AML Terrorism: The Dark Side of Transaction Monitoring

AML Terrorism: The Dark Side of Transaction Monitoring

Have you ever considered whether the cryptocurrency you receive from a stranger might be “tainted” — previously associated with criminal activities? Many customers of the Rabbit Swap share this concern.

If cryptocurrency is flagged as “tainted” by specialized transaction monitoring systems, using it becomes extremely difficult. Recipients can check all incoming transactions using these systems, and if they detect any suspicious history, they may refuse to accept the crypto.

These monitoring systems aggressively promote their services, instilling fear in cryptocurrency users. The fear of receiving “tainted” cryptocurrency has become so widespread that the promotion of this idea could be called terrorism (from the Latin word “terror,” meaning “fear” and “horror”).

When we receive fiat money, we rarely worry about whether it passed through the hands of criminals ten transactions ago — it does not affect the money’s liquidity. However, with cryptocurrency, the situation is different: many people hesitate to accept crypto not only from criminals but also from honest yet unfamiliar individuals.

“What if it was once in the hands of criminals? After all, the blockchain records every transaction. What will I do with tainted cryptocurrency?” These fears, familiar to anyone who has seriously engaged with cryptocurrency, are a direct result of AML (Anti-Money Laundering) monitoring.

Who Conducts AML Monitoring and Why?

Several analytical firms flag cryptocurrency as “tainted” in the blockchain. The most notable include:

  • Chainalysis
  • Crystal
  • Elliptic
  • AMLBot

These are all commercial entities. Why do they do this? The answer is simple: profit. Users must pay these companies to check whether an address or a received transaction has been flagged. Without payment, individuals remain unaware of potential flags until a transaction is unexpectedly rejected due to its “tainted” status.

Verification costs range from $0.20 to $3 per check, with discounts for bulk inquiries. Some firms do not even offer services to individual users, catering exclusively to businesses and government agencies. As a result, ordinary users are left in uncertainty, potentially discovering at the worst possible moment that their cryptocurrency is flagged and, therefore, illiquid.

Discount announcement on the AMLBot websiteDiscount announcement on the AMLBot website

The problem is further exacerbated by the fact that each company maintains a separate database. Checking an address with one firm does not guarantee that it has not been flagged by another. This creates difficulties for platforms like rabbit.io. When users inquire whether we accept cryptocurrency from a specific address, we cannot provide a definitive answer. Our system automatically selects the best market offer for each exchange request, ensuring the most favorable rate. However, because we do not pre-determine liquidity providers, we cannot predict which AML control system they use.

The only thing we can say in such cases is that in cases where a liquidity provider rejects a transaction due to AML concerns, we’ll do our best to facilitate the return of the funds.

Abuse of AML Monitoring

Chainalysis

Since blockchain analysis companies operate for profit, their methodologies are trade secrets. As a result, no one outside these companies knows exactly how they classify cryptocurrency as “tainted.”

This lack of transparency has led to legal disputes:

  • In 2023, court evidence included an analysis by CipherTrace, MasterCard’s blockchain forensics division. Experts concluded that “Chainalysis’ attributions are unverifiable and should not be used in a court of law.”
  • In 2024, Chainalysis was sued for defamation after labeling the investment platform YieldNodes as fraudulent. Exceptional Media Ltd., YieldNodes’ parent company, filed a lawsuit demanding $650 million in damages for reputational harm and lost revenue.

Diagram where Chainalysis labels YieldNodes as a fraudulent projectDiagram where Chainalysis labels YieldNodes as a fraudulent project

Getblock

Some analytical companies provide general insights into their AML flagging methods. For example, a Bitcoin transaction checked by Getblock showed the following source categories:

  • Trusted (licensed exchanges)
  • Suspicious (unlicensed P2P exchanges)
  • Dangerous (gambling)

Screenshot from Getblock

A surprising revelation was that merely receiving Bitcoin from a casino could cause a transaction to be classified as “dangerous.” In real life, casinos are associated with wealthy people’s leisure, but on the internet, they’re so marginalized that someone might reject bitcoin won at a casino, calling it “tainted.”

Crystal and AMLBot

On November 20, 2024, the Crystal and AMLBot systems flagged addresses of several Russian cryptocurrency exchanges as “Stolen Coins” — despite no reports of theft-related incidents.

The founder of BitOK, another AML monitoring firm, criticized such baseless flagging, arguing that it damages the industry’s reputation. The practical consequences were severe: users who deposited these flagged funds into centralized exchanges faced account restrictions and withdrawals being blocked.

