The UK’s National Crime Agency (NCA) has issued a warning that “crypto mixers” are being used for money laundering. In the reporting by the Financial Times, Samourai Wallet and Wasabi Wallet have both been mentioned as a “well-known mixer”. The article was published on the FT website behind a paywall but can be read in entirety here https://archive.ph/LMsEy
The author of the article reached out to us on March 11 with the following questions to allow us to respond.
Since only a single sentence of our response was used in the resulting article we have decided to publish our entire response that we sent to the Financial Times below.
There must be a distinction made between what the NCA has labelled ‘crypto mixers’ and the open source software algorithms that are used in Samourai Wallet, known as CoinJoin. A “mixer” implies a custodial system where crypto is sent into the control of a third party custodian who promises to send back crypto that is unrelated to the deposit. The software that Samourai Wallet produces is fundamentally different. In the Samourai software, users individually collaborate with each other to compose what are known as CoinJoin transactions to themselves. The user retains custody of their bitcoin at all times and a transmission of funds to any third party never occurs.
While it is true that Bitcoin is a pseudonymous system at the protocol level, the vast majority of crypto on-ramps and off-ramps are the custodians of vast amounts of personally identifiable information about their users — to comply with KYC and AML guidelines and regulations.
Several of these custodians have had serious data breaches where this sensitive information is now in the hands of criminals and other bad actors putting innocent users at increased risk of being the target of serious crime like fraud, kidnapping, or worse. With transparent ledgers like the Bitcoin blockchain every transaction is publicly recorded and viewable by anyone indefinitely, a situation no normal person would tolerate in the existing financial system. The existing system has several legislative mechanisms built in that ensure basic privacy (your bank doesn’t share your account balance and transaction history with the barista at the coffee shop for example). The blockchain doesn’t have the luxury of legislative power to solve these problems, therefore software solutions such as CoinJoin are used to obtain these basic protections.
The argument that crypto users identity is obscured on the blockchain so users shouldn’t need to worry themselves with basic financial privacy is not only bad advice, it is a feeble attempt to justify an unprecedented encroachment into the financial privacy of law abiding citizens. The NCA’s remit is to stop serious and organized crime not regulate the behaviour of law abiding citizens.
Elliptic doesn’t provide the underlying data they use to produce these unverifiable numbers. Their methodology is often a black box, where headline numbers and charts are presented in lieu of data. Likewise, government contracts play an important part of for profit businesses like Elliptic. It is our contention that these figures are likely overstated. For H1 2021, FINCEN estimated ransomware, by far the largest illicit use volume of bitcoin, to mixer flows at only 1% (source). Elliptic’s and FINCEN’s estimates are an order of magnitude apart, which implies one of them is wrong.
We believe the vast majority of users who are using non custodial CoinJoin software are law abiding and simply trying to obtain a basic level of financial privacy when using a transparent and public blockchain.
Businesses that take custody of funds on behalf of customers are already heavily regulated. We agree that the use of centralized mixers that take possession and custody of funds should be scrutinized and avoided. However, free and open source software algorithms in which there is no entity that takes custody of funds cannot be effectively regulated. We believe the NCA should instead focus on more productive methods to prevent serious crime and catch criminals.