👁️ With Samourai Indictment, the DOJ is Attacking Your Financial Privacy
95% of the privacy wallet's activity was non-criminal.
Welcome to the Tuesday Dark Markets news analysis roundup. Today, my main focus is on the Samourai Wallet arrests on Monday - and what they say about DOJ’s politicized campaign against financial privacy.
Scroll down for a few other news updates on Balaji’s Ethnic Cleansing Agenda and Eigenlayer’s Dud of an Airdrop.
The Samourai Arrests are An Attack on YOU, Not on Criminals.
The U.S. Department of Justice has arrested and indicted Keonne Rodriguez and William Lonergan Hill, co-founders of Samourai Wallet, a Bitcoin wallet that offers transaction anonymization. While they’re couched in terms of criminal money laundering, the arrests are part of a larger crackdown, globally and in the U.S., on the financial privacy of average people.
The DOJ announcement itself gives this away, despite some attempted weaselly language.
In the DOJ’s words, Samourai’s operation between 2015 and 2024 resulted in “$2 billion in illegal transactions, and $100 million in dark web money laundering.”
But an “illegal transaction” doesn’t mean one that involved criminal proceeds.
Elsewhere, the DOJ writes that “$2 billion in transactions with an unlicensed money transmitter means $2 billion flowed without any oversight, from whomever to wherever … Samourai Wallet laundered more than $100 million in criminal proceeds.”
That is, DOJ regards the $2 billion to be “illegal” because it was sent through a “money transmitter” without a license. Even taking at face value, only $100 million of the activity was criminal money laundering.
In other words, 95% of the use of Samourai is not linked to activity that’s otherwise criminal. And that’s giving DOJ the benefit of the doubt that its numbers aren’t, let’s say, fluffed a little bit.
So if you, as a law-abiding individual, want to send some money via Bitcoin “from whomever to wherever,” without “oversight” from a government agency, the U.S. Department of Justice regards that as illegal activity.
That only 5% of Samourai transactions are alleged criminal money laundering is extremely significant. According to no less a source than Europol, 2-5% of global GDP is laundered each year.
In other words, the proportion of criminal proceeds that moved through Samourai was on the high end of what you’d expect in a random sample of all transactions globally. This may make it harder for DOJ to convincingly argue that Samourai actively sought out criminal users (though Samourai seem to have known they attracted money laundering, which is not exactly the same thing).
That 5% is also, by extension, not far from the proportion of conventional bank transactions that are presumably made up of laundered funds. And in major cases of bank money laundering, there have generally been no arrests, and certainly no shutdowns of the services of the sort that DOJ has enacted here. In 2012, for instance, HSBC was found to have laundered $881 million for Mexican drug cartels. And while there is uncertainty about Samourai’s actions, HSBC was entirely knowing in its criminal activity.
HSBC received a massive fine, but were allowed to continue operating. The same was true of similar fines issued to ING, Barclays, Credit Suisse, and others, who violated sanctions against countries like Iran and Libya.
Comparing Samourai’s money laundering role to that of banks, then, is not mere “whataboutism.” The different enforcement responses make it clear that major regulatory agencies are acting as if banks have more right to launder criminal money than a blockchain service.
Samourai is Not a Money Transmitter
Samourai used two techniques to privatize normally-public Bitcoin transactions - Whirlpool, also known as CoinJoin; and a service called Ricochet. Neither of them involved money moving through Samourai’s hands.
CoinJoin transactions are coordinated between multiple senders, who in essence “swap” their intended recipients more or less randomly, creating confusing transaction records on-chain. But Freedom.tech points out that the money never actually moved through Samourai’s custody. Instead, “Samourai Wallet’s coordinator server acted as a glorified bulletin board and message courier, and not a custodian or money transmitter.”
Ricochet, similarly, adds extra “hops” to transactions, but none of those transactions actually move through Samourai, which instead acted merely as a kind of transaction scheduler.
For more depth on the question of what constitutes a “money transmitter” in law, Coin Center’s Peter Van Valkenburgh has a lengthy analysis. His conclusion is that Justice is badly overstepping here.
Still, Samourai is Probably Cooked
All that said, Samourai’s technical structure, and the documented actions of its principles, do seem to have made them vulnerable to money laundering charges.
On the technical side, DOJ alleges Samourai ran a centralized server in Iceland that managed CoinJoins and other obscuring transactions. Even if this didn’t technically involve custody of assets at any point, and whether or not Samourai had a way of telling criminal from non-criminal activity, managing the transactions is likely enough to establish culpability for a jury.
Possibly worse is that Samourai collected fees for its service. DOJ claims that amounted to $3.4 million in fees for for Whirlpool transactions and $1.1 million in fees for Ricochet transactions over the 2015-2024 period. That’s not a lot of money - only about $500,000 per year. But collecting fees for any service significantly increases criminal liability, even on the blockchain.
