Tainted Bitcoin Isn’t What You Think It Is

by | Jan 6, 2021 | money laundering, tainted bitcoin

The concept of “tainted Bitcoin” or “tainted cryptocurrency” is one of the most misunderstood aspects among Bitcoin enthusiasts. This misunderstanding doesn’t just apply to beginners, but to intermediate/advanced cryptocurrency users and traders, individuals who work full-time in the cryptocurrency industry, Bitcoin privacy experts, lawyers, many anti-money laundering professionals, regulatory agencies, and even law enforcement. Thus, we thought it would be helpful to offer an explanation of what tainted Bitcoin is and when or if it’s something to be concerned about.

What is Tainted Bitcoin

Tainted Bitcoin is a concept that suggests that Bitcoin or cryptocurrency associated with illicit activity is “dirty” and that it remains that way indefinitely. Thus, the concern is that individuals might receive tainted Bitcoin, through no fault of their own, and might have their funds seized, accounts blocked, or at the very least be subject to increased scrutiny. Before we delve further into these concerns, there are multiple things we need first to define and consider.

Tainted by What?

What is the Bitcoin supposedly tainted by? A ransomware incident? A theft? A fraudulent giveaway scam? A phishing scam? This is often related to some type of incident which is criminal in nature. If there is an on-chain link back to a reported incident, perhaps to a ransomware incident, depending on a variety of technical details, some may or may not call those funds ‘tainted’ by the said incident.

Alternatively, perhaps Bitcoin isn’t tainted by a specified/named incident, but perhaps by a service in general, such as a darknet market, since receiving funds from a darknet market would suggest a darknet market vendor at one point owned “those” Bitcoin (and perhaps the vendor withdrew those Bitcoin and holds them in the wallet in question).

Theoretically, the same principle can apply to funds that aren’t derived from illicit sources. The word “tainted” obviously implies a negative connotation. We could elect to use a more neutral-sounding term such as “associated with” or more accurately “associated with receiving from [applicable source or incident].” This would be a much more accurate description, and if this language was used all the time, there would be a lot less misunderstanding about what “tainted Bitcoin” is exactly. 

For example, it may be possible to ascertain that funds in a given wallet address ultimately derive from another wallet address a few ‘hops’ back controlled by the same individual, which, in turn, received funds directly from Coinbase. That wouldn’t necessarily suggest that the individual performed that withdrawal (from Coinbase) of course; someone else could have. If “tainted” didn’t have a negative connotation to suggest these funds were illicit, it would be entirely appropriate to say that the Bitcoin has been “tainted” by Coinbase, even though there’s absolutely nothing wrong with receiving funds from Coinbase.

Tainted by Whom?

Who or what taints Bitcoin, and how exactly do they do it? There is no tainting God that decides what Bitcoin is tainted and what is not. There’s really no widely accepted criteria to decide who can ‘taint’ Bitcoin or if what’s being described would even constitute ‘tainted’ Bitcoin. Let us consider a few actors in different situations whereby they may arguably (or arguably not) ‘taint’ Bitcoin:

