The Crypto Money Laundering Myth and the Machine Working Overtime to Sell a False Narrative

2022-07-19

Last week we published a blog that debunked the myth often pushed by adversaries of our industry that crypto is a “haven” for illicit money laundering. Sadly, our industry has to continue addressing these issues over and over again as interested parties continue to spread disinformation or purposely mislead the general public by leaving out critical context, such as how much more effective crypto is than the traditional banking system at casting sunlight on illicit activity. 

Sadly, we have seen these types of misleading articles seep into more esteemed media outlets on occasion. One author who has published a number of these “breathless pearl clutching” articles ran another piece today. And like their last article, which was brutally fact-checked by multiple third parties including the centerpiece of their story, this  latest iteration is rife with falsehoods, massive leaps to conclusions, and relies on poor data that could have been fact-checked by reaching out to one of the major on-chain analyst firms, like Chainalysis or TRM.

We highly suggest you ignore those authors and pundits who cherry pick data, rely on conveniently unverifiable “leaks” from regulators, and feed into the cult of crypto paranoia for fame or financial gain. Instead just look at the facts. Neither our industry or Binance is perfect, but we have grown by leaps and bounds over the past three years. Crypto is a completely new innovation. And just like many regulators and policymakers, we’re still working through what an appropriate regulatory framework should look like. 

According to Chainalysis, a blockchain analysis company that specializes in crypto and blockchain analysis, of all transactions made with cryptocurrencies in 2021, 0.15% were associated with some type of illicit activity. The UN estimates that between 2% to 5% of traditional fiat (cash), about $800 billion to $2 trillion in current US dollars, was associated with some type of illicit activity. Crypto is incredibly transparent, infinitely moreso than the traditional cash economy, and this is well-documented. So you tell us where the real issue is regarding money laundering?

Rather than continue to argue our case here, we’ve once again published the full email exchange we had with Reuters below. Important to note that we offered them an opportunity to speak with the two senior investigators that actually led the casework to take down Hydra and Lazarus and offered to review the UID and wallet information that they claimed they were basing their reporting on. They declined both.

We suggest you read the email exchange below and make up your own mind as to whether they honestly attempted to cast light on a subject or sell fear and paranoia clickbait to their readers.

Our Email Exchange With Reuters

From: Patrick Hillmann

Sent: Monday, Mayl 23, 2022 10:19 AM

To: Berwick, Angus (Reuters); Wilson, Tom (Reuters)

Subject: [EXT] Reuters' questions for Binance

Dear Patrick,

As we mentioned in our previous email, Reuters is reporting an article on Binance which assesses the impact of past gaps in Binance’s anti-money laundering checks. This reporting follows our January article which showed that Binance kept weak anti-money laundering checks whilst it promised tougher compliance, despite concerns raised by senior company figures.

Our reporting indicates that Binance served as a conduit for the laundering of billions of dollars of illicit funds between 2017 and 2022. Based on an examination of blockchain data, court records, and law enforcement statements, we have calculated that during this period Binance processed transactions totalling at least $2.4 billion stemming from hacks, investment frauds and illegal online drug sales. The article covers a range of civil and criminal cases, and we have interviewed law enforcement officials, researchers, and crime victims in nine countries.

We would be grateful if you could respond to our questions below by the end of the week and raise anything that we may have overlooked. 

Our aim is to fully reflect Binance’s position in the article, and to ensure our reporting is accurate. If you would like to discuss these questions, we would be very happy to do so. 

Best regards,

Angus and Tom

QUESTIONS

From an examination of blockchain data, court records and statements by law enforcement, Reuters has calculated that Binance processed transactions totalling at least $2.4 billion stemming from hacks, investment frauds and online illegal drug sales between 2017 and 2022. Reuters shared this calculation with two leading industry analysis firms, which agreed with the estimate. The calculation includes several dozen small cases and the following large cases: $780 million on Hydra Market, $840 million from the Finiko ponzi scheme, $100 million from Pakistan’s Cyber Storm fraud case, and $381 million from the WazirX illegal online betting case. 

