107 comments

[ 3.5 ms ] story [ 181 ms ] thread
shooting ourselves in the foot with cryptocurrencies might not be worth the environmental impact it undeniably causes.

if you want to gamble, go to Las Vegas!

This environmental impact of crypto is like a virus that spreads and spreads. A meme if you will.

The industrial revolution was also bad for the environment. And it's the single most important reason why we are arguing across countries now in home using cheap devices made in China.

So, just drop the environmental impact. Geez, makes me want to buy BitCoin just to spite you.

"Other things have caused pollution, therefore you can't criticise my thing"

We are in a world where excessive use of fossil energy is a massive problem.

At such a time, bringing a new financial instrument into the world that uses more power than mid-sized countries is irresponsible if not downright malicious.

Sorry if that annoys you.

Increasing the energy usage of our species is not "irresponsible" or "malicious". Every technological improvement increases the energy usage of our species. I think that is the point they are making, that it is wrong to say that using energy is strictly a bad thing.

If you want to decrease fossil fuel consumption then you should be crusading for worldwide carbon taxes, not bans on new technologies.

> Increasing the energy usage of our species is not "irresponsible" or "malicious".

Right now, yes it is. we do not have unlimited clean energy.

> Every technological improvement increases the energy usage of our species.

This is a huge assertion.

> If you want to decrease fossil fuel consumption then you should be crusading for worldwide carbon taxes, not bans on new technologies.

Great, and in the mean time, until we get there, spinning up a new financial instrument that uses more power than the Netherlands is massively irresponsible if not outright malicious.

So, what amount of consumption for new technologies is justified then? Where is the point where a new technology becomes irresponsible?
Where is exactly is the line? I don't know and I'm not convinced that that's an interesting question. I'd say that it's significantly below bringing entire new country's worth of energy consumption online for a financial scheme.

Your argument is effectively that we can never call anything an irresponsible use of energy. With the background of global climate change, I very much disagree.

I'm not saying we can never call anything an irresponsible use of energy.

What I am saying is that we can't by default call all new technologies an irresponsible use of energy either.

The fact that it uses energy is not justification alone that it is bad. We use energy to achieve utility for our species. The only way we could stop all our energy consumption would be to cease to exist.

So, why is Bitcoin an irresponsible use and other technologies are a responsible use? THAT is the interesting question. Volume alone can't be enough to justify it because many important technologies use way more energy than Bitcoin at only 0.6% of global use.

So it must come down to an opinion that cryptocurrencies aren't useful: that is the real disagreement here. It isn't about energy usage, but usefulness (per unit of energy usage), which is a highly subjective judgement. That is what I am trying to point out.

> The only way we could stop all our energy consumption would be to cease to exist.

Who's talking about stopping all energy consumption?

> So, why is Bitcoin an irresponsible use and other technologies are a responsible use?

New financial instrument brought online during a climate crisis uses more power than most countries == irresponsible/malicious.

There, made that simple for you.

If you want to argue your opinion that such a thing is worthwhile given the background, that's a pretty steep hill to climb.

That doesn't explain the rationale why such a thing in particular would be irresponsible and not other technologies.
Who says other things are all perfectly responsible?

I didn't.

I never claimed you did. I am just saying that you haven't justified why Bitcoin is actually an irresponsible use of energy. What makes its usage level irresponsible? Why is it more irresponsible than other technologies which use more energy than it?
> What makes its usage level irresponsible?

New financial instrument using more power than most countries. Thought you might have got that by now.

> Why is it more irresponsible than other technologies which use more energy than it?

Nobody is making that argument. This is just whataboutery. But in general, the fact that it's a new financial instrument using more power than most countries, at a time when we have a global climate crisis brought on largely by our energy usage.

> New financial instrument using more power than most countries. Thought you might have got that by now.

But you haven't justified why that is an irresponsible use.

> Nobody is making that argument. This is just whataboutery.

Yes, true, I guess you never claimed that the other ~99.4% of energy usage isn't actually less justified than Bitcoin. Sorry to imply otherwise.

> But you haven't justified why that is an irresponsible use.

Because it's just a financial instrument, and it uses more power than the Netherlands, and we have a climate crisis going on. I'm not sure what it is you don't see here.