  1. An individual gets scammed and posts a ‘report’ on Bitcoinabuse.com indicating that someone with the applicable BTC address scammed them. Could the BTC at the address now be said to be tainted? Arguably, yes, it could. But a host of problems arise. For one, how can it be known that the poster is telling the truth about the scammers’ address, or even if there was a scam? Maybe they’re reporting the address of a person they just don’t like? Thus, even though this Bitcoin might be said to be “tainted,” that really doesn’t mean anything important here since anyone can “taint” the BTC. There are a plethora of other issues as well. For example, if accepting funds from that address, could one reasonably have been expected to find this ‘report’ out of everything else on the web? In our opinion, that’s a completely unreasonable expectation to be crawling the web all the time trying to find such information, which hasn’t even been verified. Alternatively, maybe they are not reporting the scam address in particular, but rather where funds are eventually sent to which they believe to be the scammer but might be reporting a hot wallet address belonging to an exchange instead. As that address belongs to the exchange, not the scammer, this would be an example of false association (something that arises quite common when victims try to investigate themselves).
  2. The 2020 Twitter hack. The ‘giveaway’ addresses were widely known and circulated. Thus, this solves the issue about the ‘taint’ only coming from a single source of information. It can be said to be public information where the ‘tainting’ has been disseminated by a collection of credible sources. It could be said that the funds that were in these wallets were tainted, but for reasons we’ll explain later, even if you receive funds, either directly or indirectly from one of the wallets, it doesn’t mean the funds are still ‘tainted’ nor is it something you necessarily need to be concerned about.
  3. An individual or company that lost a considerable amount of cryptocurrency in a theft and contacted a professional firm (such as CipherBlade) shortly after the incident. In such a case, after reviewing the incident and if everything checks out, CipherBlade might then decide it’s appropriate to have the funds in the wallet ‘associated’ with the incident. However, we wouldn’t do so publicly. Rather, we’d contact various compliance tool providers we work with and would instruct them to ‘mark’ it as such accordingly. This is the general practice utilized for tainting funds.
  4. A ransomware incident. To be clear, funds aren’t ‘tainted’ because they derive from a ransomware payment. Rather, those funds can arguably be said to be tainted because someone reports them as being associated with ransomware, which is an important difference. That could be the company themselves who indicated as such publicly, it could be an anonymous person on Bitcointalk, it could be by an investigative agency, or it could be by a KYT tool provider. The credibility, experience, and trustworthiness of the entity creating this association is an important consideration.

Tainted According to Whom?

Another issue is that different sources of information are going to have different information on what Bitcoin is and is not ‘tainted.’ CipherBlade does report some incidents to some KYT tools providers, but we certainly don’t report each incident to all of them; there’s north of 50 KYT tool providers out there, and as you might expect, different KYT providers have more intelligence on these sorts of matters than others; they are NOT all equal.

Some information sources that arguably ‘taint’ Bitcoin are publicly available, some are free but not publicly available or require registration, and some are paid solutions, which may or may not be publicly available.

By now, everyone should realize that whether or not some Bitcoin is ‘tainted’ or not depends on what source(s) of information you use. And that results in multiple considerations and problems, as we discuss below.

Obligation to Recognize Tainted Bitcoin

Who is obligated to recognize tainted Bitcoin, and what are they obligated to do about it, if anything? Businesses and service providers are obligated to adhere to respective anti-money laundering laws and regulations. That doesn’t necessarily mean they have to make sure they don’t accept any illicit funds (since that would be impossible), but it does mean they should be making a genuine effort to minimize money laundering by having a real compliance program. The genuine effort they make is critical. 

Of course, there are some exchanges and service providers who love to laud their ‘comprehensive AML program,’ but that’s all a facade, and in reality, they are happy to facilitate money laundering. And that’s precisely the kind of thing regulatory agencies love to take enforcement action on (which also often leads to criminal charges). It happened to BTC-e among other exchanges, including most recently BitMEX, and that’s where KuCoin, OKEx, and Huobi are headed, along with a variety of other active exchanges and services that are in hot water. Many of these services like to use what we refer to as ‘jurisdictional gymnastics’ to make it harder to hold them accountable, but they will get what’s coming to them; it just takes a bit longer.

The question of whether or not an exchange is obligated to recognize tainted Bitcoin is problematic in and of itself since it’s not always clear if Bitcoin is tainted or not. Without professional assistance, it may furthermore be difficult to assess whether or not the Bitcoin in question has been already sent to another party (who is, in turn, trying to deposit the funds), who may or may not have anything to do with the incident. There’s no clear black or white answer here in our opinion due to these considerations (and others) but what is clear is that as a baseline, they should have an actual AML program and should be making a genuine effort to minimize the amount of money laundering on their platform.

