Skip to main content

Why the feds took down one of Bitcoin’s largest exchanges

Why the feds took down one of Bitcoin’s largest exchanges

/

Tracing Mt. Gox’s stolen coins led feds to Alexander Vinnik

Share this story

An image of the Bitcoin logo on a gold coin surrounded by other coins
Illustration by Alex Castro / The Verge

This week, one of Bitcoin’s largest and most notorious coin exchanges was brought down by law enforcement — and police and prosecutors are now beginning to explain why. On Thursday, the Department of Justice unsealed an indictment against Alexander Vinnik — thought to be the operator, or one of the operators of Bitcoin exchange BTC-e — charging him with 21 counts of money laundering and other related financial crimes. The counts range from operating an unlicensed money transmittal business to a variety of money laundering charges, including laundering associated with ransomware payouts and a theft from the now-defunct Mt Gox exchange. More generally, the indictment paints BTC-e as a hub of criminal activity, laundering the proceeds of everything from drug trafficking to ransomware attacks.

As some suspected, Vinnik’s alleged crimes go beyond just operating the exchange. Feds believe he played a role in the theft of more 800,000 bitcoin — about $400 million at the time — from Mt. Gox, a staggering loss that ultimately shuttered the exchange. According to the indictment, 530,000 of those bitcoin ended up passing through wallets controlled by or associated with Vinnik, although his role in the larger scheme remains unclear.

Vinnik’s alleged crimes go beyond just operating a Bitcoin exchange

Vinnik himself is in custody, arrested while on vacation in Greece, but the Bitcoin world is still sorting through the larger implications of his arrest. BTC-e was one of the last major exchanges outside the reach of conventional finance, and now that it’s gone, it’s unclear what might replace it. There are many legitimate uses of Bitcoin, but Bitcoin transactions have also become essential for online crime — whether it’s ransomware or Silk-Road-style online marketplaces. There will continue to be demand for exchanges like BTC-e, and with feds directly targeting exchanges that don’t play by the book, the split between the two halves of Bitcoin is becoming starker and starker.

BTC-e, founded in 2011, always stood out as an anomaly among the major Bitcoin exchanges. Even a cursory look at BTC-e flagged it as a little strange. “Their exchange prices always seemed weird and out of line with every other exchange, and I had wondered why,” Matthew Green, a professor at Johns Hopkins University told The Verge in an email.

Nicholas Weaver wrote at Lawfare that BTC-e was noted for its “sketchy ownership and control.” The exchange was supposedly located in Eastern Europe, but there were no clues as to who ran it — until now.

300,000 bitcoin from Mt. Gox went to wallets tied to “BTC-e administrative accounts”

But the big surprise in the indictment is how closely tied BTC-e is to a massive theft at Mt. Gox, one that eventually bankrupted the exchange in 2014. Founded in 2010, Mt. Gox dominated the Bitcoin world for years, at one point processing 80 percent of all bitcoin-to-currency transactions. Mt. Gox first suffered a multimillion-dollar theft in June 2011. When the exchange collapsed in 2014, the equivalent of nearly half a billion dollars was unaccounted for.

On Wednesday, in the wake of the arrest of Vinnik, WizSec published a blogpost presenting the findings of an investigation into the Mt. Gox thefts that they have apparently been preparing for years. According to WizSec, the Mt. Gox hot wallet private keys were stolen sometime in 2011, and the hacker (or multiple hackers) continued to steal bitcoin through 2012 and 2013. The bitcoin were laundered through wallets controlled by Alexander Vinnik. The indictment claims that 300,000 bitcoin were stolen from Mt. Gox went directly to three connected BTC-e accounts “directly linked” to “BTC-e administrative accounts” that only BTC-e admins and operators could have had access to. At least one of the accounts — under the name “Vamnedam” — was controlled by Vinnik and “others known and unknown.” (The “others known” are either not named in the indictment or have been redacted from the published document.)

Many of the charges allege more straightforward money laundering

More bitcoin from the theft were sent to other Mt. Gox wallets and wallets at a third exchange — the now-defunct Tradehill, which operated out of San Francisco, California. From there, they eventually ended up at BTC-e, in an account that was directly controlled by Vinnik.

WizSec also claims that the wallets that laundered Mt. Gox coins also handled “coins stolen from Bitcoinica, Bitfloor and several other thefts from back in 2011 and 2012.”