Automatic translation of messages about inaccurate flagging in the Telegram channel SatoshkinAutomatic translation of messages about inaccurate flagging in the Telegram channel "Satoshkin"

“Stolen Coins” is a very serious accusation, and exchanges were forced to respond. Otherwise, the exchanges themselves could have faced accusations of aiding criminal activities. Meanwhile, the analytical companies face no responsibility. Their terms of service state that their conclusions have no legal force, may contain errors, and are provided for consultation purposes only.

Cryptocurrency Exchanges

For CEXes, an AML label is often a non-negotiable red flag. Some platforms adopt a rigid compliance approach: if an address is labeled, no connections with it are allowed, without further review. The exchanges don’t care about any explanations or arguments.

I personally encountered this issue when transferring Bitcoin from Kraken to the Bitpapa P2P platform. Bitpapa’s compliance department stated that the received cryptocurrency had “high risk” status and asked me to provide video confirmation that the cryptocurrency was withdrawn from an exchange. I didn’t believe the “high risk” claim, as I was used to thinking that cryptocurrency from CEXes isn’t flagged this way. But without video confirmation, Bitpapa refused not only to credit the received amount to my balance but even to return it to Kraken. So I provided everything they requested.

Screenshot of the email from BitpapaScreenshot of the email from Bitpapa

But later it turned out that Bitpapa wasn’t deceiving me. The cryptocurrency received by Bitpapa was indeed flagged, and because of this, the address Bitpapa gave me for balance top-up was also flagged. When I later tried to send bitcoins to this address from Bybit exchange, I was warned that next time this could result in account termination.

Screenshot of the email from BybitScreenshot of the email from Bybit

Explanations were futile. Bybit adhered strictly to its AML policy, despite the lack of practical benefit in blocking withdrawals to a specific address — on Bitpapa, users can generate new deposit addresses at will.

This demonstrates how some exchanges use AML flagging more as a symbolic display of compliance than a genuine effort to combat money laundering. While this approach may be a mere formality for exchanges, for users, it can lead to real financial losses. Numerous online reports detail how CEXes have blocked accounts under the pretext of AML enforcement and refused to return remaining balances.

Is AML Necessary in Cryptocurrency?

Companies involved in AML flagging often make public statements that checking cryptocurrency for “cleanliness” is very important, and everyone must do it.

This frightens ordinary users even more. They reasonably assume that everyone follows such policies and checks transactions. And if all transactions are checked, it means that any cryptocurrency I send can be checked, found to have some wrong trace, and either returned (like Rabbit Swap does) or even blocked with a bunch of confirmations required (like Bitpapa did), while these confirmations aren’t always easy to provide.

This widespread fear fuels opposition to AML policies. Some argue that AML controls in cryptocurrency are fundamentally flawed, making arguments like:

  • A money recipient cannot be responsible for the prior owners of the funds.
  • If a criminal pays with stolen money in a store, it doesn’t make the store seller a criminal.
  • And it certainly doesn’t make the next customer a criminal when the seller gives them change with this money.
  • But in the modern AML system, both the store seller’s address and the next customer’s address are marked as “tainted,” and even the address of whoever this customer later transfers money to

However, these arguments overlook a critical distinction: fiat currency is legally mandated for acceptance, regardless of its history. Other forms of property, including cryptocurrency, are not. If stolen goods are resold, they remain stolen until legally recovered. The same principle applies to stolen cryptocurrency, which is why tracking it is deemed necessary. However, this logic does not justify flagging legitimate transactions — such as winnings from a casino — as “dangerous.” After all, gambling is one of the most common uses of cryptocurrency.

What Can Be Done?

Recently, a Hong Kong law firm sent a lawsuit notice to an anonymous cryptocurrency wallet owner directly through the blockchain, by embedding the information in a blockchain transaction.

A lawsuite notice in the blockchain

This case shows that any interested party can independently “flag” an address in the blockchain. If a user’s cryptocurrency is stolen, they could mark the recipient’s address with a publicly visible, non-transferable blockchain token detailing the incident. In blockchains where creating such tokens is impossible, other solutions can be found. If you think hard enough, surely something will come up. Off the top of my head, I can think of ideas involving timelocks and inscriptions.

Someone who has suffered from fraud or cryptocurrency theft doesn’t need intermediaries in the form of companies making blockchain flags on a commercial basis and not being responsible for the results. I think the victim themselves can handle the flagging task much better. They won’t just put a “Stolen Coins” flag but will explain exactly what happened. After all, they know this better than anyone. And in case of fraud, the recipient can restore their good name through court and attach the court decision to their address using a similar token.

While abuse of such a system would still be possible, the uncertainty and fear surrounding AML flags would diminish. Users would no longer need to rely on opaque, profit-driven firms to check their addresses. Instead, they could check the blockchain directly to determine whether any party has marked their address as tainted. If no flags exist, transactions could proceed with confidence, knowing that the recipient has no grounds to call them “tainted.”