But this doesn’t apply to cryptocurrency exchanges. It applies to other businesses as well. Debit card services. Gift card marketplaces. Merchant service providers. Non-exchange buying & selling platforms. OTC desks. All need to have a compliance program.

Thoughts on False Association

The biggest concerns people tend to have with tainted Bitcoin is either that they’ll obtain them unknowingly through no fault of their own or that they may be falsely associated with a given address. Our general view is that such concerns are generally, but not always, without merit. If you acquired BTC in your wallet from an exchange like Coinbase or Binance, whatever happened to the BTC “before” it was controlled by Coinbase or Binance is irrelevant since it was effectively mixed with other Bitcoin, breaking any relevant on-chain links to what it may have been associated with before.

Even if you acquired BTC from an exchange like OKex or Kucoin, which are widely known to be complicit in money laundering for lack of adherence to Anti-money laundering standards, you still wouldn’t have tainted Bitcoin, even if there happened to be an on-chain link between your wallet and the funds in the ‘tainted’ wallet. This is because, in between, there will be at least one exchange wallet (or more likely multiple) which are clearly not controlled by the seller (hacker) who had deposited the funds to the exchange. And the exchange presumably chose to accept those funds. Once that deposit happens, the on-chain link is broken once funds are withdrawn by some else; it’s no longer associated with the incident. It’s associated with the exchange. It’s obviously not a user’s fault that there’s a link on the blockchain itself from their wallet address to said incident, so no one (except those that have a poor understanding of Bitcoin and ‘tainting’) would actually consider the BTC ‘tainted’ anymore. What remains, however, is a record that OKex or Kucoin received those illicit funds.

Let’s turn to a more contentious example. Let’s say you acquire some BTC in your wallet in a P2P or OTC trade, and a hacker with tainted Bitcoin ends up sending you some of that BTC as part of that trade. Are those funds still tainted? Obviously, there is still an on-chain associated with the criminal incident, but for reasons I will explain, that association isn’t necessarily problematic.

At CipherBlade, we use blockchain analysis to determine what entities control given wallets. Assessing when funds are handed off to other entities is a critical part of what we do precisely because we don’t want someone to falsely be accused of having committed a crime, and it’s the critical reason that expert analysis is needed. Amateurs and individuals who don’t understand the nuances of blockchain forensics aren’t able to accurately assess this type of data, and that could lead to false accusations.

While KYT tools do offer benefits, this is also one of the challenges with KYT tools in general. It may show that a given wallet has receiving exposure from a ransomware incident, for example, which might be true, but such tools can’t accurately assess whether the individual with the account was in any way involved in the incident or if he or she just ended up receiving some funds associated with ransomware through no fault of their own. While KYT tools are important for exchanges to use to reduce money laundering, it’s critically important that these exchanges have people on staff that are sufficiently experienced and are capable of performing blockchain analysis.

In short, there are some instances where a P2P or OTC trade with the individual with tainted Bitcoin might lead to a false accusation, although these instances are extremely rare, and it’s quite unlikely it’s something most people will ever have to deal with. However, if a competent expert is involved, that drastically reduces the likelihood of the false accusation from arising to begin with.

Bitcoin Becoming Tainted After Receipt

Let’s discuss another hypothetical example. An exchange is hacked, and shortly thereafter, you end up receiving funds from the hacker in an OTC transaction. In this hypothetical example, when you had received the funds, the exchange never even disclosed, publicly or privately (to KYT tool providers), that they were hacked, nor had they provided the transaction data associated with the hack.

Eventually, after you’ve already made the trade, the exchange publicly announces they’ve been hacked and discloses the addresses associated with the hacker. The funds have already been moved by the hacker, and it’s discovered that your wallet then received these funds. This may lead one to have multiple questions:

  1. Were the Bitcoins tainted back when the OTC trade occurred?
  2. Were you in any way wrong to accept the funds?
  3. Was the OTC desk in any way wrong to accept the funds?
  4. Is it possible that you may get in legal trouble for accepting those funds?
  5. Are the Bitcoins tainted now?

