Privacy coins are often feared among regulators and law enforcement agencies—after all, their very nature means it’s easy to assume that tracking transactions would be near impossible.
Not so, according to Chainalysis. The blockchain intelligence firm announced in a June 8 blog post that it is now able to investigate illicit payments made using Zcash and Dash. Better still, the company said this can be done in a way that balances the competing needs of a user’s right to privacy and the industry’s need to be compliant with existing legislation.
You may be expecting that Chainalysis has found some genius cryptographic workaround that exposes the identities of those sending dirty money. In fact, the reality is a lot less dramatic than this: the vast majority of payments made using both of these coins aren’t obfuscated to begin with.
The company explained how PrivateSend, the Dash mixing service designed to blur the value of a transaction, is seldom used. Because this feature is optional, estimates suggest that this tool is used in just 0.7% of fund transfers between users.
“From a technical standpoint, Dash’s privacy functionality is no greater than Bitcoin’s, making the label of ‘privacy coin’ a misnomer for Dash,” Chainalysis said.
The company added that it’s a similar story when it comes to Zcash—by default, transactions don’t take place in the shielded pools that offer privacy, meaning most of the activity on this blockchain is public and unencrypted.
One revelation that could cause darknet drug dealers and cybercriminals to break out into a cold sweat is this: even if Dash and Zcash’s privacy features are used, it’s still possible to perform a successful investigation and unmask those involved in illicit transactions.
Dash’s PrivateSend mixer breaks down an individual’s funds into specific denominations—and pools it with other users in one big transaction so inputs and outputs are harder to connect. However, only 0.7% of all Dash transactions use funds entirely run through PrivateSend. Indeed, the Chainalysis blog cites research from Princeton University showing that, in certain circumstances, even single addresses can be identified.
When it comes to Electric Coin Co.‘s Zcash, even powerful zero knowledge proof encryption—zk-SNARKs—can be overcome. The blockchain intelligence firm claims that it is able to provide the transaction value—and at least one address involved in the payment—for more than 99% of ZEC activity. Thus, because the majority use them in a “straightforwardly identifiable way,” shielded pools rarely offer a cloak of invisibility.
“Dash and Zcash allow users to conduct transactions with greater privacy, but that doesn’t mean they provide total anonymity,” the blog explained. “The two cryptocurrencies’ privacy features—both in how they’re built as well as how they’re used in the real world—leave room for investigators and compliance professionals to investigate suspicious or illicit activity and maintain compliance.”
Privacy? What privacy?
The research suggesting that privacy coins aren’t all they’re cracked up to be has been building up for some time.
As reported by Modern Consensus last month, a study by Carnegie Mellon University revealed that just 0.09% of Zcash transactions in a 30-day period were untraceable. The reason was simple: so few Zcash users “turn on” the privacy feature that the “shielded pool” of Zcash is miniscule, and even the shielded ZEC connects to “transparent” transactions.
Researchers warned its ecosystem “is not conducive towards achieving anonymity for its users”—and pointed out that, in any case, most criminals preferred to use Bitcoin anyway, partly because privacy coins are difficult to buy and sell on exchanges.
Its findings also revealed why Chainalysis is still unable to support the Monero privacy coin. The university concluded that XMR’s approach means that it is “much harder” to trace payments made using this cryptocurrency. With Monero, a single-use address is generated every time a transaction is performed—and ring signatures that add decoys have been introduced to narrow traceability further.
“The percentage of partially or fully deducible transactions has been nearly zero for over two years,” Carnegie Mellon said at the time.
A step too far?
Chainalysis announcing that it now supports privacy coins will likely enrage some of the firm’s most vocal critics.
Back in April, Modern Consensus reported on how Bitcoin author and evangelist Andreas Antonopoulos launched a scathing attack against Chainalysis—claiming that it is “violating the civil rights of millions of people” and is “basically in an arms race against privacy.”
In one particularly stinging rebuke, Antonopoulos had said: “I think it’s fundamentally immoral to even work at a company like this,” he said. “Just like I would consider it immoral to work for a weapons manufacturer or a company that builds cages for refugee concentration camps.”
The company’s response is that it helps law enforcement agencies break up child pornography rings and other criminal enterprises, and help businesses and crucial organizations react to ransomware attacks.