This week on Gadget Lab, WIRED senior cybersecurity writer and author of the book Tracers in the Dark digs into all the ways investigators, government agents, and hackers can track down online criminals by “following the money” exchanged in cryptocurrency transactions. Andy’s book is Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency. You can read two excerpts from the book on WIRED.com: the six-part AlphaBay saga and the feature about the takedown of a website for sharing child sex abuse materials. Andy recommends the deliberately frustrating game Getting Over It. Lauren recommends Andy’s WIRED story about the animal activists whose spy cams revealed the grim realities of pork slaughterhouses. Mike recommends the book Art Is Life by the art critic Jerry Saltz. Andy can be found on Twitter @a_greenberg. Lauren Goode is @LaurenGoode. Michael Calore is @snackfight. Bling the main hotline at @GadgetLab. The show is produced by Boone Ashworth (@booneashworth). Our theme music is by Solar Keys. You can always listen to this week’s podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here’s how: If you’re on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts, and search for Gadget Lab. If you use Android, you can find us in the Google Podcasts app just by tapping here. We’re on Spotify too. And in case you really need it, here’s the RSS feed. Michael Calore: Lauren. Lauren Goode: Mike. Michael Calore: Lauren, when you buy something using cryptocurrency, do you feel like you’re making that transaction anonymously? Michael Calore: Yes. Lauren Goode: No, I don’t do any of that, and I really haven’t thought too much about the anonymous prospects of this, although I know that’s a big part of cryptocurrency, right? Michael Calore: It is. The prevailing thought is that, if you use it, people wouldn’t really know what you’re buying or how much you spent or that you even participated in a transaction in the first place, but that is actually kind of a myth. Lauren Goode: Interesting. Michael Calore: Yes. Do you want to hear more about it? Lauren Goode: I definitely do. Michael Calore: Then let’s bring on our guest. [Gadget Lab intro theme music plays] Michael Calore: Hi, everyone, and welcome to Gadget Lab. I am Michael Calore. I’m a senior editor at WIRED. Lauren Goode: And I’m Lauren Goode. I’m a senior writer at WIRED. Michael Calore: We are joined this week once again by WIRED senior writer Andy Greenberg. Andy, welcome back to the show. Andy Greenberg: Thanks to you both for having me on again. Michael Calore: It’s great to have you back. We’re talking about cryptocurrency again on today’s show, but it’s not really in the way that you might expect. Andy, at the end of last year, you published a book. It’s called Tracers in the Dark. It’s filled with stories about investigators who have been able to track down criminals by studying their cryptocurrency transactions. These are people who operated on the dark web, places like Silk Road, AlphaBay, and Welcome to Video, a site where users shared child sex abuse videos. These criminal enterprises were funded and fueled by cryptocurrency, primarily bitcoin. Now, since bitcoin has existed, people have been using it to buy and sell all sorts of legal and illegal things online. They may not see that behavior as risky if they’re doing something illegal, because they’re operating under the assumption that bitcoin transactions are untraceable. Now, that’s never really been true, but that belief has persisted anyway. Andy, this myth of anonymity around cryptocurrency is a running theme in your book. How did this myth come to be? Andy Greenberg: Well, I have to admit that I am in some sense a part of it, Mike. I wrote the first print magazine piece about bitcoin in 2011—thankfully, in some sense, not for WIRED magazine. I worked at Forbes magazine at the time. I covered this world of anonymity and hackers and surveillance, and I came upon this new phenomenon. Bitcoin was described to me as a kind of untraceable, anonymous digital cash for the internet. I was talking with some of the first bitcoin developers, and even Satoshi Nakamoto, this mysterious creator of bitcoin, had written in this email to a cryptography mailing list that, among other things, participants can be anonymous in this new cryptocurrency world that he or she or whoever they are was describing. So I wrote this first piece in 2011, and I did describe in this Forbes piece how this seemed to be a kind of untraceable digital cash. You could put unmarked bills in a briefcase and send them across the internet to anybody without revealing your identity if you were careful, it seems. Of course, I immediately also was imagining, just being the kind of reporter I am, that this was going to unlock a whole world of money laundering and online drug deals and, I don’t know, terrorist financing. All of that, in some sense, did come to pass over the following years because it did seem … And it wasn’t just me. Even Satoshi Nakamoto believed that bitcoin and cryptocurrency more generally, as there became more flavors of cryptocurrency, had