ShapeShift and CipherBlade: money laundering accusations, and shells within shells

In Decrypt, Friday morning: “The case of CipherBlade, ShapeShift’s PR saviour” — with “additional reporting by David Gerard.”

Cas Piancey on Twitter noticed that CipherBlade seemed a little odd … and we proceeded to look into just what was going on here. Ben Munster put together his own, Cas’s and my research into the article on Decrypt.

I worked my backside off on this story Thursday afternoon, and then on Decrypt editor and cofounder Josh Quittner’s fair-but-harsh edit Thursday evening. Editing on a serious piece is a bit like blood sports in a Google doc, and Josh’s love is appropriately tough — so I’m grasping that “additional reporting” credit with both hands.

Amy Castor posted “Blockchain analytics firm CipherBlade steps in to launder ShapeShift’s image” on Friday morning, just before the Decrypt piece went up, and I supplied stuff for her piece too. Amy wins the prize for getting the word “launder” into the headline.

There’s a lot of stuff you can’t say, or wouldn’t bother saying, in a proper magazine with offices and so on. So here’s a few outtakes — extra background material and DVD extras on the story.

Update:  Also read Richard Sanders’ response to this post.

ShapeShift versus the Wall Street Journal

On 28 September 2018, the Wall Street Journal ran “How Dirty Money Disappears Into the Black Hole of Cryptocurrency” by Justin Scheck and Shane Shifflett (archive), fingering the ShapeShift crypto exchange — incorporated in Switzerland, but run out of Denver, Colorado — as a channel for money laundering. According to the Journal:

To examine the scope of crypto money laundering, the Journal built computer programs that tracked funds from more than 2,500 suspected investment frauds, hacks, blackmail schemes and other alleged crimes that used bitcoin and Ethereum by analyzing the currencies’ underlying software.

… The Journal found that ShapeShift processed nearly $9 million of the suspect funds, more than any other exchange with U.S. offices.

ShapeShift was very upset about this report. Not least because, as ShapeShift’s PR told Ben at Decrypt, ShapeShift had been very generous to the WSJ with its time, and the two had worked “closely.” So ShapeShift felt betrayed when the journalists produced  … journalism. ShapeShift’s founder and CEO Erik Voorhees posted a response to the report a few days later, saying “We have worked with the journalists for 5 months under false pretenses.”

On Wednesday evening, ShapeShift put out a press release report — taken up by CoinDesk (who also spoke to ShapeShift), CoinTelegraph and The Block — from a “blockchain investigation agency” called CipherBlade, to exonerate ShapeShift (archive). CipherBlade said:

… the WSJ’s $9 million “laundering” claim was overstated by a factor of 4x.

… The WSJ singled out ShapeShift for activity that is routine across any cryptocurrency exchange.

That is — money laundering did happen, okay, but it was less than the Wall Street Journal said, and anyway this is all “activity that is routine across any cryptocurrency exchange”, because apparently that makes it all okay? It’s fine. Nothing to see here.

CipherBlade to the rescue

But what of CipherBlade, who wrote the report? Apparently at their own expense — they state that ShapeShift didn’t pay them for the months-long investigation.

CipherBlade was founded only eight months ago. It says on its homepage that “We have recovered millions of dollars of stolen funds, prevented dozens of ICO scams, and professionally handled PR disasters and other emergency situations.”

Kyle S. Gibson noted CipherBlade’s previous success — they posted about investigating the Oyster ICO’s PRL token hack, and tracked down the founder, “Bruno Block,” who exit-scammed the ICO in November 2018 through a deliberately-maintained back door. CipherBlade also claim credit for recovering funds from when ICO pundit Ian Balina got hacked in April 2018.

To lodge an incident report, CipherBlade charges users 0.746 ETH, around $100. They’ll also lodge a police report for you for $350 total.



Matthew Greene, a company analyst and spokesman, told Decrypt that this fee for filing a free police report was for the benefit of customers who were feeling “disoriented”. The full quote he gave Ben (which didn’t make it to the final version of the Decrypt article):

Victims of crimes often are disoriented and don’t know where and how to report their situation most efficiently. We have a lot of experience with that and can advise them on which agency to report to depending on the nature of the crime and the jurisdictions involved, and we analyse the incident and draft a report for them that has all the features that law enforcement agencies need to process it easily and become active immediately.

And, from Richard Sanders to Ben:

The only payments on our site direct are for the report function, which isn’t super frequently used. We’re typically taking payment via crypto and providing addresses to our clients directly

Cipherblade’s Medium blog contains two articles, and the other article (archive) also just talks about how awful the Wall Street Journal is.

The corporate shell game

Cipherblade’s LinkedIn says it’s based in Pittsburgh, using what appears to be a shared working space in the Bakery Square shopping centre. The website says “© CipherBlade Ltd., UK”.

The UK company Cipherblade Ltd. was incorporated on 28 August 2018. It has two directors: Genevieve Magnan, of North East Point, Mahe, Seychelles; and, as company secretary, a company called Northwestern Management Services Limited. This company is, or has been, secretary for several hundred companies, and gives them a mailing address at 31 Southampton Row, Office 3.11, 3rd Floor, London, England, WC1B 5HJ — a no doubt extremely crowded room in serviced offices that also offer virtual offices.

