The Impact of Regulators on Bitcoin Exchanges

About 20 or so of the bitcoin stock all of a sudden we've got a practical way to trace stolen bitcoins both over the short term if somebody came and did an armed robbery at your house yesterday and over the medium term if a bitcoin exchange goes bust and it turns out that somebody inside it has been stealing bitcoins for a year or so. So, it's fit for both purposes.

This development has got all sorts of interesting implications now that regulators have started insisting that bitcoin exchanges be regulated. The US Financial Crimes Enforcement Network (US Treasury) which is part of the US Treasury started requiring bitcoin exchanges to be regulated in 2013. They busted BTCE, which was a big criminal-operated bitcoin exchange in Greece, and they went and busted a few places in America as well.

So now the message has got across and even in relatively remote places like the Philippines they've now got round to passing laws saying that all bitcoin exchanges have got to register as foreign exchange dealers. This means that when you change bitcoins whether into dollars or euros or pounds or even into pieces, you've got to produce your passport and utility bills so that there's a record of who you are.

The European Union for its part has decided to amend the Fourth Anti-Money Laundering Directive, which means that companies providing hosted bitcoin wallet services will also fall under the regulation. This means that if you get your bitcoin wallet run online by a service company as the great majority of bitcoin users do, then you'll have to provide your passport and gas bills just as if you were opening an account at HSBC.

An interesting top-level view of this is that very often when a new disruptive technology comes along people build systems and they completely ignore the existing laws for a while and try to build something better. And if they do build something better, then it gets blessed with regulation and absorbed into the system. Uber comes along and says "We're not a taxi company, we're a service company, we're a platform." And so they start providing cheap taxi rides in London.

But eventually, the mayor of London says listen pal, you are a taxi company and we're pulling your license. See you in court. The moral is that very often when you get a new and disruptive phenomenon coming along, you can sort it out perfectly well by applying existing law to it once you can figure out an intelligent way to do that.

So what we've done is produce software which enables you to track stolen bitcoins effectively and we're going to be making this publicly available so that if your bitcoin gets stolen you can apply it to the doc, the blockchain, and you can find where your property's gone. We're also going to be publishing a "tent chain" which will be a public list of coins that have been publicly reported to be stolen.

We hope that this will be taken over by the authorities perhaps by Europol or somebody like that, and will then have to be taken into account by bitcoin exchanges when they ponder whether to give value for a piece of cryptocurrency that somebody's offered them. I'm holding some bitcoin and as far as I know legitimately, why do I want to go and find out if they might actually be stolen? This is a perpetual problem with anti-money laundering measures in that nobody actually wants to know the truth.

Citibank what doesn't want to know that they've got John Gotti as a customer and they would push back very, very hard against laws which said that Citibank CEO had to go to jail if it turned out that a mafia bus was a customer. So instead, they lobby for laws which say that so long as Citibank has got to pass brother's and two gas bills off every customer, they don't have to go to jail, and everybody's happy.

But once you move into the world of cryptocurrencies, the fact that cryptocurrencies are completely traceable changes the game entirely. You know once you have got public information of what money went where and when it suddenly becomes impossible for banks to turn around and say now hang on a minute we didn't know so.

