(I have another thought on this subject bill save that for another time)
EARLY ONE FALL morning in 2017, in a middle-class suburb on the outskirts of Atlanta, Chris Janczewski stood alone inside the doorway of a home he had not been invited to enter.
Moments earlier, armed Homeland Security Investigations agents in ballistic vests had taken up positions around the tidy two-story brick house, banged on the front door, and when a member of the family living there opened it, swarmed inside. Janczewski, an Internal Revenue Service criminal investigator, followed quietly behind. Now he found himself in the entryway, in the eye of a storm of activity, watching the agents search the premises and seize electronic devices.
They separated the family, putting the father, an assistant principal at the local high school and the target of their investigation, in one room; his wife in another; the two kids into a third. An agent switched on a TV and put on Mickey Mouse Clubhouse in an attempt to distract the children from the invasion of their home and the interrogation of their parents.
Janczewski had come along on this raid only as an observer, a visitor flown in from Washington, DC, to watch and advise the local Homeland Security team as it executed its warrant. But it had been Janczewski’s investigation that brought the agents here, to this average-looking house with its well-kept yard among all the average-looking houses they could have been searching, anywhere in America. He had led them there based on a strange, nascent form of evidence. Janczewski had followed the links of Bitcoin’s blockchain, pulling on that chain until it connected this ordinary home to an extraordinarily cruel place on the internet—and then connected that place to hundreds more men around the world. All complicit in the same massive network of unspeakable abuse. All now on Janczewski’s long list of targets.
Over the previous few years, Janczewski, his partner Tigran Gambaryan, and a small group of investigators at a growing roster of three-letter American agencies had used this newfound technique, tracing a cryptocurrency that once seemed untraceable, to crack one criminal case after another on an unprecedented, epic scale. But those methods had never led them to a case quite like this one, in which the fate of so many people, victims and perpetrators alike, seemed to hang on the findings of this novel form of forensics. That morning’s search in the suburb near Atlanta was the first moment when those stakes became real for Janczewski. It was, as he would later put it, “a proof of concept.”
From where Janczewski was positioned at the front of the house, he could hear the Homeland Security agents speaking to the father, who responded in a broken, resigned voice. In another room, he overheard the agents questioning the man’s wife; she was answering that, yes, she’d found certain images on her husband’s computer, but he’d told her he had downloaded them by accident when he was pirating music. And in the third room he could hear the two grade-school-age children—kids about as old as Janczewski’s own—watching TV. They asked for a snack, seemingly oblivious to the tragedy unfolding for their family.
Janczewski remembers the gravity of the moment hitting him: This was a high school administrator, a husband and a father of two. Whether he was guilty or innocent, the accusations this team of law enforcement agents were leveling against him—their mere presence in his home—would almost certainly ruin his life.
Janczewski thought again of the investigative method that had brought them there like a digital divining rod, revealing a hidden layer of illicit connections underlying the visible world. He hoped, not for the last time, that it hadn’t led him astray.
ON A SUMMER’S day in London a few months earlier, a UK-born South African tech entrepreneur named Jonathan Levin had walked into the unassuming brick headquarters of the UK’s National Crime Agency—Britain’s equivalent to the FBI—on the south bank of the Thames. A friendly agent led him to the building’s second floor and through the office kitchen, offering him a cup of tea. Levin accepted, as he always did on visits to the NCA, leaving the tea bag in.
The two men sat, cups in hand, at the agent’s desk in a collection of cubicles. Levin was there on a routine customer visit, to learn how the agent and his colleagues were using the software built by the company he’d cofounded. That company, Chainalysis, was the world’s first tech firm to focus solely on a task that a few years earlier might have sounded like an oxymoron: tracing cryptocurrency. The NCA was one of dozens of law enforcement agencies around the world that had learned to use Chainalysis’ software to turn the digital underworld’s preferred means of exchange into its Achilles’ heel.
When Bitcoin first appeared in 2008, one fundamental promise of the cryptocurrency was that it revealed only which coins reside at which Bitcoin addresses—long, unique strings of letters and numbers—without any identifying information about those coins’ owners. This layer of obfuscation created the impression among many early adherents that Bitcoin might be the fully anonymous internet cash long awaited by libertarian cypherpunks and crypto-anarchists: a new financial netherworld where digital briefcases full of unmarked bills could change hands across the globe in an instant.
