18 minute read

Welcome to the fourteenth issue of ‘This Month in Bitcoin Privacy’ newsletter. Enjoy!

Owl moth (Automeris belti belti)

Owl moth (Automeris belti belti) by Charles J. Sharp, CC BY-SA 4.0, via Wikimedia Commons

Table of Contents

  1. Samourai Wallet and Atomic Swaps
  2. The Freedom of Bitcoin
  3. Bisq Patches Privacy Vulnerability
  4. Wasabi Wallet 2.0 Update, Continued
  5. Taproot Adoption
  6. FATF Report and EU AML Proposals
  7. A Survey on Mixing Techniques
  8. Pegasus Spyware and Mobile Wallets

July 1st - SAMOURAI WALLET AND ATOMIC SWAPS

In TMIBP03, TMIBP05, TMIBP07, TMIBP11, and TMIBP12, I have followed development of BTC-XMR atomic swap protocols, namely Farcaster and the similar Hoenisch / del Pino implementation, which is currently stalled on uni-directional BTC-to-XMR swaps. In April, the Samourai Wallet backend was used in experimental swaps between a Bitcoin testnet and Monero stagenet. They published a blog post regarding the nature of the planned integration, in response to criticism.

In April 2021 we announced at the Bear Arms & Bitcoin conference in Austin, TX that we intended to launch a feature within Samourai Wallet that would allow users to swap their unmixed “toxic change” from Whirlpool CoinJoin transactions into the Monero blockchain and back to Bitcoin all in a non custodial way.

We clearly emphasized that Samourai Wallet would continue to only support BTC and the user would not be able to interact with XMR within Samourai Wallet. The XMR side of the swap will still need to be handled by wallet developers within the Monero ecosystem.

… We strongly believe that providing the ability to hop back and forth between the Bitcoin blockchain and the Monero blockchain without counter party risk, without KYC, without a middleman, without permission is simply adding valuable tools to our users tool-belt. And in this asymmetric fight where the individual is the smallest minority, every tool matters.

July 4th - THE FREEDOM OF BITCOIN

The price of freedom is eternal vigilance.” On the day that Americans are celebrating national independence, “Join the Wasabikas” podcast host Max Hillebrand released episode #21 with Human Rights Foundation (HRF) director Alex Gladstein on the topic of financial independence and privacy with Bitcoin. The foundation has been supplying grants to individuals and projects “making the Bitcoin network more private, decentralized, and resilient” (see TMIBP01, TMIBP03, and TMIBP10).

Well, guess what? Who are the two biggest contenders for the heir to the social functions of cash, which are small payments, private payments, and savings? It’s CBDCs and bitcoin. I know which one I’m going to go with.

In TMIBP12, I featured Gladstein’s essay on “Financial Freedom and Privacy in the Post-Cash World,” which included thoughts on the advent of central bank digital currencies (CBDCs). In TMIBP05 and TMIBP08, I had previously covered talk from the European Central Bank (ECB) and Bank of International Settlements (BIS) in the area of CBDCs. On July 14th, the ECB issued a press release that they had “decided today to launch the investigation phase of a digital euro project,” lasting two years.

Finally, the investigation phase will assess the possible impact of a digital euro on the market, identifying the design options to ensure privacy and avoid risks for euro area citizens, intermediaries and the overall economy.

Linked within the press release is a “Digital euro experimentation scope and key learnings” document, which contains an interesting section on their ideas regarding privacy features, such as using “one-time pseudonyms” for “each transaction that users participate in, making it difficult for the receivers to link the numerous pseudonyms to the identity of the sender,” as well as “transaction mixing” and a bilateral “payment channel network.” Hmm, sounds familiar! :wink: However, of course, they “would require further analysis to verify that the high level of privacy did not violate AML/CFT regulatory requirements.”

