Tracers on the stage: Talking with the sleuths who cracked the big crypto cases of the 2010s

After a U.C. San Diego mathematician proved in 2013 that bitcoin transactions were not really anonymous, it didn’t take long for cryptocurrency tracing to become a profession in its own right.

Two of its first practitioners were Michael Gronager, who came at it from the business side, and Tigran Gambaryan, who was then a crime-fighting IRS agent. As Gambaryan says, "It was a weird time where everything was kind of happening at the same time."

Gronager went on to start Chainalysis, now a multibillion-dollar cryptocurrency tracing company with clients in law enforcement, intelligence and finance. Gambaryan, who now works for a cryptocurrency exchange, was the force behind some epic cryptocurrency investigations, including a laundering scheme on the BTC-e trading platform, the Mt. Gox exchange hack and another case related to the Silk Road darknet market.

Gronager and Gambaryan discussed those early days at the Links 2023 conference in New York earlier this month and were joined by Andy Greenberg, the senior writer for WIRED who tells their stories and how the industry started in his new book Tracers In The Dark. Click Here host Dina Temple-Raston moderated the event.

We’ve edited the conversation for length and clarity.

Click Here: What compelled you to write this book?

Andy Greenberg: So, 2010 or so, I was working on a different book about the cypherpunks — this movement of radical libertarians who believed that they could use encryption tools like cryptographic anonymity tools to take power away from governments and give it to individuals in really radical ways. Like, they wanted to empower people to have untraceable black markets on the internet and have untraceable assassination markets, even. I mean, they dreamt of this world of true crypto anonymity.

And so, yeah, when I came upon it, I was like — being the kind of reporter I am, who covers this dark side of the internet — this is gonna be a new world of cybercrime, like money laundering, online drug deals, terrorist financing, God knows what. And all that came to pass.

I mean, it really did seem like bitcoin was this thing where you could put unmarked bills in a briefcase and send it across the internet to anyone in the world without revealing your identity. And it was working on things like Silk Road — you know, the first dark web drug market. But I’m embarrassed to say this in front of these guys because if you flash forward to 2020 or so, that's when I began to see that I was not just, like, a little bit wrong about this. I was fully 180 degrees incorrect about my notion of bitcoin's privacy properties. And I began to see that no, actually, not only is bitcoin traceable, but that actually you can follow the money on the blockchain even more than in traditional finance.

Tigran and Michael specifically had used this to take down burglars behind the biggest heist in cryptocurrency at the time and take down the biggest dark web market in history and the biggest dark web child sexual abuse network as well. So, it looked to me like this was a book-shaped story worthy of spending years writing.

CH: Michael, could you explain how you came to this epiphany of how you can trace a transaction in the blockchain?

Michael Gronager: So first of all, I read Satoshi’s white paper back in the day. And he kind of uses this word of pseudonymity, and he doesn't use the word of anonymity, and he does that on purpose. So he basically says, this is not anonymous money. And I think there's one sentence that basically says that there's some ways you can maybe do this one day.

CH: Let me just stop you for a second. So you're talking about the white paper that actually birthed …

MG: That was the creation, the real innovation of bitcoin. Like that's back in 2009, I think it was. Then after that I read an article by Sarah Meiklejohn. She kind of tried out some of the early things or ideas from Satoshi around, like, how can you actually do this in practice? So she managed to do that at scale and show this is doable. And then I started to tell regulators and others in 2014 that this can actually be done. And they're all like, Yeah, you say so, but that's not really happening. And I take that as a call to action and be like, I’ll show it can be done.

CH: And Andy, you write about this in your book. When he explained this to you, was it sort of an epiphany to you that you thought, Hmm, I thought this was anonymous, and it's really clear it's not.

AG: Well, I did have that epiphany. But, as Michael credited, Sarah Meiklejohn was the one to put those first cracks in this myth of anonymity. She was the one who came up with this bag of tricks … who showed that you could create clusters of addresses. Basically, like, one person or a service is responsible for thousands — or millions sometimes — of addresses.

And then she was the one, as you said, who did the undercover transactions to start to label those clusters. Almost like a narcotics cop doing a buy-and-bust. I bought marijuana from the Silk Road. I feel weird saying that. There are federal agents on this stage.

Click Here: There’s a collective gasp that went through the room.

AG: [To Gambaryan] You’re not a federal agent anymore.

CH: As long as you paid taxes on it, it's fine.

AG: Yeah. And so I asked Sarah, like, can you trace my transactions? And she did. Immediately she showed that I had done basically an illegal drug deal in public view. And I didn’t go to prison.

Tigran Gambaryan: Did you get the drugs?

AG: Oh yeah. A gram from Silk Road. Two other … yeah, we'll talk about it later.

