In brief

  • Antinalysis shut down today after anti-money laundering software AML Bot, from which Antinalysis pulled the data, cut off their third-party service.
  • AML Bot confirmed to Decrypt that addresses that used the tool were reported to law enforcement.
  • Blockchain analytics firm Elliptic told Decrypt that law enforcement could now also potentially identify the creator.

This weekend, Blockchain security analysts discovered a dark web tool called Antinalysis that produces criminal risk reports which can be used to identify illicit Bitcoin.

The sudden attention has, however, forced the tool to shut down as one of its service providers, AML Bot, cut off access.

AML Bot confirmed to Decrypt in a statement today that the company, which unwittingly provided Antinalysis with access to its service, “made an internal investigation and [shut down] the Antinalysis account.” AML Bot is itself a reseller for Crystal Blockchain, another blockchain analytics tool.

“We’d like to assure you that we are working on intelligent measures to prevent such registration in the future,” the statement from AML Bot read.

AD

The company also confirmed that it had reported all relevant addresses that used Antinalysis to law enforcement. That may provide leads that could help identify Antinalysis' creator, Tom Robinson, co-founder of London-based blockchain investigation firm Elliptic, told Decrypt.

At the same time, an anonymous technical administrator of Antinalysis described the crackdown by AML Bot as "the unlawful warranted seizure of" their data source, which they blamed on the media exposure.

"We consider ourself [sic.] activists that dislike state agencies conducting mass surveillance under the name of national security and criminal investigations,” said Antinalysis’s technical admin, who goes by pharoah, said in a statement to the BBC.

AD

A tool that once checked for dirty Bitcoin

Antinalysis let users check whether specific Bitcoin can be traced to crime. Once a Bitcoin wallet was linked, the tool would break down from where the Bitcoin in that wallet originates and how risky it is to hold it.

The ability to conduct such an analysis is in part due to the transparency inherent in blockchain technology. Blockchains, like Bitcoin and Ethereum, record immutable transaction history, making it easy to determine if a specific cryptocurrency was ever used for any illicit activity.

The tool classified Bitcoin earned from darknet markets, ransomware, and theft as an “extreme risk,” while Bitcoin from exchanges and freshly-mined coins were categorized as “no risk” assets.

The purpose of the tool was to run checks on wallets before cryptocurrency exchanges did the same. When illicit Bitcoin entered a platform like Binance or Coinbase, for example, the tool would raise a red flag. At this point, a platform could then halt the Bitcoin in question.

If halted, these Bitcoin can be handed over to authorities.

The U.S. government auctions seized Bitcoin, often at a premium, and so dirty Bitcoin finds its way back to circulation. In 2014, venture capitalist Tim Draper acquired 30,000 Bitcoin confiscated from the dark web marketplace Silk Road at an undisclosed price. Presumably, Draper’s Bitcoin is acquitted in the eyes of detection tools, and so he won’t be red-flagged as a criminal.

But that might not be the case for many other wallets that unwittingly contain Bitcoin with a dirty track record.

Antinalysis and Incognito Market

But the technical admin, pharoah, claims the tool wasn’t just for criminals.

AD

"Our team believes that, in the current democratic world, every one last human being has the right to do whatever they want and possess [a] complete overview of their privacy while not violating the individual rights of others,” they said.

“It's true that the tool could be used by anyone—not just for criminals. However, it was created by one of the admins of a darknet market,” Robinson told Decrypt.

In his analysis last week, Robinson identified the creator of Antinalysis to be one of the developers of Incognito Market, a dark web marketplace for narcotics—now confirmed in the technical admin’s statement who identified links with Incognito.

Launched in late 2020, Incognito accepts payments in Bitcoin and privacy-focused Monero.

The launch of a tool for criminality checks is a sign that criminals struggle to cash out their Bitcoin proceeds, said Robinson in his analysis last week.

But it also made crime-oriented blockchain analytics available to the public for the first time.

Well, not for long.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.