CFTC cracks CZ’s phone, sues Binance — what’s a little terrorist financing between friends

By Amy Castor and David Gerard

The CFTC dropped a bomb on the world’s largest offshore crypto casino on Monday. It’s suing Binance and its founder and CEO Changpeng Zhao (“CZ”) for violating US commodities trading laws. Samuel Lim, Binance’s former chief compliance officer, was also charged with “willfully aiding and abetting” Binance’s violations. [Press release; complaint, PDF]

The civil complaint, filed in the Northern District of Illinois on March 27, alleges that Binance violated seven provisions of the Commodities and Exchange Act — including Bank Secrecy Act laws meant to combat money laundering and terrorist financing. (BitMEX executives got criminal indictments for doing the same.)

Binance failed to register with the CFTC, yet it allowed US customers to trade derivatives on its platform. It instructed those customers to use VPNs to hide their locations and directed “VIP customers”  — who are usually institutional traders — to open accounts using shell companies.

The agency seeks a permanent injunction to stop Binance from further violating commodities trading laws. It also seeks to recoup trading profits, revenues, salaries, and other money derived as a result of the violations — and monetary penalties.

This 74-page complaint is an incredible read. We suspect there’s a sealed Department of Justice complaint just waiting for CZ. (He’s currently in Dubai, where he bought a home in 2021.) [Bloomberg, 2021]

Since CZ launched Binance in July 2017, his entire business model has been built around evading regulators — avoiding having a headquarters, moving his business around, or just outright lying.

CZ is sure he’s smarter than everybody and will never get caught. We think he’s running out of runway.



The complaint

The CFTC says that Binance makes a lot of its money from providing CFTC-regulated activities to US entities, which the exchange has worked hard to acquire and serve — particularly large high-frequency trading firms located in Chicago and New York.

CZ and Lim actively helped US customers evade Binance’s claimed compliance controls. CZ personally provided customer service to some of these large customers.

We hope you’re not too shocked to hear that Binance trades against its own customers:

Binance has traded on its own platform through approximately 300 “house accounts” that are all directly or indirectly owned by Zhao, as well as accounts owned by Merit Peak and Sigma Chain. Zhao has also traded on the Binance platform through two individual accounts.

Binance does not disclose to its customers that Binance is trading in its own markets in its Terms of Use or elsewhere.

Binance isn’t one corporation — it’s subdivided into lots of entities. But CZ controls all of the Binance entities and runs them “as a common enterprise.”

Binance’s maze of corporate entities is so deliberately confusing that its own chief strategy officer once said that Binance was a Canadian company. (CZ is Canadian.) Binance later clarified that it was an “international company.”


The evidence presented by the CFTC includes Signal chats and leaked documents and emails. It appears that one of the agencies investigating Binance got into CZ’s phone at some point.

Chats via Signal with auto-delete are routine at Binance. But the metadata is preserved, and the evidence includes quotes from Signal chats themselves. CZ has apparently told Binance employees to use Signal when communicating with US customers.

Very Important Persons

Binance is especially helpful to its VIP customers. VIP status offers reduced transaction fees and “white-glove customer service.” Higher status VIPs also get “preferential access to Binance’s matching engines.” There is a dedicated VIP Team for customer service.

One important VIP benefit: “prompt notification of any law enforcement inquiry concerning their account.” Binance would notify VIPs at the point of an account freeze and immediately after the unfreeze:

VIP team is to contact the user through all available means (text, phone) to inform him/her that his account has been frozen or unfrozen. Do not directly tell the user to run, just tell them their account has been unfrozen and it was investigated by XXX. If the user is a big trader, or a smart one, he/she will get the hint.

Getting US customers onto

In February 2019, CZ and Lim were worried about the regulatory risk of US customers — generally institutional and VIP — using the API.

They wanted to move customers to a new platform, Binance US — though some customers would have the choice to stay on, where the derivatives and the trading volumes are.

CZ and Lim’s solution:

  1. Encourage the customers to set up new accounts, with new non-US know-your-customer information (KYC).
  2. The new accounts would keep the old customers’ VIP status and privileges.

CZ set this policy himself:

We do need to let users know that they can change their KYC on and continue to use it. But the message, the message needs to be finessed very carefully because whatever we send will be public. We cannot be held accountable for it.

For two years, Binance didn’t restrict US customers at all. purportedly cut off US customers in June 2019 when it set up Binance US.

