The indictment against the alleged Samourai Wallet (SW) operators was unsealed today. A few friends have been asking for my opinion on it and my channels are blowing up. I used to serve in law enforcement as a detective that specialized in cybercrime and blockchain analysis. The following information may be useful or interesting to some.
Reading through the Department of Justice’s press release and the indictment itself, here are my initial thoughts:
There are plenty of examples of past investigations resulting in arrests/convictions related to the operation of custodial mixing services, with Bitcoin Fog being the one in recent news. With a service taking custody of funds and moving funds between other people/users, they are likely going to be considered a money service business. And if a money service business doesn’t block Americans from using the service, the US Department of Treasury will require the operators of that service to register with them and follow their compliance regulations. Many foreigners have been arrested in foreign jurisdictions in order to be prosecuted in the US with an American judge and jury for allegedly violating federal American laws (read that sentence twice).
With these sorts of cases, you are typically dealing with the idea that a service didn’t register correctly and follow compliance regulations. And then the other idea is that the operator of the service knew and allowed funds to move through it that would be considered “illicit” or “sanctioned.”
Examples of illicit funds may be proceeds from illegal drug sales or funds stolen from someone. The sanction piece can involve entities, such as particular Bitcoin addresses, individuals, companies, or countries, using the service or receiving from the service. The US federal government maintains a sanction list.
The above summary has been an on-going fight on privacy, censorship, and regulatory overreach for a while. It isn’t new (and Roman Sterlingov should be free). SW’s indictment is different from the situation I summarized above though.
SW was a non-custodial service. This means that users controlled (their private keys to) their funds themselves and the service provider (SW) allowed the coordination between users through its infrastructure, such as the app, the server, the continued development, etc. This makes this case much more interesting and more concerning to me.
Regarding the first count against the men: Conspiracy to Commit Money Laundering. The SW indictment alleges that SW was a service that provided “large-scale money laundering and sanctions evasion.” So we are talking about users using illicit funds with the service and sanctioned entities using or receiving from the service. And we are talking about the SW coordinators “conspiring” with the relevant users to do this.
The indictment is constantly referring to SW as an “application” that is conducting or facilitating the mixing through a “centralized coordinator server.” Who controls the application and server? Allegedly the two men named in the indictment.
When it comes to SW’s Whirlpool service: Through their server, their application is selecting the inputs. Their application is communicating information between all users necessary for the mixing to occur. Their application is using the private keys on behalf of the users. Their application is broadcasting the mixing transactions to the Bitcoin network. The picture the indictment is painting is that the application and server are essentially doing the money laundering, as opposed to the users using the service. Similar verbiage and logic are used to describe SW’s Ricochet service too (adding hops to a send you intend to do).
The above summary is the most shocking piece of the indictment, in my opinion. The implications of this reach beyond Bitcoin-related apps and services. Think of the apps and services, just in general, that a user could use to engage in criminal behavior. Now think of arresting the developers/creators for what the user did.
Regarding the second indictment against the men: Conspiracy to Operate an Unlicensed Money Transmitting Business. The indictment says the SW operators were “involved in the transportation and transmission of funds intended to be used to promote and support unlawful activity.” There isn’t any mention or consideration of custody of funds in this. The logic of the indictment: Some users may have used SW’s application and server for “unlawful activity” and therefore, SW was involved in the unlawful activity. Again, this is a scary precedent. Think of the applications and servers out there right now that users may be using for unlawful activity.
There are many mentions apparently from the coordinators themselves that address the knowledge and intent element (important for a criminal trial). The SW operators were obviously passionate about financial privacy and resisting compliance regulations. Their messages (especially with their style of messaging) will be easy to spin/take literally, even if the coordinators were just trying to be edgy with their marketing/brand. The SW coordinators did not help themselves in this regard.
I think the government will focus a lot on the coordinator’s knowledge and intent of the service being used for illegal activity. I believe this is how the government will “limit” the scope of the precedence and how it will try to differentiate the SW service from others.
Regarding the illicit funds/sanctions piece: The blockchain analysis showing funds from Dark Web markets that sell illegal drugs flowing into SW’s Whirlpool will be easy for the prosecution. The same goes with sanctioned entities sending to or receiving from SW’s Whirlpool. It will also be easy to show funds flowing from known hacks, exploits, and/or thefts flowing into SW’s Whirlpool. The government will need to prove the men knew this was happening and that they facilitated it by providing the SW application and server. Their mouths may be their downfall on this one, but I think it is pretty clear that the SW operators’ intent was to provide a neutral financial privacy tool that didn’t control user funds, leaving the responsibility of the use of those funds on the users themselves.
With the logic in this case, I wonder if it will be argued that blockchain analysis companies are also culpable since they surely had their own funds being mixed in SW’s Whirlpool to collect data points. Were their funds facilitating illegal activity? Or were their funds facilitating financial privacy in general? (Maybe facilitating privacy was just the byproduct of having the chance to trace through exclusions.)
Overall, the case leads to some interesting questions.
Is a wallet software and developer a money service business now? How about a full node? These both facilitate the transmission of funds too. The implications of this case are not good for privacy or code. I’m ready to donate to the defense.
