On Wednesday, the founders of the Bitcoin privacy wallet Samourai Wallet were arrested and charged on behalf of the US Government. The indictment could set dangerous precedents beyond Bitcoin privacy services.<\/p>\n
\u201cIf your government is worried about their own citizens controlling their money, the most important question you have to ask is \u2018what the hell is wrong with my government\u2019\u201d<\/p>\n
\u2013 Andreas Antonopolous<\/p>\n
Last wednesday, Samourai Wallet founders Keonne Rodriguez and William Hill were arrested and charged with conspiracy to money laundering and conspiracy to operate an unlicensed money service business in the Southern District Court of New York. The indictment alleges<\/a> that Samourai Wallet \u201cfacilitated more than $100 Million in money laundering transactions from illegal dark web markets\u201d.<\/p>\n The definition of a non-custodial wallet as a money service business and the consequent indictment of the wallet\u2019s maintainers can set dangerous precedents for the wider Bitcoin space and may go as far as affecting the freedom of the internet, essentially endangering all individuals, organizations and technologies involved in the transfer of financial transactions without exercising control over funds.<\/p>\n FinCEN\u2019s 2019 guidance<\/a> on persons administering, exchanging, or using virtual currencies, define a money transmitter as a \u201cperson that provides money transmission services,\u201d or \u201cany other person engaged in the transfer of funds.\u201d As the guidance states, \u201ca transmitter initiates a transaction that the money transmitter actually executes.\u201d<\/p>\n The guidance further states that \u201cthe term \u201cmoney transmission services\u201d is defined to mean the acceptance of currency, funds, or other value that substitutes for currency from one person and<\/p>\n the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.\u201d<\/p>\n As a non-custodial Bitcoin wallet, Samourai Wallet\u2019s operators do not take custody of user funds and therefore are technically incapable to \u201caccept\u201d deposits or \u201cexecute\u201d the transmission of funds, contrarily to what is alleged by prosecutors, stating that “Samourai engaged in the unlicensed receipt<\/p>\n and transmission of funds, including funds deposited into a Samourai wallet by an undercover law enforcement agent located in the Southern District of New York.”<\/p>\n However, technically speaking, the agent deposited funds into an application running locally on his device, with no engagement from Samourai operators \u2013 a circumstance correctly noted by prosecutors throughout the indictment, stating that \u201cthe private keys for these cryptocurrency addresses are stored in each user’s individual cell phone\u201d, that \u201cthese private keys are not shared with Samourai employees,\u201d and that “the Samourai software on the user’s cellphone will broadcast a transaction to the blockchain.”<\/p>\n The indictment yet alleges that Samourai Wallet \u201cfacilitates transactions between Samourai users\u201d \u2013 a claim that seems blatantly incorrect in the face of the fact that coinjoin transactions do not facilitate transactions between users at all, but rather create a shared transaction in which every user spends their own funds to themselves.<\/p>\n The indictment further repeatedly alleges that Samourai creates “new addresses” used during the transactions, and that \u201cThe Samourai server is responsible\u201d for broadcasting transactions \u2013 claims which, too, are technically incorrect as transactions are created solely on the users device and Samourai only broadcasts transactions on behalf of users if users choose to broadcast their transactions via Samourai\u2019s node. For anyone running their own node with Samourai Wallet, known as \u201cDojo\u201d, transactions are broadcast by users themselves.<\/p>\n Numbers provided by the node provider Ronin Dojo suggest that up to 85% of Whirlpool users run their own Dojo. It is questionable whether organized criminals would rely on nodes provided by Samourai Wallet as its operators would effectively be enabled to deanonymize transactions by gaining knowledge of users’ extended publickeys, a design choice often criticized in Samourai Wallet\u2019s architecture. Notably, the indictment makes no mention of \u201cDojo\u201d at all.<\/p>\n The indictment against Samourai appears to suggest that the DoJ does not believe FinCEN guidelines apply as reflected in the language used to describe Samourai’s services, in which prosecutors note the broadcasting of transactions, the operation of a centralized server, and the subsequent collection of fees from the services offered: <\/p>\n “The Samourai server is responsible for broadcasting the Ricochet transactions to the BTC network […] From Whirlpool and Ricochet, RODRIGUEZ and HILL earned at least $4 million in fees”<\/p>\n The DoJ’s arguments appear more in line with recent recommendations<\/a> issued by the financial action task force. FATF, an intergovernmental body established by the G7 in 1989 to combat money laundering and terrorist financing risks, is not a regulatory body, but the task force\u2019s recommendations are known to form the basis of informing AML\/CFT regulations around the world.