A report prepared by the Federal Bureau of Investigation’s Washington field office and exposed in the 270GB ‘Blueleaks’ data dump reveals how the FBI has tracked dark web criminals laundering dirty Bitcoin by converting it into the privacy coin Monero.
The leaked FBI document details three cases in which the Panamanian ‘instant’ crypto exchange MorphToken was “likely” used by bad actors to launder illicit-origin Bitcoin by converting it into Monero; two of the darknet markets (DNMs) named include Apollon and Cryptonia.
As of January 2020, the FBI had identified darknet market actors linked to the Apollon market who sent at least 11 Bitcoin (then worth approximately $80,000) to MorphToken for conversion into Monero. The FBI used a “proprietary software tool” that analyzes financial transactions on the Bitcoin blockchain, alongside MorphToken’s own automated programming interface (API), to monitor the transactions.
The FBI also analyzed commission fees from Bitcoin transactions conducted on Cryptonia between May and September 2019, revealing that the assets were sent to addresses associated with MorphToken. Every related transaction that could be queried via MorphToken’s API was converted to Monero.
In November 2019, the FBI also identified at least four dark web vendors who sent Bitcoin drug sales proceeds to MorphToken.
“Although MorphToken offers to convert Bitcoin into five different cryptocurrencies, in nearly all the conversions the FBI identified conducted by DNM actors—where the output currency could be identified—the user converted bitcoins into Monero,” reads the report.
Law enforcement assumes that darknet market actors are not chain-hopping into Monero with the intent of portfolio diversification. Per Bureau policy, the FBI declined to comment on this story.
What are instant crypto exchanges?
Instant crypto exchanges such as Morphtoken enable the quick conversion of one cryptocurrency into one or more others. The FBI highlights the lack of formal know-your-customer (KYC) protocols—the pillar of modern Bank Secrecy Act compliance—at Morphtoken and similar exchanges as an area of concern. MorphToken declined to comment to Decrypt on the leaked FBI report.
Morphtoken is incorporated in Panama, a jurisdiction that hasn’t implemented any regulations for virtual currencies or crypto exchanges, according to Panamanian corporate law firm Kraemer and Kraemer.
Through leaks such as the Panama Papers, Panama has become synonymous with bank secrecy, and the use of legal protections and corporate structures to shield the anonymity of tax evaders and money launderers.
Monero and the dark web
The FBI also pointed to user posts on darknet market sites and forums that discussed the use of Morphtoken and other similar services as conversion portals for Monero—the most resilient “anonymity-enhancing cryptocurrency” in circulation. MorphToken is one of eight featured Monero ‘changers’ on dark web community forum Dread.
Monero combines three different privacy technologies: ring signatures, ring confidential transactions (RingCT), and one-time, stealth wallet addresses. The effect is to render illicit Monero users unidentifiable.
Monero’s design bears similarities to “cuckoo smurfing,” a laundering scheme where financial intermediaries conceal potentially criminal actors by rearranging their senders and recipients in similarly valued transactions.
Can Monero be tracked?
Taking into account Monero’s stealth, and its autonomously regenerating and scrambled payment chains, Tom Robinson, chief scientist of British crypto compliance firm Elliptic, doesn’t think it’s possible to pierce the cryptocurrency’s veil of secrecy.
“I don’t expect to see blockchain monitoring-based compliance tools to appear for Monero any time soon, if ever,” Robinson told Decrypt.
The FBI’s report assesses that, as more examples of law enforcement successfully tracing cryptocurrencies are published, criminals will “likely” increase adoption of anonymity-enhancing cryptocurrencies such as Monero.
What is Blueleaks?
The leaked FBI briefing is just one of hundreds of thousands of files from Blueleaks, a cache of police documents illegally exfiltrated by hacktivist group Anonymous. The Blueleaks files were published by Distributed Denial of Secrets, a self-described ‘transparency collective’, and cover “24 years of data from over 200 police departments, fusion centers and training/support resources hacked by Anonymous,” according to the DDoS website.
The documents were taken from Netsentinal, a Texas-based web-design company that hosts law-enforcement websites. Cybersecurity news site Krebsonsecurity has confirmed the validity of the leaked data, via an internal June 20 analysis by the National Fusion Center Association (NFCA), a body made up of representatives of state and local urban area fusion centers.