Binance staff helped US VIP customers create new accounts with non-US KYC from June 2019 — with CZ’s full awareness.

Binance’s firm technological restriction keeping out US customers was … a browser pop-up:

The pop-up did not block customers from logging in to their account, depositing assets, or trading on the platform, it just asked them to self-certify that they were not a U.S. person before accessing the platform by clicking a button on the pop-up.

This quoted chat has caught a lot of attention:

VIP team member: Hi CZ . . . I went through list of affected API clients, it includes a number of large strategic accounts including [a Chicago-headquartered trading firm] who is currently is a top 5 client and 12% of our volume

Zhao: Give them a heads up to ensure they don’t connect from a us Ip. Don’t leave anything in writing. They have non us entities. Let’s also make sure we don’t hit the biggest market makers with that email first. Do you have signal?

(Our first guess was that this firm was DRW Cumberland or Jump Trading — but we’re told that apparently it may not be.)

Binance customer service includes instructions on using a VPN so that both parties can pretend the customer isn’t in the US. Lim helpfully stated Binance’s intent in writing:

Because if US users get on .com we become subjected to the following US regulators, fincen ofac and SEC. But as best we can we try to ask our users to use VPN or ask them to provide (if there are an entity) non-US documents. On the surface we cannot be seen to have US users but in reality we should get them through other creative means.

Binance did try to push some US customers off and onto Binance US. But, per Lim:

if their volume is really very big we will push hard on .com to accept it on an exceptional basis . . . CZ will definitely agree to this lol. but they need to really be doing sick ass volumes . . . we always have a way for whales.

For large enough Binance US customers, Lim said they could “find a way to backdoor them to .com.”

Binance helped its customers set up non-US shell entities for the specific purpose of evading the regulations about US customers on an unregistered platform. Willfully evading commodities regulations is itself illegal under Dodd-Frank.

Binance set up a “broker program”, in which third parties would bring in new customers. Binance did not, of course, do a thing to stop US customers from coming in this way.

“Exchange brokers” would transmit their customers’ orders directly to “Prime brokers” would recruit and accept orders from institutional customers, including US ones.

Prime brokers could also open sub-accounts for their customers — without KYC for those customers. The prime brokers’ customers access the API directly.

One customer, referred to in the complaint as “Trading Firm A,” was a Delaware corporation headquartered in Chicago. It switched its Binance KYC to a Cayman subsidiary, and later a Netherlands subsidiary which traded via a prime broker. Binance was careful to advise them to use a VPN to set up these accounts, so as not to trigger Binance’s US IP blocker.

(Update: Radix Trading has identified itself as “Trading Firm A.” [WSJ, paywalled])

Another customer was a New York firm that traded via cutouts in Singapore and the Caymans. CZ personally provided customer service to the CEO via phone and Signal.

Binance hosts networking and social events in the US for its top US customers such as “top heavy weights of hfts, prime brokerage, [and] vcs.”

Customer service, with just some light treason

Binance was famous for its 2 BTC loophole. For years, you could withdraw two bitcoins’ worth without any KYC. Amy wrote about this in a now-deleted story for the Block in 2018. [The Block, archive]

Even after mid-2019, Binance kept the loophole open — per the CFTC, customers could “sign up, deposit assets, trade, and make withdrawals without submitting to any KYC procedures as long as the customer withdrew less than the value of two BTC in one day.” 2 BTC was $138,000 in November 2021.

CZ said in June 2019 that “under 2 BTC users is a very large portion of our volume, so we don’t want to lose that.”

Who let the KYC get so lax? It was CZ himself, and the staff knew that: “Cz doesn’t wanna do us kyc on .com,” said Lim in a chat with the compliance team. Lim admitted that “.com doesn’t even do AML namescreening/sanctions screening.”

This led to issues when Binance wanted to do business with less casually criminal entities, such as Paxos — a US entity under New York regulation — for Binance’s BUSD stablecoin.

In October 2020, Paxos requested a compliance audit. Binance deliberately got an auditor who would “just do a half assed individual sub audit on geo” to “buy us more time.”

Binance’s money laundering reporting officer (“MLRO”) lamented that she would “need to write a fake annual MLRO report to Binance board of directors wtf” for Paxos. (And Binance doesn’t even have a board of directors — just CZ.) Lim reassured her that he could get management to sign off on the fake report. The MLRO also told Lim “I HAZ NO CONFIDENCE IN OUR GEOFENCING.”