Any new financial instrument that added a whole country to the energy map like that would be a bad thing.

You are implying that's an obvious judgement but the wide ranges of opinions in the daily cryptocurrency threads on here should clearly show you that it is NOT an obvious judgement. Why are financial instruments not important enough to warrant a measly 0.6% of worldwide consumption?
Such opinions on the cryptocurrency threads tend to come from biased/invested sources who want to either whitewash or ignore it, very few even try to justify it, just dismiss concerns.

It's not measly, it's enough for entire countries of many millions of people. Most countries in fact. That you seek to cast it as "measly" shows that you also are simply seeking to dismiss or whitewash, rather than take the issue seriously.

> Increasing the energy usage of our species is not "irresponsible" or "malicious". Right now, yes it is. we do not have unlimited clean energy.

I think you would drop this opinion very quick if the energy we where talking about was being used for your life support. We live in a capitalist world our financial systems are everyones life support.

> We live in a capitalist world our financial systems are everyones life support.

This does not describe cryptocurrency.

It doesn't annoy me at all. Your attitude annoys me.

Who cares how much energy it uses in aggregate. That energy is paid for. If we are under such an energy shortage problem then I assume individual countries will start rationing it out or switching to renewables or whatever.

It's such a weird attack angle that seems to have latched on some people's minds like glue. Did we ever look at the aggregate impact of every thing in the world? What is the aggregate impact of Facebook? What is the aggregate impact of gas cars? What is the aggregate impact of lawn mowing world wide? What is the aggregate impact of smoking?

Like... of all the things.

It's a global system that runs non-stop, world wide. It would be quite remarkable if it didn't use energy.

Great, let us know when that actually happens and when Bitcoin gets taken offline.

Because AFAICT, the number 2 cryptocurrency going PoS is positive, but doesn't necessarily solve the whole problem, and the actual switch-over might still be years away anyway.

> Great, let us know when that actually happens and when Bitcoin gets taken offline.

There is no us.

I dunno, given that companies like Tesla are stepping back from accepting cryptocurrency due to environmental concerns, I'd say there's a body of people for whom this constitutes a problem.
Casinos in Las Vegas consume quite a lot of energy
Do they consume more or less energy than Argentina?

* https://www.bbc.com/news/technology-56012952

Do you mean absolutely, or per unit of utility that the users get from it?

The casinos in Las Vegas do consume more than several countries, but also they consume less in an absolute sense than Bitcoin does. However I think we can agree the utility they provide is nothing more than mere entertainment.

And add on the emissions for the flight to get there
Let's ground all the planes in the world because they enable drug trafficking.

You are correct: crypto enables crime. But the solution is to fight hacking, not crypto currencies.

I feel that we have yet to see the major benefits from crypto currencies materialize. I've heard many theoretical and philosophical arguments in favor of it. I could easily imagine that, say, people in Venezuela might benefit from it with an unstable official currency but I haven't really heard stories that show that this is happening.
You're only a plane ride away from Venezuela, Argentina, Nigeria, etc...
To see what? People buy groceries with crypto? Are you sure? USD is used for what crypto fanboys think crypto should be used.
As a Venezuelan, it's not being used.

Why would we go from a volatile currency to another volatile currency that additionally needs access to a computer/smartphone (not everyone has these), it's hard to understand and it's not accepted in any shop?

Everyone wants US Dollars

> Let's ground all the planes in the world because they enable drug trafficking.

Let's make absolute pronouncements as if everything in the world is a black and white moral question, rather than assessing things pragmatically.

If we ground the planes, some level of drug trafficking will reduce, the knock on effects are that nobody can travel. Pretty serious to the world economy.

If we severely restrict the ability to transact large amounts anonymously, as we have been doing in the non-cryptocurrency world for some time, we can impact the ability of criminal ransomware gangs to get paid, and the knock-on negative effects are ... ?

Author opens with a absolute pronouncement and you're gaslighting OP because he did the same thing?

> Let's talk about why cryptocurrency is the single factor that created the ransomware plague that is ravaging our healthcare system and public infrastructure.

Gaslighting? Oh please.

