None of what Bitcoin Fog did appears to be money laundering according to the definition on that page, since it requires an "intent to promote the carrying on of specified unlawful activity".
The people using Bitcoin Fog might be engaged in money laundering if they were using it for something otherwise illegal, but I don't see how you could argue the service itself was unless they somehow knew the purpose behind every transaction occurring on their platform.
The indictment claims that Bitcoin Fog engaged in money laundering because they knowingly processed transactions that:
"knowingly conduct ... financial transactions ... involving property represented to be the proceeds of specified unlawful activity, ..., knowing and intending the the transaction was disguised in whole and in part to conceal and disguise the nature, location, source, ownership, and control of property believed to be the proceeds of specified unlawful activity, and intended to promote the carrying on of the specified unlawful activity."
> I don't see how you could argue the service itself was unless they somehow knew the purpose behind every transaction occurring on their platform.
The indictment states that the US government did an undercover operation in 2019 in which Bitcoin Fog was told that a transaction was from illegal activities and Bitcoin Fog accepted it anyways. If the person sending you Bitcoin says "I did a crime to get this", it is hard to claim you didn't know it was from criminal activity.
Please note that in that case with undercover transactions, there is no evidence that the message sent by an agent was read by the administrator, because the agent didn't receive any reply. It is possible that the mixer was fully automated and performed the exchange before the administrator had a chance to read the message and stop the transaction.
This was the first thing I thought of. Why the heck would the admins read random notes sent by users? Obviously there is the potential for abuse for this kind of service, so from a liability perspective you'd be better of deliberately ignoring all messages.
Or rather, even if the admins were knowingly facilitating crime, from a liability perspective they would be better off reporting/rejecting any users that say they're committing a crime and only do business with criminals smart enough to wink wink nudge nudge.
I can only think of two scenarios where someone would tell a mixer the money is dirty:
1. They are law enforcement
2. They have already been caught by law enforcement and are being used as bait, either knowingly or not
Or, and this is the most likely in my opinion, but it is just a guess. The undercover said they had a lot of illegally sourced coins to mix, asked the Mixer admin to help them mix such a large amount and offered them an additional reward in exchange. That said, we should not jump to any conclusions until evidence is presented. The government could be fronting a strong case in the indictment and then it turns out to be much weaker when presented.
Using a bitcoin mixer is money laundering in the same sense that turning off the public feed on Venmo is money laundering.
Yes, it potentially makes it harder for the authorities to track your activity, but it's also the only way to stop any random person in the entire world from seeing your transaction. Privacy is not inherently money laundering.
I agree that privacy is not inherently money laundering deep in my bones. I spent three years of my life attempting to improve Bitcoin mixers.
The issue is that if you run a mixer and someone says "please launder my drug money" you reject that person's coins unless you like Federal prison. It is like if you run a gun store and someone comes in and asks for a gun "to rob a bank", that person is a Federal agent and if you sell them a gun an indictment is forthcoming.
People are doing life sentences for giving their friend a ride when their "friend" decided to hold up a liquor store.
So hypothetically, if they ask you with a checkbox whether your funds are legitimate, and only process transactions that say they are, would that absolve them of liability?
I can't imagine anybody reads private messages on such a service or could be expected to, with any significant volume.
When the transactions come from marketplaces specialised in selling illegal substances you need implausibly suspended disbelief to think your obfuscation service is only used for benign purposes.
Then consider that most of the transactions processed by the fog came from places like silk road.
How would Bitcoin Fog know the transactions were coming from those marketplaces? Bitcoin addresses are just strings of random numbers. Maybe if they were performing a careful inspection of the source and destination of each transaction they could have discovered something that would have obligated them to act to block those addresses, but the whole point of a privacy service is that you don't do that kind of careful analysis of your customer's private data.
The law doesn't require you to know affirmatively that the service is only used for benign purposes. Just about every public service in existence probably gets used to support illegal activity at some point or another. You just can't be knowingly assisting with a crime.
I wonder if the same people would argue like this if it was about VPNs - should they be liable and forced to keep logs? Or is this another example of HN's strong anti-crypto bias?
VPN providers aren’t financial institutions so they don’t have to worry about these laws. This will be very interesting legally as more states add things like age verification laws if those are worded to prevent VPNs from being used to circumvent them.
But you can use the same argument for if you take a bag of cash from a local drug dealer with instructions to obfuscate the source of the money and return them to him. How would you know it isnt legit money?
Not a lawyer, but as far as I know its only criminal if you know or at least have a strong reason to believe you're participating in a money laundering scheme. That wouldn't apply to a privacy service that has legitimate uses, particularly an automated one where there's no opportunity to use common sense to reason about which customers are legit.
