Richard Sanders of CipherBlade reached out to respond to my Saturday evening (Sunday morning) post on the report CipherBlade wrote about the ShapeShift crypto exchange, and the Wall Street Journal’s report on money launderers using ShapeShift. Think of it as yet another extra bit of background on the whole thing. Thanks to Richard for this.
I’m going to focus on the hard facts here, and not focus on items in your article that seem to pose opinion on what we do — as an example of the latter, you describe our Report function on our site. One of the reasons I’d offered to get on a call with you is to explain a bit more in-depth of how that works or why one would want to have a professional file a report — it’s a lot to type in a brief email, and you also may find it intriguing for a future piece. The offer stands, by the way.
But what of CipherBlade, who wrote the report? Apparently at their own expense — they state that ShapeShift didn’t pay them for the months-long investigation.
There is no ‘apparently’ here — we weren’t compensated for this. This is explained a bit in varied articles. I’m not sure what would satisfy substantiating either the lack of payment, or our interest in doing this report — but I’m receptive to ideas from your end.
Cipherblade’s Medium blog contains two articles, and the other article (archive) also just talks about how awful the Wall Street Journal is.
This is false. Five articles.
Don’t mess with Richard Sanders
I can assure you that the only people that need heed this warning are bad actors. In reality, I’m a softy that drinks wine, listens to Taylor Swift, and snuggles with my cat.
helping the FBI cope with the GDPR, either. But let’s assume he’s on the level.
So perhaps even more relevant than this, and far more interesting for your article: I’ve helped law enforcement internationally (as well as exchanges) create procedures to communicate regarding cryptocurrency related cybercrime. Often times (and this ties into why people would pay for a Report) law enforcement doesn’t have the training on how to handle these types of incidents. Local/state police in the US often don’t even know where to direct victims (typically, would be an IC3 report) and victims (and sometimes law enforcement) often don’t know what should be in a report of one of these incidents. I’ve personally been helping establish best practice in law enforcement contacting these exchanges, sharing how to contact these exchanges, what these exchanges can provide in terms of both on-chain and off-chain forensics, etc.
Often times, this is another type of work I do “pro bono” because I believe in it. We can’t continue to operate in a world where the majority of these crimes go unpunished because there hasn’t been a book written on how to handle them.
This did well enough that Sanders could “donate six figures a year to charities and that’s what the business is for. I’m always thinking, what can I do to raise more money for charities?” — but also needed to raise $1,000 in a Kickstarter to “relaunch.”
SHplates included a pricing model in all products that included charitable donations. This percentile was way, way higher than numerous business mentors found sane, and I’m not ashamed to admit that. The most relevant thing for you to know is this: the six figures yearly for charity piece was often cash that didn’t land directly into a SHplates bank account, often raised via sites like CrowdRise, or through charitable events. Often, these were raffles of items we made.
On the other hand, you could very fairly question the fact I ran a business that ultimately failed — that’s fair, and I’ve got no shame in admitting that. I loved doing that work, I really did — but there just wasn’t a market for it. I’ll shamelessly tell you that business made far less than six figures yearly — it was a part-time operation for the majority of it’s duration, and post-kickstarter, was ran for around a year in a full-time capacity. Folks that went in on the Kickstarter got extensive value out of pitching in, and SHplates received absolutely zero external funding (besides my own cash) barring the StreetShares Grant you linked to. I’ve got zero issues being transparent about my business past, and, further, I can sleep with myself at night knowing I didn’t kill anyone’s investment into a company — more than can be said for a lot of companies in our industry, eh?
It broke my heart to end that business, I poured my lifeblood into it — it occupied my evenings and weekends (when I ran it as a part-time side hustle while working as a contractor at Google) — and that year or so I was full-timing it, I don’t even want to think about how many hours per week I worked. I’ll shamelessly say that for the hours I worked and what I compensated myself (enough to barely keep the bills paid) — it’d have been easily less than minimum wage. I had nothing to personally show for it besides a decent bit of personal debt for what I put into the business, however, I regret not getting the experience I did, and far more importantly — benefiting all the charities I did, getting to train some veterans and give them job skills that got them jobs, and above all else, do some pretty cool stuff for some pretty cool people. The artwork we made was really, really cool and serve as keepsakes for some that will echo for eternity.
In the blockchain world, he’s an advisor to Dusk, a securities blockchain startup, and “director of defense” for Energi,
I’ve worked with other ICOs, big name ones too — ChromaWay, Verv, currently Resistance. I also do a lot more than ICO advisory — I’ve worked on numerous cases as an expert witness. You’re probably right in that my LinkedIn could use a bit of nip and tuck. Regarding Energi — I’ll defer to that team to defend themselves against the ‘nonsense’ comment if they’re interested in doing so.
But if Sanders is honest and technically competent, that immediately puts him ahead of 95% of the crypto world.
I’d argue this is more close to 99%, and you’d be included in that 99% — if you’re speaking of general knowledge of blockchain tech. There are too many folks in this space for the wrong reasons.
If you’re speaking about technical competence, specific to the subjects you’d want to do an audit of me on — say, blockchain forensics, that sort of stuff? I’m too humble to tell you I’m some kind of savant. However, I will definitely tell you there are very, very few people I’ve ever come across that can do this kind of work — and that is not a self-kudos, but something I find wrong with this industry. As I mentioned earlier — I take pride in providing help to law enforcement. There are numerous blockchain forensics tool companies, but very few legitimate investigators. I refuse to uptalk myself — it’s simply not who I am, but there’s a reason why my DMs are through the roof with requests (which, side note, is one of the big reasons CipherBlade was created — there was a demand for the services we offer.)
