Centralized cryptocurrency exchanges are increasingly being targeted for their often flagrant disregard of basic anti-money laundering and know-your-customer requirements. But regulators wanting to target decentralized exchanges may be caught in a bind — how do you regulate what you can’t isolate?
In the spring of 2002, Paul Bladscoe, a U.S. Special Forces soldier was speaking via his interpreter to a local tribal leader in the dusty, sand swept hills of Jalalabad, Afghanistan, trying to get leads on the location of another Al-Qaeda leader.
The U.S. War on Terror was just getting into full swing and Bladscoe was one of dozens of Special Forces teams spread across Afghanistan, from the tundra to the hot and humid lowlands, hunting for Al-Qaeda leaders responsible for the deadly September 11 attacks on U.S. soil, as well as their Taliban hosts.
But what Bladscoe was increasingly realizing was that taking out one Al-Qaeda leader had a limited effect on the organization’s capability to strike back.
With every successful raid on an Al-Qaeda leader, Bladscoe noted an increase in counter attacks, whether ambushes on U.S. outposts, or a spike in IEDs or improvised explosive devices being found on U.S. supply routes.
It was almost as if like the mythic hydra, cutting off one head of the snake created two new snakes, and sometimes more.
All across the Afghan battlefield, Special Forces commanders like Bladscoe were reporting similar experiences back to headquarters, while thousands of miles away in Washington, Pentagon officials were struggling to combat an organization that had no clear reporting lines and no defined leadership.
Although Osama bin Laden has often been viewed as the leader of Al-Qaeda, the reality is that individual units, or terror cells on the ground have acted for years without any centralized planning and with a high degree of autonomy and independence.
When the Americans first encountered Al-Qaeda, killing the snake by cutting its head off, seemed to do very little to end the cycle of violence.
Al-Qaeda is an example of a highly effective decentralized terrorist organization, but it’s hardly the first or likely to be the last.
Even as the Taliban, with its far more traditional leadership structure, was being crushed by allied forces in Afghanistan, Al-Qaeda was continuing to operate, despite successive leaders being taken out in drone attacks.
From Pakistan, the Al-Qaeda core planned and conducted attacks like the Madrid train bombing in 2004, a wave of attacks on Saudi Arabia from 2003–2006 and helped to incite the civil war in Iraq led by Abu Musaib al Zarqawi, Osama bin Laden’s lieutenant.
And while Al-Qaeda is now a shadow of its former self, it’s far from dead.
The subsequent rise and fall of Al-Qaeda’s successor, the Islamic State of Iraq and Syria, or ISIS, has demonstrated that Al-Qaeda’s decision not to announce a caliphate or control territory has aged well.
By controlling large swathes of land, ISIS became a target, but by becoming a an ideology, ISIS and Al-Qaeda continue to inspire the lone wolf attacks which make the terrorist organizations more powerful than if these actions were centrally directed.
And while the comparison is unfortunate, it is the use of decentralization that ensures the continuance of terrorist organizations, which is also what ensures the persistence of cryptocurrency exchanges.
Death or Decentralization
In September, U.S. authorities charged the founders of BitMEX, one of the world’s largest cryptocurrency exchanges that specializes in derivatives, for willfully failing to prevent money laundering and operating an unregistered trading platform.
BitMEX, which was founded in 2014, has hidden in plain sight for years, but U.S. authorities have been catching up to the previously unregulated cryptocurrency market, and BitMEX is just the latest in a string of actions by regulators.
Owned by a parent entity in Seychelles, BitMEX offers cryptocurrency traders as much as 100 times leverage, far above the amount of leverage available in traditional financial markets.
The U.S. Department of Justice brought criminal charges against BitMEX’s founders Arthur Hayes, Ben Delo and Samuel Reed for violating rules under the Bank Secrecy Act, requiring financial institutions to maintain anti-money laundering controls.
While Reed was arrested in Massachusetts, Hayes and Delo remain at large and are believed to be in Hong Kong.
As recently as August this year, all customers looking to register and trade with BitMEX needed was an email address, at least according to the indictment by the Justice Department, which also claimed that BitMEX was deliberately domiciled in the Seychelles to avoid U.S. anti-money laundering rules.
BitMEX’s holding company, HDR Global Trading Limited is challenging the charges, but there are signs that the Justice Department’s move has already hurt trading volumes at BitMEX.
And despite the legal challenges facing BitMEX’s founders, the cryptocurrency derivatives exchange continues to operate and as recently as October, was the third largest cryptocurrency derivatives exchange by trading volume.
