Cyber criminals are always on the lookout to safely launder cryptocurrencies and stay off the radar of authorities. With Antinalysis back up and now openly available on the internet, it just might have become easier. Antinalysis is a blockchain analysis tool that assesses Bitcoin wallets to check for tainted tokens that might be associated with illicit activities and tells users how risky it is to hold them.
Regulated exchanges use blockchain analysis tools to check if the cryptocurrencies they receive are linked to any illegal activities or scams, and they report dirty tokens to the authorities in a bid to prevent money laundering. By using Antinalysis, criminals can find out which of their tokens are likely to be flagged by exchanges and then not use them, to avoid getting investigated or have their assets get frozen by authorities.
In an earlier incarnation, Antinalysis was using the AMLBot application programming interface on Tor, the darknet browser. But last week, AMLBot shut down Antinalysis’ account after Antinalysis was outed and a public outcry ensued. In a statement, AMLBot said that it can be assumed that Antinalysis was used by criminals with malicious intent, and the company reported Antinalysis users to U.K. authorities. AMLBot provides a service similar to that of Antinalysis, helping merchants and users avoid unwittingly aiding money laundering by checking tokens for links to illicit activities before accepting them.
But after a week of going dark, Antinalysis has not only resumed services but is out and proud. Rather than staying in the shadows of the dark net, Antinalysis now launched a proxy site on the clearnet — the publicly accessible part of the internet.
Pharoah, the online handle of a person who claims to be part of the team that runs Antinalysis, engaged in a Q&A session with Forkast.News over a series of email exchanges today — the company’s first interview since its revival. Pharoah said that Antinalysisis is designed for anyone “who hopes to have a detailed overview of where the funds in their addresses come from.” The Incognito team that runs Antinalysis is also linked to a dark web illegal drug marketplace called Incognito Market.
The following Forkast.News interview with Pharoah has been edited and condensed.
What were the chief motivations and intentions behind the launch of Antinalysis?
The main purpose of Antinalysis is to allow users to have complete information on the crypto they own. Modern analysis firms collect information from blockchains without the consent of users and do not provide any methods/channels for users to attain the data that have been collected by them.
The most ridiculous part is that the analysis of public onchain data is not backed by laws — what they’re doing is not much different from privately conducting mass surveillance in public areas. I mean, they’re private firms and don’t have public authority, do they? This is a major privacy infringement in my opinion. Since when did unlawful surveillance become legal? Since when can it be used as evidence in asset confiscation or criminal accusations?
While we cannot help you gain access to the data stored in the firms’ databases, Antinalysis offers users a glimpse of what data they have, so that users can be aware of what might be used against them to conduct unlawful actions, such as exchanges using the famous “your coins are tainted” reason to lock you out of your account and steal your crypto.
If Antinalysis’ service is not illegal or targeting criminals, why did it launch exclusively on the dark web at first?
We had to see whether Antinalysis runs into any issues with anti-money laundering laws. So we planned to test the waters on the dark web for at least a few months. Our team never thought that Antinalysis would be so quickly brought under the spotlight. The media started to report about Antinalysis 12 days after its launch.
Why did the Incognito team choose to launch Antinalysis on the clearnet now?
Since the service is already made public by the media, we decided to start a clearnet portal for better accessibility of our site. Note that the clearnet server only serves as a proxy to our onion [darknet] domain, in the unlikely case where Antinalysis faces some sort of trumped-up charges by law enforcement.
Why does Antinalysis only accept Monero? Why not accept Bitcoin, Ether or other altcoins?
We did consider accepting Bitcoin payments at first, but it’s not ideal for our service users due to high fees — imagine paying US$5 in transaction fees for our US$30 plan. Other than that, we’d like to maintain a certain degree of anonymity due to the legal aspect of other services we maintain. However, we’ll reconsider adding Bitcoin now that you mentioned.
In an earlier statement when Antinalysis was still only on the dark web, Antinalysis told [BBC News cybersecurity correspondent] Joe Tidy that the tool was not developed only for criminals or people who have something to hide. But doesn’t accepting only Monero, which is frequently used by cyber criminals, hint at the opposite?
We don’t deny that our other projects lie in the more shady areas. However, the legality of Antinalysis has nothing to do with it only accepting Monero. Also, an unrelated but important point to emphasize is that privacy is a human right and it’s not equivalent to an indication of doing something illegal.
How does the tool help innocent Bitcoin holders? What benefit could they derive from using Antinalysis?
When most people deposit crypto into a platform that follows AML compliance, like an exchange or maybe an ecommerce store, if there is a stain (innocent or not) on your transaction tree, there is a big possibility that your account will get frozen or put under investigation. You’ll spend weeks trying to convince the platform that you have nothing to do with the stain, which is a lengthy process since they are already biased that you’re doing shady things. Antinalysis provides a basic level of guarantee that you will not face this sort of tricky situation.
Where is the data for Antinalysis being sourced from?
Our crawlers have been getting information from the web for the whole week before the relaunch. With the processed information and the help of an outdated Elliptic [a blockchain investigation firm that provides commercial level service similar to Antinalysis] dataset, we got sufficient seed addresses to run network detection and group the addresses for a large number of entities.
For our readers, can you explain how Antinalysis works?
Basically, we gather the addresses that have sent coins to the address in question and do it recursively until we have constructed a transaction tree. We then run all the addresses through our entity identifier and return the entities identified.
Tom Robinson, the co-founder of Elliptic who blew the whistle on Antinalysis after finding it on the dark web, tweeted that Antinalysis is a tool “built by criminals, for criminals.” How do you respond to that allegation?
I think he’s just frustrated that we are making the services provided by their line of trade open to the general public, and that there’s a new competitor in town. Imagine how the co-founder of McDonald’s will describe Burger King. Anyway, thank him for the media exposure for me, would you? I didn’t put his Twitter account on the contact page to mock him, he really did a lot for us. [The contact page of Antinalysis on the clearnet lists the twitter contact of Robinson as the point of contact for Antinalysis.]
In your opinion, how accurate are the results of Antinalysis?
Currently, we have 11 major categories, each with a considerable number of address groups identified. It’s not state of the art I admit, but I think it already meets most of the requirements of an analysis service. We’ll be adding more data in the future, which will no doubt make the results even more accurate later on.
Building tools like Antinalysis requires resources. Can you share how the team managed to build the tool again so quickly after AMLBot pulled back its service, and how it was funded?
Our team has outstanding efficiency and possess solid skills in what they do. Additionally, I’d like to thank a donor for providing us with a considerable amount of external funding.
Can you share approximately how many users Antinalysis has on the darknet and clearnet?
Antinalysis has a strict no-logs policy. All records are deleted after the time specified by the user expires (between 10 minutes to 72 hours). It’s now running almost literally like a blackbox, so I’m afraid to say I cannot provide an accurate number.
As I mentioned in a previous question, the clearnet link is only a proxy to our onion service. We have no way of telling if the user browses from the clearnet or not.