'Crypto-cleansing:' strategies to fight digital currency money laundering and sanctions evasion

NEW YORK (Thomson Reuters Regulatory Intelligence) - Digital currency technologies generated widespread public and investor interest in 2017, with new cryptocurrency products capable of streamlining and decentralizing global commerce. Unfortunately, these technologies also create new money laundering tools that allow countries like Iran, North Korea, and Russia to evade international sanctions. This is especially true of so-called “privacy coins,” which offer personal anonymity and covert transactions to their users.

Broken representation of the Bitcoin virtual currency, placed on a monitor that displays stock graph and binary codes, are seen in this illustration picture, December 21, 2017.

Failure to restrict privacy coins through regulation of digital currency exchanges has created a financial haven for sanctioned governments, terrorists, and criminal organizations. As digital currencies are unfettered by geographic and political borders, a coalition of regulatory, law enforcement, banking, and academic partners must establish global standards to address the growing threat of digital money laundering.


Digital currencies can improve lives by replacing slow, expensive transactions. Unlike government-backed fiat currencies, like the U.S. dollar, digital currencies often have specific purposes. For example, Ripple offers a mostly-centralized digital currency payment platform that completes transactions in minutes, and at lower cost than traditional international payment products, such as SWIFT. The TRON currency’s peer-to-peer payment system aims to remove mobile app stores as intermediaries between content developers and consumers, extending savings to both. Other cryptocurrency technologies aim to streamline medical billing services, substitute traditional retail debit purchases, and potentially replace the need for banking and fiat currency.


These technologies have allowed certain countries to evade international sanctions through organized digital money laundering, or “crypto-cleansing”, weakening Western diplomatic efforts and thereby escalating global conflict.

Digital currencies allow criminal actors to buy and sell illicit goods and services, ranging from weapons to people, narcotics, child pornography, organs, and hitmen for hire, through the black markets of the internet’s uncharted corners, or “darkweb.” They also create opportunities for cyber-criminals to hack digital exchanges and e-wallets for purposes of financial fraud and identity theft, a major tactic adopted by North Korea.

Cryptocurrencies provide a means for terrorist organizations and criminal syndicates to launder and relocate wealth across the globe quickly, easily, and privately, potentially even replacing bulk-cash smuggling. Imagine if the Sinaloa drug cartel in Mexico could move large sums of money on a flash drive, instead of smugglers hauling sacks full of cash. This is not a future-state scenario, but rather a present threat.

Hostile state- and non-state actors alike are turning to crypto-cleansing for two reasons. First, digital currency is the easiest, quickest, and most private way to launder money globally, in large part due to anonymous “privacy coins”. Second, there is no global standard for regulating digital currency exchanges, with many lacking risk, sanctions-screening, and anti-money laundering (AML) programs.


The following examples illustrate the general methodology for laundering Illicit funds through digital currencies.

Phase 1: Fiat currency to primary digital currency (bank to basic digital exchange)

A global crime syndicate attempting to cleanse illicit U.S. dollars can enter crypto currency markets in two ways: either through purchase of digital currency from a basic digital exchange via the syndicate’s bank account, or by cash or debit card at one of over 1,600 U.S.-based digital currency ATMs. Basic digital exchanges are generally preferred, as bitcoin ATM companies are regulated as money service businesses (MSBs), which requires they maintain anti-money laundering (AML) programs.

As a result, most launderers open online accounts with basic digital currency exchanges, such as Coinbase, Gemini, Bitstamp, or Kraken, which accept fiat currency from traditional bank accounts.

For additional online privacy, launderers may adopt pseudonyms through encrypted email services (e.g. ProtonMail or Hushmail), set up anonymous e-wallets (e.g. Jaxx, Samourai, or BitLox), and run logless virtual private networks (VPNs) (e.g. Mullvad or Windscribe); all via an encrypted, blockchain-optimized smartphone.

Account-opening typically requires detailed personal information for account verification. Launderers may use “straw men,” or money laundering intermediaries, with clean records and corroborated employment, with direct deposit, to provide an additional layer of separation. They can also purchase fully verified accounts from willing participants on social media forums such as Reddit.

Once verified, the digital exchange account can receive fiat currency deposits through wire transfers, automated clearing house (ACH) transfers, or by bank account or credit/debit card number. The funds can then be used to directly purchase stake in a “primary coin,” such as bitcoin, Ethereum, or Litecoin.