But the writing may already be on the wall for centralized cryptocurrency exchanges such as BitMEX.
Decentralization or Death
With increasing regulatory pressure, centralized cryptocurrency exchanges such as Binance, Huobi Global, Kraken and Coinbase, are all stepping up know-your-customer and anti-money laundering processes, to avoid attracting the ire of regulators.
Because of the pseudonymous nature of cryptocurrencies, the compliance challenges facing centralized exchanges are substantial, especially because it is difficult and costly to try and determine the source of digital asset wealth.
While the proceeds of big hacks are somewhat easier to trace using blockchain analysis, there are countless other smaller amounts of cryptocurrency, obtained either via illicit means or from criminal sources, that are a lot harder to keep track of.
According to Chainalysis, some US$2.8 billion in illicit Bitcoin is believed to have been laundered through cryptocurrency exchanges in 2019 alone, with over half of that being routed through Binance and Huobi Global.
And this is despite both Binance and Huobi Global being subject to know-your-customer regulations and having some of the industry’s more stringent anti-money laundering protocols in place.
The reality is that tracing dodgy cryptocurrency is extremely difficult, not to mention expensive, even for the most determined.
But regulators are in for an even bigger headache because of the rise of decentralized finance or DeFi.
Although the amounts locked into liquidity pools in DeFi, which act as natural exchanges for cryptocurrencies, has just topped US$12 billion, that amount has been steadily growing.
And the ability of DeFi to accommodate the trade in dollar-based stablecoins with zero KYC and AML means that they are obvious forums for nefarious actors looking to launder either dollars or cryptocurrencies.
Because DeFi exchanges such as Uniswap allow anyone with a Metamask wallet (a type of Ethereum-based digital wallet) to trade in cryptocurrencies in a decentralized manner, it’s difficult to pin any allegations of money laundering on a specific individual or group.
Although the founders and operators of Uniswap are known entities, much of the governance of such decentralized exchanges is delegated to the community.
But who is the community?
For practical purposes, everybody and nobody.
Because holders of the so-called governance tokens of decentralized exchanges are able to vote on protocol changes to the exchange, they technically “control” the exchange, but are identified by nothing more than a public Ethereum address.
And that’s just for Uniswap.
There are plenty of other decentralized exchanges with food names, which simply provide a venue for traders to swap cryptocurrencies and for whom their creators and operators are a completely unknown entity.
Which makes targeting the operation of such decentralized exchanges by law enforcement officials all the more challenging.
Who do you serve a subpoena to? An Ethereum address?
And even if law enforcement officials go after the service providers that provide the infrastructure, for instance the web services that host these decentralized exchanges, the experience of some of the most degenerate sites on the internet, such as 4Chan an 8Chan clearly demonstrate that there will always be providers willing to uphold the freedom of speech of the internet.
What more a decentralized exchange?
For now at least, decentralized exchanges remain a somewhat niche sector of the cryptocurrency market.
They are clunky to access and require some degree of comfort with handling Metamask.
And while the automated market making for liquidity pools mean that price discovery is relatively smooth, there are still arbitrage opportunities as a decentralized exchange, for now at least, doesn’t function as quickly as a centralized exchange when it comes to price.
But decentralized exchanges may not just be for nefarious actors.
Given that centralized exchanges are always more prone to hacks and bad actors internally, and traders need to custody digital assets with these centralized repositories, the argument for decentralized exchanges becomes stronger.
Because trading is done via smart contract on the blockchain, decentralized exchanges only facilitate the matching of buyers and sellers by providing pools, but don’t actually take custody of any digital assets, charging a small transaction fee for facilitating the match.
The biggest danger of course is that the smart contracts themselves become vulnerable to hacking, but given that there is a community of developers and smart contract auditors who are also actively monitoring these smart contracts for vulnerability, so far at least, hacks similar to that of the DAO (Decentralized Autonomous Organization) have been avoided.
The decentralized spirit and community-led ethos of DeFi is laudable, but also creates challenges for law enforcement that the creators of this technology either did not foresee or were willfully blind to.
Just as social media and the internet were tremendous tools for good, they have also proved to be tricky to police and capable of evolving and generating outcomes which its creators may have never intended or envisaged.
Similarly, when decentralized exchanges or the numerous DeFi applications that are being developed, start to draw attention from authorities, they may find that just like the terrorist organizations that the Americans fought in the rough mountainous regions of Afghanistan, it’s hard to kill a snake with multiple heads.
Especially when those heads regenerate into new snakes.