IRS Attempts to Trace Monero in Leaked Training Video, Response from XMR Research Lab
Faced with the impossible task of tracing Monero, the IRS humbled themselves and asked for help from the leading cryptocurrency surveillance platform
by By #Tbot: Take Back Our Tech
It's no secret that the IRS and other agencies have been looking to trace private cryptocurrencies like Monero. Quickly gaining popularity amongst darknet markets and cybercriminals, Monero is now the de-facto choice for any financial exchange where confidentiality is paramount.
Faced with the impossible task of tracing Monero, the IRS humbled themselves and asked for help from the leading cryptocurrency surveillance platform (or as they like to call themselves 'blockchain data' platform), Chainanalysis.
This relationship blossomed into a $20M contract for Chainanalysis' products and services to support the activities of different IRS departments including the Criminal Investigation Divsion, Cyber & Forensic Services, Small Business / Self-Employed, and Office of Fraud Enforcement.
Does the IRS have visibility into Monero and other cryptocurrencies?
A newly leaked training video gives us an inside look into their techniques and capabilities. Today we'll go deep into how financial surveillance is conducted and more importantly, how people can protect themselves, featuring a response from the Monero Research Lab.
Putting Out an S.O.S
Quickly, lets pour over the history of relevant crypto surveillance. In September 2020, the IRS put out the request, specifically the IRS CID (Criminal Investigation Division). They were looking for ways to investigate distributed ledger transactions involving private cryptos such as:
Bitcoin Lightning
XMR
ZEC
DASH
GRIN
KMD (Komodo)
XVG
ZEN
The IRS wanted to be able to pinpoint behavior associated with a particular user to conduct investigations, and associate their activity with other users, gathering open-source intelligence such as their names, all packaged in a neat little GUI (graphical user interface).
Two companies won the contract, from Sept 2020 to Sept 2021, although only Chainanalysis is of note as they were able to deliver a working product.
Three months after the contract ended, Chainanalysis put out a press release advertising support for tracing Lightning Network transactions in December 2021.
The IRS obviously liked the what they were seeing, and Chainanalysis won a $22M contract granting the IRS 620 yearly licenses to the software, access to an API, educational materials, training, and passes to conferences. You can find the redacted contract here.
When reviewing the training, it's important to remind ourselves that these efforts represent the highest levels of proficiency in financial surveillance. A grand cat and mouse game involving regulatory bodies, law enforcement, and centralized software providers up against a bunch of Monero nerds and nodes, spread around the globe.
Tracing Monero
The leaked presentation was an IRS Criminal Investigations office hours session, by a Cybercrime investigator from Chainanalysis Government Solutions.
In a 35 minute video, they gave an informative presentation on the Monero cryptocurrency, its history, and the challenges it presents investigators. They end the presentation with a demonstration of a 'real-life' investigation using Chainanalysis tooling.
I've downloaded and re-uploaded the video for you on our Odysee channel if you want to watch it in full, I've written about the important parts below.
Bitcoin and Monero: We Are Not The Same
The privacy preserving properties of Monero became evidently clear in the investigation. For those that don't know much about Monero, read through this section - if you know the fundamentals you can skip ahead.
Ring Confidential Transactions & Stealth Addresses
Like Bitcoin, Monero is based on an Unspent Transaction Output (UTXO) model. Unlike Bitcoin, transaction addresses and amounts do not appear on the blockchain.
Stealth addresses hide real Monero public addresses. Stealth addresses automatically generated for every transaction in Monero. Transactions sent to a public Monero address are transformed and sent to a one-time stealth address which is unlinkable to the real address. The real Monero address is never published on the blockchain.
A slide from the leaked presentation
Ring Confidential Transactions (RCT) hide transaction amounts. These are a mandatory feature on Monero since September 2017 that hide transaction amounts while letting block validators verify that the outputs of each transaction matches the inputs (ensuring Monero isn't generated out of thin air). This is possible through the cryptographic magic of Pederesen commitments which verify that total sum of encrypted inputs match the sum of encrypted outputs. This is an grade school simplification of a deep topic, for more details see the official Monero documentation and this excellent article by Teemu explaining the math behind Pedersen commitments.
The end result is that Monero addresses and amounts can't be analyzed on the blockchain. You will see this on display when we discuss the investigation.
Mixing Things Up
In Bitcoin, every transaction is signed by the public key of the sender to prove who sent it. This make things simple, but also associates transactions to the sender, and the inputs of each transaction can be traced back to the outputs and user who held the coins last.
In Monero, Ring Signatures put a stop to this and are arguably the most important privacy feature in Monero, working in tandem with Stealth Addresses and RCT.
Ring Signatures hide the sender in a transaction. In Monero, Ring Signatures are another mandatory feature. Ring Signatures work by taking the money you want to send (1 real input) and mixing it with a number of decoy inputs, including their public keys.
Your key and the decoy keys are used together to create a ring signature where one member of a group signs for everyone. A transaction signed by a ring signature can be cryptographically verified to come from the group of keys, however its unfeasible to figure out which of the keys actually made the signature.
