1/27 Dive into Whirlpool with a high-stakes example of how a little privacy goes a long way.
This @BitcoinMagazine article explores how CoinJoin could have preserved the anonymity of those involved with the Canadian Freedom Convoy #bitcoin donations. bitcoinmagazine.com/technical/free…
2/27 All Bitcoin txs are public, you don't even need a node to look at them. Just a simple block explorer website like mempool.space. Even though your PII is not stored on this public blockchain, leaving links on-chain to fiat on/off ramps can have its consequences.
3/27 Using real events around the Canadian Freedom Convoy #bitcoin donations and to better understand what's at stake in this situation, here is a timeline of notable events:
Jan 28 - Truckers start arriving in Ottawa.
nytimes.com/2022/01/28/wor…
4/27 Feb 1 - @HonkHonkHodl receives first #bitcoin donation. Not many people were using #Bitcoin to donate to the Freedom Convoy, many more donations were being made with traditional crowdfunding platforms. This would soon change.
5/27 Feb 5 - @gofundme announces that all donations to the Freedom Convoy would be refunded to donors, banning any further involvement between the crowdfunding platform and the Freedom Convoy. This was essentially an advertisement for unstoppable money like #bitcoin.
6/27 Feb 7 - @GiveSendGo is compelled to freeze access to millions of dollars donated to the Freedom Convoy by order of the Ontario Superior Court of Justice.
cbc.ca/news/canada/to…
7/27 Feb 11 - Ontario declares a state of emergency, explicitly making it "illegal & punishable to block or impede the movement of goods, people, & services" with a maximum penalty of $100k + 1 year in prison.
cbc.ca/news/canada/to…
8/27 Feb 14 - @JustinTrudeau invoked the Emergencies Act with 2 sweeping financial implications: capture crowdfunding platforms & payment processors under the Proceeds of Crime & Terrorist Financing Act and require them to register with/report to FINTRAC.
cbc.ca/news/politics/…
9/27 On the same day as the Emergencies Act was invoked, @HonkHonkHodl closes out the fundraiser having exceeded the original goal, reaching nearly 21 bitcoin.
10/27 Feb 15 - A Mareva Injunction filed in the Ontario Superior Court of Justice (a $306b class action lawsuit) named several individuals, organizations, & anonymous entities as defendants. Stipulating penalties for those caught "helping" defendants.
ottawaconvoyclassaction.ca/order-mareva.p…
11/27 Feb 16 - News broke that the RCMP published a blacklist of cryptocurrency addresses related to the Freedom Convoy donations.
12/27 What transpired in less than two weeks is the Canadian government managed to cut off revenue streams to and label an entire swath of the population criminals. Demonizing them, disregarding their rights, & penalizing those around them. The power of "emergencies".
13/27 The future is uncertain but the blockchain is forever. Using @oxt_btc & actual on-chain txs related to the Canadian Freedom Convoy #bitcoin donations; here is how an entity, "Alice", could be linked to these events and pulled into the class action lawsuit or face penalties.
14/27 Alice started with a 28 BTC UTXO, she made several txs using this large UTXO as an input each time, peeling off a small spend amount and having the bulk of the input returned as change. This is called a "peel chain" and it is very easy to follow.
15/27 Unfortunately for Alice, a few txs prior to her donation, she peeled off a small spend to a @coinbase wallet. On-chain heuristics make the reasonable assumption that this was her account. A simple data request and LE has Alice's selfie, ph #, physical address, etc.
16/27 When Alice made her donation, 24.07 BTC were used as the input, with a 0.25 BTC output as the donation spend, and 23.82 BTC returned to Alice as the change output. Then Alice's donation was consolidated & moved downstream by the donation organizers.
17/27 The entity in control of the donations made several txs that consolidated bitcoin and moved the new balances to new addresses. Throughout the entirety of the @tallycoinapp fundraising campaign, the same #Bitcoin donation address was used to collect the donations.
18/27 In order to disburse donations to truckers, the entity in control of the bitcoin established 100 different wallets. They made 3 deposits to each wallet. Unfortunately, they used the same address in each wallet instead of using a new address each time.
19/27 The majority of the trucker deposits have remained unspent. The ones that have been spent have gone to KYC exchanges like @coinbase, Crypto.com, & @krakenfx. All of those addresses are flagged, spending one to a KYC exchange is asking for trouble.
20/27 This is unfortunately how Alice will be irrevocably connected to a party of interest; through deterministic links & on-chain heuristics.
21/27 To understand how Whirlpool breaks deterministic links & disrupts on-chain heuristics, it is important to first understand basic txs like Alice used when spending to @coinbase. There is only one way to interpret this tx: Alice owned the 28.48 BTC input.
22/27 Whirlpool txs on the other hand, have 5 inputs and 5 equal sized outputs. This can be interpreted many ways and none of the interpretations can be made deterministically. Strict rules enforced by the blinded coordinator ensure maximum anonymity is achieved.
23/27 Re-mixing is free & increases anonymity. For every tx where one or more outputs goes to another CoinJoin, the possible outputs connected to an input of interest grows & grows. These possible outputs are blue dots, red dots lead to another CoinJoin & 5 more possibilities.
24/27 By the 7th layer, there were 1 of 133 possible txs & 2 unspent outputs to follow. 42 of the outputs lead to further Whirlpool CoinJoins. By the 8th layer, I couldn't manually count the possibilities any longer.
25/27 This is the asymmetric advantage afforded to Whirlpool users. Alice could have made the donation with a Whirlpool output & protected her prior tx history. Likewise, truckers could use Whirlpool now to break those deterministic links to the Freedom Convoy donations.
26/27 There are 3 ways to Whirlpool and 2 wallets that have implemented this powerful privacy tool. @SamouraiWallet developed Whirlpool and has integrated it into their mobile app with several other privacy preserving tools/techniques.
27/27 @SparrowWallet has implemented Whirlpool in their desktop app along with some of the same privacy preserving post-mix spending tools. There will be more guides to follow that explain, step-by-step, how to put these tools to use.
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.