Antinalysis, the dark web tool that was shut down last week following public exposure, is back from the dead. Like a hydra whose heads multiply when cut down, the service has resurfaced, this time not just on the darknet but also on the clearnet — the part of the internet that is freely and publicly accessible. Previously, the tool was available only on Tor, an anonymous web browser used to access the dark web.
Antinalysis is a blockchain analysis tool that allows users to determine the origin of their Bitcoins and assesses the risk associated with holding the tokens if links to illicit activities are established. The idea is that crypto launderers and criminals can avoid their tokens from getting flagged to the authorities by regulated exchanges that use similar tools to track dirty crypto tokens.
The tool is provided by the Incognito team, the group behind the illegal drugs marketplace on the darknet called Incognito Market. According to an administrator on the team, who contacted Joe Tidy, a BBC reporter, last week, the site is designed not just for criminals but anyone looking for blockchain privacy.
The previous version of Antinalysis was based on the AMLBot application programming interface. AMLBot swiftly pulled back its service and shut down the Antinalysis account within eight hours of the public exposure of Antinalysis and after Nick Bax, an independent blockchain tracing expert pointed out the similarities between the two tools.
A swift but short-lived demise
In a written statement to Forkast.News, AMLBot said that it first blocked Antinalysis’ account for eight hours after being cautioned that its API was likely being used by the tool. AMLBot is a service that allows users to check whether the Bitcoins they are about to receive are linked to illicit activities so that merchants can avoid unwittingly aiding crypto laundering.
AMLBot also sent all addresses that had used Antinalysis, which were stored in the Crystal blockchain database, to U.K. law enforcement authorities. AMLBot noted that some addresses that had used the Antinalysis tool were previously not linked to the darknet or any illicit activities.
It added: “It can be assumed that criminals used these addresses for illegal actions … These addresses were added to the tracking database and transferred to the most prominent players in the market to [sic] a more effective fight against money laundering.”
Following the discovery of the Antinalysis account, AMLBot conducted an internal investigation that “revealed the origin of the issue” that has since been fixed. The company eventually shut down the Antinalysis account and started monitoring all its customers with higher precision and re-checked all existing customers.
The statement added that user requests were checked for behavioral models similar to Antinalysis. The company has also updated its algorithm for continuous monitoring of customer behavior and requests. Additionally, the company onboarded another anti-money laundering specialist to constantly monitor all user behavior and requests.
The elaborate measures to thwart Antinalysis did not stop it from resurfacing. Its website reads: “We are now back and no longer dependent on any third party for address labelling.” Since the service itself is not illegal, Antinalysis likely is not worried about getting shut down on the clearnet.
Back with a vengeance or a sickly twin?
While it previously leveraged AMLBot’s database, it is not clear where the data for the new Antinalysis site is sourced from. According to its website, the tool scrapes data from other websites and databases. “The data is normalized and fed into our own big query-like implementation with models trained to identify certain patterns of the transaction flow,” the Antinalysis website says.
Anyone can use Antinalysis but only by paying in Monero — a cryptocurrency that uses privacy-enhancing technologies to obscure transactions and provide users with anonymity while making the tokens fungible. These privacy features make it unsurprising that Monero has gained prominence as the cryptocurrency of choice among drug cartels and cybercriminals. Although the developers of Antinalysis claim the tool is not geared toward aiding only criminals, their acceptance of only Monero hints in the opposite direction.
Tom Robinson, the co-founder of blockchain investigation firm Elliptic, who refers to Antinalysis as a “tool built for criminals, by criminals,” evaluated the results provided by the previous version of Antinalysis and found them to be of poor quality. Now that the tool can no longer draw data from AMLBot, its results could be of lesser quality.
According to the Antinalysis website, the tool only traces up to 1,000 transactions and goes five nodes deep and not beyond that. Commercial-level transaction tracing tools like those provided by Elliptic or used by regulated exchanges conduct more in-depth analysis to track down tokens associated with shady transactions. As of press time, Antinalysis did not respond to requests for comments.
Ultimately, the launch of Antinalysis bears testament to what Benjamin Sauter, a crypto lawyer, earlier told Forkast.News. He had said that we are likely to see more and more services similar to Antinalysis sprout up, not just on the darknet but also on the clearnet.