(I went and looked on Thursday evening — the building does, in fact, have a third floor. This bit isn’t anything crypto-related, it’s just how you do corporate shells when UK Companies House is being too informative for your liking.)

Cipherblade UK is owned by Cipherblade of the Marshall Islands, whose address is listed in their UK subsidiary’s incorporation papers as Trust Company Complex, Ajeltake Road, Ajeltake Island, Majuro MH96960 Marshall Islands — an address also hosting a tremendous number of companies.

Cipherblade UK started with several other companies as directors — all resident at 8 Global Gateway, Rue de la Perle, Providence, Mahe, Seychelles, another very popular address. All quit within a month.

Genevieve Magnan has, of course, nothing to do with the daily running of CipherBlade. She works at AAA International Services, a company that incorporates shell companies for other companies. (I’ve linked an archive of their home page there — because the site itself kept trying to randomly send me malware. They might want to take a look at that.) Her job is being a “nominee director” — a stand-in name and face, so that the beneficial owners can hide themselves.

Corporate shells within shells were really brought home to the public when a pile of information was leaked from Mossack Fonseca for the Panama Papers — about the legions of tax dodgers and money launderers who were hiding their malfeasance behind networks of shell companies.

The Panama Papers site stresses that “there are legitimate uses for offshore companies and trusts, and we do not intend to suggest or imply that any people, companies or other entities have broken the law or otherwise acted improperly” — but if you’re complaining of money-laundering accusations, it may not be the best look to use a company that uses an obscurantist maze of shells, even if they’re doing it for actual privacy reasons and not to hide money from the tax man.

(It turns out that journalism is work, particularly when you spend hours on a rabbit hole that just leads to “LOL you have reached the department of corporate shell games.”)

Don’t mess with Richard Sanders

Richard Sanders, CipherBlade’s Chief Security Officer, describes in the footnotes of the Medium post how he “served in US army Special Operations Forces, rose to security lead at Google and” — get this — “assisted Binance and FBI in development of GDPR protocol.” I asked if he had over 300 confirmed kills, but apparently he doesn’t. I’m not 100% confident about the claim of helping the FBI cope with the GDPR, either. But let’s assume he’s on the level.

Sanders used to run a small business called SHPlates, to engrave and decorate ruck plates — steel plates that add weight to a backpack for training purposes. This did well enough that Sanders could “donate six figures a year to charities and that’s what the business is for. I’m always thinking, what can I do to raise more money for charities?” — but also needed to raise $1,000 in a Kickstarter to “relaunch.”

In the blockchain world, he’s an advisor to Dusk, a securities blockchain startup, and “director of defense” for Energi, an extremely minor proof-of-stake altcoin whose ambition is to become a “Cryptocurrency for World Adoption”. NRG volume is around $160,000 a day — 95% on Digifinex, 5% on KuCoin and a little bit on CryptoBridge, and only against BTC — so it may have some way to go.

It all comes back to ShapeShift

If Sanders can make a go of this and do a good job, then fine, y’know. The weird corporate shell games are a bit LARPy, and Energi is nonsense. But if Sanders is honest and technically competent, that immediately puts him ahead of 95% of the crypto world.

The real story here is ShapeShift trying to protect its image. It’s odd that they didn’t hire a better-known blockchain analytics firm — or, at the very least, pay CipherBlade for their work. (As all freelancers know, “exposure” is a word that means “dying of dehydration in a desert.”)

It’s important to note that ShapeShift is the exchange that left New York state in 2015 to avoid regulation under the BitLicense, and didn’t even have Know-Your-Customer identity checks until late 2018. It would be surprising if criminals hadn’t availed themselves of such facilities.

ShapeShift doesn’t knowingly facilitate criminals, and kicks them off and calls the authorities if they catch them — as they did when the WannaCry hackers tried cashing out through ShapeShift. But trying to imply that money-laundering doesn’t happen there, or is meaningless to the extent it does happen, is nonsensical.

Erik Voorhees, the exchange’s founder, is an archetypal Bitcoin libertarian. He sincerely thinks the sector doesn’t need regulation, and sees current regulations as damnable impositions. And that’s fine — there’s always a dialectic between the regulators and the institutions on how much to regulate.

Correcting a paper on a report you believe they got wrong is fine too — papers are often mediocre, and get things wrong. We can suck. But painting such investigations as inherently unfair is not how anything works, and just makes you look bad. It’s better to own the bad things that happened, and document what you’ll be doing about them going forward.

Your public isn’t just your fellow bitcoiners any more. If you’re dealing in real money, society expects you not just to be on the level — but to be able to show that you’re on the level. And that’s not just the regulators — it’s the news outlets, and especially the financial press. And the press’s readers. The expectation is social, not just some outside imposition by the state.

Additional reporting from Ben Munster, Amy Castor, Cas Piancey and Kyle S. Gibson. You do know that journalists all know each other and talk, right.

Become a Patron!

Your subscriptions keep this site going. Sign up today!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.