these anonymous properties. It was only, I would say, at least fast-forward a whole decade, around 2020, that I started to realize how completely wrong I was about this. How not just I was a little bit wrong, but actually 180 fully opposite of correct about this—that bitcoin is actually fully traceable. In fact, it is much easier to follow the money if you can crack and decipher the blockchain with cryptocurrency than even with traditional finance. It was actually when I started to see the Department of Justice credit this one company, Chainalysis, which is a cryptocurrency tracing firm, in one announcement after another, I started looking into this world of investigators who had figured this out much earlier than me. I saw that this small group of detectives had learned to trace cryptocurrency within law enforcements in many cases, and had used this to take down one massive cybercriminal operation after another over the last 10 years. That escalating spree of massive busts and takedowns is the story of this book, Tracers in the Dark. Andy Greenberg: Well, I think an even better way to start thinking about it is, how in the world, Andy, could you have been so stupid to ever think that bitcoin was untraceable? Because— Lauren Goode: This podcast is now an Andy Greenberg mea culpa. Andy Greenberg: Well, because the whole notion of bitcoin is that it is basically backed up and guaranteed by not a bank or a corporation or a government, but the blockchain, this list of every single transaction. So how in the world could you have ever thought that was private when, those transactions, the notion of the blockchain is that they’re copied out to thousands of computers around the world and can’t be changed or erased? But the blockchain only records transactions between bitcoin addresses. It doesn’t have any identifying information, it seemed to early cryptocurrency users and to me in 2011 or so. But then around 2013, this researcher, Sarah Meiklejohn, at the University of California San Diego, was the first to really look into whether this is true, that the blockchain does provide any privacy, or if there was some way to find patterns in this massive collection of data. She started quickly to find clever tricks to cluster bitcoin addresses and to show that sometimes dozens or hundreds or even millions, in some cases, of addresses could provably be shown to belong to a single person or service or sometimes a dark web drug market like Silk Road, which had come online by that point. Then sometimes you could follow the money from one of those clusters and see bitcoins move from one address to the next and, with other kind of tricks, figure out which path to take when there was a fork in the road until the money hits a cryptocurrency exchange. Cryptocurrency exchanges are legally required by US law anyway to have “know your customer” requirements, and they actually do have identifying information on their users. So when people cashed out their bitcoins, traded them for dollars, or vice versa, when they bought their bitcoins with traditional money, you could often get their identifying information with a subpoena with this kind of small collection of tricks. Also, another thing she would do is, she would interact undercover with people in the cryptocurrency world. In doing so, she would sometimes put money into the Silk Road drug market, for instance, and see which address she had interacted with and then know that that address was part of a bigger cluster, and so identify that whole cluster. With this whole bag of tricks that she created, it started to become clear that actually you could start to identify services on the blockchain and follow the money—and in some cases, see real crimes recorded in an indelible, unerasable, unchangeable way in this permanent record. It was only after Sarah Meiklejohn and her coauthors at UCSD published that paper that Chainalysis launched. This Danish tech entrepreneur named Michael Gronager created Chainalysis and automated those tricks and built them into this piece of software that was then made available to law enforcement agencies—who quickly, or not quickly, but bit by bit saw the power of this investigative technique that became a kind of secret super weapon, like a devining rod to track down dark-web criminals and all these people who thought that they were invisible when in fact they were anything but. Andy Greenberg: Well, actually, when I was writing for Forbes back in 2013, at this point I was kind of obsessed with the Silk Road drug market, and I did some test transactions. I can now legally say I bought some marijuana for Forbes on it. The sidebar of a story I was writing on the Silk Road, where I was interviewing the Dread Pirate Roberts, the administrator of that dark-web drug market, and I was foolish enough to send, in some cases, bitcoins directly from my Coinbase wallet to the Silk Road. But then in other cases, I think I did send it through intermediary addresses in an attempt to cover my tracks. When I showed all this to Sarah Meiklejohn, she very easily could trace all