Binance was right on the case when criminal activity might be happening on the platform:

Lim acknowledged in a February 2020 chat: “Like come on. They are here for crime.” Binance’s MLRO agreed that “we see the bad, but we close 2 eyes.”

… Can let him know to be careful with his flow of funds, especially from darknet like hydra
He can come back with a new account
But this current one has to go, it’s tainted

What’s a little terrorist financing between friends?

in February 2019, after receiving information “regarding HAMAS transactions” on Binance, Lim explained to a colleague that terrorists usually send “small sums” as “large sums constitute money laundering.” Lim’s colleague replied: “can barely buy an AK47 with 600 bucks.”

CZ did still worry slightly:

Downside risk is if fincen or ofac has concrete evidence we have sanction users, they might try to investigate or blow it up big on worldstage.

What happens next

Per the complaint, the large US traders make up 15-20% of Binance volume. Losing these will be a hit to Binance — and Binance is most of the crypto trading economy. Bitcoin dropped $500 in the hour before the suit dropped, and another $500 on its release at 15:00 UTC. Binance’s internal BNB token dropped 5%. BUSD lost another $500 million in the twenty-four hours after the suit was publicised. [Coindesk]

CZ has responded to the suit by tweeting “4,” his codeword for “ignore the FUD.” He’s also put up a blog post, reassuring us that Binance has done nothing wrong! [Twitter, archive; Twitter, archive; Binance, archive]

The complaint is odd. It presents a list of serious crimes and sanctions violations and then charges CZ, Lim, and Binance with … providing unregistered derivatives trading to US institutional customers.

Matt Levine writes up the complaint in accurate detail — but with a view that this is primarily a CFTC operation, and crime from a crypto exchange is just to be expected along the way. Sure. [Bloomberg]

But then, how did the CFTC get the judicial authority to get into CZ’s phone?

It’s not impossible that the CFTC has somehow transmuted into a finely honed strike force of badass Magnum-toting forensic accountants in sunglasses. But we have our doubts.

We think it’s more likely that the Department of Justice wants to nail CZ, but would like all the criming shut down in the meantime — so they let the CFTC at the evidence stash.

This complaint reads like it has a shadow twin document — a sealed indictment that’s just waiting until CZ can be extradited.

Become a Patron!

Your subscriptions keep this site going. Sign up today!

7 Comments on “CFTC cracks CZ’s phone, sues Binance — what’s a little terrorist financing between friends”

  1. DOJ? maybe. but whistleblower from inside company more likely. monetary incentive to provide CFTC with info. and possibly protection from prosecution.

      1. It’s so weird that a few lines in there make it seem like they have access to his actual phone and not just the traffic from it. Makes me wonder if they somehow got ahold of backups off the cloud he didn’t realize he was making because how could he not know he’d lost his phone?

        1. If a nation-state takes a serious interest in you, your phone data is theirs. Especially if they have subpoena powers over the two large American corporations that control most mobile phones. I’m just surmising there and have no actual information, you understand.

          (I’ve chatted to people involved in El Salvador hacking local journalists with Pegasus. I assure you that Salvadorans, for example, have a detailed understanding of information security and doing well enough with the tools to hand.)

          It’s possible that CZ was using a phone with a “security” version of Android, which may even have kept up with zero-days.

  2. I do wonder who originally leaked this evidence. Perhaps CZ has a whistleblower or a mole on his hands?

    (I guess it’s also possible that some US alphabet agency hacked him, but I doubt that – Binance doesn’t seem quite crooked enough to justify showing that hand.)

  3. Money Laundering regulations are the elephant in the room for anyone who thinks they can anonymise financial transactions.

    If you run a trading platform, or accept deposits, or trade a security, you have to know the beneficial owners of your counterparties and the source of funds.

    You have a legal duty to report suspicious funds and transactions, and it is a criminal offence to fail to do so in the US, the UK, and the EU. Further, there is a duty of diligence: not knowing is no defence and both civil and criminal prosecutions can be initiated as ‘You should have known’ – it is your legal duty to find out, and operate managerial and electronic systems that capture this information and record it.

    A system designed to obfuscate, rather than facilitate the identification of beneficiaries and the source of funds, would be presented by prosecutors as evidence or even proof of criminal intent.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.