Meanwhile, on July 15th, the U.S. State Department’s Rewards for Justice (RFJ) program announced that they would be “offering a reward of up to $10 million for information” on “malicious cyber activities against U.S. critical infrastructure.” They note that to “protect the safety and security of potentially sources,” tips could be reported via a Tor-based portal and – for the first time – rewarded in cryptocurrency. Pray tell, what madness drove them in there? :hushed:

Commensurate with the seriousness with which we view these cyber threats, the Rewards for Justice program has set up a Dark Web (Tor-based) tips-reporting channel to protect the safety and security of potential sources. The RFJ program also is working with interagency partners to enable the rapid processing of information as well as the possible relocation of and payment of rewards to sources. Reward payments may include payments in cryptocurrency.

In TMIBP05, TMIBP08, TMIBP12, and TMIBP13, I have included topics and events affecting the future of fiat cash. On July 22nd, Cornell University professor Eswar Prasad published an opinion piece through the New York Times, asking “When was the last time you made a payment with dollar bills?” (My answer: Today. Every day. All the time.) He outlines why CBDCs are preferable to “the hassles of handling cash,” such as in the area of “security” where cash is “vulnerable to loss and theft.” National economic policies practically indistinguishable from theft, however…

If cash were replaced with a digital dollar, however, the Fed could impose a negative interest rate by gradually shrinking the electronic balances in everyone’s digital currency accounts, creating an incentive for consumers to spend and for companies to invest.

Of course, “no central bank would forgo the ability to audit and trace transactions… a reminder that adopting a digital dollar is not just an economic but also a social decision.” Exactly! As Eric Hughes wrote in 1993, “Privacy is necessary for an open society in the electronic age,” and “we must defend our own privacy if we expect to have any.” To advocate for the “embrace” of “the advent of a digital dollar” (or rather just a more centrally administered digital dollar) is to support a less open society.

July 6th - BISQ PATCHES PRIVACY VULNERABILITY

In TMIBP13, I included that Bisq set the v1.7.0 hardfork release as the “required minimum version for trading” and fixed “a privacy issue.” On July 6th, they disclosed the details:

Exchanging peers’ payment account data is required for certain verifications and (of course) for peers to actually carry out payment. Before 1.7.0, this data had been exchanged earlier in the trade process so that verifications could be done earlier, and so the trade process could fail earlier (in case a peer provided invalid account data). This approach made it possible for malicious peers to see the account data of a peer without engaging in an actual trade… with manipulated Bisq software, it was (theoretically) possible to do this without incurring costs (fees, locked in BTC, etc).

To mitigate this vulnerability, exchanging account data now occurs later, only after both traders have committed to the deposit tx. This creates a financial burden for a malicious peer trying to harvest trading peers’ account data.

We are not aware of any instances in which this vulnerability was abused. Such abuse would have led to failed trades, and at scale, Bisq support would have noticed trends in users reporting such a problem. We’ve asked the folks who tipped us off about this for permission to give them credit, but have not received a response yet. Will add credit here if/when we get the appropriate guidance.

Also in 1.7.0 was another protocol update: the hash of the trade contract is no longer an OP_RETURN output of the deposit tx. This was initially introduced to have cryptographic commitment of both traders in the contract, since signing deposit tx signified signing the contract. This output resulted in larger transactions (more mining fees), polluting the Bitcoin blockchain with data, and making Bisq transactions more distinctive and easier to spot on the blockchain. So it’s now gone.

A core developer of Haveno, a Monero-focused decentralised exchange that launched in May, claimed credit for discovering the problem “while working on Haveno’s protocol (part of which we inherit from Bisq). We immediately contacted Bisq and gave them all the info and support to fix the vulnerability.” They were also not aware of any attempts to exploit it.

July 7th - WASABI WALLET 2.0 UPDATE, CONTINUED

In TMIBP06 and TMIBP07, I included progress updates regarding Wasabi Wallet 2.0, with a “completely replaced” user interface and the new variable-amount CoinJoin protocol WabiSabi (see TMIBP01, TMIBP03, and TMIBP09). CTO David Molnar has published another report, including a demo of the new interface and estimating that a full preview will most likely be available in ten weeks or so.

Wasabi Wallet 1.0 will keep working during the 2.0 final release series. Both services will run in parallel. It will be turned off after most of the users have upgraded to 2.0. Don’t worry, you will have time to play with 2.0 before you actually start using it.

