If exchanges won’t stop Bitcoin scams, processors can—and will

A recently-published research report into the PlusToken scam has highlighted the role regulated digital exchanges play in laundering the proceeds of crime. According to Dr. Craig Wright, these exchanges have done little-to-nothing to control these illegal money flows—but transaction processors (aka miners, or nodes) could play a greater role in helping asset owners recover their property.

The PlusToken scam and digital asset exchanges

The two-part report, from OXT Research, has been tracking funds associated with PlusToken, a China-based investment operation that ran from February 2018 until it was revealed as a Ponzi scheme in June 2019. Six of its alleged operators, all Chinese nationals, were arrested in Vanuatu that month and returned to China.

The PlusToken scam was one of the largest in digital asset history. Targeting mainly inexperienced investors in China and South Korea, it netted an estimated 70,000 BTC, 789,511 ETH, and 26,299,109 EOS.

Previous reports had suggested the lost investments were “mixed” and then laundered via over-the-counter (OTC) trading, away from mainstream digital exchange books. However OXT Research and several other online researchers say a large percentage of the funds were mixed and then sent to Huobi, a large regulated exchange. It’s not just PlusToken, either—criminal proceeds are often laundered this way, thanks to exchanges’ generally lax approach to Know Your Customer (KYC) regulations.

Others have claimed significant PlusToken funds were also deposited, traded and sold on OKEx. Both exchanges are regulated and perform KYC procedures on account holders, tiered according to withdrawal levels.

Dr. Wright has noted in the past that digital exchange KYC practices fail to meet legal obligations, and often allow an individual to hold multiple accounts. This means one person or organization can trade large amounts without drawing attention, especially if no-one’s interested in looking. At some exchanges, like Binance, the lowest tier requires no KYC at all. There is also a reluctance at most exchanges to know their customers at all, note investigate suspicious transactions, or investigate where deposits are coming from. He said:

“Right now, there is not a single exchange globally that has enacted 1% of the regulations that they are covered by. The best exchanges are still bucket shops and have a long way to go just to get to the lowest level of KYC in financial provisioning that is required.”

OXT Research echoed this sentiment. It distinguished between coin “mixers” and “tumblers”, noting that mixers can be any software of function designed to obfuscate digital transactions, and tumblers are services that take custody of the digital tokens before (hopefully) returning them to the originator. It added: “Some blockchain analysts consider exchanges as another form of custodial tumbler”, noting it’s a common practice for criminals to deposit their proceeds, exchange them through multiple other digital assets, then withdraw to a “clean” address.

The ‘not your keys, not your coins’ fallacy

What if stolen or scammed Bitcoins could be returned (or re-issued) to their rightful owners, without having to rely on exchanges fulfilling their legal obligations? Here’s where a legally-compliant Bitcoin network becomes necessary.

An old cliché from Bitcoin history goes “not your keys, not your coins”—meaning that if you don’t have the private keys to a Bitcoin (or other digital asset) address, you don’t own the bitcoins. Ergo, if someone else acquires your private keys, they now own the coins instead.

The difference between “have” and “own” is important here. If someone takes your car, you don’t have your car, but you still own it according to the law.

Dr. Wright argues that the token/s representing a Bitcoin balance are property under the law.

“Bitcoin and all derivative systems are based on tokens. The ownership of the token resides with the individual holding the wallet and is not on the Blockchain at all. The Blockchain is merely a ledger and journal that records movement and is not the property itself.”

Like a share certificate, he added, a bitcoin or other blockchain token could be re-issued to its rightful owner if stolen. It’s the transaction processing nodes themselves that are obligated to manage this process via court orders and freezing provisions, rather than exchanges.

“Receiving property that is under a proceeds of crime order makes the recipient liable as well. Nodes are paid in the token. The process of validating transactions is one of collecting fees. These fees are paid in the tokens themselves and if tokens are stolen or subject to proceeds of crime orders, the recipient including an exchange or node creating a block that is taking fees is potentially violating legal orders. There are provisions where it is a transaction without knowledge. Many of the scams we see and thefts are not without knowledge.”

“When I created the alert key for Bitcoin, this enabled the freezing of individual UTXOs or addresses. The initial implementation would have allowed individual addresses to be frozen pending a determination by a court. This would protect the nodes. Note here that nodes are miners and if you not mining and validating transactions you’re not a node. A node that processes a transaction involved with the crime that has not blocked access to known addresses under orders (note as an agent of the network and an intermediary, nodes are expected under law to monitor this information) is liable and can be held to facilitate the crime. At worst the node in question could be subject to damages from allowing the transfer.”

Human law is law

Bitcoin cannot survive if it doesn’t meet the legal demands of the countries in which it’s used. Code may govern the network’s basic functionality but that code is not itself law. All software is subject to human law, whether or not its users can deploy it to temporarily skirt the rules.

Bitcoin (BSV) and the transaction processing nodes that manage its ledger must be aware of this reality. Should a court order mandate that addresses be frozen or a token balance issued to its rightful owner, nodes would have no choice but to comply or face further action.

Scams and thefts like PlusToken have bedeviled Bitcoin and other digital assets over the past 11 years. Along with other criminals who use those tokens to make and earn money, they’ve caused serious damage to the technology’s reputation. Governments, enterprises and individual users will ultimately only tolerate a financial system that makes it possible to investigate crime and provide redress where possible. Shrugging and telling victims (or courts) “that’s just how it works, bad luck” is not tenable.

New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.