The United States Department of the Treasury has imposed a $29.3 million penalty on Bittrex due to the cryptocurrency exchange’s formerly lax approach to fighting money laundering, while the Coin Center lobby group pushes back on the Treasury’s war on coin mixer services.
Earlier this week, the Treasury’s Office of Foreign Assets Control (OFAC) announced a $24.3 million settlement with the Bellevue, Washington-based Bittrex, Inc. for “deficiencies related to Bittrex’s sanctions compliance procedures.”
The sanctions in question applied to Cuba, Iran, Sudan, Syria, and Ukraine’s Crimea region. Between March 2014 and December 2017, Bittrex allowed 1,730 accounts based in these jurisdictions to conduct 116,421 digital asset transactions worth over $263 million, including 22 transactions, each involving over $1 million worth of tokens.
OFAC said Bittrex “had reason to know” that its users were transacting from the forbidden zones based on both IP address information, as well as physical addresses supplied during the customer onboarding process. But while Bittrex commenced operations in March 2014, it didn’t have any kind of sanctions compliance program in place until December 2015.
Bittrex hired a third-party vendor to screen for sanctions violations in February 2016, but this party’s screening was found to be “incomplete.” Bittrex was reportedly unaware of this gap in its detection until October 2017, when OFAC issued a subpoena.
While Bittrex failed to voluntarily self-disclose their violations, OFAC ultimately concluded that the exchange’s failings “were not egregious,” while noting that Bittrex was a relatively new company at the time of the violations. OFAC also credited Bittrex with cooperating with their probe, restricting the offending accounts, hiring/training more compliance staff, and enhancing other pro-compliance measures.
FinCen piles on
Simultaneously, the Treasury’s Financial Crimes Enforcement Network (FinCEN) imposed a $29.3 million penalty on Bittrex over the exchange’s “willful violations” of the anti-money laundering (AML) and suspicious activity report (SAR) requirements of the U.S. Bank Secrecy Act (BSA).
FinCEN says that between February 2014 and December 2018, Bittrex facilitated nearly 546 million trades on its platform while its hosted wallets at times averaged over 20,000 daily deposits or withdrawals.
As a recognized money services business (MSB), Bittrex was aware of its BSA obligations to develop, implement and maintain an effective Anti-Money Laundering (AML) program. But rather than deploying “widely available transaction monitoring software tools,” Bittrex relied on just two “minimally” trained employees to manually monitor transactions, which by 2017 were averaging 23,800 per day.
Bittrex also neglected to develop programs to meet its SAR requirements, failing to file a single SAR from its launch in 2014 until May 2017. Even after belatedly hiring additional staff to monitor suspicious activity, Bittrex filed only a single SAR from May 2017 to November 2017.
FinCEN said Bittrex failed to detect or report direct transactions from darknet marketplaces, including AlphaBay, Agora, and Silk Road 2. The exchange also failed to police transactions connected to ransomware attacks on U.S.-based individuals and businesses.
In November 2017, one month after the Internal Revenue Service (IRS) informed Bittrex that its BSA compliance was going under the microscope, the exchange filed 119 SARs with FinCEN and paused the opening of new accounts while it improved its “know your customer” (KYC) procedures. Still, the exchange continued to rely heavily on manual reviews of transactions until December 2018.
FinCEN also took issue with Bittrex’s handling of so-called Anonymity-Enhanced Cryptocurrencies (AECs), aka privacy coins like Monero, Zcash, PIVX, and Dash. Bittrex eventually delisted these coins in January 2021, following the example set by other exchanges the year before.
FinCEN said Bittrex’s violations were “serious and exposed the public to a significant risk of possible harm.” FinCEN also took issue with the fact that Bittrex designated its chief executive officer as its AML compliance officer when a dedicated compliance chief was more appropriate. Even when Bittrex did start filing SARs, FinCEN says they were “filed well after the transaction dates.” Bittrex skimping on compliance resources also gave it an “unfair competitive advantage” compared to its more BSA-compliant rivals.
FinCEN did credit Bittrex with cooperating with its probes and “working proactively” with U.S. government agencies on improving exchanges’ AML compliance. For these reasons, and because the two Treasury investigations overlapped, FinCEN said it would credit the $24.3 million that Bittrex owes OFAC, meaning the exchange will only have to fork over $5 million to FinCEN.
Coin Center v. Treasury, Round 2
While Bittrex may have learned to play nice with the feds, Coin Center, the Washington, D.C.-based “research and advocacy center” for “crypto” issues, continues to take a “this aggression will not stand” approach. On Wednesday, Coin Center announced a new lawsuit against OFAC for the sanctions it imposed on the Tornado Cash coin mixing service in August.
OFAC targeted Tornado Cash after concluding that it was being used by crypto criminals, including North Korea’s infamous state-sponsored hackers, looking to launder their stolen tokens. But OFAC also blacklisted Ethereum addresses that interacted with Tornado Cash, sparking howls of outrage from crypto bros (including those who still believe in the “decentralized” myth).
Coin Center says its new lawsuit intends to “keep privacy normal, to delist Tornado Cash privacy tools from sanctions, and to enjoin Treasury from enforcing against ordinary Americans exercising their self-evident and basic rights to privacy.”
The suit makes four claims, starting with the view that using Tornado Cash doesn’t require users to rely on any third party or transact with a sanctioned individual. Coin Center believes that puts Tornado Cash users beyond U.S. sanctions aimed at transactions with a foreign person or majority-foreign entity or the property of that person or entity.
The second claim is that the Tornado Cash service is beyond the Treasury’s authority to apply sanctions only to transactions with persons, entities, or property. Third, the Treasury’s actions were “arbitrary and capricious” because it failed to consider the collateral consequences of its actions on Americans using Tornado Cash.
Finally, Coin Center says the Treasury violates Americans’ rights by subjecting their transactions, including donations to political causes and advocacy groups, to public scrutiny. Coin Center claims that “Americans have had their associational activities chilled” by the Treasury’s actions.
The suit was filed in the U.S. District Court for the Northern District of Florida, Pensacola Division. Joining Coin Center on the plaintiffs’ side are Patrick O’Sullivan (software developer), David Hoffman (co-owner of the Bankless podcast), and the anonymous operator of the 688th Support Brigade (a pro-Ukraine military aid group).
The Coinbase (NASDAQ: COIN) exchange is bankrolling a separate Tornado Cash lawsuit against the Treasury brought by six individuals, some of them Coinbase staff. Coinbase has become increasingly bold in challenging the U.S. federal government’s authority, painting itself as a defender of privacy and a champion of innovation. And hey, if North Korea uses mixers to launder stolen tokens to build nuclear missiles, well c’mon, one bad apple, right?
Earlier this summer, Coin Center filed a separate lawsuit against the Treasury and the IRS that challenged a digital asset tax reporting requirement included in the 2021 Infrastructure and Investment and Jobs Act.
Watch: The BSV Global Blockchain Convention panel, Law & Order: Regulatory Compliance for Blockchain & Digital Assets
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.