Self-sustaining Bitcoin Wallets Become a Frontline in Crypto Fighting Regulations

  • Blockchain analytics companies tend to point to funds moving back and forth to private crypto wallets, and self-custody is said to be the next fault line for crypto regulations.
  • One such company, CipherTrace, has explored privacy coins like zcash, as well as non-prison and peer-to-peer exchanges like ShapeShift, LocalBitcoins and Paxful.
  • CipherTrace recognizes that compliance standards are evolving over time, having recently upgraded scores for ShapeShift and Paxful.
  • Still, upcoming regulatory action in the US might require due diligence on self-sustaining wallets.
  • This is the second part of a two-part series. Read the first part here.

Regulated crypto is close to crossing the Rubicon – and we’re not talking about the next price development.

The constant creep of your customer identification (KYC) requirements over companies touching digital assets is now at the foot of private, self-sustaining wallets.

This move, which begins with regulated swaps required to do due diligence on non-custodial wallets they associate with, is already underway in places like Switzerland and Singapore, and the United States is said to be next .

Self-custody (being your own bank) and carrying out peer-to-peer transactions with a privacy module is how crypto is designed. And while the Financial Action Task Force (FATF) seeks to impose a traditional anti-money laundering (AML) framework on virtual asset service providers (VASPs), it is worth reiterating that crypto was born out of a desire for traditional disinfection funding, rather than breaking the law or facilitating money laundering.

Deep in the thick of the standoff between crypto users and regulatory authorities are blockchain analytics companies like CipherTrace, Chainalysis and Elliptic, which often act as a window into crypto for law enforcement agencies.

CipherTrace said it could not comment on work with regulatory authorities or law enforcement agencies.

It is uncertain that regulators consider it problematic.

bitcoin ATMs, for example.

Self-sustaining wallets remain out of the reach of FATF for the time being, but the proportion of money moved between exchanges and private wallets is a focal point for blockchain sleuths. This isn’t necessarily about criminal activity, says CipherTrace CEO Dave Jevans, but simply because authorities can’t see what’s going on.

“It’s an uncertainty that regulators see as problematic,” Jevans said.

In a previous article, CipherTrace provided a snapshot of exchanges originating in the Seychelles, giving each one a KYC rating. Here, the analytics company is diving into non-prison and peer-to-peer exchanges like ShapeShift, LocalBitcoins and Paxful.


ShapeShift, the prison-free exchange launched in 2014 by privacy advocate Erik Voorhees, has been the subject of ongoing KYC and cash flow analysis by CipherTrace. In August 2018, ShapeShift hired former Hogan Lovells partner, Veronica McGregor, as the exchange’s chief legal officer, and shortly thereafter began demanding that customers disclose their identity to the exchange.

ShaipShift had been awarded a “red,” or weak KYC rating by CipherTrace, which also highlighted the proportion of money flowing in and out of private wallets as a likely indicator of illegal activity.

However, since then this rating has been upgraded to green by CipherTrace, which recognizes that grading KYC’s exchange processes is a “dynamic position.”

“We agree that their KYC processes today are green,” said John Jefferies, chief financial analyst at CipherTrace. “ShapeShift is a very unique company, with an interesting past. This has prompted us to look at this fringe case. Prior to September 2018 they did not have KYC, and those hundreds of thousands of transactions are still on the blockchain and some are engaged in ongoing investigations. ”

ShapeShift’s private wallet is flowing between October 2019 and October 2020
Source: CipherTrace

Hannah Burke, ShapeShift’s director of compliance, said the revamped KYC involves collecting a full range of personally identifiable information (PII) as well as screening for sanctions and politically exposed persons (PEP), which the company has be independently examined.

As far as funds coming from private wallets are concerned, Burke said ShapeShift is not a prisoner by design. “Our consumers usually use their wallets rather than switching between exchanges. So it doesn’t surprise me that private wallets are a pretty good percentage, ”he said.

Privacy pieces

ShapeShift stands at the intersection of crypto privacy issues, having recently removed support for zcash, monero and dash privacy coins.

“We have taken down the privacy coins because of their regulatory concerns,” said chief legal officer McGregor. “At least for the moment, we’re not working with those coins.”

They have only a basic view of what crypto should be about.

commissioned RAND Corporation explore the use of cryptocurrencies for illegal or criminal purposes, focusing on zcash.

Rand’s year-long study showed that the highest cryptocurrency used on dark markets or for money laundering and terrorist financing is far and away bitcoin, said Josh Swihart, vice president of growth at the Electric Coin Company.

