Cryptocurrency KYSF: Know Your Source of Funds

Last week a reporter from CoinDesk asked me a few questions related to the chart (below) discussed in the flow of funds on the Bitcoin network in 2015.

bitcoinland april 2015Below are my answers, a few of which may be of particular interest in light of the FinCEN enforcement action related to Ripple.  For instance, are cryptocurrency payment processors — which typically claim exemption from money service business (MSB) requirements — required to comply with KYC (know your customer) and also submit SARs?  Will VC funded cryptocurrency mining pools and farms be required to do KYM (know your miner) and AML to establish source of funds?  See also: Lowell Ness’s discussion (video) at 20Mission last summer covering MSB/MTL and altcoins.


Q: Are the size of the circles you’ve used in the diagram proportional or arbitrary?

Mostly arbitrary.  They needed to be big enough to where you can see the words, but there is some proportional aspect too.  For instance, in terms of on-chain transactions we know gambling transactions as a whole are likely the largest component of transaction volume.  And based on clusters identified by companies such as Coinalytics, darknet markets as an aggregate likely do more transactions than payment processors do.  While exchanges as a whole also process large amounts of transactions, because it occurs off-chain it is unclear what their real volume is.

Q: Are non-KYC exchanges simply matching darknet sellers (and ‘tainted coins’) with buyers, or are they buying btc from the dark markets themselves?

Mostly the former rather than the latter.  Until we find out more information about who operates the non-KYC exchanges, it is not fully clear what the motives would be for buying BTC from darknet markets.  For instance, there was an “old” joke: the reason BTC-e never gets hacked is that hackers would no longer have a place to launder funds through.  Yet several weeks ago BTC-e allegedly prevented funds from the Evolution hack to be withdrawn from BTC-e for a short period of time before re-enabling withdrawals.  The details of how this was resolved are still unclear.  Similarly, in practice “virgin” coins (newly mined coins) can be sold at a premium on sites like as they lack any history of illicit activity.  Incidentally, according to an ongoing lawsuit from Syscoin, Localbitcoins is allegedly where Alex Green/Ryan Kennedy was selling bitcoins he purportedly stole from the MintPal theft (using the name “LemonadeDev”).

Q: Are ransomware victims only buying btc from non-KYC exchanges?

It may have been a little unclear from the chart but ransomware victims also purchase coins from KYC exchanges too.  Which bucket has more volume is unknown at this time.  Incidentally, according to a recent interview with the BBC, a security expert at IBM thinks that the criminals behind ransomware products like Cryptolocker sell their bitcoins quickly in order to reduce their exposure to price volatility.  To do so, to move into and out of fiat they will use “mules,” individuals that clean the cash and charge a fee of around 20%.  This ties in to your previous question about tainted coins and non-KYC exchanges.

Q: Were there any surprises for you here when compiling the diagram, or did it confirm what you had already found through previous posts?

There weren’t any real big surprises, but what probably stood out most is where the “fiat leakage” occurs — where people take bitcoins out of circulation and purchase them with dollars or euros.  The fact that this is still occurring ties back into the question that Rick Falkvinge raised 18 months ago: since we know that above-board trade is relatively subdued compared with illicit trade — if the non-KYC on and off ramps were shut down, what impact would that have on the overall Bitcoin economy?

Q: You mention the non-KYC and KYC worlds, how separate are the two now? Will they drift further as we see more regulation in the sector?

I think they are both intertwined and perhaps symbiotic for at least three reasons: 1) due to how KYM (know your miner) is not 100% mandatory globally, non-KYC’ed entities create continuous non-negligible demand for a product. 2) The prevalence of “temporary” wallets.  I labeled them “burner” wallets on the chart but in many cases if a user has limited operational security (e.g., does not use Tor and a VPN) therefore they do not have much added privacy and are thus not actually “burner” but rather “temporary.”  Either way, the flow through these wallets, such as (whose users are not KYC’ed) back into the KYC economy create demand for above-board services.  The third area are non-KYC’ed bitcoins that go to merchants who unknowingly act like “mules,” sometimes exchanging above-board products for bitcoins that had previously circulated through illicit markets.  Last December Carl Mullan published a paper that describes several of the methods this is done (see p. 32).

Whether or not this bifurcation will continue is an open question.  One theory articulated by Jon Matonis and others is that continual adoption and implementation of KYC/AML policies by startups will create “white listed” coins and “black listed” coins and that “black listed” coins will trade at a premium over “white listed” coins.  To understand why this might occur, you have to consider the universal principle of nemo dat quod non habet (one cannot give what they do not have).  Several attorneys, including George Fogg, have indicated that bitcoins are treated as general intangibles under the Uniform Commercial Code.  If bitcoins are general intangibles, not currency (legal tender), negotiable instruments, or security entitlements, they it is not at all clear that bitcoins would have an exemption from nemo dat quod non habet.   In other words, bitcoins would transfer subject to, rather than free and clear of, associated claims and security interests and, as a result, would not be fungible (capable of mutual substitution).  Whether or not that means certain bitcoins will be treated like a hot potato is also an open question.  However, if all on-ramp and off-ramps for all services become KYC/AML compliant, we may be able to answer the question raised by Rick Falkvinge above as to how much of the economy is driven by illicit trade.

Q: With regards to you using word ‘scam’, do you expect a backlash?

Not really.  I don’t think scammers deserve a free pass and I don’t think I am the only one describing their aggregate impact.  On any given week, both Bitcoin media outlets and mainstream news organizations cover this type of activity, there is even a subreddit, sorryforyourloss, that sometimes covers it.  In addition, searching the word “scam” in the CoinDesk search bar found 176 results.  In January you guys reported on academic research that found at least 42 scams involving bitcoin and a number of your reporters have likewise covered the demise of Moolah, Neo & Bee and most recently PayCoin.

Q: How much of the data was available to you publicly?

The blockchain data resides on thousands of nodes.  The labels of clusters started with WalletExplorer (which is public) but the graphs and further analysis comes through Coinalytics which has its own proprietary methods.  There are a few other companies that are also involved in this space including Chainalysis, who also begins by using the public blockchain. publishes two charts on its “My Wallet” activity which give some indication of how much activity is occurring by their users.  As far as fiat leakage, mining and activity on exchanges, a lot of this comes from social media, chat groups and anecdotes from reliable sources.

Leave a Reply

Your email address will not be published. Required fields are marked *