> cryptocurrency is the single factor that created the ransomware plague

Why is this wrong? Without the ability to get paid like this, are you seriously telling me we'd see this stuff on the same scale?

This is also far from the sort of thinking I wanted to point out that the OP is exhibiting. We see it here on HN all the time and it wouldn't surprise me if it comes from coding - "I can think of another situation and if I apply the same rule blindly, doesn't it show that the rule is broken?"

The point is we don't have to apply the same rule everywhere in a society, and a rule that doesn't work well in one place can work well and provide value in another. The law is not code. Human society is not a computer model.

Just as a matter of interest, could you please supply a link to the last newsworthy ransomware attack that didn't involve payment in cryptocurrency?
Speaking about drugs, cryptocurrencies have enabled drug marketplaces that are generally quite safe for the buyer (escrow, better quality through reviews). The situation is now way better than buying something on the street.

I'm not saying it's a good example of a negative consequence of "restrict the ability to transact large amounts anonymously" since you mention large amounts though.

In (many?) places the end consumer can buy some drugs officially and much safer than any darknet review can guarantee.
Sorry, maybe I wasn't clear enough, when I'm talking about drugs I'm talking about the illegal kind, which you usually can't get legally (that's the whole point of those market, they wouldn't exist if there was a legal alternative that isn't way more costly). Of course legislation is changing but for most people in the world the only way to get weed, MDMA, amphetamine or psilocybin is through illegal means. I'm taking those four as an example because they're all getting legalised/are already legal in some capacity in the US, but all illegal in France.

A small language point: I'm French and the word for I guess illegal drugs is "drogues", whereas the word for regular medicine (which is also called drug in English) would be "médicament", at least in common speak. Sorry for the confusion, I used "drugs" while thinking about "drogues", and not what "drugs" represents.

I used sarcasm to make the same point: life is not a Disney movie.

Why was the bicycle, a very simple machine, invented 100 years after the steam engine, a very complex one? My theory: the idea of auto-motion had to be invented first. I imagine, the inventor of the bicycle must have observed a moving train and though: hey! like those levers, my legs could move a wheel as well. Eureka!

The blockchain is a very, very powerful idea, the application as decentralized, untraceable currency is powerful as well, even though we clearly understand the pitfalls. But the idea is already there, with real life applications, with many advantages.

For this particular case, I think we better fix/improve infosec rather than hunt down cryptos.

I think we should also ban trucks, too, as how else would you steal a TV nowdays.

I think what the author of the tweet is missing is that crypto is here to stay and it would be invented again if it didn't exist. (I.e why don't we just ban crime altogether? Oh, wait..)

Of course crypto is here to say. That's like saying math is here to say.

But the inability to convert imaginary coins into fiat is a political decision away.

There are other areas that are illegal but don't appear to be going away, like drugs and prostitution. Wouldn't criminalizing crypto just move the entire thing under ground? This would perhaps limit its "market cap", but also removes the ability to regulate and tax it.

> Of course crypto is here to say. That's like saying math is here to say.

I think banning cryptocurrencies as an activity isn't like math, unless you meant "doing math" as in solving an equation. I.e if by some higher power you could find cryptocurrency operations then these would seize to exist (and be "not here to stay"), while the knowledge of math won't.

> Wouldn't criminalizing crypto just move the entire thing under ground?

It would shrink massively. Cryptocurrency itself is not as base a desire as drugs or prostitution. They are a goal in and of themselves, for people seeking them. Cryptocurrency not so much.

It would shrink, definitely, but as the other two it wont disappear as it's actually required, both as protection against inflation or also as a fast and no-middlemen way to send money.

And for specifically for bitcoin[1] the "goal in itself" is the anti-inflationary part. Nobody wants to lose what they have because somebody else thought that creating new money is a good idea. Putting your cash into other assets such as real estate achieves the same goal, bitcoin is just more convenient.

[1] I say "specifically for bitcoin" as what a value of any cryptocurrency is depends on how it's actually coded up (how/when it's created, burnt etc). Not all cryptocurrencies are good for "stores of value".

