Europol report on Wasabi Wallet reveals law enforcement scrutiny

In April, Europol’s EC3 European Cybercrime Centre produced a report focusing on Wasabi Wallet, which it claimed attracted its attention due to an increasing number of investigations involving its users. Blockchain analysis tools revealed the highest percentage of Wasabi Wallet transactions ended at darknet markets, followed by exchanges. The report, intended to be internal-only, leaked and has been published on the internet.

In February we published a warning against using “coin mixers” to anonymize Bitcoin transactions. More recently, law enforcement agencies have also begun to scrutinize data from digital asset wallets and networks that tout privacy/anonymity as a built-in feature. While simply using these systems may not be illegal, they are often used by bad actors for illegal purposes. As a result of this, these networks and their networks will come under increasing scrutiny.

Effective… for now

Wasabi Wallet uses a method called “CoinJoin.” CoinJoin is different to the old-school mixers in that it combines transactions from multiple users into one big transaction with multiple inputs and outputs. This makes it more trustworthy than mixers, which are often run by unknown parties and with no guarantee of success or redress when things go wrong (and they do).

The more users CoinJoin has, the more private and reliable it becomes. Wasabi Wallet also runs all its network traffic over Tor, which (at least in theory) adds privacy. It also employs “block filters” which aid in obfuscating transaction information further by downloading full blocks of data, making it less clear which address is the one investigators should be looking at.

Europol’s report admitted Wasabi Wallet “is a very effective decentralised Bitcoin mixer with many privacy-focused options,” and “provides possibly the most convenient and secure way to mix Bitcoins.”

This has made it quite popular, and means it “naturally also attracted those involved in criminal activities.” Working with blockchain forensics firm Chainalysis, it analyzed several transactions to examine where the transactions were going, and its effectiveness at masking identities.

Wasabi Wallet’s homepage has a cyberpunk design theme and its slogan is “Unfairly Private.” Europol admitted that, realistically and in most cases, its transactions could not be “demixed.” However it offered a “glimpse of hope” if a suspect user makes a mistake or is careless with where they send coins after the wallet transaction—for example, sending all “mixed” and “clean” funds to the same address later on.

The Wasabi Wallet team itself cautions that users must continue to practice OPSEC (operational security) with their transactions pre- and post-mixing if they wish to stay anonymous:

“It is crucial to understand that Wasabi is not a fool-proof solution if you neglect to practice coin control after the mixing process.”

This is important to bear in mind for anyone planning to engage in illegal activity, and rely on software to mask their identity. Even criminal masterminds have a propensity to make revealing mistakes, something that may only need to happen once for investigators to get a foot in the door.

Using services may not be illegal, but be aware of this

As the Europol report notes, Wasabi Wallet is open-source and non-custodial, meaning it is not a service that holds users’ funds. Users keep their wallet seeds and private keys locally. This means Wasabi Wallet itself is not covered by the EU’s 5AMLD (Fifth Anti-Money Laundering Directive). The same goes for other wallets using CoinJoin and similar techniques, though Wasabi is one of the most popular.

Wasabi Wallet is not engaging in criminal activity by creating and releasing its software. However, as the Europol report notes, an increasing number of its users are suspected of doing so. This attracts more attention from law enforcement agencies and private research firms.

Two key statements stood out in Europol’s report. One is that “it is easy to visually identify Wasabi Wallet transactions just by looking at them on the blockchain,” and “Dutch FIOD (Fiscale Inlichtingen en OpsporingsDienst) has started promising technical research into behaviour and demixing of Wasabi transactions and are interested in hearing about similar research activities in other countries.”

The need for financial privacy… and also transparency

Whatever your personal views are on financial privacy and its associated freedoms, there are certain realities the digital asset community must face:

– Governments do not like the idea of anonymous digital transactions;

– Whether a majority of users have criminal intent or not, anonymous transactions do facilitate criminal activity and fraud, and full anonymity has the power to corrupt;

– If a high-level law enforcement agency sees a service as particularly effective (as Europol did with Wasabi Wallet) they may try to restrict or sabotage its use in other ways;

– Bitcoin’s blockchain ledger is public and permanent;

– Blockchain forensics firms like Chainalysis are getting better at tracing the endpoints of Bitcoin transactions and unmasking participants.

Yes, governments and law enforcement agencies may also become corrupted and laws may be unfairly enforced against groups of certain ethnicities, political persuasions, or individuals targeted for illegitimate reasons. Combating this is a major motive for privacy wallet developers and users. But remember, if it’s anonymous for everyday users, then it’s anonymous for criminals… and importantly, easier for corrupt governments and officials to hide their tracks. Full anonymity eventually leads to a breakdown in trust overall.

This is one of the reasons Bitcoin SV, which can process massive amounts of data, is a better option than a digital cash-only Bitcoin. The effort to build an internet with immutable data (and immutably tracked changes) and more use cases, with a built-in economic/payment system, aims to create a world where there’s more transparency for all, including the powerful. A simple payment network approaches the system from the outside and with an adversarial approach, guaranteeing it will not have mainstream appeal and will be opposed by regulators (as we’ve seen happen to numbered bank accounts and “tax haven” jurisdictions more and more over the years.)

BSV transactions can still be publicly private—which is not the same as “anonymous.” Not every transaction you make will be broadcast to the public with full details and your identity (unless this is a requirement for your job/position). However it can be traced by those with the resources to do so, if needed. Reality, agree with it or not, says this is the only way a global digital transaction system can function long-term.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.