Don't Blame Bitcoin for Russian Hacking

Cybercurrencies are not as anonymous as you might think.


Bitcoin trap
Jan Lievens /

Whenever bitcoin is involved with any breaking news story, you can bet that it will get an outsized amount of attention in the media. This was the case with the Department of Justice's recent indictment against 12 Russian intelligence agents accused of hacking into the online accounts of various U.S. political actors. Unfortunately and somewhat distractingly, some in the press have fixated on DOJ's reports that Russian agents used bitcoin in the course of their activities to argue that the cryptocurrency is to blame for these dark deeds. In fact, it might be more correct to argue the opposite.

The report provides a few details about how these bitcoins were allegedly used. It states that Russian intelligence operatives working for the GRU "principally used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity." The GRU apparently got ahold of these bitcoins either by mining them directly or by taking part in a peer-to-peer exchange, where buyers and sellers connect directly rather than going through a centralized exchange that may require personally identifiable information. The DOJ claims that the hackers wanted to use cryptocurrency in order to "avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds."

Of course, the report also points out, in a weirdly-worded way, that the "Conspirators caused transactions to be conducted in a variety of currencies, including U.S. dollars." But this mundane fact does not make for very interesting news coverage. Rather, the exotic nature of cryptocurrency, combined with the intrigue of international state-backed hacking efforts, tends to make for a more titillating story.

Now, it is not exactly surprising that a criminal enterprise might try to use cryptocurrencies to make shady payments. This has been the case since at least 2013, when the rise of dark net markets that allowed individuals to buy and sell contraband like controlled substances and weapons was fueled in equal parts by cryptography and bitcoin. But as the experiences with dark net markets and Russian hacking both demonstrate, using cryptocurrency to commit crimes is far from a savvy evasive maneuver. It can be a textbook bonehead move.

The reason that some people misunderstand the risk factor that bitcoin poses in facilitating crime is that they incorrectly believe these digital monies to be "anonymous" in the way that a cash payment is anonymous. They are not. Rather, a cryptocurrency transaction is pseudonymous, kind of like sending an email. A person can choose to clearly associate their email address with their real life identity, just like a bitcoin user can post their wallet address on a social media page. Or, a person can take steps to create a large number of private email accounts that are not tied to their real identity, just like a bitcoin user can create as many different wallets as they want. But in both cases, there are still ways for service providers and law enforcement to trace a pseudonymous account back to the source.

In the case of bitcoin, every single illicit transaction is effectively a smoking gun left on the blockchain, or the ledger of all bitcoin transactions. Cryptocurrencies work by harnessing the processing power of thousands of computers distributed all over the world to move and record each transaction. The blockchain is immutable, which means that an entry can never be modified or deleted once it has been officially added to the ledger. Someone who attempts to commit a crime using bitcoin has done a great service for law enforcement, since they will have access to a potentially telling key piece of evidence in their investigation.

Critics may point out that services like coin mixers and other concealing techniques can obfuscate the trail of a series of bitcoin transactions. These services can provide an added layer of privacy protection by combining several transactions into one or a series of different transactions, kind of like a cryptographic Three-card Monte trick. It's true that these techniques complicate the picture a bit. But the fact remains that an initial bitcoin spend will always be recorded on the blockchain, and that gives law enforcement a lead that they might not have with a pure cash transaction.

Indeed, it precisely this immutable blockchain evidence of a misdeed that has been the downfall of so many criminals. It is what lead to the arrest of the operators of Silk Road and other similar markets, and there is a burgeoning industry of businesses that will help law enforcement analyze open blockchains to nab their suspects.

It is possible that the indicted Russian intelligence agents' use of bitcoin gave the FBI a kind of evidence that they otherwise would not have. The indictment hints at as much when it discusses how the Russian officers "structured to capitalize on the perceived anonymity of cryptocurrencies"—apparently, the DOJ humble-brags, that perception was well off the mark.

Nation-backed hacking was not an innovation that bitcoin made possible. For about as long as important information has been stored on computers, powerful groups have resorted to shady means to extract that data. Governments have erected numerous controls on the financial system to try to track and catch the funding that fuels these escapades.

But criminals adapt. Hostile hackers and other ne'er-do-wells found ways around international money laundering standards to accomplish their missions, just like the Russian agents apparently used prepaid cards and surreptitious cash transactions according to the indictment. Heck, the mafia even used McDonald's annual Monopoly promotion to reward their henchmen for years.

The point is that it is futile to merely sit around and condemn the dispersed mechanisms that allow crime to happen, especially when those same tools can also be used for great good. Few people argue that the internet has been a net negative for society, even though it allows for some very bad things to happen. The same is true of bitcoin.

It's a bit puzzling to me that so many bemoan bitcoin's use in criminal activities. Each transaction on the blockchain provides yet another clue in an often laborious and cryptic investigation. You might even expect some shrewd officials to secretly welcome crimes denominated in cryptocurrency! Regardless, investigators that take time to learn how to work with technology, rather than engage in a futile battle against it, are more likely to find success in our post-internet landscape.