Back to Resources

AML & hacking in crypto. Is anonymity sustainable?

AML & hacking in crypto. Is anonymity sustainable?

23.06.2022

Efficient Frontiers International

Regulation is the hottest topic when it comes to the institutionalisation of cryptocurrencies. However, a decentralised environment that is often anonymous by design raises serious concerns. During a recent event featuring industry leaders, the topic of anonymity and privacy prompted a thought-provoking discussion, but the question remained: is anonymity sustainable?

As featured in Finance Derivative

Anonymous vs known wallets: how do they work?

To many, anonymity and privacy are the DNA of cryptocurrencies. The rising popularity of sole custody of assets indicates a paradigm shift in modern banking – consumers are asking: why trust a bank when I can trust myself? As such, an increasing number of investors are opting to trust themselves with securing their financial assets to prevent third party control and maintain sole responsibility of their funds[1].

But with such a large portion of blockchain participants anonymous by design, how do regulatory authorities intend to implement robust Anti-money laundering controls? Pioneering blockchain analysis technologies such as Chainalysis can trace blockchain-based assets from the source; but ultimately this information is only valuable as evidence to indict criminals if it can be definitively attributed to an individual or organisation – not a straightforward task by any means.

Criminal activity on the blockchain: does it undermine crypto’s claim of security?

Make no mistake, cryptoassets have become a bona fide target for criminals to launder money. The ability to move funds between anonymous wallets via decentralised applications and exchanges gives criminals a unique opportunity to obfuscate the origin of funds. Decentralised applications such as ‘tornado cash’ has been a target for money launderers in the past[2]; an Ethereum-based smart contract protocol that collates funds from multiple users before redistributing them after ‘mixing’ the funds together. This is just one example of the risk presented by the sovereignty of digital assets in an open-source decentralised environment.

The role of the regulator: will a one size fits all approach work?

According to Crypto.com, there were over 300 million global users of cryptocurrency as of January 2022, a number which is expected to breach one billion by the end of this year[3]. To regulators, this is an alarming number of people that may lack experience and knowledge when it comes to investing in digital assets. Understandably, there has been an urgent imperative from regulators to create and implement legislation that sufficiently protects users from the dangers of operating within the world of cryptoassets. The significant challenges of doing so are clear to see:

The decentralised nature of cryptoassets limits the impact of policymakers;
If regulators stifle innovation by damaging business-to-consumer trust and overburdening integration processes, lucrative opportunities will move elsewhere and all stakeholders will suffer.
Therefore, the unenviable task awaiting regulators is to balance the protection of privacy and data with mitigating risk and financial crime.

Fortunately, the road is being paved for leading global regulators to collaborate to create a global framework that meets the goals of encouraging innovation whilst tackling criminal activity; gaps in the global frameworks that leave vulnerabilities will only benefit malevolent actors.

Finding a middle ground: using encryption technologies via smart contracts

One could argue that blockchain technology is a regulator’s paradise; a distributed ledger of transactions with immutability, end-to-end security and increasing transparency. Though not the current reality, it certainly has the potential to be a distinct improvement as a payment system for the purpose of efficient law enforcement. Earlier, I raised the issue of anonymity and whether it is sustainable in a regulated environment – currently, transactions can be traced with remarkable accuracy, but the dilemma of wallet anonymity will be a significant hurdle for regulators.

Herein lies the potential solution: zero-knowledge proofing. Instead of obtaining full identity information on users, applications utilising zero-knowledge proof reduce money laundering risk by verifying certain information without possessing full identity knowledge using a trusted third party. For example, if I want to reduce the risk of sending an asset to an unknown wallet, I can use a decentralised application to verify some key datapoints using a smart contract.

For instance, I could ask: > is the receiver over 18? > is the receiver a UK national? > is the receiver a sanctioned entity? Using this information, the smart contract will automatically fulfil the transaction based on the data available. In this instance I will only want the transaction to be completed if the outcomes meet my risk appetite, which is pre-determined by the user. Although this is a basic overview of zero-knowledge proofing utilising a blockchain payment mechanism, the option of a middle ground providing selective anonymity whilst protecting privacy is worth consideration.

This approach has its challenges though.

For example, the current most popular zero-knowledge proofing protocol, Zcash, is limited to only 67 transactions per second, which is a huge obstacle for the widespread use of this protocol[4]. If such an algorithm can be proved to work in a more efficient and highly scalable manner, it may be worth further consideration from regulators.

In summary

It is clear that crypto and decentralised finance are here to stay; however, its increasing popularity presents a double-edged sword to governments and regulators; a marked increase in operational efficiency and cost reduction across multiple global sectors is likely to benefit all stakeholders, however, with this comes the cost of elevated consumer risk amid reduced centralised control. All eyes are on regulators and governments worldwide to see how they will adapt to the rise in prominence of cryptoassets.

Will future legislation provide the required protection for consumers? Doing so may suppress pioneering innovation that stands to benefit many aspects of society; all eyes are on the regulators, and the clock is ticking.

[1] David Jevans spoke at a public event about developments in compliance in the crypto industry: https://crypto.live.ft.com/agenda?dates=1651017600000

[2] https://slowmist.medium.com/slowmist-aml-tracking-funds-laundered-by-tornado-cash-3a0e1f637054 

[3] https://crypto.com/research/2021-crypto-market-sizing-report-2022-forecast 

[4] https://phemex.com/academy/what-is-zcash-zec#:~:text=Transactions%20per%20second%20(TPS)%3A,TPS%20with%20solely%20public%2