CH: You write about this in the book, Andy. It's a great story. [Tigran], you had actually found specific people who were taking bitcoins and putting them into a wallet, and they ended up being specific people kind of in your line of business — not the accounting part, but the government agency part. Can you explain that story?

TG: The investigation was [into] Carl Force and Sean Bridges, DEA and Secret Service agents, that were working on the original Silk Road investigations out of Baltimore. And then through the course of their investigation, they had stolen tens of thousands of bitcoin. And also caused a couple of murders-for-hire to be placed on Silk Road.

But the point of it is that to me, that was kind of the proof of concept for companies like Chainalysis. That was kind of what showed that it can be done in the court of law that you can use blockchain evidence to support criminal charges. Prosecutors are very hesitant to do anything new that hasn't been tried. And I had an opportunity and the pleasure in working with prosecutors that were crazy enough to do that. So we kind of set a precedent for everybody else to kind of replicate. It's amazing, and it's still being used to this day. In retrospect, it was a very simple case.

CH: Let me ask you about Mt. Gox, Michael, because that's the one that everybody sort of understands. Can you explain — you get a phone call that says, Hey, come and help us, come to Japan — how you thought that through? And whether, at the time … was it a little bit frightening to say, OK, This is where I'm gonna figure out if it works on a really grand scale?

MG: Mt. Gox was the biggest exchange in the crypto space for many, many years, starting from 2010 and 2011 and 2012, getting into 2013. And in 2013, they announced they're going bankrupt. The bitcoin price had just that year went from a hundred dollars to a thousand dollars or so in the course of, like, six months or so. Everyone is super excited in the crypto space.

Now people can't take their money out of the Mt. Gox exchange and [it goes] bankrupt, and the entire 2014 goes by and everyone expects to get their money back. And nothing really happens. We are basically in talks with the bankruptcy [lawyers] and with regulators in Japan because we want the industry to not go down because of Mt. Gox, and we want to help the creditors in that case as well. So having different conversations with the bankruptcy trustee, and one of the ideas that kind of emerged pretty fast — because there's a lot of confusion on Reddit and everywhere else, basically people discussing, did [Mark Karpelès] steal the money? He was the CEO of the exchange. What actually happened?

So there’s a lot of speculation and I felt that if we dove into it, and I looked at the database, we could probably figure it out. So that was kind of the idea. And then they wanted to meet us, so I went to Japan, and we basically started the conversation. They wanted to understand, like, How can this be done? What are you planning to do? What are the ideas around it? And at that time, I'm basically, like, Yeah, I think I can do this, right? And then we'd take it from there.

CH: Were you before 30 lawyers in Tokyo, sort of explaining the very basics of bitcoin, or did they get it?

MG: So they got some of the basic things around bitcoin, I would say that. But I would say the real challenge, in their case, was [that] in normal bankruptcy, there's no criminal element. It's just, like, money got lost because of bad business behavior. That's what happens, like, every day.

But in that situation, it’s like, What should we actually trust here? Because a lot of people on Reddit say that there's a problem with the management, and now these people come to us and tell us that maybe there is, and they want to help investigate it. So they want to build some trust with us and figure out is it right.

CH: So you get access to the Mt. Gox database, and you see there are some transactions. And then you look at the blockchain and then you can work back from that to figure out what's missing, right?

MG: Yes, so basically I can take a wallet that's described in a database, and the database tells me all the transactions that wallet has done that's initiated by someone on Mt Gox. And then I look at those, and I can see that that sums up to a certain amount. Then I can look at the blockchain and I can see — what did that wallet actually do? And it turns out that it actually sent another 600,000 to 800,000 bitcoins more than the wallet in the database, but it's the same wallet and it's on the blockchain. So it meant that apparently someone has had access to that wallet in another way. So it had been breached. And that was a time where that became crystal clear.

CH: And Tigran, how do you sort of fit in with this?

TG: So this was around the time when I was working the BTC-e investigation. … BTC-e was kind of this unknown exchange. People made assumptions about it. People said it was based in Europe. Some people said it was based in Asia. Nobody knew who the owner was, but it was a fairly large exchange. And I think, at the time I was investigating it …

CH: You're with the IRS at this point?

TG: I was a special agent with the IRS. We were continuously talking [to Chainalysis]. I mean, I kind of make fun of Michael telling him that I need some shares in Chainalysis because I was probably their best salesman at the time. But we were working quite well together, and we were involved in quite a few cases.

It wasn't just BTC-e. It was a weird time where everything was kind of happening at the same time. And once we figured out that, you know, cryptocurrency was traceable, it kind of opened up a whole new world, right? It wasn't something special, right? Like, there's nothing special about me or any of the work that I did. It was just [that] we were there first, and it was just the realization that this is actually doable.

CH: So you're sitting at home and Michael's writing code. I assume you're not writing code, so you're sitting at home and doing what?

