Think Your Cryptocurrency Transactions Are Anonymous? U.S. Government May Be Able to Track Monero

One of cryptocurrency’s biggest selling points is that it is mostly beyond the reach of world governments, providing a universal option through which to avoid banks and fiat currencies entirely. This is not entirely true for all forms of crypto, however, and one of the most privacy-focused may have just been opened up to prying eyes. The intelligence firm CipherTrace is claiming that it has developed a tool that can trace Monero cryptocurrency transactions, and that it will be provided exclusively to the U.S. Department of Homeland Security.

Is Monero privacy compromised?

While cryptocurrency transactions are often thought of as anonymous and untraceable by laymen, this has never been entirely true. Security researchers have always had at least some ability to follow tracks given that blockchain transactions must be transparent for the system to function. Investigators can trace wallet addresses listed in these transactions, sometimes unmasking the owner when they make a mistake such as using a personal email address to register an account linked to the wallet on a cryptocurrency exchange. Wallet balances are also public, and the amounts in them can sometimes be telling.

Monero is an exception in the world of cryptocurrency transactions. It was designed specifically as a non-transparent intermediary step to allow cryptocurrency holders to exchange one type for another and essentially break any trail of investigation that is based on tracing the wallet address. Not surprisingly, it has been heavily taken up by cyber criminals and those looking to purchase products and services on the dark web.

Dave Jevans, the CEO of CipherTrace, claims that his company has developed the first tool capable of unmasking Monero cryptocurrency transactions. CipherTrace developed the tool as part of a contract with the DHS Science & Technology Directorate, which means that the United States would (at least initially) have the only capability of peering in on Monero transactions.

While CipherTrace was not entirely forthcoming about technical capabilities of the tracing tool, it did say that a focus of use would be in tracking the sources of ransomware demands. The company also chose to reveal that it would not have the capability to be used for anti-money laundering purposes, at least not initially.

Without technical details available, the cryptocurrency community has been generally skeptical about the tool’s capabilities. Justin Ehrenhofer, organizer of the Monero community workgroup, believes that the tracking capability will still be more limited than it is with other types of crypto such as Bitcoin.

Critics pointed to the potential for human rights abuses should this technology be taken up by dictatorships and repressive regimes, and also aired the belief that small transactions should be kept private if they are not substantial enough to possibly be part of a criminal investigation.

It appears that the CipherTrace tool will not clearly expose wallet IDs and transactions in the way in which they can be simply looked up with Bitcoin and similar options. Jevans described it as a “probabilistic” model that will give some percentage chance of confidence that a particular address or transaction has been located, and warned that the tool should only be expected to provide leads for law enforcement to follow up on.

It would appear that this will not deter cyber criminals who are decoupling their identities entirely from their cryptocurrency transactions; there appears to be no shortage of these given that Bitcoin is still more frequently used for cybercrime purposes than Monero is. These criminals often operate from countries which do not have extradition treaties with the United States or from a country that simply does not extradite its own citizens. The primary use for law enforcement would appear to be in cases where criminals are afforded an extra automated layer of anonymity by using Monero but are otherwise making mistakes and leaving trails by which they can be followed.

Is scrutiny good for cryptocurrency transactions?

CipherTrace has also been spinning the positive benefits of such a tool, noting that it might make Monero more readily available. Due to its specific association with criminal activity and issues with compliance standards, the cryptocurrency has been delisted or banned from a number of popular exchanges. Japan made news in 2018 for banning it outright from the country (along with cryptocurrency transactions using other similar “privacy coins”), though such bans are extremely difficult to enforce in terms of individual use.

At the consumer end, any benefit seen from these tools would assume that they stay in the hands of properly regulated law enforcement entities and are used strictly to enforce the law in cases such as ransomware attacks. If these tracking methods prove effective and become available to the general public, Monero loses its primary selling point and likely a great deal of its value.

While CipherTrace was not entirely forthcoming about technical capabilities, it did say that a focus would be in tracking the sources of #ransomware demands. #privacy #respectdata Click to Tweet

The DHS 2018 contract with CipherTrace also included exploring ways in which to similarly track ZCash, another privacy-focused coin, but it was not mentioned specifically in the company’s statements to the press. The primary difference between ZCash and Monero is that ZCash allows users to opt to make certain transaction information public if desired. The security of ZCash also hinges on a single key which is created by a select group of people, which introduces potential corruption and catastrophic crash issues not present with other types of cryptocurrency transactions.