“Of course, this is not the number one currency, because the number one currency used for illegal purposes is the dollar, through regulated banks. But the main cryptocurrency is bitcoin, far ahead of even monero, ”says Swihart.

As for what is happening on exchanges with privacy coins, Swihart highlighted the US-based Gemini exchange giant becoming the first managed exchange to support sending money to shadow zcash transactions. To support zcash’s shadow deposits and withdrawals, Gemini noted that they are using enhanced due diligence and may ask consumers to provide information about their source of funds, Swihart said.

Zcash’s currency “complies under US regulation,” Swihart said. “As seen in the zcash support in Gemini, Coinbase and others, ShapeShift’s contention of zcash, monero and dash does not mean zcash is non-compliant. It is specific to ShapeShift. “


CipherTrace has some history when it comes to LocalBitcoins: A report earlier this year found that the P2P exchange in Finland was the starting point for bitcoin criminal transfers for the third year in a row.

CipherTrace gives LocalBitcoins a yellow KYC rating and continues to be categorized for its status, calling it a “high risk” exchange.

“These guys are used extensively in money laundering,” said CipherTrace CEO Dave Jevans.

In response to this, LocalBitcoins says that CipherTrace bases its opinion on historical data, ahead of time when the platform started operating KYC.

“If we didn’t have KYC and other things in the past, that could have happened,” said LocalBitcoins Chief Marketing Officer Jukka Blomberg. “But if you look now, our volumes relating to dark markets are very small. Overall, we are a trusted platform now. ”

CipherTrace says it has consistently reported high levels of money flowing from dark markets going to LocalBitcoins, with about 78% of one particular dark market going to the platform, according to Jefferies. Additionally, much of the money going in and out of LocalBitcoins comes from private wallets, Jefferies said.

LocalBitcoins’ private wallet is flowing between October 2019 and October 2020
Source: CipherTrace

“On the topic of private wallets, we recommend to our users not to keep money in their LocalBitcoins wallet any more than they intend to trade with because we don’t want to operate as a wallet service,” said Elena Tonoyan, head of the company officer action. “It’s generally not very safe to keep bitcoins on any platform. There are hundreds of reasons why consumers might have a couple of wallets or simply choose to keep their bitcoins in private wallets. ”

Tonoyan pointed out that LocalBitcoins ‘revamped compliance procedures mean that KYC is done on all users of the platform, and it is not the case that older or existing accounts are being faced with’ the new regime.

“I would like to highlight that we do KYC on all our customers,” said Tonoyan. “Say you created a LocalBitcoins account back in 2014, to continue using the platform you would have to comply with everything we are asking you to do. We give a 30-day deadline for those consumers who want to continue with us to comply. ”

LocalBitcoins’ tiered KYC system, which includes mandatory ID verification and face matching when a user handles over 1,000 euros ($ 1,190) a year, kicked in for all consumers following the advent of the Fifth European Anti-Money Laundering Directive (AMLD5).


Paxful’s P2P relay has been upgraded to a green KYC rating by CipherTrace.

In April this year, Paxful made identity validation mandatory for U.S. citizens and residents, with European and Canadian consumers added in August, according to Lana Schwartzman, chief compliance officer at Paxful. Paxful has also teamed up with KYC Jumio experts and uses Chainalysis’ know-your-negotiation (KYT) tools.

“We have various proactive controls in place, one of which automatically blocks send to specific categories, clusters or addresses,” said Schwartzman. “For example, when the Twitter hack happened, within minutes we were able to add the hack-related addresses and stop all outgoing sendings.”

A cautious private wallet flows between October 2019 and October 2020
Source: CipherTrace

An analysis of Paxful fund flows conducted by CipherTrace shows a “fairly high percentage” coming in from gambling and high-risk exchanges, and going straight out to ATMs, Jevans said. With regard to private wallets, this accounts for about 75%, so the source of those funds is “questionable,” he said.

“So people are swapping their fiat in a way that is unlikely to be KYC’d because ATM dealers are probably some of the last – outside the US at least – to begin with implementation of KYC and AML, ”said Jevans. (Despite a recent campaign to clean up its operation, the bitcoin ATM industry is likely to remain a clear red flag for a number of reasons.)

In summary, John Salmon, a London partner at the law firm Hogan Lovells who specializes in fintech, said CipherTrace’s findings demonstrate a difficult marriage of regulatory and ideological concerns.

“There are also reasons why people might want to use privacy coins and it doesn’t mean they are all money launderers or criminals,” said Salmon. “They only have a basic view of what crypto should be about.”