July 10th - TAPROOT ADOPTION

In last month’s TMIBP13, we saw the Taproot / Schnorr soft fork lock in for scheduled activation this November. Chaincode Labs research engineer Mark ‘Murch’ Erhardt updated the Bitcoin Wiki’s ‘Bech32 Adoption’ page to include columns concerning the status of sending and receiving compatibility for Taproot’s Bech32m address format in various wallets. As of this writing, Sparrow Wallet v1.4.3 is the only one besides Bitcoin Core to already have both. Lead developer Craig Raw spoke about its feature progress, and privacy best practices, with Citadel Dispatch host Matt Odell on July 6th. Help turn that chart green and blue by asking your wallet’s developers and providers whether they plan to support Taproot!

On July 2nd, developer and Paralelná Polis member Martin Habovštiak opened a repository for the experimental Rust-based “Lightning Optimizing Opening Server,” which will allow you to open Lightning Network channels using a BIP-78 PayJoin compliant wallet (see TMIBP03, TMIBP05, TMIBP06, TMIBP08, and TMIBP13). Using this tool would make it unclear whether the transaction’s change belongs to the funder or not.

Post-Taproot-LN it will be impossible to distinguish CoinJoin from batch open of several same-sized private channels. Actually, CoinJoin and batch opening of several same-sized private channels could be one transaction. Good luck analyzing that!

On July 22nd, following up on his ongoing BIP draft, Belcher suggested that wallet developers already start to include it as they work on implementing Taproot support, “so that their user’s spends will improve the privacy and fungibility of off-chain protocols.”

:information_source: Check out Matt Corallo and Wirdum’s recent talk “How To Activate Taproot And Future Soft Forks,” Bitcoin Optech Newsletter #155, #156, #157, #158, and #159 for a new “weekly series about how developers and service providers can prepare for the upcoming activation of taproot,” and other recent technical developments beyond Bitcoin privacy.

July 20th - FATF REPORT AND EU AML PROPOSALS

The European Commission announced a package of new legislative proposals that will, according to them, “strengthen the EU’s anti-money laundering and countering the financing of terrorism (AML/CFT) rules.” They note that it “will be discussed by the European Parliament and Council,” with the aim to become “operational in 2024.”

The package also includes a proposal for the creation of a new EU authority to fight money laundering. It is part of the Commission’s commitment to protect EU citizens and the EU’s financial system from money laundering and terrorist financing. The aim is to improve the detection of suspicious transactions and activities, and close loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.

Due to the absence of clear definitions for ‘crypto-asset wallets’ and ‘crypto-asset service providers’ internally, as well as commissioner Mairead McGuinnessdeclaration, many were given the impression that this legislation will try to ban private wallets in general:

The anonymity of crypto-assets exposes them to risks of misuse for criminal purposes. Anonymous crypto-asset wallets do not allow the traceability of crypto-asset transfers, whilst also making it difficult to identify linked transactions that may raise suspicion or to apply to adequate level of customer due diligence. In order to ensure effective application of AML/CFT requirements to crypto-assets, it is necessary to prohibit the provision and the custody of anonymous crypto-asset wallets by crypto-asset service providers.

However, further reading shows that their focus seems limited to custodial wallets and accounts. In Chapter VII, they set a prohibition “[dis]allowing for the anonymisation of the customer account holder” by financial institutions, as well as a Union-wide ceiling for cash payments “only up to an amount of EUR 10000 or equivalent amount in national or foreign currency,” though this will not apply to “private operations between individuals” / “payments between natural persons who are not acting in a professional function” (italics added). Regarding ‘crypto-asset service provider,’ the term was previously defined by “Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on Markets in Crypto-assets, and amending Directive (EU) 2019/1937,” in Article 3: “any person whose occupation or business is the provision of one or more crypto-asset services to third parties on a professional basis.”

