Home / Blogs

Liberty Reserve Now, Bitcoin Next?

The papers have been abuzz with the shutdown of Liberty Reserve, an online payments system, due to accusations of large scale money laundering via anonymous transactions. Many people have noted similarities between LR and Bitcoin and wonder whether Bitcoin is next. I doubt it, because with Bitcoin, nothing is anonymous.

Liberty Reserve was designed to make it extremely difficult to figure out who paid what to whom. Accounts were anonymous, identified only by an email address and an unverified birth date. Users could direct LR to move funds from their account to another, optionally (and usually) blinding the transaction so the payee couldn’t tell who the payor was. But they couldn’t transfer money in or out. LR sold credits in bulk to a handful of exchangers, who handled purchases and sales. So to put money in, you’d contact an exchanger to buy some of their LR credits, which they would then transfer to your account. To take money out, you’d transfer LR credits to an exchanger who would in turn pay you. Nobody kept transaction records, so payments to exchangers couldn’t be connected to the LR accounts they funded, there was no record of where the credits in each LR account came from, and outgoing payments from exchangers couldn’t be connected to the accounts that funded those payments. This was an ideal setup for drug deals and money laundering, not so much for legitimate commerce.

Bitcoins are not like that. The wallets, analogous to accounts, are nominally anonymous, but the bitcoins aren’t. Every wallet and every bitcoin has a serial number, and every transaction is publicly logged. It’s as though you did all your buying and selling with $100 bills, but for each transaction the serial number of each bill and the two wallets in each transaction is published with a timestamp for all the world to see. (This is how Bitcoin prevents double spending, by the payee checking the public logs to ensure that the payor minted or received the bitcoins and hasn’t paid them to someone else.) This makes truly anonymous transactions very hard.

Multiple transactions from the same wallet are trivially linked, so if the counterparty in any of your transactions knows who you are, all the transactions from that wallet are known to be you. This is roughly the same problem with using a prepaid debit card or throwaway cell phone purchased for cash—if one of the people you buy something from, or one of the people you call knows who you are, your cover is blown. While it’s possible to obscure the situation by using multiple wallets, if you transfer bitcoins from one wallet to another, that transaction is public, and a sufficiently determined analyst can likely figure out they’re both you. Doing all of your transactions so that the other party can’t identify you is very hard, unless you’re the kind of person who wears a different ski mask each time he buys groceries.

There have been some widely publicised thefts of large numbers of bitcoins, in one case by installing malware on the owner’s PC which was visible on the Internet and using the malware to transfer bitcoins out of his wallet. But the thief hasn’t spent the loot and probably never will, because everyone knows the serial numbers of the stolen bitcoins, and nobody will accept them for payment. This is sort of like unsalable stolen famous paintings, except that there’s no analogy to the rich collector who’ll buy the art and never show it to anyone else, because, frankly, bitcoins aren’t much to look at. Again, the bitcoins aren’t anonymous.

You could imagine a bitcoin mixmaster, which took in bitcoins from lots of people, mixed them around and sent back a random selection to each, less a small transaction fee, to try and obscure the chain of ownership. But that wouldn’t be much of a business for anyone who wanted to live in the civilized world since it would just scream money laundering. (Yeah, we know cyberlibertarians would do it out of principle, but the other 99% of the business would be drug dealers.)

And finally, the only place where you can exchange any significant number of bitcoins for normal money is still MtGox. They are in Japan, and they take money laundering seriously, so you cannot sell more than a handful without providing extensive documentation such as an image of your passport, and your bank account numbers. Maybe there will be other exchanges eventually, but it’s not an easy business to get into. MtGox is a broker, arranging sales between its clients, and doesn’t keep bitcoins in inventory. For a broker to be successful, it needs enough clients that buyers can successfully find sellers and vice versa, which means that big brokers tend to get bigger, and it’s hard to start a new one. You could try to be a broker buying and selling directly to customers, but given how volatile bitcoin prices are, you’d likely go broke when the market turned against you.

Or you could try to arrange a private transaction by finding someone with bitcoins to sell, or looking to buy. That can work for small transactions, but as soon as someone does very much of that, he’s in the money transfer business and money laundering laws kick in.

So with all these factors, perfectly logged transactions, a complete public history of every bitcoin so that tainted ones are unusable, and a chokepoint on cashing out, bitcoin makes a great novelty (akin as I have said before to pet rocks) but not a very good medium for large scale money laundering.

By John Levine, Author, Consultant & Speaker

Filed Under


DHS does not seem to think so highly of Mt Gox Phillip Hallam-Baker  –  Jun 2, 2013 10:10 PM

Seems that the anti-money laundering steps taken by Mt Gox don’t impress the fed. They have been taking apart the routes feeding money into Mt Gox. Starting with Dwolla.com the other week. Taking out Liberty Reserve seems to be part of the same action.

Looking at the amount of money sloshing round in the BitCoin system I find it rather hard to accept that more than a small fraction is legitimate. There just aren’t enough merchants taking bitcoin to make the story credible.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix


Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign


Sponsored byVerisign