TG: I was doing accounting with a gun. [Laughter]

CH: So the gun's on the table and you're looking at your computer screen, and you're trying to figure out patterns. And Michael is doing it in a sort of coding way?

TG: So, I didn't even know about Michael when I started looking at cryptocurrency. This case came up and everybody's like, Oh yeah, Bitcoin’s traceable. We can totally do this. I'm like, has anybody actually done this? No, but it's all there. And so I had to actually go there and I'm like, is there something wrong with me? Am I not getting this? Like, I don't think this has been done. And every single time where this has kind of been brought up, there's no actual evidence of somebody using or tracing cryptocurrency to identify specific illicit transactions and specific uses of illicit transactions.

CH: What I'm trying to explain here is the evolution of things, right? So we start out with Sarah Meiklejohn at UCSD, who's buying simple things like a Boston CD. And then it expands even further to what Michael did at Mt. Gox. So did you approach it differently because you were looking at things as a single person, whereas Michael was looking at something with wallets and clusters? Or did you guys come in and be able to put both your lenses on this in a way that strengthened it?

TG: I think I was looking at a completely different investigation. And then we kind of met in the middle.

MG: Mm-hmm. I think so.

TG: Yeah, so he was working on the Mt. Gox angle of it, and I was working kind of the BTC-e angle of it. And the crosspoint became evident, like, Wait, did somebody just create an exchange to launder all the money they stole from Mt. Gox? And I think that that's essentially what happened is that, I mean, if I had stolen 800,000 bitcoin, I'd probably create an exchange to launder it. It's more efficient — save on some fees.

CH: So I'm wondering now, as we sort of kick this forward, how are we seeing criminals evolve in response to this? And how are you preparing for that?

AG: Oh, there's absolutely been an evolution of the game. I mean, there's been an evolution on the cat side and the mouse side of this game. The cat side is, like, in this room. I mean, Chainalysis is part of a huge industry. There is competition for the smartest minds to find new ways of tracing cryptocurrency. That is not something that I would've imagined a decade ago. But yeah, the mice are responding and they are adopting more and more privacy technologies like Monero, which is a newer coin that kind of tangles up everybody's transactions on the blockchain and integrates mixing and obfuscation in every transaction.

And Zcash, which uses this newfangled technology called zero-knowledge proofs to essentially encrypt the entire blockchain. So there is, in theory, no foothold or fingerprints of any kind for a Chainalysis — or a Tigran, for that matter — to exploit. It feels weird to say this on stage, but I’ve seen a leaked Chainalysis document that suggests that Chainalysis is not unable to trace Monero in a lot of cases. I don't know about Zcash. Zcash looks like it's truly untraceable. I’m looking at Michael as I say this …

CH: Yeah. Michael, do you wanna give us an idea?

MG: I'm putting on my poker face. No, I'm saying basically, I think one of the main premises as you described early on was basically: Is crypto here to help the cypherpunk movement? Is that really the core value proposition — the strive towards true anonymity in this world? And I've always been of the opinion that it's actually not the case. It's here to create, like, financial freedom. It's basically here because value wants to go to the blockchain because it's more optimal to be there. And I think that's the reason why we have the growth in the crypto space. And then I got the same question, like, Can the mice run faster? What's going to be the next thing? And I got that from investors, from everyone.

And I always met that with one answer and said like, try to look at numbers. If Zcash and Monero are going to be the biggest cryptocurrencies of 2023, yes, then I was wrong. And then I probably will never be able to do this. But the fact is that that's not what people do. They buy Ethereum in big amounts. They go into Solana. They use bitcoin, still. And that means the volume of, I would say, legitimate cryptocurrency or easy-to-trace cryptocurrency is huge today. And Monero and Zcash has stayed a pretty niche problem. And in the world of anonymity and understanding different things there, if the anonymity set is small, it takes very few mistakes to actually be able to identify someone, right? If the anonymity set is huge — like millions and billions of people — yes, then it becomes way harder and like it's much more costly to do, right?

CH: What are you seeing, Tigran?

TG: So I don't think Satoshi created the bitcoin whitepaper to hide his marijuana purchases, right? I don't think this was his goal, right? When did Bitcoin go live? It was two months after Lehman Brothers collapsed. His goal is to empower people and kind of limit the impact that a bank collapse could have on users — basically, putting power in control of the people so they can use money and not have to worry about a bank collapsing, right?

So I guess privacy is an element of it. But the public-facing blockchain, being able to confirm transactions, being able to not have to have a third party involved in a transaction — I think that was the goal. I can actually go in and, using tools like Chainalysis, confirm first, this money came from a darknet marketplace. Whereas a bank is only gonna make assumptions. To me, blockchain is kind of the best of both worlds. It empowers people, but at the same time, it allows exchanges and law enforcement to actually be able to identify these transactions.