money laundering or terrorism financing.”

But four months later, Lim told a colleague in an internal chat that “.com doesn’t even do AML namescreening/sanctions screening.”

The extent of this compliance pantomime even extended to Paxos Trust, which until recently was Binance’s partner on the BUSD stablecoin. In October 2020, at Paxos’ request, Binance submitted to a compliance audit. But Lim told his team that the auditor Binance hired would “just do a half assed individual sub audit on geo[fencing]” to “buy us more time.”

This bogus audit confused Binance’s Money Laundering Reporting Officer (MLRO), who wondered why she was being asked to “write a fake annual MLRO report to Binance board of directors wtf.” Binance has never had a board of directors, but Lim replied “yes its fine I can get mgmt. to sign” off on the fake report.

This MLRO was quoted in another 2020 chat saying, “we see the bad, but we close 2 eyes,” in reference to a discussion of Russian customers on Binance. Lim didn’t even bother playing dumb, saying: “Like come on. They are here for crime.”

Speaking of Russia, in July 2020, a colleague asked Lim whether they should ‘offboard’ a customer whose transactions totaling millions of dollars were “very closely associated with illicit activity.” Lim instructed the staffer to tell the customer “to be careful with his flow of funds, especially from darknet like [Russian marketplace] hydra. He can come back with a new account. But this current one has to go, it’s tainted.”

More recently, Binance was found to have handled $346 million in suspected proceeds of crime from another Russian darknet site, Bitzlato. This is in keeping with what Lim indicated was CZ’s philosophy of turning a blind eye to anything that might curb Binance’s revenue: “Don’t need to be so strict. Offboarding = bad in cz’s eyes.”

The trades are coming from inside the house

The suit alleges that Binance has traded on its platform through around 300 “house accounts” that the CFTC claims are “all directly or indirectly owned by Zhao,” as well as accounts owned by CZ-controlled market-makers Merit Peak and Sigma Chain. Merit Peak was recently cited in reports as the firm to which CZ transferred over $400 million from bank accounts supposedly controlled by Binance.US.

The suit notes that Binance doesn’t inform its customers that it trades on its own platform, nor that these 300+ accounts have reportedly been exempted from Binance’s‘ insider trading’ policies. The accounts also aren’t subject to the exchange’s anti-fraud and anti-manipulation rules (such as they are).

The CFTC doesn’t opine on why CZ would need so many accounts, but it fits with rampant suspicions that Binance engages in heavy wash-trading to artificially manipulate token values when doing so suits its purposes (such as executing a short squeeze on Binance futures traders).

CZ’s blog post claimed that he has only “two accounts” on Binance and insisted that Binance “does not trade for profit or ‘manipulate’ the market under any circumstances.” Binance does convert crypto “from time-to-time to cover expenses in fiat or other crypto currencies. We have affiliates that provide liquidity for less liquid pairs. These affiliates are monitored specifically not to have large profits.”

Speaking of, the CFTC alleges that Binance relied heavily on third-party brokers “to solicit and accept orders for Binance’s digital asset derivatives from institutional customers, including those located in the United States.” Despite Binance’s Terms of Use stating that Binance accounts can only be used by account registrants, it allowed at least two ‘prime brokers’ to open ‘sub-accounts’ through which a number of unidentified ‘Trading Firms’ trade derivatives on Binance.

Angels or demons

In July 2019, Lim told a subordinate that the VPN workaround for users in restricted markets “cannot come from us … but we can always inform our friends/third parties to post (not under the umbrella of Binance) hahah.”

This arms-length strategy still appears operational in China, which banned crypto trading in 2021. Last week, CNBC released a report derived from “hundreds of messages from a Discord server and Telegram group, which are controlled and operated by Binance” and boast over 220,000 Chinese-language users.

CNBC claimed the accounts it monitored were run either by Binance employees or so-called Binance Angels, a Binance-sponsored program of “our most active and passionate community builders” looking to “help advance the crypto cause.”

The messages issued by these accounts offer tips on how to circumvent Binance’s KYC, residency and verification systems, including how to forge bank documents. Video guides walk mainland Chinese residents step-by-step through the process of providing false residency data to obtain a Binance debit card, after which customers can fund their exchange accounts through their regular bank accounts.

In May 2022, a Binance employee told one mainland resident looking to register with the exchange to use a VPN indicating they were in Taiwan and register via an overseas email (Outlook, Gmail, ProtonMail, etc.). Once registered, the customer could revert to their actual Chinese identity during the authentication phase, after which they could trade to their heart’s content.

Last December, a Binance community manager alerted group participants to the existence of an app hosted on Tencent that allowed mainland Chinese to register using a Chinese phone number, with no VPN required. Accounts could be funded with WeChat or Alipay.

A Binance spokesperson denied the existence of a customized “Binance Chinese Android app” and told CNBC that the exchange had “taken action against employees who may have violated our internal policies, including wrongly soliciting or making recommendations that are not allowed or in line with our standards. We have strict policies requiring all users to pass KYC by providing us with their country of residence and other personal identification information.”

But as we’ve seen, the statement above is meaningless. Binance is incapable of telling the truth if they believe any outsiders are listening.

Bin(ance) Laden

Duke University professor Sultan Meghji told CNBC that Binance’s disinterest in respecting KYC guidelines and country-specific laws gave him concerns “about the national security implications of how terrorists, criminals, money launderers, cyber people in North Korea, Russian oligarchs, etc., could use this to get access to this infrastructure.”

That’s not idle fearmongering. The CFTC suit cites Binance compliance chief Lim telling another staffer about “HAMAS transactions” on Binance. Lim helpfully explained that terrorists traditionally send “small sums” because “large sums constitute money laundering.”

Lim was all too skittish about being caught lying to U.S authorities – particularly OFAC, the Treasury Department unit that focuses on economic sanctions violations and terrorist financing. In December 2018, Lim told colleagues, “there is no fking way in hell I am signing off as the cco for the ofac shit.” Lim added that Binance’s customer support was “teaching ppl how to circumvent sanctions.”

Even CZ was cognizant that Binance was not merely fudging red lines; it was obliterating them. In June 2019, he told senior staff that “there are a bunch of laws in the U.S. that prevent Americans from having any kind of transaction with any terrorist, and then in order to achieve that, if you serve U.S. or U.S. sanctioned countries there are about 28 sanctioned countries in the U.S. you would need to submit all relevant documents for review [but that is not] very suitable for our company structure to do so … We are already doing a lot of things that are obviously not in line with the United States.”

There you have it. CZ and his top lieutenants, actively conspiring to undermine U.S. government efforts to thwart terrorist financing. Whatever securities or commodities violations might be in the pipeline; they’re traffic tickets compared to this. Uncle Sam has all he needs to bring down the RICO hammer on CZ’s head and the rest of his staff, with penalties of up to 20 years in prison for all those jointly and severally responsible.

Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups—from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple,
Ethereum, FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.