of my transactions. She had done undercover transactions with the Silk Road. She had identified that cluster, so she could easily see exactly which drug deals I had done. I think that this kind of captures the problem, which is that cryptocurrency users are not that dumb about this. We all thought back then that if you were just a little bit clever, of course, some mistakes would reveal your cryptocurrency transactions in the blockchain, but if you were really clever, if you just stayed a step ahead of the tracers, if you took some obfuscating steps, then you could actually still be more private with cryptocurrency than with traditional money on the internet. But I think Sarah Meiklejohn and then Chainalysis, which is now this $8.6 billion company that has hired every brilliant person they can think of to find these patterns in the blockchain, what they have shown is that it’s a better rule of thumb just to say it’s impossible. You will not be able to win this cat-and-mouse game, at least with bitcoin or cryptocurrencies that are like it. There are now cryptocurrencies that are designed to be far less traceable than bitcoin or ether or those kinds of well-known original cryptocurrencies. But the problem also with this cat-and-mouse game is that you can use state-of-the-art, cutting-edge obfuscation and anonymity techniques, but somebody years later can figure out a new trick to defeat those techniques. Because it’s all recorded in the blockchain forever, they can basically go back in time and excavate that evidence and use it against you, sometimes to prove that you committed a crime. So it’s like a cat-and-mouse game where the cats can travel back in time to solve the crimes, and the mice have to think years and years ahead into the future, which is basically impossible. So I think it’s almost better just to think of most cryptocurrencies as just completely transparent, which is truly the opposite of what they were promised to be in many cases. I think it’s also fair to describe it as having served as a kind of trap for people seeking financial privacy and lots of criminals who were seduced by this false idea and then found that law enforcement was able to just turn the lights on and carry out these huge busts where many hundreds of people were arrested. [Break] Michael Calore: The crypto market has been pretty wild lately. There’s all the recent drama with Sam Bankman-Fried and the collapse of the FTX Exchange. There’s the cratered market around NFTs, the rapid devaluation and erratic behavior of many of the currencies. Andy, have these recent instabilities in the cryptocurrency market at all slowed down the use of it on the dark web or in other illicit markets? Andy Greenberg: I don’t think that they have, for the most part. The one big crime that has kind of slowed down because of the fall in the value of cryptocurrency is scamming, because scammers depend on people believing that their cryptocurrency is going to keep going up in value. But on the dark web, cryptocurrency is really just a means of transaction, and it doesn’t really matter so much what it’s worth. In fact, the fact that bitcoin appreciated massively from the time when I was buying marijuana on the Silk Road in 2013 really now just means that I spent tens or hundreds of thousands of dollars worth of bitcoins on a few grams of pot, which is unfortunate when you think about it. But the dark web is not the only place where these crimes that are now traced by the tracers who are the central detectives in my book are taking place. There are also just straight-up thefts that are a huge part of the dark side of the crypto world. When FTX collapsed, in the midst of that collapse, which was like a traditional finance story in a way—an over-leveraged bank or something, or a Lehman Brothers or maybe like a Theranos story. But there’s also a straight-up crime story here, where about half a billion dollars of FTX’s funds were actually just stolen in the midst of its bankruptcy, and we don’t know by whom still. The bizarre thing about the blockchain is that all of these tracers can watch this theft happen in real time. We can see these hundreds of millions of dollars worth of cryptocurrency taken out of FTX and then moved around. They seem to be packaged to try to launder them. But because it’s all so transparent and traceable, it’s going to be very difficult for whoever took that money to cash it out or spend it or get away with this crime in a way where they won’t be identified. So we’ll probably soon know if the person who did that was some sort of inside embezzler or external hackers who were trying to take advantage of the chaos of FTX’s meltdown. Lauren Goode: Do you see a mainstream future for some of the more privacy-focused coins, like monero—am I saying that correctly, monero?