Monero started requiring ring signatures in 2016, however users could choose the size of their mixing pool. Because ring sizes are public to the Monero blockchain, custom ring sizes harmed transaction privacy and in 2018, the Monero network enforced a standard ring size of 11. Today in 2024, the current ring size is 16.
Triple Edged Sword
To summarize, the privacy preserving properties of Monero work together to prevent observers from seeing transaction amounts, public addresses, and participants in a transaction. With these fundamental components of transactions under wraps, how could Chainanalysis begin to trace Monero? As we'll see, Chainanalysis has some tricks up their sleeve.
What's Visible?
Although fundmental components of Monero transactions are hidden, there are still some attributes of transactions that can be used in investigations, here's are the important features mentioned in the presentation.
Fees paid: On the blockchain this will be the exact XMR value, but within Chainanalysis' tool - they will be represented as a multiplier of the current default rate. (1x, 2x, 5x, 10x...)
Mixins: Size of the ring signature, number of decoy outputs which will depend on the current mandatory ring size for Monero.
Unlock Time: You can set transactions to have lock outputs, where the outputs cannot be used until X blocks have passed. 10 blocks is the minimum.
Chainanalysis' Internal Monero Tool
Chainanalysis' has a Monero block explorer which lists out all of the most recent blocks in the Monero blockchain.
Drilling down into a block and a transaction takes you to the transaction overview. The transaction overview has the most basic information at the top with inputs and outputs split at the bottom. In the top section (transaction features box) we see:
IP Address, (only before the Dandelion update Nov 2021)
Number of inputs
Number of outputs
Fee structure (1x, 2x...)
Transaction Heuristics (not explained)
When looking at inputs and outputs we see that decoys are greyed out and struck through, Chainanalysis claims it has methods to detect whether those decoys were actually previously spent. We'll dissect this a bit more in the next section.
If there's a special RPC note in the IP column of the transaction that means a user connected directly to Chainanalysis' Monero node, exposing its IP address.
There's also timing data between the first and second time an output was observed on the blockchain, indicated in the column containing a number of milliseconds (ms).
A 'Real-Life' Investigation
The mock investigation starts based off of a real investigation that targeted Darknet Market administrators allegedly working out of Colombia. And one other major piece of information, a list of about 70 transactions hashes from an external swap service, MorphToken.
These swaps of interest are from BTC to XMR, and transactions typically have 2 outputs, one will be the real output (back to the person initiating the swap) and one back to MorphToken as their change.
Loading the transaction hashes from a Google doc, the presenter loads those transaction ids summaries. The tool impressively automatically identifies the transactions as MorphToken swaps, which are then highlighted with an orange color.
The IP addresses of important services are also highlighted as part of the investigation.
With the initiating transactions identified, the investigator then looks to find co-spends, meaning future transactions on the Monero blockchain that spend multiple outputs from the original set of MorphToken outputs.
The investigator picks the most likely co-spend transaction to drill down into that has 4 co-spends included in the 4 inputs of the transactions. Its very likely the target moving their XMR to the next point. The target in this case also connected directly to a malicious Chainanalysis node, but looking up their IP pointed to a VPN. No luck this time.
Because 4 co-spends are present in this transaction, its extremely likely that those are the genuine inputs and so the other decoy inputs are greyed out. The presenter calls this an indicator of 'common control'.
On the output side, the investigator looks for highlighted IP addresses that have already cross-referenced with exchanges, like ChangeNow.
At this point Chainanalysis would pass this information over to law enforcement which would ask ChangeNow for more information on the transactions.
Because there are still a lot of decoys, its unclear what the true outputs are and so these are shots in the dark.
The investigator goes back to another transaction that shows 'common control', and has 2 co-spends in its 2 inputs.
Another highlighted IP address points to Exodus wallet, which the investigator claims doesn't log information of the users that use it and would be another shot in the dark.
Then the investigator chooses a transaction without any co-spends as a transaction of interest. This transaction is also a MorphToken swap, and there's some additional information at the top.
Well a lot of information - including how much BTC was deposited and how much XMR was sent out (160.96 xMR), as well as what address it was sent to.
The first output here is easily identified because it shows up in the list of MorphToken transactions as an output that would be confirmed to be spent later by MorphToken.
The other output is likely to be the user and the decoys have been ruled out - we'll talk about why that might be later.
Following this output to its next transaction we could assume that we're getting close to the user. Its easy to determine that the original MorphToken swap output is an input in this transaction.
We also notice an output with an RPC IP address, indicating that the user connected directly to an Chainanalysis malicious node.
Its another VPN, this time Slovakian.
We follow the transaction forward one more time to find a transaction with all of the decoys ruled out with RPC IP addresses having connected to the node. This time - it's in Colombia - not protected by a VPN. It's likely the target!
Now that they had the target's IP address, they fed it into another Chainanalysis tool named reactor which would scan for all transactions related to the IP.
And it found multiple related to a Centralized Exchange and Merchant Services entity, both places that likely KYC.
This was the final lead that was needed to find the identity and apprehend the subject.