The answer to #1 is very simple. No, they weren’t. And this is one of the reasons the exchange should have engaged experts quickly instead of waiting for days, weeks, or months.

The answer to #2 is also simple. No, you weren’t. Unless there were other indications that were cause for alarm, it’s not something they would have known. The OTC desk is the one operating a business, so compliance and due diligence is primarily their responsibility.

The answer to #3 is also pretty simple. No, they weren’t. A compliance tool wouldn’t have given them any indication that the funds were associated with ransomware at the time. However, this does not necessarily absolve the OTC desk. OTC desks are also required to adhere to compliance standards, and if they didn’t adhere to compliance standards, there’s a chance they were still wrong to do business with the seller, and there are some situations where that could cause legal troubles for the OTC desk.

The answer to #4 is that you ideally shouldn’t get in legal trouble, but we have seen instances, albeit quite rare, where this has happened. At CipherBlade, we do a fair bit of expert witness work. Most people assume that we’re primarily engaged by the plaintiff or prosecutor, and the evidence on the blockchain we report on is used as ‘ammunition’ to hold the defendant liable. However, a large portion of our expert witness work is actually for the defence side in cases precisely like this where individuals have been falsely accused of a crime — by people or prosecutors that don’t even have a preliminary understanding of blockchain forensics, much less one that would be suitable to allow them to act as an expert in court. These situations are quite rare, but there ultimately have been situations where people have gotten into legal trouble due to prosecutors/faux experts/lawyers not having a clue what they’re doing.

Regarding #5, there’s still an association, but that association shouldn’t necessarily imply anything negative as the word ‘tainted’ implies.

Tainted by a Mixer

Let’s say you’ve chosen to utilize a Bitcoin mixing service for privacy reasons. A mixing service attempts to obfuscate the true source of funds from the destination of funds through a variety of techniques to offer enhanced anonymity. When you send funds into a mixer, you don’t end up getting that ‘same’ Bitcoin back; the Bitcoin you get back belonged to someone else (before it was in the mixer). Mixers have both legitimate and illegitimate uses, but as you can probably imagine, the proportion of illicit funds that go into a mixer tends to be noticeably higher than most other services, for obvious reasons.

Because you’d be getting Bitcoin that belonged to someone else before it went into the mixer back, the likelihood of you receiving Bitcoin that’s tainted is (or was) increased because there may be a close on-chain connection between the incident (where the perpetrator used a mixer) and the funds you received from the mixer. Because some compliance tools are sometimes unable to detect mixer usage, these tools may suggest that the Bitcoin in your wallet in such a scenario is ‘dirty.’ However, if a professional firm like CipherBlade were the one assessing the wallet, our opinion would be that the funds aren’t actually tainted or dirty in this scenario, since we would be able to detect the real reason for having what appears to be ‘dirty’ Bitcoin is because the receiving transaction(s) are associated with a mixing service, and thus you had nothing to do with the incident.

This is why the existence of professionals is so critical. Professionals who understand how to properly investigate these types of crimes and fully follow funds on the blockchain are able to identify and opine on whether or not the funds in the wallet are controlled by the same individual that committed the crime or whether it belongs to some else completely unrelated to the incident. We’re able to identify and prevent false accusations that compliance tools may make since we have an in-depth understanding of how all these services work.

There’s nothing wrong with using a mixer if that’s what you’d like to do, but if your goal is to get rid of any ‘tainted’ Bitcoins in your wallet, a mixer will not help with that; some tools (and thus some exchanges) would treat it as higher risk or with higher scrutiny.

Does Bitcoin Remain Tainted Indefinitely?