—or will they be kept at arm’s length by legitimate financial institutions? Andy Greenberg: It’s really interesting to watch. I mean, monero is one that is being adopted. Monero, for the people who maybe haven’t heard of it, it’s not the most popular cryptocurrency by any means, but it is designed to be much less traceable than bitcoin and to tangle up its blockchain and obfuscate the amounts and make it hard to see who is sending money to whom. And monero is being adopted by dark web markets. One of the big stories in this book is the hunt for and the takedown of the kingpin of AlphaBay, which was this dark web market that became 10 times the size of the Silk Road. Now, years after AlphaBay was taken down, it actually reappeared in 2021, and now only accepts monero, which is a sign of the cat-and-mouse game, as Mike put it, that is occurring and the ways that people are starting to wise up to the traceability of bitcoin at least. But we see that cat-and-mouse game continuing because it does actually seem like sometimes monero, much to the surprise of all of these people using it, can sometimes be traced. monero people hate it when I point this out. In this big case that happened about a year ago where these two New Yorkers were arrested and accused of money laundering … You probably heard of this case because the woman in this couple had posted these terrible, super cringey rap videos on YouTube. $3.6 billion was seized from this couple, the biggest seizure of money of any kind in US criminal history. They had actually transferred some of that money into monero. Yet, you can see in court documents that the IRS criminal investigators, who were the central detectives in that case, continued to follow it and to identify them as the ones holding it. There’s actually even leaked Chainalysis documents that appeared on the dark web that show that Chainalysis says to its law enforcement customers that it can trace monero in the majority of cases. So even when people, even now, believe that they’re using a privacy coin, something that’s less traceable, they’re often still going to be surprised, I think, by how clever the tracers have become, how hard it is to use cryptocurrency anonymously. But I feel like I have to also mention that there is a newer cryptocurrency, zcash, that does seem to be truly untraceable, that uses these new, almost magical-seeming cryptography tricks called zero-knowledge proofs to basically fully encrypt its blockchain, so that there is no information for blockchain analysis or tracing of any kind. That may be finally the untraceable cryptocurrency that people believed bitcoin was. Yeah, as you say, Lauren, it’s going to be really interesting to see if zcash is more adopted, and if it is, if it becomes this popular tool for crime or what people once called crypto-anarchy, carving out a space where you can’t collect taxes, you can do any black market transaction you want, will that lead to some sort of regulatory backlash where regulators try to ban zcash or prevent exchanges from letting you buy and sell it? Andy Greenberg: In some ways, cryptocurrency is a little parable about how people think about committing crimes on the internet, or just their privacy, that we are all leaving this digital exhaust trail. In some cases, you can see these in the stories of the book as well. In one case, the administrator of AlphaBay was first identified because he leaked his email address in a welcome email to the AlphaBay user forums. Although he fixed that problem within days, years later, an anonymous tipster gave that email address to the DEA, and that’s how they first learned his name. They later proved his identity and dispelled any doubts and were able to charge him because they traced his cryptocurrency. Yeah, we leave these breadcrumbs behind that we’re not aware of. I just think that it turns out the cryptocurrency is maybe the most ironic, the clearest, craziest example of that, because people really thought that they were invisible. In fact, they were leaving totally clear, indelible trails that show every transaction that you make for all time. There are cases where, for instance, IRS criminal investigations identified the alleged creator of a bitcoin money laundering service called Bitcoin Fog by tracing his transactions before he even successfully launched the site, 10 years earlier. So it is just a true, as Edward Snowden would say, a permanent record that, for good or ill, can be used to solve crimes, but also to expose human behavior in a way that we’re really just not ready for. Michael Calore: Well, thanks Andy for coming on the show and talking about this. Let’s take a break, and when we come back we’ll do our recommendations. [Break] Michael Calore: This is the last segment of our show where each of us recommends something our listeners might like. Andy, you get to go first. Andy Greenberg: Oh, wow. Well, I have to say I was going to recommend a book called You Are Not Expected to Understand This, which is a collection of essays about lines of code that my WIRED colleague, Lily Hay Newman, contributed to. But Lily, it turns out, already recommended this book on the show, she tells me, a couple weeks ago. So I have to come up with another one. Although, I have to say, that as a really delightful collection of little parables about the history of computing. I guess instead I