My ability to have fun with my own money is not up for discussion.
I don't know how anyone can defend cryptocurrencies after reading this lucid argument. I hope this provokes more discussion on the problem. Excellent work again from Stephen Diehl.
We are heading into a world where we are co-living with computers and this won't change. I think it's fair to say that our societies have become dependent on computers and they improve our capabilities to such a high degree that it's not feasible to function without them.

So the only path forward is to radically improve the security of our software and hardware. There is just no way around it. So everything like memory safety, formally proven kernel OS's (seL4), capability based security etc... all these avenues need to be explored and adopted yesterday. I am honestly surprised that governments around the world don't have this as a top strategical priority.

> I am honestly surprised that governments around the world don't have this as a top strategical priority.

Snooping on their citizens is just too tempting... Just follow the various attempts of governments, even elected ones, to weaken security, not improving it.

I am afraid we will end up with locked down boxes with only "trustworthy" parties able to access it.

> So the only path forward is to radically improve the security of our software and hardware.

It's actually not the only path at all. Few other paths:

1. Outlaw cryptocurrency. Now it's much harder to pay digital ransoms.

2. Stop confusing "identification", "authentication" and "authorization". Me having Bob's SSN doesn't mean I'm Bob. Me having Bob's credit card number doesn't mean I'm Bob either. This is childish crap that we should have resolved decades ago.

> So everything like memory safety, formally proven kernel OS's (seL4), capability based security etc... all these avenues need to be explored and adopted yesterday.

None of this will stop thousands of MySQL installations listening to public IPs with login root/root dude.

Most exploits are trivial human mistakes.

I was making a general argument for improving security at all levels and the few examples that I gave were not meant to be an exhaustive list, in case that was not obvious.

As for outlawing cryptocurrency, that's a very narrow minded approach and it's very similar to banning encryption because criminals use it to evade law enforcement. Crypto asset networks are protocols so don't expect applications to produce end user value over night, just like TCP and HTTP didn't produce value over night.

All right, welcome your ransomware organized crime overlords then. BTW, I've never seen cryptocurrencies used for ANYTHING good yet.

It's about hiring hitmen, buying drugs, buying child porn, stealing wallets from naive fools, stealing power by illegally hooking hidden mining centers to the grid, stealing power through mining malware, and so on and so on.

Crypto is a pyramid scheme for idiots, and on top of those idiots is propped up an entire ecosystem of illegal activity.

Since we already have enough currencies in the world, and decentralization only means theft can't be stopped at all and regulated, I'd say this mythical "value" of coins will never happen. The use case for regular law-abiding citizens buying shit online is already addressed. The use case for regular law-abiding companies doing large financial & asset transactions is also already addressed.

What wasn't addressed is anonymous cash transactions for criminals online, and that's what coins addressed. We don't need that.

You're right, and the Internet is a cesspool of imoral time wasters, supporting a whole industry of pornography sex deviants, child abusers and terrorists. We should ban encryption and mandate government issued Internet IDs /s

If you supported something like a ban on encryption or government issues Internet ID, I would honestly be contempt and respect your principled view, but I doubt you do.

I have no idea what you're talking about, but it sure seems like you want to set a different topic and put words in everyone else's mouth, so it's easier to argue with them.
Criminals also benefit from plain old encryption of messages too. Intelligence agencies will say criminals use encryption to organize terrorism, exchange abusive materials, etc. They will say that regular law-abiding citizens don't need strong encryption which isn't backdoored by the government. The use case of private messaging is already addressed (just do it in state controlled channels).

So why shouldn't we ban it too?

> decentralization only means theft can't be stopped at all and regulated, I'd say this mythical "value" of coins will never happen.

You just explained the exact value proposition. Just because right now most westerners are able to have a reasonable degree of trust in their financial institutions doesn't mean that privacy "backstops" like strong encryption and cryptocurrency aren't beneficial.

Look I'll restate my position in simpler words again:

Encryption has good uses, and some bad uses.

Cryptocurrencies have only bad uses.

See the difference?

I'll restate my argument in simpler words too: What are the good uses of strong encryption that aren't solved by government controlled encryption?
Do you even realize most of the crypto research is done by the NSA, a government agency?

https://en.wikipedia.org/wiki/NSA_cryptography

Yes, AES, SHA and so on, that's all the NSA.