Finally, it seems Samourai was far too rhetorically open about the use of its service by bad actors. Their investment materials included citing that the business would be fueled by “dark/grey market” transactions, as well as “capital flight” - that is, in part, the evasion of U.S. sanctions. The DOJ announcement also includes public statements seeming to celebrate the use of Samourai by “Russian Oligarchs” - again, implicitly, to evade sanctions.
None of the examples provided by Justice amount to directly soliciting criminal use, but these public statements are close enough - a declaration that, at the very least, sanctions violators and money launderers wouldn’t be actively flagged, tracked, or blocked from using the service. That’s not a good look.
I’m not prepared to give a full analysis of the actual legal issues here. For instance, there are counterbalancing facts in that Samourai on the one hand didn’t actually transmit funds, but on the other hand did operate a server that helped manage transactions.
But this will be a criminal trial, meaning the decisions will go to a jury. And from that perspective, unfortunately, it seems very likely the nuances of this case could be lost in the face of what superficially appears to have been an actively-managed service that the operators profited from, and even promoted as a service for criminals and evaders.
News Highlights in Brief
Balaji’s Nonsense Fix for San Francisco
Balaji Srinivasan, probably the closest thing on the Venn Diagram between “crypto guy” and “regular-ass tech bro,” has called for “ethnically cleansing” San Francisco of “blues” - that is, liberals or left-wingers. He also described this as “tech Zionism,” a movement that he said should “embrace the police.”
I find this authoritarianism offensive simply on its face, obviously. But it’s particularly hilarious and stupid to hear a supposed crypto advocate urging pro-police attitudes. Most of all, these statements are wild to hear sitting in New York, the most left-wing administrative zone in the U.S., which is also the safest major city in the country.
In other words, Balaji is making a brain-dead call to double down on the underfunding of public services that is the actual source of San Francisco’s problems.
Eigenlayer’s Airdrop was a Dud
Eigenlayer, the restaking protocol that some fear could fuel rehypothecation risk on Ethereum, yesterday announced its plans for an “airdrop” of its new native token. The airdrop is essentially a conversion from “points” accrued by users and other participants, most of all ‘liquidity providers’ who locked Ethereum into the protocol.
The reaction, on multiple levels, was furious disappointment. The airdrop appears to be strictly blocked for participants in most Western countries, including much stricter VPN detection than we’re used to in this space. Which, fair enough - but these restrictions weren’t laid out in advance for LPs, who now have Ethereum locked up and nothing to show for it.
The actual tokenomics of the new EigenCoin (?) were also flagged as flimsy. In other words, the token may not hold value long-term.
Most worrying, though, is that the majority of the airdrop allocation went to insiders, and the amount to be distributed to LPs and other stakeholders is subject to a very extended lockup and multi-stage distribution.
The flubbed drop invited a lot of satirical riffing, including a patented Gabriel Haynes rant.
Some of the problems were of Eigenlayer’s own making, and the fallout can’t be good for the protocol long-term. But a lot of the problems here instead have to do with much bigger regulatory fears than faced past big-money airdrops like Uniswaps. That suggests the era of the life-changing crypto airdop may be well and truly over.
“[M]ajor regulatory agencies are acting as if banks have more right to launder criminal money than a blockchain service.” Instead, I think Occam's Razor might suffice. Major regulatory agencies are acting as if banks are less likely to face serious criminal prosecution than a blockchain service. The DOJ going after two guys instead of a global entity with likely an entire department for fighting/avoiding these problems might simply be… because it is easier.
With finite resources, I think it likely they will go after those for whom they can more easily win a conviction. This doesn't make it right. It just makes it less about crypto and more about our current dual legal systems, one for the rich and resourceful and one for everyone else. When you hear about harsher sentences for cocaine convictions against blacks than whites, do you think it's the courts saying white people have more of a right to use cocaine? Or, more appropriately, that they can simply get away with it better?
Also, I realize the mentioning of HSBC and Credit Suisse is to highlight hypocrisy and unfair standards. But it's dangerously close to putting them in the same category as mixers. To use a gun control analogy, mixers and banks are as much in the same category as swap meets and the NRA. When the resources available to fight legal action are vastly different, it is hard to infer much about how a legal opponent feels about the culpability (or “right”) of either.
That said, Samourai (and Tornado) do bring up tough questions of what does each crypto enthusiast value more: transparency or privacy. There are technologies that make it so it doesn't have to be a completely mutually exclusive choice, but often it seems like it is. And when it is not, generally there seems to need to be concessions on one side or the other.
I think the first question a crypto enthusiast should ask themselves is what they like/want most about/from crypto. And from there decide which of the two matters most to them.
