It is no secret that crypto-currency has evolved from a niche novelty for a select few to a household name in a very short period of time. With Bitcoin being the legacy cryptocurrency that started it all, followed closely by Ethereum having the most utilized blockchain in the world, there has been an unsung but parallel evolution for what we colloquially refer to as “privacy coins.” The official term for such cryptocurrencies is “anonymity-enhanced coins” (AECs), with the most well-known and utilized coin of all being Monero. If you are versed in cryptocurrency investigations, Monero has become associated as a “dead end” to traditional blockchain analytics. As was covered in my previous cryptocurrency offering “Crypto crime investigations” (tinyurl.com/2p97wf3x), investigators have tools available to them that assist in analyzing the traditional cryptocurrencies transactions — CiperTrace (tinyurl.com/mrx3y2ec) and Breadcrumbs (tinyurl.com/4p44mmw9). However, the demand to have cryptocurrencies that thwart such traditional tracing capabilities is constantly on the rise.

The evolution of AECs has introduced a gamut of new coins jockeying to be the most privacy-focused.

It has often been espoused by those in the technology field that privacy has become an illusion. Something equitable to an Orwellian dystopia, the ease of life technologies bring us also erode anything that we wish to keep private. I am an ardent believer and supporter of internet freedom and understand that in certain countries around the world, there is heavy censorship of what people can view online and, by extension, what people can say or openly support. From a law enforcement stance here in the United States, we are the “good guys” investigating “bad guys” in cyberspace that utilize cryptocurrency in a myriad of ways with different elements of criminality. However, consider, if you will, that the same tradecraft and tools that we use can adversely be used against citizens in oppressive countries that may be donating to charities or institutions that their government outlaws. Bitcoin and Ethereum are pseudo-anonymous cryptocurrencies, whereas attribution to wallets and exchanges is possible. As such, AECs like Monero, Z-Cash and Dash offer obfuscated public ledgers or hidden transaction components. This might seem like a paradox, as how can something with a public ledger be truly anonymous? The answer: Complete anonymity is not possible with a public ledger. Henceforth, “anonymity enhanced.” 

Unarguably, the most popular and most utilized AEC in the world is Monero. Since its adoption in 2014, Monero has steadily become the most popular and most accepted AEC. Built on unspent transaction output (UTXO) structure, Monero (traded as XMR) utilizes RingCT (ring signatures — ring confidential transactions) to combine decoy signers and real signers in one-time transactions. Sound like gibberish? To be abridged, let’s compare it to a traditional Bitcoin transaction. With Bitcoin, there is a sending wallet, receiving wallet, change wallet and transaction hash. This transaction hash outlines the denomination sent from the sending wallet, how much change was received by the receiving wallet and how much leftover went to the change wallet. Contrasting with Monero, there is a transaction hash — however, the denomination amount and the wallet addresses are hidden. The one-time spend signature that was used in the transaction from the sending wallet is combined with decoy spend signatures, and subsequently, the sending and receiving wallets are obfuscated as “stealth addresses.” Every single Monero transaction since September 2017 has implemented this protocol, as it was optional before then. With “stealth” wallet addresses on an obfuscated ledger, traditional tracing methods are futile.

Unlike traditional cryptocurrencies like Bitcoin and Ethereum, which are often purchased for investment value, AECs are often minimally affected by the ebbs and flows of market volatility. While Monero remains the most popular, there are other cryptocurrencies that offer a higher level of privacy for transactions, like Z-Cash (https://z.cash) and Dash (dash.org). Keep in mind that Monero has RingCT built into every transaction, while Z-Cash and Dash have the option to enhance privacy. For Dash specifically, the option of PrivateSend (tinyurl.com/bdmrrdsx) is a feature. For Z-Cash, instead of RingCT, it implements zk-SNARKs (tinyurl.com/4u4zp4mm) and upgraded the underlying cryptography of the blockchain to Halo-2 (tinyurl.com/bdec37a7) in May 2022. However, as with Dash, users still need to enhance the privacy of their transactions by having a “shielded” address.