"WEBVTTKind: captionsLanguage: enbitcoin is used to facilitate an awful lot of bad stuff um it's not just things like online drug dealing it's things like um you know viruses which will encrypt your hard disk and hold you up to ransom from the original crypto locker through things like wannacry and in the old days kidnapping just didn't work because you couldn't get the money away and the existence of cryptocurrencies changes that in in ways that may have wider ramifications what we've been looking at is how you go about tracking stolen bitcoins suppose you're foolish enough to let people know that you've got 10 million dollars worth of bitcoins and somebody comes into your house and sticks a gun up your nostril and gets you to transfer them to him how can you go about tracing the stolen loot well people have known since the beginning of bitcoin that you can in fact trace stuff because the blockchain is entirely public and all the transactions are there for everybody to see but how do you go about doing this in practice people like martin moser and reiner burma came up with a couple of approaches the first approach they said is poison tainting and poison tenting means that if you put a bad bitcoin into a transaction or address then it poisons everything that's there so if you open a new wallet and you put in three stolen bitcoins and then seven freshly mined bitcoins then when you go and spend that utxo it's 10 stolen bitcoins the problem with this is that over a few thousands or tens of thousands of blocks it completely poisons the entire blockchain at least the active blockchain that people are using for trading so the second method that they come up with was what they call haircut tainting and here if you put three stolen bitcoins into a new wallet and then seven freshly mined ones then you end up spending ten bitcoins each of which is thirty percent tainted and you just write the software as a track all this now the problem with haircut tenting is that within a few thousand blocks you end up with all the active bitcoins in the blockchain being tainted just a little bit under 10 because something over six percent of all bitcoins have been stolen at least once so what can we do about this well the breakthrough came when i was talking with david fox who was one of our law lecturers and is now a law prophet at edinburgh and he pointed me to what lawyers knows clayton's case and this was a judgment of the high court in london in 1816 after a bank went bankrupt during the napoleonic war and they had to sort out who owned what among the rubble and the master of the roles one of the senior judges in england at the time ruled that you had to do first in first out right the first money that went into an account is used to satisfy the first checks that are drawn on it and so this gives us a sound legal basis for trying to do some computer science because first in first out or fifo is something that programmers and communications engineers understand very very well so we went and wrote some software which does a 5 foot tenth of the blockchain and so whenever coins are stolen and put in a transaction perhaps join with other kinds the coins that went in first are the coins that go out the first satoshi inn is the first satoshi out and so on and when we run this over the blockchain we find that a fascinating thing happens that the tent remains concentrated rather than being spread out so for example if you look at a theft of about a thousand bitcoins in 2014 and trace it forward to 2016 then if you use poison tainting or haircut tenting then it affects about one and a half million addresses which is a lot however if you use fifo tainting then only 11 000 addresses are affected so what's happening here is that bad bitcoins tend to keep on circulating in bad neighborhoods of the internet and we find that whereas you know with haircut tenting most of the bitcoins out there are tainted one way or another if you use five for tenting then the majority of bitcoins aren't tainted at all the tent is concentrated um among oh gosh about 20 or so of the bitcoin stock all of a sudden we've got a practical way to trace stolen bitcoins both over the short term if somebody came and did an armed robbery at your house yesterday and over the medium term if a bitcoin exchange goes bust and it turns out that somebody inside it has been stealing bitcoins for a year or so so it's fit for both purposes and this has got all sorts of interesting implications now that the regulators have started insisting that bitcoin exchanges be regulated now the the us financial crimes enforcement network which is part of the us treasury started um requiring bitcoin exchanges to be regulated in 2013. they busted btce which was a big criminal operated bitcoin exchange in greece and they went and busted a few places in america as well and so now the message has got across and even in you know relatively remote places like the philippines they've now got round to passing laws saying that all bitcoin exchanges have got to register as foreign exchange dealers and that means that when you change bitcoins whether into dollars or euros or pounds or even into pieces you've got to produce your passport in a of utility bills so that there's a record of who you are the european union for its part has decided from the amend the fourth anti-money laundering directive that they're going to require companies to provide hosted bitcoin wallet services to also fall under the regulation and this means that if you get your bitcoin wallet run online by a service company as the great majority of bitcoin users do then you'll have to provide your passport and your gas bills just as if you were opening an account at hsbc there's an interesting top-level view of this which is that very often when a new disruptive technology comes along people build systems and they completely ignore the existing laws for a while and they try and build something better and if they do build something better