For me what I like most about crypto is the /potential/ to avoid another 2008 Financial Crisis, and what I want most is for that potential to be realized. /If all transactions/ had been on a distributed ledger technology in 2008, then there would have been warning signs and time to mitigate. If even the directly related transactions (subprime mortgages, collateralized debt obligations, etc.) were transparent to all, we might have been able to avoid it. More warning signs and less TradFi shenanigans-in-the-shadows is the future I want to see.
So that strongly puts me in the transparency camp.
However, I also believe certain transparency, like the public at large knowing generally how much money you have and at the same time who you are, is really a luxury of the truly rich for whom the benefits of vast wealth outweigh any worries about XKCD antifragile wallet exploit technology https://xkcd.com/538/.
Based on the number of Arkham bounties for people far more interesting than the average crypto enthusiast, we're not there yet.
But on a theoretical level, if all transactions were on chain, then even those who maintained the highest Op Sec would be doxxed–along with the amount of wealth one could “wrench” out of them. But of course, if /everything/ was on chain, there would likely be a lot more wrenchable targets, which should reduce the concern for any one particular person.
Regardless, right now, not only can the rich and powerful be safer when transparent, they can also be private more easily. So for those who aren't rich nor powerful, if transparency should be slow and uneven, is it fair they should be first to be transparent? Especially when they definitely did not cause the 2008 Financial Crisis?
Then there are other reasons we might want to protect (at least the code of) mixers. The argument that “code is free speech and should be protected as such” is not a bad argument. There is nothing wrong, as far as I can immediately tell, with developing the code for mixing and making it open source, especially as any potential for criminality with that code is both subjective and directly non-violent. Making that code open source might even be integral to making a comparable tool that isn't/can’t be used for criminality, which then actually helps put an end to tools with a criminal use, because mixing is less effective with less users. And, in addition, that hypothetical tool might be the one to split the Gordion Knot, keep privacy for those who are not rich and powerful and keep transparent that which can prevent financial crises.
So, quandaries. And in oppressive regimes: even more.
But here is something that at first glance seems like a perfectly good alternative to a mixer if you are American. Let's say you are planning to do your taxes like a normal law-abiding individual, and simply do not want the general public to be aware of your net worth. Well that's what a highly regulated on-ramp/off-ramp might be good for. Perhaps a highly regulated centralized exchange. Seeing as there is no clear path to a highly regulated centralized exchange, then at least a centralized exchange that has tried to be compliant..
Instead of Samurai, an American deposits Bitcoin into Coinbase, then splits/buys/sells/trades/waits as needed, then withdraws to new account(s). The intermediary step would provide a bit more anonymous than a single transaction of 1.63516 BTC into Coinbase followed immediately by a single transaction of 1.63516 BTC out into a different wallet. This way you're a bit better off than keeping all your funds in the same wallet you just used to pay for some sketchy motel in some sketchy area. (Unless the IRS starts using wrenches, as you'll probably still need to report all those transactions.)
But! While that might make Uncle Sam happier, you are still doing the same thing: you're breaking the chain. And with each breaking, perhaps closer to another financial crisis. Well, at least you aren't helping to prevent one by taking the flow of funds off chain. Because it is not like the agencies that you provide that information to are going to then use it to prevent a financial crisis–as far as I know, but I doubt there is that much coordination. So from that perspective, it is not much better than a mixer.
Caring about two things often at odds with each other in both good and bad. On one hand, it can provide needed nuance and balance to a position. But on the other, it can lead to believing contradictions, which can lead to cognitive dissonance. By choosing ad hoc what we care about, we can provide convenient excuses for our own bad behavior as still somehow being ethically acceptable. For example, wanting transparency from others but wanting privacy for yourself. It hasn't escaped me that I espouse possible privacy for the poor and weak, when I am more likely in that group. Or picking whichever of the two most profits you at any particular time. Which if you are poor/weak you might consider only fair. And if you are rich/strong you might consider what all the other rich/strongs are doing and, similarly, only fair.
But, again, maybe there is a nuanced position. I'm still not sure there needs to be a dichotomy. Because maybe there is good privacy and bad privacy. Maybe there is good transparency and bad transparency. Maybe there are solutions that have only the good versions of both.
What about zk proofs to verify we're not bad without saying who we are? What about mixing only among allowed addresses? Or mixing with all but forbidden addresses? What about anonymity, but only up to a certain dollar amount? $600 or more is often thrown about in TradFi as a significant amount, if tech can determine no sybillism or batching, would that work?
What if we use provenance even for seemingly fungible tokens, such as tokens recently mined or emitted into fresh addresses, to be used in special cases? What if we first figure out the transactions we need to know about to prevent another financial crisis, then require only those to be transparent and of proper provenance? And then simply add more to the list of stringent transparency as they become apparent?
Anyway, I had been drafting this comment for a few days now, and it is a long way to say: I don't know how I feel. But I find it fascinating to think about.