A Forensic Review of the WSJ Investigation of ShapeShift
In September 2018, The Wall Street Journal published an article titled “How Dirty Money Disappears Into the Black Hole of Cryptocurrency.” The authors claimed that they thoroughly investigated transactions on the cryptocurrency exchange ShapeShift AG with the assistance of forensic experts and even developed their own software in the course of reporting the story. The authors asserted that ShapeShift facilitated money laundering of nearly $9 million in criminal proceeds by exchanging traceable cryptocurrencies such as Bitcoin or Ethereum for non-traceable “private coins” like Monero. However, they made this claim without publishing any actual evidence or revealing the details of how they reached that conclusion.
The article prompted questions from both ShapeShift and the broader cryptocommunity regarding the investigative methodologies of the WSJ reporters. In an effort to replicate the article’s findings, ShapeShift contacted CipherBlade and requested that our firm conduct an independent analysis of the Ethereum transactions cited as part of the $9 million allegedly laundered through ShapeShift. Our team of investigators, cybersecurity, blockchain and legally-credentialed experts has solved major crypto scams and recovered millions of dollars for our clients. This is precisely the kind of work we do successfully every day.
Our research and analysis focused on three key aspects of the article’s claims:
1. The software and investigative methods employed by the journalists
2. The blockchain transactions cited by the article
3. The methods used by law enforcement in investigating these types of cases
After a months-long investigation, our findings call the basic conclusions reached by the WSJ into serious question:
- By tracing alleged “laundering” through “no more than two intermediaries before reaching an exchange”, the WSJ’s stated methodology was fundamentally flawed given how cryptocurrency transactions actually take place. The tracing of any funds — illicit or not — over the course of multiple transactions is extremely difficult, and presenting the total contents of subsequent wallets as illicit is forensically unsound. By using this flawed standard the WSJ’s claims regarding any alleged laundering were inevitably distorted.
- Applying a more proper methodology, we determined that only 1% of the ETH from the suspicious wallets was traded for any asset through ShapeShift. This means the WSJ’s $9 million “laundering” claim was overstated by a factor of 4x. Furthermore, only a fraction of the funds that reached ShapeShift were exchanged for Monero, contradicting the WSJ’s story headline and premise that the assets traded at ShapeShift were largely exchanged for privacy coins to make them untraceable.
- The WSJ singled out ShapeShift for activity that is routine across any cryptocurrency exchange, and seriously mischaracterized the manner in which the company interacts with law enforcement officials. Having worked with ShapeShift on numerous occasions, we can attest to the fact that they operate in an open manner with all investigators. ShapeShift does not facilitate money laundering — rather, their transparency and cooperation are crucial resources that greatly benefit any given investigation.
In short, the WSJ used flawed methodology which generated highly inflated claims that were used to single out one exchange for transactions that are neither unusual nor illicit.
Questions on WSJ’s software and understanding of ShapeShift
Blockchain forensics is the tracking and interpretation of the flow of cryptocurrencies on public blockchains. It requires an understanding of the workings of distributed ledger technology as well as posing difficult algorithmic and graph-theoretical problems. A number of companies, such as CipherTrace, Chainalysis, BlockSeer, and Elliptic, have specialized in the development of complex and expensive software to aid law enforcement and exchanges in investigations and anti-money-laundering efforts.
The WSJ claimed to have “built computer programs” that tracked funds from “more than 2,500” suspected criminal incidents. That implausible claim raises serious doubts as to the accuracy of its report:
- The WSJ claims to have worked with the blockchain forensics company Elliptic, which remains unconfirmed. In fact, Elliptic’s “media mentions” page on its website avoids touting any such partnership with the WSJ or even linking to the article.
- The WSJ says it downloaded transaction information on the suspicious wallets from blockchain.info and etherscan.io, two common blockchain viewers for the Bitcoin and Ethereum chain, respectively. However, that would have been unnecessary had the authors been using professional blockchain forensics software like Elliptic.