will recommend this game that I have been obsessed with for years now called Getting Over It. It seems completely ridiculous, but I found it to be kind of profound. You basically are this naked man in a pot with a hammer, and you have to use this hammer to climb a mountain of junk, basically. It’s very hard. You constantly can fall and basically lose all the progress that you have made. You can’t die in any way. There’s no lives. You just sometimes fall and lose the weeks and weeks of climbing that you have put into the game. It’s like this little experiment in extreme frustration. The creator of the game, Bennett Foddy, talks to you actually throughout the game, telling you his theories about the nature of failure and frustration and playing bits of songs and poetry that are all around the theme of just the difficulties of life. I find it almost inspiring in a way. I have actually now played through it hundreds of times. I think I’m in the top 5 percent of players in terms of how many times I’ve played through it, worldwide. Now my 6-year-old son has gotten curious about it, and I just sit and watch him play it. I find that, for a 6-year-old, it’s an interesting practice and how frustrated can he become and can he tolerate, which is an important thing for a kid to figure out. Yeah, Getting Over It, I recommended it to everyone. Lauren Goode: My recommendation is another work of Andy’s actually. We’re just recommending each other’s work on this podcast. We really do like each other this much here at WIRED. Andy Greenberg: It’s so incestuous, but I appreciate it. Thank you. Lauren Goode: I know I sometimes make fun of Mike for talking about being vegan, not being vegan itself, just that you talk about it. But Andy’s latest story is going to make you want to avoid eating American-raised pork, because it has made me vow not to eat anymore pork. It’s a story about how an animal rights activist group, which Andy has written about before, and WIRED revealed using spy cameras what really happens inside of carbon-dioxide stunning chambers, which are used to slaughter pigs. It’s pretty horrific. Food companies have claimed that these CO2 chambers lead to what they would say is painless loss of consciousness and death for the animals. But these videos and Andy’s story reveal that, for these pigs, the deaths are anything but painless. It’s a pretty hard read, and the videos are even harder to watch. But if you can stomach it, I recommend reading that story. Mike, what’s your recommendation? Michael Calore: My recomm— Lauren Goode: Perhaps recommend some vegan food for us. Michael Calore: My recommendation is stop eating bacon. Lauren Goode: There you go. You said it so much more simply than I did. Michael Calore: I’m going to recommend a book. It’s called Art Is Life. It’s by Jerry Saltz, the Pulitzer Prize-winning art critic of New York Magazine and just all around fantastic writer. It is a collection of the last 25 years or so of his essays and criticism and profiles and writing about the art world, particularly artists who are challenging some long-held beliefs in the art world, and artists who are trying new things and stretching the boundaries, and artists who he feels are overrated or overexposed and his thoughts about them. If you have any interest in contemporary art, then you know Jerry Saltz, and you know that you should read this book, so I’m just giving you a nudge. You should definitely check it out. It’s brand-new. I’m consuming the audio book, so it is kind of fun to hear his voice read back to me the words that I’ve read before, not knowing what his voice sounds like. Also, I own the book in physical form, and it’s just as enjoyable in either medium. So that’s my recommendation, Art Is Life, by Jerry Saltz. Lauren Goode: The other day, you and I were having a Slack conversation about something completely unrelated. I was like, “Oh, something, something,” about the BART from Berkeley, and you just replied with a photo of Jerry Saltz, and you wrote, “Jerry Saltz, exclamation point. I’m currently reading/listening to his book.” Michael Calore: Well, because he was on Kara’s podcast. Lauren Goode: Yeah, that’s great. Michael Calore: He was on Kara Swisher’s podcast. Lauren Goode: Yeah, but you heard about Jerry Saltz here first. Michael Calore: Yes, yes, indeed. Well, that is our show. Andy, thanks again for joining us. Andy Greenberg: Thanks to you both. It’s always fun. Lauren Goode: Always fun having you on, Andy. Michael Calore: Once again, the book is called Tracers in the Dark. It’s out now. You can buy it anywhere, and you could read some long excerpts of the book on WIRED.com, including the stories about the operations to take down AlphaBay and Welcome to Video. Just check the show notes. We’ll link to those there. Thank you all for listening. If you have feedback, you can find all of us on Twitter and Mastodon. Again, just check the show notes. Our producer is Boone Ashworth. We will be back next week, provided all these new chatbot search engines don’t take our jobs. Goodbye. [Gadget Lab outro theme music plays]