  • Does Binance consider this calculation accurate? If not, please can you explain where the inaccuracies lie?

  • Does Binance have any further comment on this figure?

Chainalysis, a blockchain research firm, concluded in a 2020 report that Binance received criminal funds totalling $770 million in 2019 alone, more than any other crypto exchange. Afterwards, Mr Zhao accused Chainalysis on Twitter of “bad business etiquette.”

  • Why did Mr Zhao accuse Chainalysis of “bad business etiquette”?

  • Did Binance consider Chainalysis’ report accurate? If not, please can you point to the inaccuracies?

Our article published in January showed that Binance kept weak anti-money laundering checks whilst it promised tougher compliance, despite concerns raised by senior company figures. In response to that article, Binance said the reporting was “wildly outdated.”

  • Does Binance have any further comment on our January article? In what way was the reporting outdated? 

During a 2020 video call with staff, Mr Zhao said know-your-customer rules were “unfortunately a requirement” of Binance’s business.

  • Why did Mr Zhao state that KYC rules are “unfortunately a requirement”? Does he still hold this view? 

  • Does Mr Zhao have any further comment on this statement? 

Our reporting indicates that at times, Binance’s compliance team has struggled with its workload. In January 2019, Mr Zhao asked other departments to help the compliance team run background checks due to an “overwhelming” number of new users. A team member complained to colleagues that one user was able to open an account by submitting three copies of the same receipt from a meal at an Indian restaurant.

  • Does Binance have any comment on this reporting?

  • How many employees did Binance’s compliance team have in January 2019? How many does it have now?  

Our reporting indicates that in late 2017, Mr Zhao unveiled a new strategy for Binance’s next phase of development. Mr Zhao said: “Do everything to increase our market share, and nothing else.” Mr Zhao said this was “the single goal for the entire company” ahead of profit, revenue and comfort.

  • Why did Mr Zhao instigate this new strategy?

  • How did this new strategy affect Binance’s enforcement of compliance?

  • Was compliance a lower priority than market share for Binance at the time this strategy was launched?

  • Does Mr Zhao have any further comment on these statements?

DARK NETS

Reuters reviewed detailed data on Binance client transactions on “darknet” sites. According to the data, Binance processed $780 million worth of drug sales on the world’s largest darknet market, a Russian language site called Hydra, from 2017 to 2022, making it the most popular mainstream exchange among Hydra users.

  • Does Binance have any comment on this figure? Does Binance consider it accurate? If not, please can you explain how it is inaccurate?

  • Was Binance aware that Hydra users were using Binance to process transactions? If so, what steps did it take to ensure it was not used to process funds related to Hydra?

  • Does Binance have any further comment on Hydra? 

In April, the U.S. Justice Department seized Hydra’s servers and indicted its alleged administrator. The Justice Department said Hydra had received in total around $5.2 billion in cryptocurrency for drug sales.

  • Does Binance have any comment on the Justice Department’s investigation into Hydra?

  • Has Binance been contacted by U.S. or German authorities regarding Hydra? How did Binance respond to any information requests? 

On Hydra’s Russian-language forums, which we reviewed prior to the site’s closure, since 2018 customers recommended using Binance to pay sellers, citing the anonymity Binance afforded its clients at the time by allowing them to register with just an email address. One user wrote, “This is the fastest and cheapest way I’ve tried.” Traders exchanged dozens of messages in 2021 and early 2022  about using Hydra on Binance’s own Russian community Telegram chat. One wrote last year, “The Hydra is thriving.”

  • Was Binance aware that Hydra users were using Binance to process transactions?

  • Does Binance have any further comment on these posts?

According to a report by the United Nations Office on Drugs and Crime, Hydra increased the availability of drugs in Russia and drove a surge in demand for synthetic psychostimulants like methamphetamine and mephedrone. Deaths from overdoses nearly doubled between 2018 and 2020, with cases of drug-related infections such as chronic hepatitis C on the rise too, figures from Russia’s anti-drug agency show. The U.S. Drug Enforcement Administration said Hydra’s services “threaten the safety and health of communities far and wide.”

