Updated: Apr 29
The anonymizing Tor browser that enabled relatively easy access to the Dark Web was created under the U.S. Naval Research Laboratory to advance U.S. national security operations. Its purpose was to allow government spies to anonymously monitor and exchange information. It relied on a decentralized network operated by entities of diverse interests and levels of trust. In 2004 the Electronic Frontier Foundation (EFF) recognized the value of Tor as it applied to digital rights. The EFF set up a 501(c)3 non-project operation to fund and maintain Tor’s further development and open it up to the public under a free and open software license. Some of the initial applications were that of activists such as in the 2010 Arab Spring uprising. Activists were able to maintain anonymity and access resources, websites, and social media that were blocked in their country. The exploitation of the Dark Web wasn’t limited to activists. The Dark Web was a tool of good, such as a safe way for whistleblowers to sound the alarm about bad behavior. It also became a tool to conduct crime while under the cloak of anonymity, especially with the introduction of cryptocurrency, starting with Bitcoin, as a way to anonymously transact criminal deeds within the shadows of the Dark Web. This article examines three general cryptocurrency illegal uses within the Dark Web. Trade Fraud The level of encryption and anonymity the Dark Web offers, combined with the anonymity and ease of use of the Tor browser, was attractive to criminal elements. Illegal and other nefarious communications could take place anonymously. The rise of cryptocurrency added another layer of anonymity as well as a means to facilitate the buying and selling of illegal goods and services. Like the ugliest version of the Wild Wild West, mayhem prevailed. Dark Web marketplaces arose that sold child pornography, illicit drugs, illegal weapons, counterfeit goods, illegal services, and the facilitation of sex and drug trafficking. The infamous case of Ross Ulbricht and his Silk Road marketplace takedown was a massive win for law enforcement. It also blew a hole in the anonymity promise of cryptocurrency and the Dark Web. People on the dark web can, and have, been identified. People can get caught and prosecuted for their criminal acts on the Dark Web. As in the “real world,” marketplaces are run by people, and people make mistakes. One little mistake can be the clue that leads to a criminal’s ultimate capture. Furthermore, new tools and techniques have been developed to help law enforcement investigate cryptocurrency and crime on the Dark Web. Fencing Stolen Crypto The act of buying stolen goods to resell them for a profit is called “fencing.” Most jurisdictions consider fencing to be a crime. Recently, two Japanese men, Takayoshi Doi and Masaki Kitamoto were arrested by the Tokyo Metropolitan Police Department for fencing cryptocurrency. Allegedly the two men bought what they knew to be stolen NEM (XEM) cryptocurrency at a massive discount through a Dark Web market. The stolen XEM was obtained through a hack of the Coincheck cryptocurrency exchange where hackers, allegedly Russian-Based, stole over $534 million worth of XEM. Over 100 investigators in Japan followed the digital breadcrumbs. In their analysis, Japanese law enforcement discovered much of the stolen XEM ended up on for sale on the Dark Web. Since they were able to trace the movement of the stolen and sold XEM Japanese law enforcement, then expanded their focus to target those who purchased the tokens. Apparently, Kitamoto eventually admitted pulling in about $19 million from the fencing operation. There has also been some reporting that Kitamoto was involved in the Coincheck hack itself. In 2018 Japan’s National Police Agency (NPA) budget 35 million yen ($315,000) for the development of software that will track the flow of suspicious blockchain transactions. The funding came in response to the increasing criminal cases involving cryptocurrency in Japan. In 2017 the NPA received 669 reports of suspected money laundering related transactions from cryptocurrency exchanges within 8 months. It is estimated that in 2017 hackers stole at least $6.2 million worth of cryptocurrency from Japanese exchanges and wallet accounts. Trojan Tor Browser In the fall of 2019, researchers from ESET, a cybersecurity firm, discovered a malicious version of the Tor browser that was being used to steal more than $40,000 worth of Bitcoin from users. Scammers used the trojanized Russian-language version of the official Tor browser package to redirect Tor users to two websites that warned the user that their version of Tor is out of date. When unsuspecting users click on the “update” link on the fraudulent website, they are directed to another page where they can download the update, which was really an infected browser that looked the same as the legitimate Tor browser. When those users went to add funds to their Bitcoin wallet or pay for items offered for sale on Dark Web marketplaces, the deceptive browser would replace the target wallet address to one controlled by the scammers. Crypto Crime Crackdown Many countries around the world are cracking down on illicit activity involving cryptocurrency on the Dark Web. For example, in the United States, the Federal Bureau of Investigation (FBI) is reportedly conducting operations that will “de-anonymize” Tor servers. The FBI established nodes on the network that will allow the agency to identify the locations and identities of some illegal Tor-based dark web sites. As a result, federal law enforcement has been able to takedown popular Dark Web markets such as Hansa and AlphaBay. Russia has updated its anti-money-laundering, and bribery laws related to cryptocurrency after the Russian Federal Security Service (FSB) demanded $1M Bitcoin from a media mogul last year. The FSB was also reported to have been involved in the mission of $450 million in cryptocurrency from the sizeable online cryptocurrency exchange Wex. Wex is an offshoot of the Bulgarian based cryptocurrency exchange BTC-e. It is alleged BTC-e handled the tracing of Bitcoin to a Russian military hacking unit. The new laws in Russia were released on February 17, 2020, and categorized any transaction associated with cryptocurrency as a money laundering risk. Accounts of such actions could fall into the category of “dubious transaction” execution. Crypto assets are also now included in the criteria for freezing accounts.