- In order to identify exchange wallet addresses, the authors downloaded a list of wallet addresses labelled as such from ShapeShift.io, walletexplorer.com and etherscan.io. These lists are widely viewed as neither comprehensive nor accurate. Real chain analysis tools instead identify exchange wallets based on the pattern of incoming and outgoing transactions, and even then often require manual review.
- Finally, the WSJ says it periodically downloaded a list of the 50 most recent trades from ShapeShift’s API. But, because the response to this particular API call does not identify the wallet addresses involved, it requires matching by amount to transactions from the monitored wallets that have been independently determined to lead to ShapeShift. This is not only inefficient, but inevitably introduces copious errors. When used correctly, the ShapeShift API demonstrates whether a transaction went to the exchange and, if so, what the amount and target currency (and even the target address in the new currency) of the trade were.
Ultimately, our review of the WSJ’s methodology as well as its reporters’ limited understanding of cryptocurrency operations raises serious questions as to the veracity of its conclusions. Not only is the technical analysis flawed, but even taking the reporters‘ data at face value, it does not support the conclusions that they draw.
Shortcomings of WSJ Data
The reporters claim to have analyzed “12 million-plus” transactions that “reveal numerous instances of suspicious behavior.” In response to a request to substantiate this claim and to enable a replication of their results, the WSJ provided ShapeShift with a spreadsheet containing a rather curious and unexplained 5749 pairs of ETH and BTC addresses. The sheet’s labeling suggested that the first addresses of the pairs were the suspicious addresses surveyed and the second addresses were ShapeShift deposit wallets to which the first address sent funds directly or indirectly.
The sheet contained 5730 unique putative ShapeShift deposit addresses, of which 5703 are actual ShapeShift deposit wallets. Of those, only 5523 actually resulted in a trade.
5240 of the 5749 address pairs in the WSJ’s spreadsheet are of ETH addresses, and those addresses account for 153 of the 173 unique suspicious addresses listed. 351 of the 5240 Ethereum address pairs are directly connected by a transaction without an intermediate wallet.
The WSJ states that their search methodology allowed for at most two wallets in-between the original suspicious address and a ShapeShift deposit wallet, but do not say how they determined whether a given wallet was a ShapeShift deposit wallet (and in light of the above, their method was evidently inaccurate).
In an attempt to replicate the WSJ’s data, CipherBlade surveyed the blockchain for paths from the Ethereum addresses to ShapeShift deposit addresses in a manner similar to the WSJ’s described procedure, and without taking into account transaction times or amounts. In order to exclude exchanges and other irrelevant wallets from consideration, we subjected wallets with more than 1000 outgoing transactions to a cursory manual review and excluded them from further consideration when they were clearly identifiable as exchanges or ICO sale wallets (whether named or not). We found 8049 pairs of suspicious wallets and ShapeShift addresses resulting in a trade with a maximum path length of 3. Of these, only 3556 were reflected in the WSJ’s sheet, leaving 1684 pairs of ETH addresses in the sheet unaccounted-for. This means that while attempting to replicate their work, we found ShapeShift addresses the WSJ did not name, and we were unable to find others that they had named.
It is nevertheless instructive to, arguendo, take the WSJ’s data at face value and look at the ShapeShift deposit addresses they present. Analyzing those, we find the following:
- Of the 5523 ShapeShift addresses in the WSJ’s spreadsheet that actually correspond to trades, 30.38% of the BTC and a mere 5.53% of the ETH that was sent to those addresses were exchanged for Monero. Note that 40.36% of the ETH exchanged to XMR came from only one single scam (the Starscape case, for more on which see further below).
- Zcash, the only other cryptocurrency with cryptographic privacy features available on ShapeShift, is already negligible: 0.21% of BTC and 0.38% of ETH were exchanged for it. This is not surprising, since transaction privacy in Zcash is optional and, in fact, not even supported by most wallet applications.
Note furthermore that the WSJ’s data set contains only 173 unique addresses, of allegedly more than 2,500 surveyed. Judging by this data set alone, less than 7% (173 of more than 2,500) of the suspicious wallets surveyed by the WSJ sent any funds to ShapeShift within three transactions, and those that did exchanged the majority for traceable, non-private cryptocurrencies.