If instead by "government controlled" you mean the government has a backdoor, then two things:

1. Most governments already have a backdoor in many major companies' cloud services.

2. The actual algorithm can't have a backdoor because there's no way to design it so it's "government-only". It'd be one key away from becoming every criminal's backdoor.

So as you see, everything actually makes sense there.

So with point 1, you are saying that you do support mandated government backdoors? Or are you just acknowledging that they effectively exist already? Because that is not relevant: Bitcoin exists already, too, it has no "backdoor", and it is usable today.

With point 2, I think you will see how the same line of thinking applies to cryptocurrency. The government is just one particular institution and there's no reason to expect them to be better stewards of the ability to sniff our encrypted messages than anyone else. Therefore, nobody should have that ability. I don't see why the same argument doesn't apply to encrypted "value transfers".

Honestly if you expect that Joe who keeps his wallet on the desktop right next to some screensaver.exe he has downloaded is as a good steward of his savings as having a regulated bank account with a government backed currency, any conversation between us on the topic I'd consider "reasonable" is pointless.
This is no different than arguing "encryption is useless because most people don't use it properly".
Except that's wrong, most people use it properly. Because they can just use trusted applications that implement it.

Who do you trust with your wallet? Mt. Gox? Altsbit? Upbit? BinDAX? Bitpoint? GateHub? Bitrue? Binance? DragonEx? Bithumb? CoinBene? Coinbin? Coinmama? Cryptopia? Oh yeah they all got hacked and lost their clients millions.

How many 1000s of people have permanently lost sensitive data because they lost their FDE keys? How many companies had user data compromised because they didn't implement encryption best practices properly? Certainly more than a dozen or whatever.

It's a useless comparison because encryption has been around for decades more than cryptocurrencies. The point is about the format of the argument. It doesn't make sense to say it's OK to ban a technology just because many people don't use it properly.

Don’t compare leaking someone’s email with disappearing their whole life savings.
(comment deleted)
> What are the good uses of strong encryption that aren't solved by government controlled encryption?

Protection against bad government(s), or at least bad actors in (good) government:

* https://en.wikipedia.org/wiki/LOVEINT

And doesn't the same justification apply for cryptocurrencies?
Enjoy using money that is inflated beyond belief at the whim of the government.
> 1. Outlaw cryptocurrency. Now it's much harder to pay digital ransoms.

I buy bitcoin from a guy down the street how are you going to stop that? I don't think outlawing cryptocurrency will stop people from using it, same way outlawing alcohol and weed doesn't stop anyone just makes them "criminal"

> 2. Stop confusing "identification", "authentication" and "authorization". Me having Bob's SSN doesn't mean I'm Bob. Me having Bob's credit card number doesn't mean I'm Bob either. This is childish crap that we should have resolved decades ago.

This is based af identity theft shouldn't be as easy and rampant as it is.

> I buy bitcoin from a guy down the street how are you going to stop that? I don't think outlawing cryptocurrency will stop people from using it, same way outlawing alcohol and weed doesn't stop anyone just makes them "criminal"

Outlawing coins won't stop people from using them.

It'll however shut down:

1. All major blockchain servers.

2. All major trade exchanges.

3. All legal services like "bitcoin vaults, banks" and so on.

4. All legal mining operations.

So with that, the foundation below crypto's value will collapse and it'll become basically worthless.

And so you'll probably still be able to trade Bitcoin, if the blockchain exists at all. But it'll be worth zilch.

1. Piracy is outlawed doesn't stop top sites or bittorrent. 2. True, but peer to peer exchanges would just become the major exchanges. 3. There are plenty of tax havens that provide these legal services, many provide the same services for crypto. 4. Mining can be done anywhere with the final block being proxied, would make it very difficult to prevent miners.

I am sure governments will try to outlaw it, I just don't think they have much of a chance of success.

You can’t have a pirate blockchain. Rather, not one someone would invest serious money to buy from.
People have argued that the only value of bitcoin was for drugs and piracy and yet it has seen serious money invested
> So the only path forward is to radically improve the security of our software and hardware. There is just no way around it. So everything like memory safety, formally proven kernel OS's (seL4), capability based security etc... all these avenues need to be explored and adopted yesterday. I am honestly surprised that governments around the world don't have this as a top strategical priority.