These primary coins can be used as an intermediary between fiat currency and alternate digital currencies, or “alt-coins”. Alt-coins can only be purchased on advanced exchanges using primary coins (i.e. not with fiat currency). Many classes of alt-coin exist, each with unique purposes. Among these are centralized and decentralized currencies, lightning fast payment-oriented coins, and privacy coins.

While traditional decentralized blockchain coins, like bitcoin and Ethereum, maintain a detailed transaction audit trail, some alt-coins do not maintain a ledger of this information. These node-to-node (N2N) privacy coins encrypt transaction details so that only transacting parties can see them, using privacy features such as “homomorphic encryption,” which allows for the data calculations needed to facilitate a transaction without the need to first decrypt the data; and “proof cryptography,” which verifies the transaction without revealing the details.

Phase 2: bitcoin mixing - primary coins (basic exchange) to privacy alt-coins (advanced exchange)

Assume the launderer purchased bitcoin with U.S. dollars on the basic Coinbase exchange. The resulting bitcoin ownership would be represented in a bitcoin digital wallet, which has its own unique and traceable digital address, as well as a unique QR code.

In order to obfuscate the primary coin’s audit trail, launderers use a tactic known as “mixing” or “tumbling”. Mixing services, such as Bitmixer or Helix, perform primary coin address swaps against temporary digital wallet addresses in an attempt to fool the blockchain and break audit traceability. Some advanced exchanges, like ShapeShift, which require no login or verification, may be used as an alternative mixing method. ShapeShift, which operates only through sending and receiving wallet addresses, allows for a backup address to be used in the event a transaction fails. Launderers intentionally use false receiving addresses in order to re-route transactions to the backup address, thereby breaking the audit ledger.

The next step is to transfer the mixed bitcoin holdings to an advanced digital exchange, such as Bittrex or Binance, for the purpose of acquiring privacy coins. The transfer process between exchanges can take hours with bitcoin, while Litecoin and Ethereum generally process in minutes.

Once the launderer’s bitcoin arrives in the advanced digital exchange bitcoin wallet, they can then trade bitcoin for a privacy coin, such as Zcash, Verge, Monero, Dash, and Desire. Desire uniquely provides its own mixing service within the blockchain itself.

Phase 3: layering through multiple privacy coins, exchanges, and digital addresses

The money laundering layering process involves a series of money movement tactics designed to provide anonymity to the illicit source of funds. Upon purchasing privacy coins on an advanced exchange, money launderers can easily and anonymously layer funds between various digital currency exchanges, privacy coins, and crypto wallets that can belong to anyone. After several layers, money launderers can sever the audit trail, effectively cleansing illicit funds for integration back into the traditional financial system.

Having severed the audit trail in Phases 1 through 3, the launderer now has several options for withdrawing the cleansed funds from the digital currency world.

Phase 4: “bust-out” integration

Privacy coin holdings can be re-exchanged for primary coins, which can then be transferred back to a basic currency exchange, where funds may be withdrawn to a connected bank account.

If the launderer deems reintegration into retail bank accounts too risky, they can transition funds into real estate, citing the legal, expected desire to avoid capital gains taxes.

However, the most secure way to transition funds for integration is to transfer digital holdings to a portable hardware crypto wallet. These flash drive-sized devices provide couriers with the means to avoid risky bulk cash smuggling by transporting funds covertly. In fact, a courier can accomplish the same task with a printout of the digital address or QR code. Laundering cells may further limit access to funds throughout their logistical network by requiring an elaborate passphrase known only to the sender and desired recipient.

As such, a sanctions evasion/currency cleansing operation could clean $10 million per 10 people per week like this:

-- $10 million dollars is spread out across 10 straw man intermediaries, each responsible for cleansing $1 million.

-- Each straw man maintains stake in 10 transferrable digital currencies, allowing their $1 million to be segmented into $100,000 increments.

-- In addition, each straw man maintains wallet addresses for each digital currency with 10 separate exchanges, allowing segmentation down to $10,000 increments.

-- Each straw man then withdrawals 2 separate transactions of $5,000 to their accounts with 10 different financial institutions.

Conversely, phases 1 through 3 could utilize similar straw-man tactics on the deposit end.