If you were trying to run a signicant and profitable business, would you expect to know who your customers are? You need to be able to get your product in front of them right? Market to them somehow? And you must get outreach for support or partnerships now and then, even if you try to make yourself hard to identify or reach.
They may have avoided collecting identifying information on specific individual people, but it's absurd to think that they could have reached the scale they did with no knowledge of where and for what purpose their service was being used.
The startup engineer's fantasy is that you can build something useful and users will flock to it through no further involvement of your own, but that's almost never a thing -- and certainly not here.
Is there any evidence Bitcoin Fog was marketing their service specifically to criminals?
The affidavit[1] another user linked elsewhere in this thread says:
> BITCOIN FOG was publicly advertised on Internet forums and well-known web pages promoting darknet markets as a tool for anonymizing bitcoin transactions.
But it doesn't really go into detail. "well-known web pages promoting darknet markets" might just mean "Reddit".
And I think you might be underestimating the impact of word-of-mouth advertising. I don't recall Tor or Mullvad having to extensively advertise to criminals in order to get as popular as they are now.
Tor and Mullvad are definitely tools for criminals, I am aware that they are often used to access illegal information which is legitimately censored by the government. And some news media outlets openly promote using these services to bypass the legitimate censorship.
We call this due diligence, and it's an essential banking practice. Willful ignorance is not a defense, particularly when large amounts of money are involved.
The law has a variety of "know your customer" rules, but in addition has a bunch of laws the constrain your behavior if you can reasonably know that you are handling criminal proceeds.
Anyone operating a crypto mixer knows that people will endeavor to use it to illegally launder funds, and to as I understand it if you know that, you have to implement _effective_ methods to prevent that illegal mixing. It does not matter that there are legal transfers, you have a legal duty to not carry the illegal ones, and if you are not actively trying to prevent those illegal transfers you are liable.
A more day-to-day analogy would be that it is illegal to knowingly buy, sell, or accept stolen property. If you do buy stolen property but there's no reason for you to have thought it is stolen you haven't done anything wrong (though the purchase or sale is invalid, so you've lost the money). If however police can show that you knew or could reasonably know the property was stolen it they could chose to charge you with a crime, and your defense would presumably be some variation of why it was reasonable for you to believe the property was not stolen.
The problem is specifically that everyone running a mixer knows that people attempt to launder their funds through mixers, and so therefore should have mechanisms in place to ensure that they are not accepting transfers that can reasonably related to criminal enterprises, just as you would have to when buying/selling property in the real world. Given that most crypto is trivially auditable there are very few arguments that would support not having at minimum automated rejection of transactions involving any known wallet, and moreover constantly updating the list of known bad addresses.
Certainly if I were on a jury, and the person running the mixer could not show their reasonable actions to prevent laundering, that the system was constantly tracking, updating, and expanding the disallowed wallets precisely because that can be done almost entirely automatically, that would count against their claims to not be intentionally supporting laundering.
Again, the issue here is not running the mixer, it's not that occasional illegal transactions go through - that's unavoidable - it's the failure to take reasonable steps to stop plausibly illegal transfers. The way banks handle this is they block suspicious transactions pending receipt of the actual sender and recipient, and documentation of the origins of the funds. Which is what a mixer would need to do.
> I don't see how you could argue the service itself was
Regular banking has piles and piles of AML/KYC regulation that they need to follow in order to not become guilty of money laundering, or aiding money laundering.
Are you saying Bitcoin Fog followed all this regulation, or are you saying Bitcoin Fog can unilaterally can declare itself exempt from AML/KYC laws?
Sorry if this sounds like a confrontational question. I don't mean it to be. Just intend for it to be a clear question.
There's a separate U.S. code for that which is not related to money laundering. The affidavit[1] another user linked accused the defendant of violating 18 U.S. Code § 1960[2], and D.C. Code § 26-1023[3] in addition to the money laundering law previously linked.
Those two laws make it illegal for businesses to transmit money without requesting all sorts of private information from their customers, and providing that information to the government under some circumstances.
In other words, under current U.S. law, yes, privacy is indeed a crime.
No. You can launder money using anything that works as a transferable, divisible store of value. You just have to be able to break it down into smaller pieces and exchange the "dirty" pieces for "clean" ones. The bitcoin is just the vehicle for the laundering, and the mixer is basically just a money laundering machine. (You can use it to exchange clean assets for other clean assets, but if you start with dirty ones, you're money laundering.)
I'm not a lawyer, but yeah it certainly does seem that way based on how the law is worded. I wonder if Sterlingov's lawyers tried that argument in court.