Governments are paid by big companies or controlled by the rulling party. Governments just want more power and control. They never learn from the past. And when they learn is too late because the dictatorship is already comfortably installed. Security vulnerabilities are for them just a good excuse to enact more oppressive laws. Just look at the reaction to Solar Winds attack. Or look at GDPR - it is just theater.

I don't know how anyone can defend cryptocurrencies after reading this lucid argument. I hope this provokes more discussion on the problem. Excellent work again from Stephen Diehl.
Real life pen testing... live with it.
Hahahaha exactly! We have now the need/opportunity to improve infosec.
Since he doesn't allow non-vetted (not politically aligned) Twitter accounts to respond to his tweet, I'll respond to it here:

The Ransomware sector was enabled by cryptocurrency in the same way entire classes of crime were enabled by the internet.

You need to take the good with the bad with any transformative technology. The good, in the case of cryptocurrency, includes:

* hundreds of millions of people potentially being empowered to earn income by sharing in the revenue their social media content generates, via community currencies, like the /r/CryptoCurrency ERC20 token, Moon [1] [2] [3] [4] [5].

* people living under repressive governments being able to escape their capital controls and survive [6]

As for the bad, this may end up being the lesser of two evils. The other, potentially greater evil is that the security vulnerabilities are never exploited in a dramatic and public fashion that alerts the organizations that they afflict, leading to years of undetected information theft, or potentially even worse, the vulnerabilities being exploited all at once in a cataclysmic cyber attack by a state-level adversary to the US.

The potential for ransomware acts as a bug bounty and canary, uncovering security holes, and incentivizing organizations to fill them. It could lead to a much more hardened network computing infrastructure.

[1] https://www.reddit.com/r/CryptoCurrency/comments/l9dye7/i_so...

[2] https://www.reddit.com/r/CryptoCurrency/comments/kqrikd/sold...

[3] https://www.reddit.com/r/CryptoCurrency/comments/n371id/how_...

[4] https://www.reddit.com/r/CryptoCurrency/comments/ly79uw/as_a...

[5] https://www.reddit.com/r/CryptoCurrency/comments/l9bdtn/guys...

[6] https://twitter.com/Codiox/status/1375876968390909956

They could still do that if significant regulation is put in place to enforce things like KYC/AML, and strictly regulate places where cryptocurrency touches the 'real' economy.

This twitter thread doesn't necessarily call for an outright ban, it criticises what he terms as "regulatory impotence" in this area.

The reason why cryptocurrency has the benefits it does is that it is highly impervious to third party intervention, whether that intervention is repressive regulation (which by the way, I would count KYC/AML laws as, after experiencing the financial exclusion and privacy violation it causes), benevolent regulation or just some party seeking to engage in rent-seeking, as in the case of a company with a locked in customer base raising fees to above what is economically optimal.

The only way to eliminate its negative effects is to obviate its core properties of permissionless-ness and decentralization.

If those have to be given up, then let it be so.

I don't see that either of those qualities is essential to the benefits you proposed above.

The benefits I referred to come from the fact that people all over the world can count on the protocol remaining globally accessible and apolitical/neutral. Without that, there would be no global adoption of the value transmission protocol to make the assets issued on top of Ethereum useful at the global scale.

We cannot count only on the political system to maintain liberties. We need non-political institutions like cash, and its electronic corollary, cryptocurrency, to ensure certain freedoms, even in the case where the political system fails.

When you put in KYC/AML in place, you lose ability to employ people in restricted countries easily. How do you employ someone in Iran if the US government or Iranian government is against? Bypassing regulations is a great perk.
Some folks would say that restricting such arrangements would be a good outcome.

> Bypassing regulations is a great perk.

For illegal arrangements, sure. You may think your government shouldn't inflict such restrictions, but empowering everyone to just ignore them is unlikely to lead to good outcomes.

If a developer in Iran wants to work with a company in the US and they are prevented in doing so, it might be illegal, but it is ethical to bypass such a regulation.
Why is it ethical?