There are two ways this question can be interpreted. Let’s say an exchange is hacked, and it’s announced, but the hacker doesn’t proceed to move the funds from the initial hacker wallets; he or she keeps them there indefinitely. Do the funds in these initial wallets remain tainted indefinitely? As most of you can guess, the answer to this question is yes. This is why the hacker will try to launder those funds sooner or later.

But the other way to interpret this question is if the funds start moving from the hacker’s addresses and then go through a variety of other wallets and/or to a variety of other individuals. In this case, would the funds remain tainted indefinitely? And the answer to that is a clear no; absolutely not. In our opinion, once it can no longer be ascertained that the BTC is controlled by the same entity that was engaged in the crime, the funds are no longer ‘tainted.’ When an individual has ‘tainted’ Bitcoin as a result of a crime, they often want to ‘clean’ this Bitcoin so they have Bitcoin unassociated with the crime. This process is more commonly referred to as money laundering. The issue is that many people believe that liquidated Bitcoin ends up getting dispersed to other individuals and exchanges and that this remains tainted indefinitely. For reasons I will explain, this assumption is false; Bitcoin does not remain tainted indefinitely.

Consider that almost all of us have Bitcoin in our wallets that was at one point controlled by the Silk Road. Is it still tainted? Of course not. Since being withdrawn from the Silk Road, the Bitcoin in your wallet has moved through a variety of intermediaries. A portion of it has belonged to numerous other people and has gone through various exchanges so that on-chain connection to the Silk Road is no longer relevant whatsoever. Clearly, the user likely had nothing to do with the Silk Road, so calling this Bitcoin ‘tainted’ by the Silk Road is absurd.

A related and perhaps comical analogy can be said to apply to the cash in your wallet. The banknotes in your wallet almost certainly contain trace amounts of cocaine on them. Calling these banknotes ‘tainted’ for this reason is absurd for the same reason; such trace amounts of cocaine are zero evidence that you’ve actually used cocaine.

Can you Discover if you Have Tainted Bitcoin?

Since professional forensics tools are typically required to be able to discover what sources Bitcoin may be associated with, it’s not possible for an individual to conclusively determine if they have tainted Bitcoin. However, even if they did hypothetically have access to such tools, and even if they did know how to properly use them, the tool might not show any indication of illicit receiving exposure. Again, this is because different compliance tools have different sources of information, and if one tool is lacking information on a given address, that address is not going to be flagged.

If I Can’t be Certain Whether or Not I Have Tainted Bitcoin, is it Something I Need to be Concerned About?

The vast majority of people do not hold any tainted Bitcoin. Just as importantly, though, the vast majority of cryptocurrency users need not have any concern about whether or not they have tainted Bitcoin. This is because most users only buy from major exchanges and services. If you’re the type of person that only buys from these exchanges and major services, you have effectively zero risks you obtained any Bitcoin that was tainted. This isn’t limited to major exchanges like Coinbase and Kraken. It applies to the vast majority of smaller exchanges, and also exchanges that have a significantly higher amount of money laundering activity on them, such as Huobi and Kucoin. Even if you acquired funds from shadier exchanges, you needn’t be concerned about those funds being tainted since it clearly came from the exchange and not from the individual that deposited funds to the exchange.

If you’re in the minority that acquires from other sources, then the risk that you acquired some Bitcoin that was tainted is higher but still quite low. However, the point we’re trying to emphasize is that even if you acquired Bitcoin that was tainted, it doesn’t necessarily matter, and it’s typically not something you should be concerned about so long as you had nothing to do with the crime. And a blockchain forensics expert will be able to properly assess that.