then it gets you know blessed with regulation and absorbed into the system uber comes along and it says we're not a taxi company we're a service company we're a platform and so they start providing cheap taxi rides in london and then people notice that some of the cars are unsafe that the drivers are working 16 hours a day that they're getting less than minimum wage that they're not getting criminal records background checks that sometimes they rape customers and the crimes aren't reported and eventually the mayor of london says listen pal you are a taxi company and we're pulling your license see you in court and the moral is that very often when you get a new and disruptive phenomenon coming along you can sort it out perfectly well by applying existing law to it once you can figure out an intelligent way to do that and so what we've done is produce software which enables you to track stolen bitcoins effectively and we're going to be making this publicly available so that if your bitcoin gets stolen you can apply it to the doc the blockchain and you can find where your property's gone and we're also going to be publishing a tent chain which will be a public list of coins that have been publicly reported to be stolen and we hope that that will be taken over by the authorities perhaps by europol or somebody like that and will then have to be taken into account by bitcoin exchanges when they ponder whether to give value for a piece of cryptocurrency that somebody's offered them if i'm holding some bitcoin and as far as i know legitimately why do i want to go and find out if they might actually be stolen well this this is a this is a perpetual problem um with anti-money laundering um measures in that nobody actually wants to know the truth right citibank what doesn't want to know that they've got john gotti as a customer and they would push back very very hard against laws which said that citibank ceo had to go to jail if it turned out that a mafia bus was a customer so instead they lobby for laws which say that so long as citibank has got to pass brothers and two gas bills off every customer they don't have to go to jail and so mr gotti is good at finding passports and gas bills and city bank doesn't have to go to jail and everybody's happy and so we've got ourselves at a a an equilibrium in the anti-money laundering world of traditional money that doesn't really quite work however once you move into the world of cryptocurrencies the fact that cryptocurrencies are completely traceable changes the game entirely it you know once you have got public information of what money went where and when it suddenly becomes impossible for banks to turn around and say now hang on a minute we didn't know so the bitcoin people have been lobbying for at least five years to have bitcoin to be declared money because if bitcoin becomes money then now what if there was a secret mathematical relationship between p and q would that change anything what if p was actually equal to some multiple of qbitcoin is used to facilitate an awful lot of bad stuff um it's not just things like online drug dealing it's things like um you know viruses which will encrypt your hard disk and hold you up to ransom from the original crypto locker through things like wannacry and in the old days kidnapping just didn't work because you couldn't get the money away and the existence of cryptocurrencies changes that in in ways that may have wider ramifications what we've been looking at is how you go about tracking stolen bitcoins suppose you're foolish enough to let people know that you've got 10 million dollars worth of bitcoins and somebody comes into your house and sticks a gun up your nostril and gets you to transfer them to him how can you go about tracing the stolen loot well people have known since the beginning of bitcoin that you can in fact trace stuff because the blockchain is entirely public and all the transactions are there for everybody to see but how do you go about doing this in practice people like martin moser and reiner burma came up with a couple of approaches the first approach they said is poison tainting and poison tenting means that if you put a bad bitcoin into a transaction or address then it poisons everything that's there so if you open a new wallet and you put in three stolen bitcoins and then seven freshly mined bitcoins then when you go and spend that utxo it's 10 stolen bitcoins the problem with this is that over a few thousands or tens of thousands of blocks it completely poisons the entire blockchain at least the active blockchain that people are using for trading so the second method that they come up with was what they call haircut tainting and here if you put three stolen bitcoins into a new wallet and then seven freshly mined ones then you end up spending ten bitcoins each of which is thirty percent tainted and you just write the software as a track all this now the problem with haircut tenting is that within a few thousand blocks you end up with all the active bitcoins in the blockchain being tainted just a little bit under 10 because something over six percent of all bitcoins have been stolen at least once so what can we do about this well the breakthrough came when i was talking with david fox who was one of our law lecturers and is now a law prophet at edinburgh and he pointed me to what lawyers knows clayton's case and this was a judgment of the high court in london in 1816 after a bank went bankrupt during the napoleonic war and they had to sort out who owned what among the rubble and the master of the roles one of the senior judges in england at the time ruled that you had to do first in first out right the first money that went into an account is used to satisfy the first checks that are drawn on it and so this gives us a sound legal basis for trying to do some computer science because first in first out or fifo is something that programmers and communications engineers understand very very well so we went and