  • Does Binance have any comment on the impact of Hydra in Russia and on the specific assertions of the two drug agencies?

One Hydra user told us she started buying mephedrone and ketamine on Hydra in 2019 to help cope with her bipolar disorder. Friends who used Hydra told her Binance was the safest way to pay dealers. Some of them used fake personal information to open Binance accounts, she said, but she uploaded a copy of her passport. Binance never blocked or queried any of her payments. She said the system’s anonymity made it easy. She continued to use Hydra and Binance until its closure.

  • Does Binance have any comment on this person’s account?

  • Was Binance aware that Hydra users were using Binance? 

Our reporting indicates that Binance was aware of the risk of illegal finance in Russia. Binance’s compliance department assigned Russia an “extreme” risk rating in 2020, citing unspecified money-laundering assessments by the U.S. State Department. In such instances, company policy required Binance to not accept users, according to a risk rating document produced by Binance’s compliance department. State Department reports from 2019 and 2020, without mentioning Hydra or Binance, warned that drug trafficking organisations in Russia were using virtual currencies to launder proceeds.

  • Which U.S. State Department assessments was Binance’s compliance department referring to?

  • What actions did Binance take to mitigate the risk of illegal finance and money laundering in Russia?

  • Does Binance have any further comment on this reporting?

Binance targeted Russia for expansion in 2018, saying in a press release then that its crypto community was “hyperactive.” Our article published in April detailed Binance’s efforts to dominate the Russian crypto market. Binance has continued to provide limited services in Russia since the country’s invasion of Ukraine.

  • Was Binance aware of its use by Hydra users whilst it was growing its market in Russia?

  • Does Binance have any further comment on its Russian market?

 LAZARUS

Our reporting indicates that a North Korean hacking group known as Lazarus has used Binance to launder some stolen cryptocurrency. The U.S. government and the United Nations have accused Lazarus of conducting cyber theft to fund North Korea’s nuclear weapons programme. Chainalysis estimated that Lazarus has stolen crypto worth $1.75 billion from 2017 to 2020 that then flowed through various exchanges. Chainalysis did not identify the exchanges.

  • Does Binance have any comment on this reporting and on Chainalysis’ estimate?

  • What measures has Binance taken to prevent Lazarus using Binance to launder stolen crypto?

In September 2020, Lazarus broke into a Slovakian crypto exchange called Eterbase and stole virtual currency worth some $5 million. The following day the hackers opened dozens of anonymous Binance accounts, using only emails for identification, and within 30 minutes traded approximately half of Eterbase’s stolen crypto, according to Binance’s correspondence with Slovakia’s national police.

  • Does Binance have any comment on the Eterbase hack and the hackers’ use of Binance to launder some of the money?

After news of the Eterbase hack circulated, Mr Zhao tweeted: “Will do what we can to assist.” But when Eterbase emailed Binance’s support centre on Sept. 10 2020, a Binance team member told the company that Binance could not share any account data.

  • Following Mr Zhao’s tweet, what did Binance do to assist Eterbase?

  • Did Binance decline to share account data with Eterbase and if so why?

  • Does Binance have any further comment?

Eterbase submitted a criminal complaint in September 2020 to Slovakia’s National Crime Agency, which requested information from Binance, saying in a letter that the funds were stolen by “anonymous attackers united under the Lazarus hacking group.” Binance declined, telling police they could not identify accounts connected to the hack. The following July, after another police request, Binance sent the agency records on 24 accounts, saying they had been empty for “over nine months” as “the assets were instantly traded.”

  • Why could Binance initially not identify accounts connected to the hack?

  • Does Binance have any further comment on the account of the incident given by police and Eterbase?

The account records that Binance sent to Slovakian police show the only personal information Binance held on the account holders was their protonmail email addresses, many of which were based on misspelled well-known names such as “bejaminfranklin” and “garathbale.” Within a half hour of opening most of the accounts, the Lazarus hackers passed an unspecified “security check” allowing them to withdraw crypto. Each account then converted portions of the stolen funds into just under two bitcoins, the withdrawal limit for a basic account.