Traditional banks are required to implement anti-money laundering (AML) programs, which conduct customer risk assessments, transaction monitoring, and sanctions watch-list screening. Digital currency exchanges, however, often lack such rigorous requirements.

As a result, law enforcement is burdened with additional AML-related investigation responsibilities, with the FBI spending approximately 75 percent of its financial crime-related manhours investigating digital currency.

While privacy coins merit the majority of money-laundering concern, regulators should instead focus their attention on the advanced exchanges that trade such currencies. A privacy coin’s audit trail may be anonymous, but a digital exchange’s ability to view its own trades and digital wallet balances is not.

To legally transact (clear) the U.S. dollar globally, correspondent banks are required to maintain a New York branch and comply with U.S. AML regulations, even if they do not maintain a U.S. retail banking presence. This illustrates the challenge governments face when attempting to regulate advanced exchanges. Since advanced exchanges do not accept government-issued fiat tender, governments may face difficulty enforcing their regulatory standards globally.

Collaborative, international law enforcement and regulatory partnerships are critical if governments are to overcome this obstacle.

While an advanced exchange cannot be regulated by a foreign government if it does not clear that government’s fiat currency, laws can still be enacted to regulate digital currency exchanges based on their jurisdictional headquarters. International bodies, including the Financial Action Task Force (FATF), which sets global standards for AML policy, must make crypto-cleansing a top priority for collaboration.

The ability to regulate digital currency exchanges would allow international bodies to set cross-border standards, which should include risk, transaction monitoring, and sanctions-screening programs. FATF standards should require exchanges to remove privacy coins from their respective marketplaces, as a result of their direct use in state-level sanctions evasion, darknet black-market operations, money laundering, and terrorist financing.


Until governments collectively enforce these regulatory principles, the responsibility will fall on law enforcement and bank AML units to identify suspicious transactional behavior at the points of ingress and egress between financial institutions and basic crypto exchanges.

For banks, this approach should be two-fold, requiring both investigator training and crypto exchange-focused detection scenarios. Many legitimate investors regularly transact between bank accounts and basic exchanges. As with any AML operation, segmenting normal customers from possible money launderers requires specific considerations.


-- Customers whose predominant source(s) of funds are derived from cash and cash-equivalent transactions, digital currency exchanges, and third-party payment processors (TPPP) that provide anonymity to the source(s) of funds. This is relevant for both retail banks and digital currency ATM kiosk money services businesses (MSBs).

-- Recurrent international wire transfers to digital currency exchanges.

-- Overall inbound and outbound transactional activity that appears excessive for the customer, given their known source(s) of funds.

-- Businesses transacting through digital currency exchanges in a manner expected of individuals. This could indicate front, shell, and/or shelf companies.

-- Non-profit organizations transacting through digital currency exchanges in a manner expected of individuals. This could indicate misappropriation of funds.

-- Structuring and micro-structuring of individual and aggregate transactions to evade regulatory recordkeeping and movement restriction thresholds (e.g. $10,000.01 in the United States; $50,000 in China).

-- Multiple bank customers sending funds to digital currency exchanges in identical values and similar time-frames. Identical value transactions provide a means for additional anonymity later in the mixing and privacy-coin layering stages.


-- Rapid outgoing cash and cash-intensive activity at retail banks and digital currency ATM kiosks.

-- Rapid flow-through of funds to external financial institutions, where deposit and outflow activity appear similar in aggregate value and timeframe.

-- Large purchases, such as real estate, automobiles, and boats.

-- Connections, transactions, or international travel to digital money laundering hubs, like Russia, Venezuela, Lebanon, Iran, North Korea, Ukraine, Turkey, Paraguay, former Soviet-bloc nations, and those in proximity to substantial conflict, corruption, organized crime, and terrorist activity.


If crypto-cleansing is not contained, state-level sanctions evasion threatens to escalate geopolitical instability. The inability to restrict privacy coins through regulation of advanced exchanges will provide financial safe havens for hostile state- and non-state actors. Public and private sector partners must unite to establish global standards for combating the growing, borderless threat of digital money laundering.

(Joshua Fruth is the Director of Anti-Money Laundering (AML) Advisory Services at New Jersey-based consultancy Matrix-IFS.)

(The views expressed are those of the author)