I've been browsing through the HumboldtFarms criminal complaint, and really digging this part...

http://ibb.co/b8XaEQ

Law enforcement was able to pinpoint exactly how many bitcoins were received from each marketplace and then sent over to an exchanger tied to the defendant's identity, despite using multiple wallets to move the coins and a bitcoin blender service.

Does that mean bitcoin tumbling is useless? If thats right, we can assume most (if not all?) large vendors who have used tumblers are likely to be swiftly identified if they, at any moment throughout their vending history, sold their BTC on an exchanger or anything tied with their real identity?

That's quite alarming, don't you guys think?


Comments


[77 Points] The_OPs_Mommy:

It depends how things are tumbled.

What the chain analysis places do is flag the output flows to/from market hot wallets to external tumblers, tagging each tx with a custom marker.

Think of these outputs like a tuple consisting of an address α and an amount β:

    [α, β]  

Tumbling cost a fee - we'll call X
If any connected node further down the transaction tree accumulates a value of

 [α₂, β-X]  

Then the marker simply gets moved to that new address.

Following the transaction graph from there, what they'll typically anticipate to happen (depending on the size of the vendor) will be that the amount β-X arrives at either

  1. vendor's cold storage wallet (with frequent, secondary flows getting sent to #2)
  2. exchange/LBC wallet for exchange to fiat

This is the essential flaw in tumbling. In order for it to be successful, you can never attempt to cash out the same amount that you put through the tumbler. You should only send the input thru the tumbler to multiple outputs and leave many of the coins on the leaf nodes of the transaction tree for as long as possible.

It's possible that for now, the slower you do things, the more invisible you are, but their algorithms will very soon be literally ridiculous in terms of capabilities.

Funny enough, this is exactly the same issue with tumblers that /u/Vendor_BBMC was always on about.

I just cut out the meandering metaphors and methamatics.


[35 Points] GurningDownTheHouse:

So, Monero is is then, right?


[22 Points] None:

[deleted]


[9 Points] Green-Machine-:

any vendor who has ever transfered any btc that was withdrawn from a marketplace that has been seized, no matter how many hops, to an exchange for a wire transfer to themselves using their real identity is fucked.

Vendors who used btc-e are fucked. Vendors who were stupid enough to use coinbase, circle, gemini or any other US based exchange were always fucked and should have known better.

I have never touched a exchange with my real identity. Used exchanges as a USD tether to stablize $$ between cashouts yes. But never were any wire transfers ever involved. That would have been very stupid.

I did not need sage advice to behave this way. Any vendor who is stupid enough to have ever transferred bitcoins to an exchange for a wire transfer deserves whats coming to them. Bitcoin analysis through blockchain has always been possible. No technology has ever changed that fact. Not tumblers, not coinjoin, nothing. Even join market only provides limited anonymity.

The real game changer is going to be TumbleBit. That will provide cryptographically provable severence on coin taint. Using david chaums blind signature scheme it will be the first time in bitcoins history that we can say with 100% confidence that Coins B were not related to Coins A.

Bitcoin developer peter todd was recently asked about this on /r/bitcoin. His response was that it was about 80% likely that your coins can be completely traced through a tumbler. The reason for this is because if you have coins inside the tumbler, you can see whats going on. All blockchain analysis companies have coins inside all known tumblers as well as electrum nodes and mass bitcoin nodes so that they can correlate your IP with your broadcasted transactions if you are not using tor.

To everyone who has been paying 3% for years through these tumblers; you all wasted a shitload of money for nothing.


[8 Points] smokeythebandit12:

Life is a risk and some peeps will get caught.


[7 Points] hhayn:

Couldn't they just subpoena the exchange and see which wallets had been sending amounts corresponding to the sales volumes on each marketplace?