  • What does an account “security check” consist of? How could Binance carry out a security check on anonymous accounts?

  • Does Binance have any further comment on these transactions?

A 2020 Binance compliance document says the exchange should provide no business to North Korean users due to U.S. sanctions. But the Lazarus account holders used virtual private networks to obscure their devices’ locations, our reporting shows.

  • Was Binance aware that North Korean users were using VPNs to access Binance?

  • Did Binance take measures to prevent users based in North Korea or elsewhere from using VPNs to access its platform? If so, please can you give details.

  • Does Binance have any further comment on the use of VPNs?

Eterbase has been unable to trace or recover the funds. After the hack, it stopped its operations and later filed for bankruptcy. Eterbase’s founder, Robert Auxt, says: “Binance had no idea who was moving money through their exchange.”

  • How does Binance respond to Mr Auxt’s statement?

  • Does Binance have any further comment on Eterbase?

In April, after another Lazarus hack in which it stole over $600 million from the Ronin blockchain project, Mr Zhao said on Twitter that an unspecified amount of the money was transferred to Binance. Mr Zhao said Binance had recovered almost $6 million.

  • What total amount of the hacked funds was transferred to Binance?

  • Has Binance recovered additional funds?

  • Has Binance been used by Lazarus to exchange funds stolen in any other hack?

MONERO

Since 2017, Binance has allowed traders on its platform to buy and sell the cryptocurrency Monero, which obscures the digital addresses of senders and receivers, offering users near-total anonymity. A Beginner’s Guide to Monero authored by Binance and currently available on Binance’s website says Monero is “desirable for those seeking true financial confidentiality.” Binance’s trading data shows it now processes Monero trades worth over $200 million a day, far more than other exchanges.

  • Why did Binance decide to allow traders to buy and sell Monero?

  • Does Binance plan to continue to offer Monero trading?

  • Does Binance have any further comment on its Monero trading?

Law enforcement agencies around the world have warned that Monero’s anonymity makes it a potential tool for money launderers. The U.S. Department of Justice, in a 2020 report, said it considered the use of “anonymity enhanced cryptocurrencies” like Monero “a high-risk activity that is indicative of possible criminal conduct.”

  • Does Binance agree with the U.S. Justice Department’s opinion of Monero?

  • What actions has Binance taken to mitigate such “high-risk activity”?

Mr Zhao has spoken in favour of “privacy coins” like Monero. During a 2020 video call with staff, Mr Zhao said privacy was part of people’s “financial freedom.” Mr Zhao didn’t mention Monero, but said Binance had funded other privacy coin projects.

  • What is Mr Zhao’s opinion of Monero? Has his opinion changed since 2020?

  • Does Mr Zhao have any further comment on Monero and privacy coins?

On darknet forums that we reviewed, dozens of users wrote about buying Monero on Binance to purchase illegal drugs. One wrote that Monero was essential to anyone buying drugs on the dark web.

  • Was Binance aware that Binance users were using Monero to buy drugs on the dark web? If so, what steps did it take to prevent such usage? 

Our reporting indicates that hackers have used Binance to convert stolen funds into Monero. In August 2020, hackers hijacked a cryptocurrency wallet belonging to an Australian man named Steve Kowalski by tricking him into downloading malware. They removed the 1,400 bitcoins he held in the wallet, worth some $16 million at the time. Investigators hired by Mr Kowalski traced most of his bitcoins through a series of wallets to four Binance accounts, where the coins were exchanged for Monero, according to testimony and blockchain analysis reports filed as part of an ongoing civil complaint Mr Kowalski submitted last year against Binance and other parties in Miami-Dade County, Florida.

  • Does Binance have any comment on Mr Kowalski’s case?

  • Does Binance have any comment on Mr Kowalski’s investigation into the theft of his funds? 

Mr Kowalski’s investigation showed that a U.S. software consultant called Brandon Ng, then living in Florida, was the owner of the Binance accounts. Mr Ng testified to the court that a crypto trading partner, who he knew online only by the username MoneyTree, deposited the bitcoins in his Binance accounts. MoneyTree, Mr Ng said, paid him a 1% commission to convert the bitcoin into Monero on Binance and then transfer it back. 