It is thus evident that even if the WSJ’s data were accurate, their conclusions would have been wildly overblown.
How to actually track the flow of ETH
The WSJ failed to explain key context that seriously alters the meaning of its claims. For example, assume three wallets (x,y and z) are involved in two transactions (a and b). Transaction a goes from wallet x to y and transaction b goes from wallet y to z. Does that mean that the funds from x ended up in z? It depends, among other things, on the order and value of transactions a and b. To see this, consider scenarios.
- Transaction b from y to z happens before transaction a from x to y. It is then hardly appropriate to say that funds from x ended up in z, as the funds from x arrived in the middle wallet y only after the transaction from y to z had taken place.
- Transaction a happens before transaction b so the temporal order is right. But the value of transaction a is 1 ETH and the value of transaction b is 2 ETH. How many ETH from x ended up in y? One thing seems quite clear: the answer cannot be more than 1 ETH.
In order to obtain a more meaningful and realistic estimate of the amount of funds from the suspicious wallets in question that ended up on ShapeShift, we devised a more sophisticated algorithm that takes into account transaction timestamps and amounts. The intuition we implemented is one of multiple that one might choose to deal with the fungibility of ETH: we treated the flow of ETH like that of a homogenous liquid with a certain “concentration” of tainted funds.
More concretely, our algorithm built a graph structure that obeyed the following constraints, with some approximations in the interest of saving computing and memory resources:
- All funds in the initial suspicious wallets are treated as fully tainted, i.e. having taint concentration 1.
- When a transaction with value v and taint concentration c arrives in a wallet, then it adds v to the wallet’s balance b and v*c to the wallet’s taint t. A wallet’s taint concentration, at any given time, is its taint divided by its balance.
- When a transaction leaves a wallet, its taint concentration is that of the wallet at the time of the transaction.
- Only wallets with taint are added to the graph.
The total combined amount of ETH that ever went into the suspicious wallets in the WSJ’s sheet is 482978.14 ETH, which our analysis considered as fully tainted. We found that of that initial taint, a combined taint of 4839.16 ETH, or 1%, ended up in 3368 ShapeShift deposit wallets resulting in a trade within three hops. A total of 12646.44 ETH (tainted and non-tainted) were sold between all of these ShapeShift wallets, thus 38.26% of ETH spent in these trades was tainted. A total of 1592.79 of the 4839.16 tainted ETH were traded for Monero. Of these 1592.79 tainted ETH, 465.62 tainted ETH (or 29.23%) are due to one single scam, the Starscape scam (more below).
In sum, only 0.33% of the ETH from the suspicious wallets was actually traded for Monero through ShapeShift. Accounted at the time of the trades, the total value of tainted ETH traded through ShapeShift (to Monero or not) was $2,117,804.70. Using the most generous assumptions, this is still only 23.53% of the WSJ’s claimed $9M.
[Aside: an alternative to the “flow of liquid” model would be to trace funds according to the principle of last-in-first-out. We did not implement this model and do not care to guess whether it would yield a lower or higher estimate. What is clear is that it would reach nowhere near the WSJ’s numbers.]
In fairness, the WSJ claimed $9M total over ETH and BTC, and we only analysed the ETH portion of their provided sheet. However, the BTC ShapeShift addresses in the WSJ’s sheet received only a total of 40.11 BTC (the majority of which is likely to be untainted). Thus, there is no way for the BTC portion to save the WSJ’s claim from being wrong by several multiples.
Overview of anecdotal evidence in the WSJ article
The WSJ references a number of relatively prominent cryptocurrency-related frauds, implying that ShapeShift played a significant role in laundering stolen funds in each case. Upon further analysis, however, the connections between these high profile cases and ShapeShift and the purported amount of funds in play are rarely clear-cut.
The WSJ first cites the 2017 WannaCry ransomware attacks, in which “the criminals used ShapeShift to convert bitcoin [sic] into an untraceable cryptocurrency called Monero.” While early accounts speculated that it’s possible some of the extorted funds were converted to Monero, it was by no means most or all of the funds. In fact, ShapeShift took quick action to thwart attempted laundering by the WannaCry attackers, working directly with law enforcement officials and blacklisting all addresses associated with the incident. This was not mentioned in the WSJ’s reporting.