What if inflows of cryptocurrency to Iran are used to further a radical clerical agenda and foment war, torture and mass disruption?

It depends on how you define ethics. I am for example deongological rational egoist. I can decide for myself if my acts of sending money to Iran are ethical. In my case, I send them to people who are aginst the regime, don't torture anyone and are secular. So I exchange good work of good people for value they otherwise couldn't get. This is what matters. Voters', politicians' ideas and opinions, etc. does not.
"New technology allows bad thing to happen, therefore new technology is bad as a whole. In other news, won't anyone think of the children?"
Did you read the thread?

He’s decrying regulatory impotence, not calling for a knee jerk ban.

I did, he's talking about how bad cryptocurrency is for the entire thread, and then the last sentence says "regulatory impotence". I'm not convinced.
Yeah he forgot all the good things bitcoin brings us, like having the carbon footprint of a small country.
This is the tweet that ties the rise of ransomware to crypto anonymity:

1) Receive ETH tied to crime

2) Send to tornado.cash

3) Withdraw from tornado.cash

4) Now you have clean ETH in a fresh wallet not tied to identity

5) Use a DeFi non-KYC exchange to swap for another token

6) Use KYC exchange to swap token for dollars/euros

(https://twitter.com/smdiehl/status/1395686872400211973?s=21)

Can anyone confirm that this method truly anonymize?

If so, what can the US government do to prevent anonymization?

Will it work, meaning it would make extortion significantly harder?

As someone who has went through way too many KYC/AML dances, this method means nothing. The moment you try to pocket fiat into a regulated bank or exchange, they will look at the entire chain of transactions.

Mixers are a red flag. Unregulated exchanges are a red flag. There is no way in hell those funds are laundered back into the existing banking system.

Red flags don't mean much. Building AML models is hard, and often yield an overwhelming number of false positives that arise from an over-reliance on those indicators. Sure, a positive prediction might lead to a SAR, but unfortunately that doesn't mean much either. In the majority of cases it will lead to the customer being off-boarded, in which case they'll simply go to another bank with more lacklustre controls. A SAR won't lead to a prosecution unless it sparks a new case in law enforcement (rare due to resource constraints), or whether it supports part of an ongoing case.

Sadly, that money will probably be laundered.

To elaborate on this, tornado.cash actually gives you a cryptographic proof of the transaction, which allows you to reveal the origin of the funds to whoever you choose. So an obvious regulatory alternative to the nuclear option would be to require to reveal the origin to the authorities upon request.

On a more general note, this is one example of how engineering solves the OPs point of criticism, but it requires some research/education.

Ofc someone could fork tornado.cash and not hand out these cryptographic proofs, but I would assume that this clone would not find consensus/acceptance with an informed general public. An informed general public will also not accept prediction markets without a consensus model that prevents paid hits (all of the ones I know [augur, gnosis] include functionality to prevent evil stuff like this), just as an informed general public will not agree to trade on a system that gives carte blanche to criminals.

I've made reasonably large crypto profits and returned them to the existing banking system and no questions were asked to the source of the profits although they knew who I was naturally.

If you go to say Kraken, change fiat to Bitcoin, send it to say Bitmex, speculate and reverse the process it's quite hard for them to say if you got luck speculating or topped up your account with dirty money. And I imagine the criminals use places much less fussy than Kraken which is US regulated.

Don't think this works unless you use an anonymous crypto like zcash even then can be tracked but much harder.

I dunno how much any of it matters tbh when you use your KYC exchange to finally cash out they will just ask you to prove where you got the money or no cash for you.

This doesn't work as written. For example, if you make 5 deposits of 1 ETH from an account that action is public. If you then make 5 withdrawals of 1 ETH into another account that is also public. Without a lot of extra work in between 2) and 3) it's trivial to see that an amount goes into the pot and then that amount comes out of the pot and link them. Even if the direct link between them is encrypted.

Besides, anonymity doesn't mean laundering. Laundering is about creating a seemingly legit source of bad money. If an exchange follows the source of the funds and sees tornado.cash, they're going to know something is up, even if they can't see the inputs.

> the criminals had very few options by which to extort money from their victims.