[6 Points] None:

[deleted]


[4 Points] ameliaenterprise:

Some good OPSEC tips and knowledge on this same subject from a thread yesterday around ChainAnalysis - /r/Bitcoin

https://www.reddit.com/r/Bitcoin/comments/70oftr/lets_talk_about_chainanalysis/

FYI for anyone interested - Here is the Chainalysis demo from 2015: https://www.youtube.com/watch?v=9OtPOQwLBjc

The invoice was only for about $13k, referenced in the article: https://www.documentcloud.org/documents/3935924-IRS-Chainalysis-Contract.html

This made me reread the quote: ** "To date, records show the IRS has paid Chainaylsis $88,700 since 2015 for its services." **

It would make sense then that each Chainalysis done would be a specific Subject/Target. At about ~$13k per investigation, that's 7 investigations where they would of aquired Chainalysis software.

There are competitors I am sure. If they've been used at the same scale as Chainalysis, there are probably a few dozen examples of where the IRS has used targeted BlockChain Analysis software.


[2 Points] cdimeo:

First line says they had the list of wallets. Also remember the guy who sent him cash for the coins turned witness. I doubt it was too difficult to work backwards from there.


[2 Points] Jay-__:

Just 139 btc from AB somehow doesn't sound right to me.

According to that he made more off of fucking Middle Earth (166 btc) than AB.

Maybe ABs shuffling did help?


[1 Points] DickCheeseKillah:

I wanna know who the bitcoin exchanger in Bakersfield , Ca is who is flipping on all these vendors. It said This person gave them previous intel. I wonder if it's a seller off LBC or a actual site.


[1 Points] DickCheeseKillah:

I guess angel was right LOL


[1 Points] subutextual:

Is the entire complaint online and do you happen to have a link handy? Interested in FN 16 specifically...


[1 Points] Dekaayy:

could they have calculated the vendors sales total $ from each marketplace, then by virtue of knowing his wallets through his email, mix and match the transactions/withdrawals?


[1 Points] dookiedonkey:

forgive my navety but when they bust someone, it's always through a deal where money is exchanged. In this situation, money isn't exchanged by hands but through an encrypted site. if the person never actually touches it, how can it truely be connected to the specific person and or deal? I mean I gess what I'm trying to say, is yes, there is bitcoin transactions but it's done over the internet. and it's anonymous. How can they say, oy you bought a coin and with that got drugs. Unless, they are the ones who are vending, or selling the coin. There are so many fucking transactions daily. How do they filter to the people and then make it stick?


[1 Points] RipDM:

Bill is a good guy- so is lemons and the rest that have been arrested. knew em' all personally. had no idea they were famous drug lords (bill,lemons) but they don't deserve 65 years. Pray for them


[1 Points] None:

[removed]


[1 Points] Excill-:

Good thing they busted Humboldt Farms and his weed supply. They saved so many lives.. o wait.


[1 Points] Lyzergic:

Yes Tumbling is essentilly useless. Just think your mixing your "dirty" coins in with other "dirty" coins. How the hell this had made sense to be people is beyond me. And trust me they don't alter the algorithm they used very often if at all, and because algorithmic functions are essentially mathematical logic progressions they can be uncovered via pattern recognition. which is what an algorithm is made to do, automate things in the exact same manner.


[0 Points] steamruler:

1 input to tumbler, n outputs of random sizes to new addresses, where n is preferably randomly generated, y addresses (where y < n) go to various exchanges, or preferably is sold in person for cash. the remaining addresses go into a pool of addresses which you randomly cash out


[-1 Points] ShitQuantikSays:

Yawn.


[-17 Points] None:

From my research, I've come to the conclusion that almost all of these markets are compromised by LE and this is just one of the pieces that confirm that. I'm still doing analysis but so far have only seen one market that ticks all the boxes in terms of safety and non-LE compromise. I've found one so far that is clean as a whistle.

I will be releasing my indepedent research and report in a couple of days on this forum. You'd be doing yourself a favor if you read it when I release it.