(9) ‘crypto-asset service’ means any of the services and activities listed below relating to any crypto-asset:

(a) the custody and administration of crypto-assets on behalf of third parties; (b) the operation of a trading platform for crypto-assets; (c) the exchange of crypto-assets for fiat currency that is legal tender; (d) the exchange of crypto-assets for other crypto-assets; (e) the execution of orders for crypto-assets on behalf of third parties; (f) placing of crypto-assets; (g) the reception and transmission of orders for crypto-assets on behalf of third parties; (h) providing advice on crypto-assets;

While ‘providing advice’ seems rather broad, they narrow it down to broker-like activities:

offering, giving or agreeing to give personalised or specific recommendations to a third party, either at the third party’s request or on the initiative of the crypto-asset service provider providing the advice, concerning the acquisition or the sale of one or more crypto-assets, or the use of crypto-asset services

A spokesperson for the Commission indeed later clarified that non-custodial wallets are not included in these categories, aligning with a previously reported opinion from Europol regarding whether Wasabi Wallet fell under the AMLD5 regulations (TMIBP01). They also implied that ‘crypto-asset service provider’ was functionally equivalent to the Financial Action Task Force (FATF)’s ‘virtual asset service provider’ (VASP); the proposal mentions the FATF frequently, even claiming to be “in line with” and “going beyond FATF standards.”

Last month, European Data Protection Board (EDPB) chair Andrea Jelinek wrote a letter to commissioners McGuinness and Didier Reynders about “the data protection implications of AML laws,” particuarly given McGuinness’ statement that this new authority (AMLA) will pursue “setting up a system to connect national registers for bank accounts” to “provide faster access for Financial Intelligence Units and other authorities to get access to key information.” Jelinek wrote that the common ‘risk-based approach’ standard “is not clearly enough quantified or defined in legislation or through guidance from regulatory bodies,” leading to “a large quantity of false positive alarms,” “unnecessary and disproportionate processing” by obliged entites. Therefore, the EDPB recommended including “specific provisions in the upcoming legislative proposals in order to specify the application of the GDPR [General Data Protection Regulation] in the context of the AML-CFT legal framework, pursuant to Article 6 (3) of the GDPR.”

Indeed, a fair balance has to be struck between the interest to prevent money laundering and terrorist financing, on the one hand, and the interests underlying the fundamental rights to data protection and privacy, on the other… enshrined in Articles 7 and 8 of the Charter of Fundamental Rights of the European Union.

If the AML-CFT legislation is not designed in a balanced and proportionate manner, that respects every individuals’ fundamental rights to data protection, legal uncertainties for obliged entities will continue to exist and the AML-CFT framework would be vulnerable. Data Protection Authorities will be forced to use their powers in order to bring the activities of the obliged entities in accordance with the GDPR through corrective measures. European citizens will also likely exercise their right to an effective remedy before a tribunal, enshrined in the Article 47 of the Charter of Fundamental Rights of the European Union.

According to Dutch engineer and financial history consultant Simon Lelieveldt, the ambiguity of the language is still concerning. While they may not explicitly ban the use of non-custodial wallets, “the FATF is pushing countries to not license/register companies if they allow communications with unhosted/anonymous wallets.” As I highlighted in March, this isolation / exclusion strategy was already in their new draft.

In TMIBP10, TMIBP11, and TMIBP12, I covered the FATF’s public consultation regarding their guidance on “the risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs).” In their second 12-month review published early this month, they report that some VASPs were using jurisdictional arbitrage to continue operating with “extremely weak or non-existent AML/CFT controls,” and that “the last year has seen significant increase in the use of privacy wallet transfers where multiple people’s transactions are combined into a single transfer, such as CoinJoin.” Overall, though, they acknowledge that “the value of virtual assets involved in most ML/TF cases detected to date remains relatively small compared to cases using more traditional financial services and products,” and that restrictions inspired by their guidance negatively impact privacy and financial inclusion:

In implementing AML/CFT regimes for VASPs, the FATF and jurisdictions should be aware of the intersection and potential impact AML/CFT requirements have on other regulatory requirements and policy areas, such as data protection and privacy, financial inclusion, derisking, consumer and investor protection and financial innovation. The FATF is committed to financial inclusion and is aware that applying an overly rigid, rules-based approach to AML/CFT safeguards when providing financial services can have the unintended consequence of excluding legitimate consumers and businesses from the regulated financial system.