Thoughts on Fungibility and Virgin Bitcoin

The concept of ‘virgin Bitcoin’ has arisen due to people’s misunderstanding about anonymity in Bitcoin, and how entities that control Bitcoin can be associated with one another, and common misconceptions about the tainting of Bitcoin. Put more simply, there are some people who are willing to pay above market value for freshly mined ‘virgin’ Bitcoin, which has no prior association with it. Our hope is that by shedding light on exactly how ‘tainting’ works, people will realize how ridiculous the concept of virgin Bitcoin is and why there’s absolutely no good reason why virgin Bitcoin should command a premium for the same reason that is doesn’t make any sense to pay a premium for banknotes that no one else has ever used before.

Moving on, let’s talk about instances where 1 BTC might be worth less than 1 BTC or rather the entities that might value 1 BTC and less than 1 BTC. We’ve never heard of a single instance where a non-fraudulent exchange has deemed that the value of 1 BTC is less than 1 BTC but more than zero. There are instances where the value of BTC, if an exchange were to deem it tainted or illicit, might assign a value of 0 to it, at least temporarily, until anti-money laundering checks have been done. That value would ultimately revert to 1 BTC eventually if the funds are not found to be proceeds of crime after an internal investigation.

This bears a similar resemblance to other financial assets are treated by most businesses, such as cash or money in a bank account; it’s worth its face value unless there’s an indication the funds are illegitimate or associated with crime, in which case, the business, whether it’s a forex broker or metals broker, for example, wouldn’t accept the funds at all.

There are some rare situations where an individual might value 1 BTC less than 1 BTC. For example, in an OTC transaction, it’s common for the party initiating or requesting the transaction to pay a small premium since they are the one that really wants the transaction to happen, not the party fulfilling the trade. This is normal and can be considered akin to a trading fee. However, if a shady OTC broker were to charge a 20% ‘convenience fee’ (instead of something far more reasonable like 2%), the broker is valuing the BTC at a discount likely to account for ‘risk.’ Individuals that knowingly engage in money laundering occasionally do value illicit assets at a discount. But that’s the case across pretty much all assets and asset classes, whether you’re referring to cash, dirty funds in a bank account, stolen diamonds, art, etcetera. In our opinion, this doesn’t necessarily mean Bitcoin lacks fungibility since the same principle could apply even to a privacy-oriented cryptocurrency like Monero. If someone wanted to ‘cash out’ a significant amount of BTC/XMR/any other asset without any trail, not provide any personal information, nor any information on the source of those funds, a (shady) counterparty may charge them a very hefty ‘fee’ to do so.

Ultimately, if purchasing from an exchange or service, tainting isn’t really applicable and not something to be concerned about. Bitcoin is or should always be treated at face value, with the only real exception being a very small portion of nefarious actors.

Role of KYT & Compliance Tools

Cryptocurrency businesses are required to have a compliance program. This shouldn’t be shocking news to most people. The usage of Know Your Transaction (KYT) tools usually (but not always) plays a valuable role in any compliance program, but KYT tools do have limitations. One thing that’s critically important to understand about them is that not all KYT tools are equal in usefulness or capability. Some are vastly superior to others, and many are effectively useless.

We’re aware of 50 or so KYT tools on the market. The vast majority, perhaps 80% of them, give or take, are so bad and/or poorly designed we’d consider them garbage; some of them undoubtedly end up doing more harm than good. Another ~15% of them are what we’d consider second-rate or third-rate tools; they have some major issues that need to be improved upon or have design deficiencies that aren’t minor. We only know of three KYT tools that we’d consider ‘good’ and optimal to be used as part of a compliance program.

If you happen to run a cryptocurrency business and are looking for an unbiased recommendation on which tools are best, feel free to reach out to us privately, and we’ll give you some insight (we don’t sell any software ourselves). But keep in mind that even the best KYT tool is just that, a tool, and it only forms part of an overall compliance program.

Summary

If you’ve read this article up until now, it’s probably because you’re concerned about holding or receiving tainted Bitcoin, or you’re at least curious about it. Our view is that for the vast majority of cryptocurrency users, concerns about having or obtaining tainted Bitcoin through no fault of their own are almost always without merit.