Next, the WSJ identifies the fraudulent ICO Starscape Capital, which succeeded in raising roughly $2.2 million of funds despite early red flags about the company. Their wallet was 0xba9e83d6ef2fb1c189a087c1ea86065ae0143e10. According to the WSJ, the majority of those funds were sent to KuCoin, but another $517,000 worth of ETH were sent directly to ShapeShift and exchanged for Monero, which is correct. However, the very first (chronologically) outgoing transaction goes directly to Binance instead of either KuCoin or ShapeShift. The WSJ article fails to mention the transfer of 21 ETH (of over 2,000 total) to Binance, which — like ShapeShift — has a stand-up record of timely response to investigators and law enforcement professionals.
Among the other figures mentioned by the WSJ is Marco Fike, a key character in Giza, which turned out to be an exit scam. The Ethereum address at which the funds — approximately 2202 ETH — were collected was 0x5505b8415a83f8c190c02458bd8ec0efed15642e, which does not appear in the WSJ’s data set at all. By applying our taint-tracking algorithm to this wallet, we found that all of 39.67 ETH reached ShapeShift within two transfers, of which only 4.25 ETH were exchanged for Monero.
Additionally, the article states that Makoto Takahashi, who raised 1835 Ether for his World of Battles project at the address 0xef57aa4b57587600fc209f345fe0a2687bc26985, used ShapeShift to exchange 37.58% of this amount to Monero. This means that the majority of Takahashi’s funds remain traceable. More importantly, because ShapeShift cooperates with law enforcement, the interaction provided another forensics capture point which would make it more possible for authorities to link those transactions to an individual computer or person.
The WSJ also mentioned BTC Global, which fraudulently raised $80 million. According to reports on Bitcoin Who’s Who, the wallet address implicated in this fraud is 3CCV3GjNvQip5ewsHhzYc136WhaeCzHigj, which appears in the WSJ’s data set but is not marked as such. Assuming the ShapeShift transactions listed in the WSJ’s spreadsheet as connected to this address, we find that a total of 10 BTC from this wallet were exchanged via ShapeShift, of which 18.4% went into Monero. To put this in perspective, at the time it was reported as fraudulent, BTC Global’s address had amassed a total of over 4000 BTC in stolen funds. So, 10 BTC is a negligible fraction at best. If ShapeShift were the tool of choice for crypto-launderers that the authors imply, then the number should be much higher.
Lastly, the WSJ references Centra Tech, an ICO whose founders were not anonymous and have been charged with wire fraud to the tune of $25 million. The only address reportedly connected to this project in the Ethereum Scam Database is 0xaff9e40f9b245b15a1d1bb45516ca213e682fa81, which also appears in the WSJ’s spreadsheet. It collected a total of 16 ETH, all of which were sent directly to ShapeShift and exchanged for Monero. In light of the difference between this wallet’s measly contents and the $25 million of the charge, the defendant’s counsel’s assertion that the funds sent to ShapeShift were not investors’ funds appears plausible.
The Importance of Law Enforcement Cooperation and Best Practices
The authors also failed to provide their readers with important context about how investigations in this area typically work. There are standard anti-money laundering (AML) best practices and extensive cooperation with law enforcement that the authors simply ignored or failed to understand. All entities that handle currency have an inherent responsibility to perform source-of-funds audits, especially when transactions for large amounts are involved. This fact does not go away simply because a privacy coin is involved: to exchange hundreds of thousands of dollars’ worth of Monero for fiat money without triggering scrutiny is in itself a non-trivial task that requires careful planning and patience.
Likewise, it’s worth reiterating that the ordinary course of cybercrime investigations have turnaround times contingent on various dynamic elements as they involve multiple elements of on-chain and off-chain forensics as well as legal procedures that can eventually lead to attribution. To refer back to an anecdote cited by the WSJ, the mere fact that the perpetrators of the Starscape scam have not yet been (publicly) identified does not mean they never will be.