On July 16th, General Bytes CTO and product manager Karel Kyovsky wrote to the mailing list to “propose a standardization of the bitcoin URI parameter name that could be optionally used to contain the unique id of VASP (Virtual asset service provider as defined by FATF),” because they will be “working on travel rule integration for our Bitcoin ATM product.” Harding replied to suggest that he draft a new BIP rather than trying to modify BIP-21, but would not comment on “your compliance situation,” and other responses were mostly negative. (If you’d like an alternative, “Join the Wasabikas” podcast host Max Hillebrand recently interviewed ‘Chill’ for episode #23 about the Bleskomat, “the world’s first Lightning-only ATM” – previously mentioned in TMIBP05.)

July 26th - A SURVEY ON MIXING TECHNIQUES

Vienna-based researchers Simin Ghesmati, Walid Fdhila, and Edgar Weippl have shared a revised preprint of their new paper, “Bitcoin Privacy - A Survey on Mixing Techniques.” Covering centralized mixers, CoinJoin based mixing, atomic swaps, and threshold signatures, their aim is to compare and evaluate “mixing techniques in the Bitcoin blockchain, present their limitations, and highlight the new challenges.”

On July 26th, co-author Ghesmati joined episode #26 of Wasabi Research Club to discuss the paper with Ficsór, Kogman, and others. She became interested in the topic after doing a project on the anonymisation of Bitcoin during a course on data science with cryptocurrencies at Technische Universität Wien (TUW).

July 30th - PEGASUS SPYWARE AND MOBILE WALLETS

In the eighth episode of Ledger’s “On The Ledger” podcast, CTO Charles Guillemet and head of security research Jean-Baptiste Bédrune discussed the Pegasus spyware scandal, following forensic and collaborative investigations by Forbidden Stories, Amnesty International, Citzen Lab, and others into Israeli surveillance technology company NSO Group’s tools and customers. If you are unfamiliar with the story, see researcher John Scott-Railton’s thread, and this joint open letter by numerous civil society organisations and experts.

Regarding the impact on Bitcoin and other cryptocurrencies, they explained why storing your keys on a smartphone or laptop could make them vulnerable to these types of attacks, and how hardware wallets are designed to protect against them:

Whenever you are root on the device, you can do whatever you like. The vulnerabilities are quite generic, basically what we call zero-click vulnerability. The attacker sends you a packet message to infect your mobile phone device. It’s often through a messaging application like WhatsApp or iMessage. Zero-click means that you’re not even notified, and the attacker has full access to your device. That means he can do anything you can, and even more. There are plenty of things that you cannot do on your smartphone, but when you have privileged access, you can do anything. The attacker can extract all your data from your mobile, get all your credentials.

For instance, if you use your mobile device to connect to your favorite crypto exchange, the attacker can do the same. Worse, if you use a mobile software wallet, the attacker can extract your secrets and steal your cryptocurrency instantly.

Today, we see state actors deploying their software exploits to spy on people, but I predict that tomorrow, I will see criminal actors using these software vulnerabilities to steal cryptocurrencies at scale. This is the big difference because the stakes will be very high, in a short period of time, in the near future.

In TMIBP01, TMIBP03, and TMIBP06, I covered the intrusion of another former offensive surveillance technology company, Hacking Team, into this industry. In TMIBP02, TMIBP05, TMIBP07, TMIBP08, and TMIBP13, I have been covering a data breach of customer information from their e-commerce and marketing database(s), which resulted in an ongoing phishing campaign of their customers.

:warning: If you were impacted by this breach, I recommend Kraken’s “Security Advisory: Mobile Phones,” Jameson Lopp’s “A Home Defense Primer,” “A Modest Privacy Protection Proposal,” and Michael Bazzell’s “Privacy, Security, & OSINT Show.”

Thanks for reading! Feel free to :bookmark: bookmark or subscribe to catch the next edition of ‘This Month in Bitcoin Privacy.’