Regarding honesty — if you haven’t noticed by now, some might say I’m too honest to be a business mogul. My integrity is my word and my lifeblood. Not counting investigations (where I will gladly lie under alter-egos to criminals) I can count on two hands the number of times I’ve ever lied in my entire life, and I can recite all of those lies.
It’s odd that they didn’t hire a better-known blockchain analytics firm
Starting off with “hire” — again, we weren’t hired. Regarding using another firm — who, though? As I mentioned above — there are firms like Chainalysis, CipherTrace, Blockseer, etc — but they aren’t offering the services CipherBlade does. If you can name drop a firm that provides similar services, I’m all ears — I’ve been saying for a while now I’d love to have competition. This industry needs more CipherBlades. As for being ‘better-known’ — we’ve spent precisely $0.00 on marketing. In this current phase, we just don’t need to — we have more than enough requests coming our way, primarily via word of mouth. Perhaps you may be alluding to (or perhaps I’m trying to see through your lens) ways beyond marketing — which is understandable. What I can tell you is that while CipherBlade becoming a name everyone in the blockchain industry knows is something I’m not opposed to, it’s not at the top of my priority list: it’ll happen organically. People coming to use for help on situations has happened organically.
But trying to imply that money-laundering doesn’t happen there, or is meaningless to the extent it does happen, is nonsensical.
We never implied money-laundering doesn’t happen on ShapeShift. In fact, as you know, we openly shared we found $3M. ShapeShift was extremely well aware that if we found the $9M WSJ alleged, that the CipherBlade report would reflect this. Further, there is significant meaning behind analyzing the extent instances of laundering takes place on any platform. Analyzing how much money has gone through any system contingent with volume is a KPI that’s existed before blockchain was a thought, and continues to be a metric of review for anyone in the know on these topics. Obviously, in a perfect world, the amount would be $0 — but we live in a far from perfect world. If you’d like to break down percentiles of dirty funds going through other platforms, I’m keen to discuss more in-depth — but the short version is that, relative to other platforms, the percentile of laundered funds that went through ShapeShift is substantially lower, and yeah, this matters a lot.
Erik Voorhees, the exchange’s founder, is an archetypal Bitcoin libertarian. He sincerely thinks the sector doesn’t need regulation, and sees current regulations as damnable impositions. And that’s fine — there’s always a dialectic between the regulators and the institutions on how much to regulate.
While there are no datapoints I’m going to argue here, I wanted to quote this to let you know that I could speak extensively about the regulatory environment. I definitely deviate from Erik’s stance on a few things, and that’s fine — so long as folks in this industry are receptive to paradigm shift when provided data they can’t refute, we’re in a great spot. I’m often asked by regulators for my take on things, whether in the US or while traveling elsewhere (had that one discussed while I was in Toronto for unrelated business — performing a solvency and security audit for a crypto exchange.) I’m a realist, and it seems you are too. I’d prefer as little regulation as possible, and perhaps that’s where I share initial ground with Erik — but I’m also perhaps a bit too aware of human nature, and why some regulation will need to be in place based upon human nature (whether that human nature is public best interest in preventing crime, or the human nature that entails some self-regulation efforts for blockchain companies just may fail.) This is probably a much more in-depth and unrelated conversation, but one I’d be happy to have if you’d find it valuable for the public. I mention all of these things because one of the other bits of response we got seemed to paint CipherBlade in a basket of “big brother” — and I’m often talking about how there is a line between what I think you’d probably consider crypto-anarchism and what I’d personally view as a bit more of a crypto-libertarian approach.
Correcting a paper on a report you believe they got wrong is fine too — papers are often mediocre, and get things wrong. We can suck. But painting such investigations as inherently unfair is not how anything works, and just makes you look bad. It’s better to own the bad things that happened, and document what you’ll be doing about them going forward.
Thing is — this isn’t a belief. It’s one data set (CipherBlade’s) with clearly-defined criteria against another report that had, well, not that. As we’ve put out there — we invite people to check our work. This is more than could be said for the WSJ. As for owning the bad things that happened — that’s on ShapeShift’s end, and obviously nobody is happy about the $3M figure there, but it’s obviously (as described above) not the damning claim the WSJ suggested. I’m not quite sure how else they could own it. Regarding document what will be done going forward (obviously I’m not speaking for ShapeShift) — beyond the obvious implementation of KYC, what suggestions do you have here? I can tell you that publicly sharing the proverbial AML playbook isn’t a smart move, and Changelly has dealt with backlash about not publicizing elements of their KYT protocol, which I’d imagine you’re aware of. I have tons of conversations about this topic, and again, would be happy to provide you more insight.
Your public isn’t just your fellow bitcoiners any more. If you’re dealing in real money, society expects you not just to be on the level — but to be able to show that you’re on the level. And that’s not just the regulators — it’s the news outlets, and especially the financial press. And the press’s readers. The expectation is social, not just some outside imposition by the state.
Agreed in full, and perhaps you’re simply unaware of the efforts CipherBlade takes (and I take personally) to get on that level. I can, and have, speak about this for an eternity. That exchange audit I just did in Canada — that’s in direct alignment, society’s expectations need to be higher. Unfortunately, it took Quadriga to even get some exchanges to do these sorts of audits. This goes beyond just the press and readers, but to that last point — agreed, and this is what prompted me to reach out to you; because if you practice what you preach, this is well worth the time for both of us.
Your subscriptions keep this site going. Sign up today!
This is classic PR goo.
“I have a business plan that results in way more money going to charity, at least in theory, than any sane business person would accept, haha I’m so random!”
This industry is full of bad people and I’m just here to try to make it all above board.
No mention of shell companies in the Marshall Islands. Why does an auditor need this structure, is he an auditor/hedge fund for the Ayatollah?
There’s a lot more to this story.
Good on you for posting the response.