wrote some software which does a 5 foot tenth of the blockchain and so whenever coins are stolen and put in a transaction perhaps join with other kinds the coins that went in first are the coins that go out the first satoshi inn is the first satoshi out and so on and when we run this over the blockchain we find that a fascinating thing happens that the tent remains concentrated rather than being spread out so for example if you look at a theft of about a thousand bitcoins in 2014 and trace it forward to 2016 then if you use poison tainting or haircut tenting then it affects about one and a half million addresses which is a lot however if you use fifo tainting then only 11 000 addresses are affected so what's happening here is that bad bitcoins tend to keep on circulating in bad neighborhoods of the internet and we find that whereas you know with haircut tenting most of the bitcoins out there are tainted one way or another if you use five for tenting then the majority of bitcoins aren't tainted at all the tent is concentrated um among oh gosh about 20 or so of the bitcoin stock all of a sudden we've got a practical way to trace stolen bitcoins both over the short term if somebody came and did an armed robbery at your house yesterday and over the medium term if a bitcoin exchange goes bust and it turns out that somebody inside it has been stealing bitcoins for a year or so so it's fit for both purposes and this has got all sorts of interesting implications now that the regulators have started insisting that bitcoin exchanges be regulated now the the us financial crimes enforcement network which is part of the us treasury started um requiring bitcoin exchanges to be regulated in 2013. they busted btce which was a big criminal operated bitcoin exchange in greece and they went and busted a few places in america as well and so now the message has got across and even in you know relatively remote places like the philippines they've now got round to passing laws saying that all bitcoin exchanges have got to register as foreign exchange dealers and that means that when you change bitcoins whether into dollars or euros or pounds or even into pieces you've got to produce your passport in a of utility bills so that there's a record of who you are the european union for its part has decided from the amend the fourth anti-money laundering directive that they're going to require companies to provide hosted bitcoin wallet services to also fall under the regulation and this means that if you get your bitcoin wallet run online by a service company as the great majority of bitcoin users do then you'll have to provide your passport and your gas bills just as if you were opening an account at hsbc there's an interesting top-level view of this which is that very often when a new disruptive technology comes along people build systems and they completely ignore the existing laws for a while and they try and build something better and if they do build something better then it gets you know blessed with regulation and absorbed into the system uber comes along and it says we're not a taxi company we're a service company we're a platform and so they start providing cheap taxi rides in london and then people notice that some of the cars are unsafe that the drivers are working 16 hours a day that they're getting less than minimum wage that they're not getting criminal records background checks that sometimes they rape customers and the crimes aren't reported and eventually the mayor of london says listen pal you are a taxi company and we're pulling your license see you in court and the moral is that very often when you get a new and disruptive phenomenon coming along you can sort it out perfectly well by applying existing law to it once you can figure out an intelligent way to do that and so what we've done is produce software which enables you to track stolen bitcoins effectively and we're going to be making this publicly available so that if your bitcoin gets stolen you can apply it to the doc the blockchain and you can find where your property's gone and we're also going to be publishing a tent chain which will be a public list of coins that have been publicly reported to be stolen and we hope that that will be taken over by the authorities perhaps by europol or somebody like that and will then have to be taken into account by bitcoin exchanges when they ponder whether to give value for a piece of cryptocurrency that somebody's offered them if i'm holding some bitcoin and as far as i know legitimately why do i want to go and find out if they might actually be stolen well this this is a this is a perpetual problem um with anti-money laundering um measures in that nobody actually wants to know the truth right citibank what doesn't want to know that they've got john gotti as a customer and they would push back very very hard against laws which said that citibank ceo had to go to jail if it turned out that a mafia bus was a customer so instead they lobby for laws which say that so long as citibank has got to pass brothers and two gas bills off every customer they don't have to go to jail and so mr gotti is good at finding passports and gas bills and city bank doesn't have to go to jail and everybody's happy and so we've got ourselves at a a an equilibrium in the anti-money laundering world of traditional money that doesn't really quite work however once you move into the world of cryptocurrencies the fact that cryptocurrencies are completely traceable changes the game entirely it you know once you have got public information of what money went where and when it suddenly becomes impossible for banks to turn around and say now hang on a minute we didn't know so the bitcoin people have been lobbying for at least five years to have bitcoin to be declared money because if bitcoin becomes money then now what if there was a secret mathematical relationship between p and q would that change anything what if p was actually equal to some multiple of q\n"