The evolution of AECs has introduced a gamut of new coins jockeying to be the most privacy-focused. Built on the mimblewimble (www.mwc.mw) blockchain, Beam (https://beam.mw) and GRiN (https://grin.mw) have become contenders. Similarly, altcoins like Haven (havenprotocol.org) and the now-infamous Ripple (ripple.com/xrp) are components of the privacy-centric cryptocurrency discussion. It raises the question, “Could AECs be the future for transactional coins?”

Some commonalities among all the AECs are the lack of acceptance of transactional value as well as the scarcity of traditional purchasing. For example, Monero is only available for direct purchase with fiat (U.S. dollars) on Kraken (kraken.com). Other exchanges, like Binance (binance.us), require trading for Monero with other cryptocurrencies. Albeit not the biggest hurdle for some, but certainly not as straightforward as purchasing Bitcoin or Ethereum. For those looking for self-custody wallets, there is a limited number that’s supportive of AECs — Cake Wallet (cakewallet.com) supports Monero and Haven and Feather Wallet (featherwallet.org) supports Monero. For those who purchase Monero and are looking to transact with it, they’ll find more acceptance on the dark net markets versus traditional e-commerce platforms and payment services that have incorporated cryptocurrencies into their ecosystem.

While I feel it is necessary to understand the existence of a myriad of AECs, the one that is most common and should be focused on by law enforcement is Monero. For investigators, it is important to understand the gravitational shift away from Bitcoin and Ethereum to privacy coins when it comes to illicit markets. Since 2017, there have been dark net markets that only allowed Monero to be transacted on the site, such as Libertas (tinyurl.com/bddbjd52), White House Market (tinyurl.com/c949h2jc), Alphabay (tinyurl.com/48rf93c8; the rebirth) and now, the cumbersome “Squid Games-” themed market, Squid Market. It is now commonplace for dark net marketplaces to allow Monero to be transacted on the sites along with Bitcoin. On the Clearnet (the internet you are using while reading this article), there are services like virtual private networks (VPNs) and virtual private server (VPS) hosting that offer Monero as a form of payment; specifically, MullvadVPN (tinyurl.com/5m7au3p) and PacketCloud (packetcloud.ca).

I previously expressed that I am an ardent believer and supporter of internet freedom, and while that sentiment seems to get lost while discussing AECs and their nexus to criminal activity, I will firmly say that not everybody transacting with Monero or any other AEC is “up to no good.” Such an example would be donating to Latern (tinyurl.com/3svn3uu4), a VPN-like app that helps Iranian people access the uncensored internet beyond the Iranian government’s surveillance. Want to donate? They accept Monero!

I highly encourage a hands-on approach to learning about AECs, specifically Monero. Learn where they are sold and buy some! No, this isn’t investment advice, but rather for familiarity. If you’re interested in Monero specifically, perhaps the easiest way would be to download Cake Wallet. Purchase some Bitcoin from an exchange or BTC ATM, sending it to your Cake Wallet address. From there, use FixedFloat (fixedfloat.com/en) to swap your Bitcoin for Monero, sending it back to your Cake Wallet Monero address. FixedFloat is a swap exchange that does not require Know Your Customer (KYC) compliance. With simply an email, you can swap as much Bitcoin and Ethereum for Monero as you want. Don’t feel comfortable doing that? Well, criminals are doing it every single day.

In closing, perhaps the technological gurus are wrong. Whereas privacy is not merely an illusion when it pertains to AECs. In the constant cat-and-mouse game when it comes to law enforcement and the criminal underworld, we in law enforcement are always reactive versus proactive. If you are just learning about AECs from reading this article, I sincerely hope it provided you with the understanding that you need not fear them. There are analytic tools, specifically from CipherTrace (ciphertrace.com), that do offer support for Monero investigations. The question I ask is, how prepared are you to take AEC-related investigations head-on?