Satoshi Nakamoto, the mysterious inventor of Bitcoin, had gone so far as to write that “participants can be anonymous” in an early email describing the cryptocurrency. And thousands of users of dark-web black markets like Silk Road had embraced Bitcoin as their central payment mechanism. But the counterintuitive truth about Bitcoin, the one upon which Chainalysis had built its business, was this: Every Bitcoin payment is captured in its blockchain, a permanent, unchangeable, and entirely public record of every transaction in the Bitcoin network. The blockchain ensures that coins can’t be forged or spent more than once. But it does so by making everyone in the Bitcoin economy a witness to every transaction. Every criminal payment is, in some sense, a smoking gun in broad daylight.
Within a few years of Bitcoin’s arrival, academic security researchers—and then companies like Chainalysis—began to tear gaping holes in the masks separating Bitcoin users’ addresses and their real-world identities. They could follow bitcoins on the blockchain as they moved from address to address until they reached one that could be tied to a known identity. In some cases, an investigator could learn someone’s Bitcoin addresses by transacting with them, the way an undercover narcotics agent might conduct a buy-and-bust. In other cases, they could trace a target’s coins to an account at a cryptocurrency exchange where financial regulations required users to prove their identity. A quick subpoena to the exchange from one of Chainalysis’ customers in law enforcement was then enough to strip away any illusion of Bitcoin’s anonymity.
Chainalysis had combined these techniques for de-anonymizing Bitcoin users with methods that allowed it to “cluster” addresses, showing that anywhere from dozens to millions of addresses sometimes belonged to a single person or organization. When coins from two or more addresses were spent in a single transaction, for instance, it revealed that whoever created that “multi-input” transaction must have control of both spender addresses, allowing Chainalysis to lump them into a single identity. In other cases, Chainalysis and its users could follow a “peel chain”—a process analogous to tracking a single wad of cash as a user repeatedly pulled it out, peeled off a few bills, and put it back in a different pocket. In those peel chains, bitcoins would be moved out of one address as a fraction was paid to a recipient and then the remainder returned to the spender at a “change” address. Distinguishing those change addresses could allow an investigator to follow a sum of money as it hopped from one address to the next, charting its path through the noise of Bitcoin’s blockchain.
Thanks to tricks like these, Bitcoin had turned out to be practically the opposite of untraceable: a kind of honeypot for crypto criminals that had, for years, dutifully and unerasably recorded evidence of their dirty deals. By 2017, agencies like the FBI, the Drug Enforcement Administration, and the IRS’s Criminal Investigation division (or IRS-CI) had traced Bitcoin transactions to carry out one investigative coup after another, very often with the help of Chainalysis.
The cases had started small and then gained a furious momentum. Investigators had traced the transactions of two corrupt federal agents to show that, before the 2013 takedown of Silk Road, one had stolen bitcoins from that dark-web market and another had sold law enforcement intel to its creator, Ross Ulbricht. Next they tracked down half a billion dollars of bitcoins stolen from the Mt. Gox exchange and showed that the proceeds had been laundered by the Russian administrator of another crypto exchange, BTC-e, eventually locating the exchange’s servers in New Jersey. And finally, they followed bitcoin trails to nail down the identity of the founder of AlphaBay, a dark-web market that had grown to 10 times the size of Silk Road. (In fact, even as Levin was sitting in London talking to the NCA agent, a coalition of half a dozen law enforcement agencies was converging in Bangkok to arrest AlphaBay’s creator.)
Levin was, as always, on the lookout for Chainalysis’ next big investigation. After running through a few open cases with him, the NCA agent mentioned an ominous site on the dark web that had recently come onto the agency’s radar. It was called Welcome to Video.
The NCA had stumbled across the site in the midst of a horrific case involving an offender named Matthew Falder. An academic based in Manchester, England, Falder would pose as a female artist and solicit nude photos from strangers on the internet, then threaten to share those images with family or friends unless the victims recorded themselves carrying out increasingly demeaning and depraved acts. Ultimately he’d force his victims to commit self-harm and even sexually abuse others on camera. By the time he was arrested, he had targeted 50 people, at least three of whom had attempted suicide.
On Falder’s computers, the NCA had found he was a registered user of Welcome to Video, a criminal enterprise that, by its sheer scale, put even Falder’s atrocities in the shade. This evidentiary lead had then wended its way from the NCA’s child exploitation investigations team to the computer crime team, including the cryptocurrency-focused agent at whose desk Levin now sat. Welcome to Video, it seemed, was among the rare sites that sold access to clips of child sexual abuse in exchange for bitcoin. It was clear at a glance that its library of images and videos was uncommonly large, and it was being accessed—and frequently refreshed with brand-new material—by a sprawling user base around the globe.