<\/p>\n In recommendations issued in 2021, FATF expands the definition of virtual asset service providers as \u201cdecentralized exchanges or platforms\u201d which \u201chave a central party with some measure of involvement or control,” such as developing “user interfaces for accounts holding an administrative “key”” or “collecting fees.\u201d<\/p>\n By the logic put forward by FATF, it appears that the development of any individual, organization or technology interfacing with financial transactions could require a money service business license. Notably, a new AML package adopted by the European Parliament last week aimed at updating current AML regulations in accordance with FATF recommendations, specifically exempted self-custodial services.<\/p>\n Similar attempts to circumvent FinCEN guidelines are currently being made on the Tornado Cash case. In an opposition<\/a> issued on April 26th, prosecutors argue that the definition of money transmitting “does not require the money transmitter to have \u201ccontrol\u201d of the funds being transferred,” highlighting that Section 1960 of US Code, a codification of permanent federal laws, extends the definition of money transmitting to \u201ctransferring funds on behalf of the public by any and all means.\u201d<\/p>\n As interpreted by the department of justice, AT&T would require a money service business license to allow customers access to their PayPal, an ISP would need a money service business license to allow users to access online banking services, a postman would require a money service business license to deliver cash in mail, a grocer would need a money service business license to hand out change, and Telegram, WhatsApp, Signal and X (formerly Twitter) would require a money service business license if users utilize the platform to share PSBTs or lightning invoices \u2013 subsequently deeming all such services to require full know your customer verification.<\/p>\n The indictment has sent ripples through the Bitcoin ecosystem, leaving anyone involved in the broadcasting of Bitcoin transactions in uncertainty, including bitcoin miners and node operators. The non-custodial Lightning wallet Phoenix has since announced<\/a> the suspending operations in the US. The privacy-first Bitcoin wallet Wasabi Wallet has banned US users<\/a> from accessing its services and software.<\/p>\n Reading the indictment, it appears as though everything we knew about the regulatory aspects of money transmission may have been misapplied, as the indictment appears to go as far as to attempt the criminalization of self-spending. As the indictment reads, self-spends, as evident in coinjoins and Samourai’s Ricochet, “further obscure ownership of the funds.\u201d But any Bitcoin wallet allows users to generate self-spends and essentially circumvent blockchain surveillance mechanisms and censorship, further muddying regulatory waters.<\/p>\n The foundations to introduce KYC to the Bitcoin network have been researched as early as 2016 with the MIT ChainAnchor<\/a> project, which explored the introduction of identities and permission groups to blockchains, preventing non-registered users from having transactions mined in blocks.<\/p>\n With increasing miner centralization, with around 47% of hashrate\u2019s mining rewards custodied by a single custodian<\/a>, including the pools of AntPool, F2Pool, Binance Pool, Braiins, btcom, SECPOOL, and Poolin, plans to KYC the Bitcoin network may not seem too far fetched. In 2023, F2Pool already began censoring transactions<\/a> in line with the OFAC sanctions list. <\/p>\n Since the indictment of the Samourai founders, the FBI has issued a PSA<\/a> concerning cryptocurrency money service businesses, alerting the public to avoid services which do not require know your customer information. <\/p>\n If the non-custodial operation of services is ruled to classify as money transmission, the doors could be open to KYCing any service operating communication protocols, from Nostr to WiFi hotspots and telecommunication providers. If spun ad absurdum, it could even be argued to require the registration of KYC for the use of highways or the purchase of briefcases.<\/p>\n Plans to KYC the internet have been around since as early as 2014, when the US Government attempted to introduce a “drivers license for the internet,” similar to the planned introduction of digital identities around the world.<\/p>\n It should be noted that the treatment of Samourai founders, who are currently serving pre-trial detention, stands in no comparison to the handling of financial crime allegations around the world. Since 2000, traditional financial institutions, such as UBS, JP Morgan, and Bank of America, have been fined over $380 Billion<\/a>. The argument that traditional banks are primarily used for legal transactions can also be applied to Samourai Wallet, as the indictment reportedly<\/a> only alleges the transmission of illicit funds of 3.6% of Samourai\u2019s total transaction volume, leaving 96.4% of legitimate usage. <\/p>\nCan a non-custodial wallet be a money service business?<\/h2>\n
DoJ Challenges FinCEN Guidelines<\/h2>\n
Can the Bitcoin Network be KYCed?<\/h2>\n