Nevertheless, the WSJ reported that “[w]hile the government seized much of the money, millions had been liquidated before the arrests through exchanges including ShapeShift” and that “[w]here the money went from there is unknown,” as if exchanging a cryptocurrency on an exchange made it inherently untraceable. The very opposite is the truth: because most exchanges collect information about their users and provide this information to law enforcement and certified professionals such as attorneys or investigators, they provide a much-needed capture point that allows us to link on-chain events to off-chain identities.
This is the case even when no KYC information is collected and the account is registered with a throw-away e-mail address through a VPN connection. For a professional cybercrime investigator, to find a transaction of stolen cryptocurrencies to an exchange is a source not of dismay, but of delight!
Any exchange of cryptocurrencies, even when a privacy coin is involved, provide a capture point for law enforcement, and only a small minority of stolen funds is converted into privacy coins to begin with — 4% in the case of the WSJ’s data set.
With only a small minority of these trades involve privacy coins like Monero — that is to say, cryptocurrencies in which transactions and wallet balances can be concealed from the public through cryptographic measures. In addition to keeping this record, ShapeShift provides off-chain information (such as IP addresses and user agent information) to law enforcement upon request, turning it into a convenient capture point — often to the dismay of fraudsters that discover this after their apprehension.
Our firm has worked with ShapeShift on 11 separate investigations, all of which involved law enforcement. The requests for information were handled with a level of professionalism and timeliness that far exceeds any other entity in our experience in the blockchain industry. Every law enforcement professional that was involved in these cases (primarily FBI Special Agents) was pleasantly surprised by ShapeShift’s speed of response and proactive cooperation. CipherBlade collaborates with the FBI on a nearly daily basis, and holds regular discussions with varied law enforcement and regulatory entities — 0 of which have ever aired dismay regarding ShapeShift. The WSJ’s claims, allegedly by (anonymous) law enforcement and government officials, are questionable at best.
As one of a new breed of cryptocurrency intermediaries, ShapeShift contributes to investigation efforts through full transparency, collaboration with law enforcement, and even more proactive steps like blacklisting of wallet addresses associated with fraud. ShapeShift, Changelly, and similar services perform source-of-fund audits just as well as, if not better than, most conventional centralized exchanges.
The sum of these forensic results show that the WSJ’s reporters produced a very misleading and factually incorrect article about ShapeShift. It appears impossible to objectively reproduce their work or reach conclusions even remotely close to the claims made in the story about transactions that can be publicly reviewed by anyone with a basic understanding of the technology.
We encourage the WSJ to publish the transaction IDs that support their claim that $9 million in illicit assets that were “laundered” through ShapeShift, and we welcome any independent forensic reviewer to use that data to rebut our analysis published here. The transaction IDs the WSJ used would also help review, in its entirety, the Bitcoin and other trades they included in their $9 million “laundering” claim, and make a complete analysis of their story. There is no journalistic reason for the WSJ to withhold the transaction IDs since they are on the blockchain and doing so would not expose any source or sensitive information. We are confident, however, that this transparent review clearly shows that the transaction IDs would conclusively prove the WSJ published a shoddily written article by reporters who were out of their depth in understanding the data. This might explain why they have refused to release what would already be public data.
In the meantime, we view this analysis as a cautionary warning to investigative reporters seeking to investigate companies like ShapeShift. It is the responsibility of the publications, editors and reporters to fully understand the subject matter before reporting allegations that can be easily disproven in this manner. In our view as forensic experts, the WSJ failed to do this.
CipherBlade, a blockchain investigation agency, helped recover millions of dollars of stolen cryptos and prevented dozens of ICO scams. The company provides its services to ICOs, blockchain companies, legal firms and law enforcement.
CSO Richard Sanders served in US army Special Operations Forces, rose to security lead at Google and assisted Binance and FBI in development of GDPR protocol. He works closely with the FBI and other law enforcement agencies. He is a credentialed expert witness on matters of blockchain forensics.
Requests for interviews, comments and service retainers can be sent to firstname.lastname@example.org