Cheating on The Investigation
When I watched this for the first time, I had many questions. Why MorphToken? Who was running the investigation? How'd they rule out so many transactions? How did they learn about the transactions in the first place?
At the answers came easily with a search. This mock investigation was very likely based off of a real FBI investigation in March 2020 against Darknet Market actors.
This information comes from Blueleak documents, a 270GB leak of law enforcement files, including an FBI intelligence report outlining Darknet Market investigations in 2020, referencing use of a 'proprietary software tool that analyzed financial transactions of the Bitcoin blockchain'.
That almost certaintly sounds like Chainanalysis to me.
Here's an FBI Expressions of Likelihood chart in case you needed to translate my words into percentages of chance.
Of note in this intelligence report is the FBI's interaction with MorphToken. Although MorphToken was outside of US jurisdiction (based in Panama) and didn't require KYC, they still cooperated with the FBI.
A quote from the report:
This assessment is made with high confidence, based on FBI investigations, blockchain analysis, use of proprietary software, information from MorphToken, and information obtained from Darknet sites and forums that cater to DNM actors.
MorphToken had some level of cooperation and could have provided more information about the transactions including the internal IDs associated with trade requests on the platform along with the real transactions that sent XMR to the target of the investigation.
In fact we can get a window of what data was fed into Chainanalysis by MorphToken in the tool itself.
With the genuine transaction date, time, and amounts - you can trace this transaction forward and eliminate decoys based off of the spending patterns (decoy outputs occurring days from the original transaction are obvious fakes).
There were 70 transactions associated with the user in the investigation, and if Chainanalysis knew the timing of these real transactions then it could more easily disqualify decoys based on the times.
In the Art of Liberty Foundation’s book: “Government” – The Biggest Scam in History… Exposed! We break down how “Government” is best thought of as a technique for robbing and controlling populations. The book also exposes how an inter-generational organized crime system has been controlling the information the population receives about the legitimacy, necessity and desirability about “government” using mandatory “government” schools, scouting, Explorers, JROTC, ROTC, police and military training, monopoly media, propaganda woven into Hollywood films and television shows, and the algorithmic censorship of the internet.
The indoctrination and propaganda have been so successful that many people have never been exposed to the alternative to top-down “government” control.
They falsely believe that voting in rigged elections for the lesser evil is their only choice.
On November 1st-3rd, The Art of Liberty Foundation will be hosting Liberty on the Rocks – Sedona – The Voluntaryism Conference.
Discover the option that is NEVER offered or discussed by the MainStreamMedia or the MainStream Alternative Media: REAL FREEDOM!
We don’t really need “Government!”
All the legitimate services provided by monopoly “government” would be better provided by the free market, mutual aid societies, armed protective service companies, arbitration providers, insurance companies, and genuine charities.
Without the government’s mandatory inflationary money and confiscatory taxation, the economy would prosper and the population would be much wealthier and better able to help the poor, needy and disadvantaged.
Come join some of the country’s leading economists, legal experts and political philosophers discuss how the world could have more harmony and prosperity without “government”
Sedona.ArtOfLiberty.org - In-Person or Virtual – November 1st-3rd
Go Paid on Substack @ the $50 a Year Level and get a Free Ticket to the Liberty on the Rocks virtual conference and a free softcover copy of Etienne’s new book: Voluntaryism – How the Only “ISM” Fair for Everyone Leads to Harmony, Prosperity and Good Karma for All when released in November.
Go Paid at the $250 a Year Founding Member Level and get a free in-person ticket to Liberty on the Rocks in Sedona and a signed copy of the “Swiss Flip” version of Voluntaryism AND “Government” when released in November.
Today, all forms of "Modern Money" are ELECTRONIC. They have their existence and "LIFE" on Central Bank computers ONLY. As such, they may be diminished or deleted at the whim and will of the Central Bank officials, who are FISCAL AGENTS for the STATE. In a precent setting case involving Bank of La Salle, it was established that 3rd party records kept by a bank or any other 3rd party, may be obtained at any time for any reason, by the IRS.....BECAUSE...they are NOT in the possession of an individual, and thus NOT under the protection of the 4th and 5th Amendment. IF you deposit funds in a STATE / FEDERAL "BANK", you do so as a CREDITOR to the STATE, and in so doing, accept all their rules and regulations. The CONSTRUCTIVE POSSESSION of ALL PROPERTY: Personal, corporate and Real Estate, was transferred to a private corporation on December 23rd, 1913. At time and on that date, the US became a FINANCIAL COMMUNE, which provided the Rulers of the Financial Commune, the RIGHT to make NO CONSIDERATION (worthless) "LOANS" against all property in exchange for a PROMISSORY NOTE, to the exclusive benefit of those who operate, run and rule the Central "Commune'" Bank. The above was proven to be true when, during the 2008 Financial Crisis, the President of the Federal Reserve Bank, Timothy Geithner, stated the following fact: "We have a financial system that is run by private shareholders, managed by private institutions and we'd like to do our best to preserve that system." Kind Regards to All, FMR Intelligence Officer