In the past week, the office of Special Counsel Robert Mueller at the U.S. Department of Justice (DOJ) indicted twelve Russian intelligence officers for interfering in the 2016 presidential campaign through a bold and sophisticated hacking campaign. Notably though, the indictment’s tenth count detailed how these intelligence officers, members of Russia’s Main Intelligence Directorate of the General Staff (GRU), mined and used cryptocurrencies to fund the infrastructure necessary to carry out their operations.

The indictment notes that the GRU officers “conspired to launder the equivalent of more than $95,000 through a web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin.” Though the GRU officers also used fiat currencies to fund their efforts, the indictment states that “they primarily used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity. Many of these payments were processed by companies located in the United States that provided payment processing services to hosting companies, domain registrars, and other vendors both international and domestic. The use of bitcoin allowed the [GRU officers] to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and sources of funds.”

One example of this infrastructure is the domain dcleaks.com, which was the first of three websites used to publish emails belonging to Democratic Party members and U.S. military officials. The GRU officers registered the domain on THCservers.com—“a brightly lit, family-run internet company on the former grounds of a communist-era chicken farm outside the Romanian city of Craiova”—using the fictitious name “Carrie Freehan,” a resident of New York. They paid for this using an unnamed U.S. payment processing service, which was provided with “nonsensical addresses such as ‘usa Denver AZ,’ ‘gfhghghfhgfh fdgfdg WA,’ and ‘1 2 dwd District of Columbia.’” A separate company, the Malaysian-based firm Shinhiru Technology, was then paid to host the website and its stolen files through the electoral cycle.

Where is the Problem?

While the indictment notes that the Russian intelligence officers used cryptocurrencies to in order to take advantage of their “perceived anonymity,” the indictment was silent on the fact that these very same Bitcoin transactions were what might have helped Mueller uncover the GRU officers’ infrastructure.

Cryptocurrencies such as Bitcoin rely on an underlying technology known as the blockchain. Essentially an enormous ledger distributed amongst a network of computers around the world, the blockchain records all transactions and addresses done using Bitcoin. As such, if one can link an address to a specific expenditure or name, then it becomes possible to follow the money trail back to the source. In other words, Bitcoin is less anonymous and easier to track than, say, U.S. dollars.

Still though, the fact remains that these GRU officers attempted to launder money and evade scrutiny that would have otherwise brought their activities to light sooner. Partially at fault here are, in the words of the indictment, “one or more third-party exchangers who facilitated layered transactions through digital currency exchange platforms providing heightened anonymity.”

There generally exist three kinds of cryptocurrency exchanges.

The first are the fiat on-ramps, where one’s fiat currency can be traded for cryptocurrencies. These possess robust Know Your Customer (KYC) and Anti-Money Laundering (AML) processes similar to those found at traditional financial institutions. Governments around the world have come down hard on these kinds of exchanges in recent months too, particularly after the recent boom in cryptocurrency prices. As such, if a prospective cryptocurrency buyer is not willing to submit to identity verification processes, they are effective shut out of these exchanges.

The second kind of exchange are those that are solely focused on trading cryptocurrencies. These vary in terms of compliance, ranging from compliant to having anonymity as a selling point. While this is seen as a must by libertarian and privacy-oriented individuals who harbor no ill intentions, bad actors can still potentially use these exchanges to launder or attempt to hide the origin of funds. Consider as an example the world’s number one exchange in terms of daily volume: Binance. At the moment, anyone can open a “level 1” account on Binance without submitting to any KYC/AML procedures. From there, one can deposit Bitcoin or other cryptocurrencies and begin trading straight away. The only visible impediment is a twenty-four hour withdrawal limit of two Bitcoins’ worth of cryptocurrencies per day (worth roughly around $13,000, by current market prices). Aside from that though, a user could hypothetically create multiple accounts on the exchange, deposit Bitcoin in them, and use these accounts to layer their transactions. One could perhaps trade Bitcoin for “privacy coins”—cryptocurrencies that are designed to be privacy-centric and anonymous—and move around these privacy coins through multiple addresses, effectively obscuring the origin of one’s funds.

Finally, and likely the kind of platform used by the GRU officers, there are services that facilitate over-the-counter exchanges of cryptocurrencies. Here, prospective buyers and sellers interact with each other directly, setting terms and potentially using a third party as an escrow service to help facilitate trades. Though these services often come with a price premium, they still help preserve some user anonymity—something that is often taken advantage of by criminal elements. As an example, look no further than the news this past week that a former stockbroker from California was sentenced to one year in prison for “operating an unlicensed bitcoin-for-cash exchange business and laundering bitcoin that was represented to be proceeds of narcotics activity.”

Making Markets Safe

The cryptocurrency and blockchain space is expected to grow exponentially in the coming years—industry proponents believe it will open the door to the “internet of finance,” unleashing a new era of value transmission, capital formation, and creative enterprise. At the same time though, institutional investors are wary of the space, pointing to issues with market illiquidity, a lack of custody services, fraud and other illicit activity. The DOJ’s recent indictment will only reinforce the latter of those worries.

Moving forward, perhaps it is time for a dialogue on how regulatory authorities, exchanges and market participants can cooperate to ensure a safer and more compliant space for cryptocurrency activity. On Wednesday, July 18, the U.S. House Financial Services Committee will hold a hearing to discuss “The Future of Money: Digital Currency,” while the House Committee on Agriculture will hold a separate hearing regarding “Cryptocurrencies: Oversight of New Assets in the Digital Age.” (If the House Committee on Agriculture seems like an unusual venue to discuss cryptocurrencies, it is because financial regulators regard these assets as commodities, which the Committee on Agriculture has extensive experience with.) Policymakers should use these opportunities to begin exploring how cryptocurrency exchanges and peer-to-peer services can be brought into better compliance for the public good.

Carlos Roa is the assistant editor at the National Interest.