Cryptocurrencies Should be Enabled to Blacklist Criminal Holdings
Cryptocurrency is seen as a new, wild, reckless, revolutionary, and sometimes shady financial instrument. In addition to legitimate transactions, a disproportionate amount of attention is paid to the criminal use of cryptocurrency to store wealth, collect payments, transfer illicit funds, and launder money. Malicious people, who victimize others, use it as a tool to hide and protect their ill-gotten gains. Law enforcement and even currency champions are mostly powerless to do anything about it. Criminals will continue to use cryptocurrency as their haven unless something is improved.
Recently, the U.S. Treasury identified several foreign nationals who were laundering vast sums of money and using cryptocurrency to support illegal drug smuggling. The U.S. Treasury notified legitimate exchanges to ‘blacklist’ any transactions originating from these drug kingpins, but it is more likely that the unlawful assets will be moved, shifted, and eventually extracted by the criminals. If the funds were in a bank they could be seized. Decentralized cryptocurrencies, like Bitcoin and Ethereum, don’t work that way. This is exactly why criminals use crypto so much, as it keeps their assets out of reach from authorities.
A recent Chinese Ponzi scheme involving the PlusToken netted criminals $3 billion since 2018. With authorities in pursuit, the bad actors are now dumping massive amounts of Bitcoin, Ether, and EOS in a massive sell-off, to launder the money. Due to the sheer amounts, this sell-off may be contributing to the recent downward price pressure of the entire Bitcoin and altcoin markets. That affects everyone.
Not much can be done if the criminals are savvy and careful. Cryptocurrency was originally designed to preserve anonymity, not have a central control point, and be accessible from anywhere. These traits are very attractive to criminals. Attacks are increasing in size and becoming more common as the world embraces digital technology. Unfortunately, cyber criminals are misusing technology to steal, swindle, ransom, and become more powerful.
Solution in the Code — Proposal
There could be a way to help thwart big crimes involving decentralized types of digital currency while still retaining all the desired benefits for the vast majority. The result may be enhanced legitimacy and trust, thereby strengthening the adoption and favorable regulation for cryptocurrency. Specialized functions could undermine the methods being employed in big digital crimes and provide relief to some victims.
The solution to this problem may reside in the self-regulating architecture of the cryptocurrency code itself.
Cryptocurrencies are created with a set of rules and decentralized nodes then enforce them. As part of the self-governance, the rules can be changed via ‘forks’ in the code, but it takes a certain percentage of the distributed nodes to agree to the change. This enables new features, contracts, or just about any beneficial rules the community may want.
The idea is to create a Blacklist Revocation Function. This would only be triggered by a consensus mechanism when a suitable situation arises but would result in the criminal accounts being rendered invalid and coins recovered to be redistributed back to the victims or re-absorbed into the system.
The goal would be to penalize, not reward, criminal behavior and to make them think twice about using cryptocurrency for harmful purposes. Not every crime needs to be thwarted, but the risk of losing everything may be enough to deter or discourage villains.
How it Would Work
This year criminals stole $40 million from the Binance exchange and are now working to digitally launder and extract those funds. If the Blacklist Revocation Function were in place, it could be activated and if it reached consensus, the funds could be pulled from the attacker’s accounts and returned to the rightful owners.
The process would not need to be overly complex (although details would obviously need to be worked out).
1. Step 1: Investigation — Legitimate law enforcement conducts an investigation and identifies the attacker’s wallets. This can be done quickly in most cases, with the cooperation of victims, for public blockchains like Bitcoin.
2. Step 2: Activation — The Blacklist Revocation Function process would be activated. Basically, it is a soft-fork request that activates already coded routines. As part of the request, it would identify which accounts and tracks of transactions would be invalidated.
It must also specify what is to be done with the blacklisted coins and the timing to take effect. If a known victim(s) are listed, their assets could be returned by voiding out the original transfer transactions or by some other follow-on means. If not, then the coins could be re-absorbed into the system in some way (general distribution, extend mining curve, temporarily increasing block validation rewards, or pay for general transaction fees for all users for a period of time). The point is that the coins won’t be burned, lost, or seized. The total number of expected coins in the system will remain predictable. They will continue to benefit the community with minimum disruption to the overall coin availability.
3. Step 3: Validation — Now comes the tricky part. Carefully prepared evidence must be made available by the submitting law enforcement, for the community to ‘judge’ if this is a valid request. The reputation of previous submissions will play a part in trusting the accuracy and completeness of the information. A vote would take place and this function would only activate if it met the required consensus, usually more than 50%, is in support to make the changes. In essence, the community would decide by a pseudo-public trial to pass or fail the request.
4. Step 4: Resolution — If the soft fork is not supported by the community, it dies and is simply not implemented. If it passes, then it is activated on the blockchain like any other decentralized digital contract or soft-fork. The power of the system itself is utilized to do the work of enacting changes to invalidate accounts, turn-back transactions, or effectively seize assets.
In addition to the interdiction of attacks, recovery of assets, and victim restitution, the benefits also include deterrence. It is reasonable to assume not every Blacklist Revocation Function request will be approved. But some will, which gives law enforcement and victims a powerful capability to correct the wrongs of attackers. As attackers would not know which would or wouldn’t be passed, it creates uncertainty for them that their assets may be stripped. This may cause enough doubt and fear to deter such attacks or illicit use of cryptocurrency.
Another important aspect is that the use of this Blacklist Revocation Function would not result in the law enforcement agencies seizing any assets. In fact, they don’t financially gain anything as the coins would be returned to the victims or redistributed back to the community in some way. This would deter potential abuses of overly aggressive seizures and forfeitures, a concern of many, to reinforce trust in the system.
Crime is disruptive; it impacts victims, markets, law enforcement, and therefore everyone in some way. Decentralized cryptocurrencies are incredibly powerful. These enabling technologies should be designed to be less beneficial to malicious criminals and lean towards protecting benevolent users. A Blacklist Revocation Function could provide tremendous benefits and relief to victims of digital crimes. At the same time, they increase trust and legitimacy for cryptocurrency. There is no perfect solution to digital crime, but applying the strengths of decentralized blockchain architectures could be an important step in the right direction to empower justice without sacrificing the independence of cryptocurrency.
Is there a better way of balancing security and trust when it comes to pursuing criminals into the realm of cryptocurrency? Innovation is needed to enable improved tools for law enforcement while preserving the independence of decentralized digital currency. A Blacklist Revocation Function could be one answer.
Matthew Rosenquist, Cybersecurity Strategist