CoinJoin Too Strong For Europol
Open-source, non-custodial Bitcoin privacy wallet Wasabi is popular enough to catch the attention of the European Union Agency for Law Enforcement Cooperation (Europol), the Hague-based European Union’s law enforcement agency. As for what the law enforcement can do about this wallet’s privacy options – it’s not looking good for them.
(Updated at 11:20 UTC: updates in bold
Updated at 11:46 UTC: two last sentences have been added).
In a two-part report for the eyes of “law enforcement only,” one dated April and the other May, 2020, Europol’s European Cybercrime Centre (EC3), writes that they’ve noticed an “increasing number of investigations involving Wasabi Wallet.” EC3 notes the wallet’s use of the anonymization method for bitcoin transactions CoinJoin, integration of TOR software, that certain anti-money laundering (AML) legislation, such as the AMLD5, don’t apply to it, and other privacy-focused features. The news was first reported by Coindesk.
As to how popular Wasabi is, the agency says “certainly popular enough to spark our interest.” They go on to cite the data provided by blockchain and analytics specialist Chainalysis per which Wasabi stored keys to more than BTC 110,000 (USD 1 billion). Furthermore, almost USD 50 million in BTC were deposited in three weeks leading to the March report, with almost 30% from the dark web. “This is a significant amount, relatively speaking, given the dark web transactions are estimated to have only 1% share of total transactions,” EC3 writes.
The report proceeds to analyze the use of the wallet in detail; it demonstrates a transaction, and looks into “the possibilities for law enforcement investigations,” prefacing it with: “Spoiler alert: things are not looking good.” Suspects who use the wallet correctly “have a very high probability of staying undetected.”
Visually identifying a Wasabi transaction is possible and may be useful, it says, but if a suspect is consistently using the mixer, the commercial tracing tools should be able to identify them. However, they won’t demix them. Whether Wasabi transactions can be demixed, “realistically speaking, in most cases the answer is negative.” This may be possible, though, if a suspect makes a mistake and groups the mixed coins together. There also may be ways to do so in the future: Dutch financial crimes investigation agency FIOD started “promising technical research into behavior and demixing of Wasabi transactions […].”
While the transparency of blockchain is celebrated, it also prevents complete anonymity, given that one’s balance and transaction history is available for all to see. Still, when it comes to personal funds, privacy is also a matter of great importance to the Cryptoverse. To those outside it, this may seem like setting a stage for illegal activities, but it’s mostly about protecting funds from third-party attackers. There’s probably some defiance there too, standing against regulators/authorities who find absolute privacy threatening, as it wouldn’t allow identifying suspects, and are working to prevent it.
According to Wasabi, the technical details of the report are “dead on.”
“We cannot, however, verify the data they have provided with regards to usage patterns, it is, of course, plausible, but considering the sensitivity of the matter, we would like to refrain from speculation on this and also on some of your questions that require it,” Gergely Hajdu, CEO of zkSNACKs, the company behind the Wasabi wallet, told Cryptonews.com.
He added that the company has also “pleasantly acknowledged that their assessment of our legal situation is coinciding with our interpretation of various international laws, too.”
“We have already known that we are providing outstanding security for our users, but their confirmation is certainly reassuring,” Hajdu said.
Europol confirmed that the document is an official Europol report that is aimed for a law enforcement audience. The agency declined to comment any further.