I remember the phone dialers in the 90s. Malware would also steal your credit card, social security etc. Identity theft was and still is rampant why try to extort £1000 from you when I can just open a new credit card in your name with a £3000 limit and spend it all before you know its a thing.

Most people who fall for these scams are elderly people who wouldn't know how to buy a bitcoin to pay a ransom. The only people that pay ransom ware are large organisations that have the funds and ability to defend themselves but choose to invest in insurance over security.

> Thus the scale of the number of people you'd have to exploit to make this profitable is enormous.

You mean they need to find a 0-day and then write a worm? I think this is already being done to steal millions of credit cards.

> however that requires that hackers hand over the routing information to their bank account

They use the bank accounts of their victims to hide from authorities and like I said they have millions of accounts.

I think the rise in ransomware since the 90s is closer correlated to how much people value their data / technology.

> cartoon twitter avatar

This person’s political opinions are not worth listening to.

This author seems to have decided that ransomware is very much a net bad or evil thing. I'm not so sure about that.

Yes, it has caused real and very visible damage, but it has also done some good. It seems like a market solution to the problems of lack of security and for grabbing all data and storing it without a second thought. Organizations are now realizing the importance of security. I think there is now more thought being put into how data is stored, and even thought on what data is stored. I think it's great that these ransomware groups are maybe making companies at least consider what data they store about me and how securely they store it.

Stephen Diehl hates cryptocurrency - which is fine - but I think he's simplifying ransomware massively in order to grind his axe here.

If it was as simple as 'use cybercoin, do ransom' how come there aren't any big ransomware gangs based in the US or other western country allied with them?

Because the people here aren't capable of it? Come on. It's because the groups can't actually remain anonymous over any significant time period, cybercoin or not.

Every ransomware gang I know of is based in a country that is either directly hostile or semi-hostile to the US, and ransomware almost exclusively targets businesses in the US or allied nations.

To the point where installing a virtual Russian language keyboard can significantly impact your chances of getting ransomed (https://krebsonsecurity.com/2021/05/try-this-one-weird-trick...).

These facts change the calculus considerably. The major ransomware gangs, if not explicitly state actors, are definitely viewed as state assets in case of an emergency where they could be nationalized.

This means that even if it was completely non-profitable to do these attacks, there would be reason to do them for geopolitical reasons. Both to weaken the US and to train their own personal.

The NotPetya `ransomware` attack that hit Maersk in 2019 is an example of this. Despite pretending to be ransomware, it was not a profit seeking endeavor at all, but a Russian cyberweapon (that was pointed at western Ukraine) that got out of control.

On a side note, I find it hilarious that after the pipeline attack DarkSide tried to argue that it was only in it for profit and `not political`. Because criminal gangs operating in hostile jurisdictions would never stoop to lying, now would they?

But even if the actors were purely in it for the money - I don't think getting rid of cryptocurrency would stop them at this point. Crypto may be very convenient for large international payments but it's hardly the only way to move money across borders. The drug trade has been moving billions of illegal dollars out of the US every year for decades and they have to deal with physical products and cash.

I can easily imagine a ransomware gang working with a drug network and getting victims to drop suitcases full of cash to designated drop-off points. Remember, these victims are usually large international businesses, so having them make dozens of $100,000 cash drops in a reasonable time frame isn't out of the picture here.

Combined with the fact that these multinationals have much deeper access to the financial system then your average Joe with a bank account, I'm sure the ransomware gangs can find a way to get a mostly irreversible payment to them. Remember, most of these businesses want to pay, so the gangs effectively have an insider there.

The root cause of this mess is that billions of dollars worth of infrastructure can be accessed with nothing more then an internet connection and a little grunt work. As long as this is the case, international cybercrime is going to be a massive threat to any business or government.

You can't just leave tons of gold bars lying around and hope that it's too inconvenient to try and carry them out in a backpack. People are clever and can figure out lots of ingenious ways to move money around. The wealth actually has to be secured. Until that happens, you're going to lose a lot of gold.

Some other links: Why banning payment might backfire https://gru.gq/2020/10/18/ransomware-prohibition/ Other possible real solutions: https://gru.gq/2021/05/1...