It’s not clear whether Vinnik was directly involved in the Mt. Gox theft, or how close he is to any of those previous thefts, or even the CryptoWall ransomware hackers whose funds he is accused of laundering. But when it comes to Mt. Gox, at least, BTC-e’s proximity to the theft is fairly suspicious.

“Anybody who thought about this for a second understood that law enforcement was working on a case against BTC-e”

While the Mt. Gox allegations are the most eye-catching, many of the charges that brought down BTC-e allege more straightforward money laundering. The very first count listed in the indictment is for operating an unlicensed money-transmitting business: a criminal charge based on failing to register with FinCEN, an intelligence network that’s mandatory for all financial companies dealing with US customers.

Participating in FinCEN comes with a range of requirements, from registration to internal anti-money laundering programs. Since 2013, it’s been clear that Bitcoin exchanges had to follow those same rules, and for the most part, exchanges have complied — and prosecutors haven’t been shy about filing charges against services that don’t. In recent years, BTC-e has been the largest Bitcoin exchange not registered with FinCEN, a distinction that made it an obvious target for law enforcement, even without Vinnik’s alleged Mt. Gox involvement.

“Anybody who thought about this for a second understood that law enforcement was working on a case against BTC-e,” said Jerry Brito, executive director of Coin Center. “The question was just whether the government would catch them.”

“designed so that criminals could effect financial transactions under multiple layers of anonymity”

Where other counts in the indictment focus on money transfers linked to theft and ransomware, the first two — operation of an unlicensed money transmitter and conspiracy to commit money-laundering — focus on the technological capabilities of BTC-e itself, claiming that the exchange had a “criminal design.”

“BTC-e’s system was designed so that criminals could accomplish financial transactions with anonymity and thereby avoid apprehension by law enforcement or seizure of funds,” the indictment says, pointing out that BTC-e only required “a username, password, and an email address,” unlike “legitimate payment processors or digital currency exchangers.” The indictment also points to suspicious usernames like “ISIS,” “CocaineCowboys,” “blackhathackers,” “dzkillerhacker,” and “hacker4hire” as additional support for the money-laundering allegations.

The language in the indictment about BTC-e’s “criminal design” mimics the indictment against Liberty Reserve — an anonymous currency service taken down by law enforcement in 2013 — which also accused the online exchange of having a “criminal design” and a system “designed so that criminals could effect financial transactions under multiple layers of anonymity.” (The Liberty Reserve indictment also took the time to point out that account names on the site included “Russia Hackers” and “Hacker Accounts.”)

BTC-e’s website claimed that they required customers to provide proof of identity — namely, a scanned ID card and a scanned utility bill or bank statement — and forbid any US customers, letting them off the hook for FinCEN registration. But neither turned out to be true, according to the indictment.

“Exchanges will go one of two ways. Either they’ll clean up their act... or they’ll go fully underground.”

Now that BTC-e is down for good, it could have a profound impact on the criminal ecosystem more broadly. BTC-e handled about 5 percent of total Bitcoin transactions, but recent research found that as much as 95 percent of ransomware cashouts happened through the platform. With most comparably sized exchanges already registered under FinCEN, the takedown could make it both harder and riskier for criminals to cash out — something law enforcement seems to be counting on. In the same Lawfare piece, Weaver says he thinks taking down BTC-e “will probably prove more important than the AlphaBay and Hansa takedowns” in fighting online crime.

For Bitcoiners less invested in law enforcement’s war on dark web marketplaces, the lesson is a more ambiguous one. Cornell professor Emin Gun Sirer says the focus on FinCEN compliance could lead to a lasting split in Bitcoin markets, as exchanges face the choice of whether to comply with US government demands.

“Exchanges will go one of two ways,” Sirer says. “Either they will clean their act, by first shopping for the most lenient jurisdictions and complying with relevant KYC/AML laws, or they'll go ‘fully underground,’ and operate with no rules, behind Tor and other anonymous communication technologies. The most colorful drama ahead will involve exchanges, such as Bitfinex, that operate in the gray zone, where they seem to neither comply with relevant laws nor go fully underground.”

For a technology with a surrounding community built on libertarian ideas, that may be a difficult pill to swallow. But as the past week has made clear, those that don’t will be taking a very serious risk.