Many believe total anonymity is possible using privacy enhanced cryptocurrencies. It might not always be the case.
Are popular cryptocurrencies like Bitcoin and Ethereum private?
There are privacy enhancing tools and techniques that can be used to obscure crypto transactions, but in general most cryptocurrencies leave a very convenient trail to trace for investigators and law enforcement.
But not all cryptocurrencies are made the same.
This article will provide a brief overview of the most private cryptocurrencies, how they’re used for user privacy and sometimes to avoid detection of fraud or other cybercrimes, and how they can still be traced by professional crypto investigators using advanced blockchain forensics.
In case you’re unfamiliar with this topic, here’s a look at the 5 most common crypto scams and how they might involve the use of pseudo-private cryptocurrencies.
The 4 Most Private Cryptocurrencies:
Often regarded as the most private cryptocurrency, anonymity-enhanced “privacy coin” Monero (XMR) uses ring signatures and stealth addresses to make transactions nearly impossible to trace. Furthermore, their RingCT (Ring Confidential Transactions) method effectively hides transaction amounts, adding further difficulty to tracing.
In 2022, there was an increase in threat actors demanding payments in Monero for ransomware and other scams. Victims are often told that if they pay in Monero instead of Bitcoin, the ransom will be ~20% less. For example DarkSide, the hacking group behind the infamous Colonial Pipeline attack, accepted both XMR and BTC, but charged more for the latter due to traceability concerns.
Can Monero (XMR) be traced?
Cybersecurity experts are constantly developing new tools to combat Monero’s ever-evolving privacy technology. Blockchain analytics and crypto compliance firms such as CipherTrace and Chainalysis offer tools designed specifically for tracing XMR transactions that are available to government agencies, financial institutions, and law enforcement. The full extent of these tools’ capabilities remains unclear to the public.
Researchers from Carnegie Mellon University have released a study into the privacy features of Monero and Zcash in which they found 30% of XMR transactions to be traceable. Chainalysis claims an even better success rate. Some of the approaches Chainalysis uses were exposed in recently leaked slides Coindesk: Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops
“If Bitcoin is like http for money, Zcash is https,” tout users of the network’s Zero-Knowledge Proof (zk-SNARK) mechanism, which grants the option for participants to shield transaction origins, destinations, and amounts. Zcash addresses can either be private (z-addresses) or transparent (t-addresses), and it’s the transactions between two z-addresses that are hard to trace because both ends are encrypted.
The majority of Zcash wallets and transactions are completely transparent, while z-addresses are a less utilized user privacy option. For these reasons, Zcash is not associated with illicit activity as often as XMR.
Can Zcash (ZEC) be traced?
Carnegie Mellon researchers in the above-mentioned study similarly found that only 0.09% of ZEC transactions within a 30-day period made full use of the protocol’s privacy features, leaving the rest traceable.
Chainalysis said in 2020 they were able to track 99.1% of all ZEC transactions. “Even though the obfuscation on Zcash is stronger due to the zk-SNARK encryption, Chainalysis can still provide the transaction value and at least one address for over 99% of ZEC activity,” said the firm.
While advanced blockchain forensics may be required to trace the most privacy enhanced transactions on ZEC, the vast majority can be traced as easily as Bitcoin.
Dash is an open-source cryptocurrency project. It uses CoinJoin technology to parcel up several transactions and mix the addresses, effectively scrambling transactions and making them a lot harder to trace. While it has been described as a privacy coin, many have pointed out that it’s kind of just Bitcoin with extra steps, meaning the blockchain itself doesn’t have any enhanced privacy features, but the CoinJoin technology on top of it does.
The popularity of DASH rose in 2016-2018 but has largely fallen out of use for cybercriminals looking to steal or launder crypto.
Can Dash (DASH) be traced?
Dash’s ability to hide wallet addresses and transaction amounts relies on CoinJoin, which is a decentralized mixing protocol of its own. While blockchain intelligence firms have had success de-mixing transactions through CoinJoin in the past, it’s mostly based on probabilities and requires extensive on and off-chain data correlation.
That being said, Dash suffers from the same issues as Zcash in that the vast majority of users don’t properly implement the privacy enhancing features, and therefore most DASH transactions are easily traceable.
Verge approaches privacy from a unique perspective by using multiple anonymity-centric networks such as The Onion Router (TOR) and Invisible Internet Project (I2P) to bounce communications over a distributed network. While they use an open ledger just like Bitcoin, the source of all transactions is hidden by default due to these layers of user anonymity.
As with Dash, Verge saw more use in the 2016-2018 era of cryptocurrency hacks and scams, and has since largely rebranded itself from a privacy-centered protocol to a user-friendly and secure cryptocurrency.
Can Verge (XVG) be traced?
While XVG transactions are highly secure and uniquely anonymous, the fact that they deploy an open ledger means it’s relatively easy for knowledgeable blockchain investigators to piece together transactions related to criminal or otherwise notable activity using a combination of on and off-chain data.
For over 30 years, Marin Ivezic has been protecting critical infrastructure and financial services against cyber, financial crime and regulatory risks posed by complex and emerging technologies.
He held multiple interim CISO and technology leadership roles in Global 2000 companies.