2015-07-25

Fighting Bitcoin theft - law enforcement block explorer

Recently I had a chat about what would be some good features for a block explorer to have. One thing I don't really see implemented too well is a tool for helping fight the theft of bitcoins. The idea isn't anything new really - I discussed something similar back in 2013 - a block explorer focused on tracking officially reported thefts of coins and providing a tools for exchanges to cross-reference their inputs with the database. Here is how it could work...

The stolen coin tracker


The tracker would essentially be a block explorer focused on tracking coin taint - nothing ground breaking there. However, if you pair that with allowing law enforcement from around the world submit exactly which coins they want tracked, it can become a quality tool for figuring out whether some coins are "tainted" or not.

However, the taint shouldn't be permanent. If the stolen coins are recovered, or they end up very diluted in a legitimate place of business, the outputs might need to be whitelisted as "clean" to stop the tracking. This way, the coins could go back into circulation without triggering any more flags in the future. This whitelisting process should also be carried out on request of the law enforcement.

The reason why we would focus on law enforcement is to limit the amount of false claims of thefts. If someone really lost their coins, rather than only claim to have lost them, they wouldn't mind filing a report and being liable in case they lied. Similarly, when tainted inputs are reported but they are deemed too diluted by whoever is responsible for the local AML enforcement, they would be the ones responsible for that decision.

Knowing which outputs to track, the rest is trivial - follow the coins each time they are spent, keep a track of how the taint might be diluted down the line and record everything for later reference.

Who is going to use this?


Any company that is required to follow AML regulations, like any Bitcoin exchange, would want to start using the service to make sure they are not liable down the line. The exchanges would either want to ask the tracker about every deposit they receive to check its taint, or if they are very privacy conscientious, they might just want to poll for any recent movements of tainted coins and do the cross-referencing themselves.

Any transaction that contains tainted coins could be reported to the authorities, or there could be a threshold of the minimal taint for reporting (say, above 10%). Depending on the regulations, the coins would either need to be frozen by the exchange, or if the taint is small, the authorities could whitelist the transaction on the tracker.

The implications


As with many things Bitcoin, the solution is not clearly good or bad. On the positives, this can discourage people from stealing bitcoins as they would have much harder time spending or converting them (who knew infinitely traceable currency can be so hard on criminals?). As for the negatives:

  • We would be dealing with many jurisdictions with different laws, making the blacklisting and whitelisting process complicated
  • This idea may lead to the Bitcoin redlists, where all coins would be considered tainted unless they were whitelisted - clearly not a desirable path for Bitcoin to be heading
  • The tracker would only be useful if a lot of international Bitcoin exchanges would choose to use it. Having a few big exchanges ignore it completely would just mean everyone with tainted coins would just visit them instead circumventing the tool
  • This tool would negatively impact Bitcoin fungibility, which makes the system less desirable overall
  • A lot of independent vendors and casual users accepting bitcoins wouldn't be able to effectively report all suspicious activities, possibly forcing them to switch over to using big payment processors instead, going against the Bitcoin idea of being one's own bank

Conclusions


All in all, do the benefits outweigh the drawbacks? Possibly. Then again, if someone that understands Bitcoin won't create a tool like this and run it responsibly, we might end up with someone from outside that doesn't know how the Bitcoin ecosystem work come in and force something worse upon us...

No comments:

Post a Comment