  • Does Binance have any comment on Mr Ng’s Monero trading activity on Binance?

  • Does Binance have any further comment on Mr Ng?

Mr Ng’s Monero trading had earlier raised alarms at the Poloniex crypto exchange, where he also had an account. In mid-2019, Mr Ng’s Poloniex account was frozen after it was flagged for “high risk exposure” to money laundering due to Monero withdrawals totalling over $1 million, according to Poloniex records filed with the court.

  • Was Binance aware that Poloniex had flagged Mr Ng as such? Why did Binance not do the same?

  • Does Binance have any further comment on his trading?

Mr Kowalski’s private investigators and lawyers contacted Binance soon after the theft, before Mr Ng converted the funds, and repeatedly asked Binance to permanently freeze Mr Ng’s accounts, their written communications indicate. The communications indicate that Binance declined, allowing Mr Ng to exchange the stolen bitcoin for Monero over several months. A Binance team member told one of Mr Kowalski’s private investigators in a Telegram message that “while it is highly likely the paths leading to this account are malicious,” Binance could not prove the accounts were “facilitating laundering.” When the investigator persisted, the team member upbraided him for “several issues with your tone.”

  • Does Binance have any comment on its communications with Mr Kowalski’s investigation team?

FRAUD CASES

 Police officials in four countries told Reuters that among Binance’s growing customer base in recent years were organised crime groups. According to police in Germany, investigators began seeing criminals in Europe turn to Binance in 2020 to launder some of the proceeds from investment fraud schemes that stole over €750 million from victims, many of them pensioners, through fake trading websites. Other investment frauds targeting people in Turkey, Britain and Pakistan also used Binance, authorities have said.

  • Is Binance aware of these investment fraud schemes?

  • What actions has Binance taken to tackle such schemes?

  • Does Binance have any further comment on its use by fraudsters?

A Vienna-based non-profit organisation, the European Funds Recovery Initiative, which supports victims of investment fraud, has received 220 complaints from people whose stolen savings were converted into crypto. Almost two-thirds lost money that was funnelled through Binance, totalling over $8 million, the organisation says.

  • Is Binance aware of this organisation and its findings?

  • Does Binance have any comment on this reporting? 

Police officers and lawyers told us that it is harder for fraud victims to recover funds that pass through a crypto exchange than funds that pass through a bank. Consumers can ask banks to freeze or reimburse money. Binance’s website says Binance requires law enforcement to make such a request and victims to sign non-disclosure agreements as a condition for freezing assets. The European Funds Recovery Initiative says it has followed Binance’s process to recover stolen funds without any success.

  • Can Binance confirm that the European Funds Recovery Initiative has contacted it regarding stolen funds?

  • Why does Binance require victims to sign non-disclosure agreements?

  • Why does Binance require law enforcement to make requests to freeze or reimburse stolen funds?

  • Does Binance have any further comment on its measures to tackle fraud?

In late 2019, Konrad Alber, a retired lawyer in Germany, invested most of his savings on a trading platform called Grandefex. Last June, when he asked Grandefex to pay him his expected profits, he found his money had been converted into crypto and transferred to Binance. Mr Alber sent a letter to Binance, but said he never heard back. His case is now under investigation by the Baden-Baden prosecutor’s office. 

  • Did Binance receive a letter from Mr Alber? Did it respond?

  • Has Binance been contacted by authorities regarding his case?

  • Does Binance have any further comment on the case?

Last October, a cyberpolice unit in the German city of Braunschweig coordinated with Bulgarian authorities to raid a call centre, run by a company called Dortome BG, in the capital Sofia, which police said ran hundreds of fake online trading platforms. They obtained evidence, including a database showing the operators had taken in deposits totalling 94 million. After the operation, police said they tracked the money through a series of bank accounts to Binance and Kraken.

  • Has Binance been contacted by this cyberpolice unit? Is Binance aware of this criminal investigation?

  • What actions has Binance taken to tackle such investment fraud schemes?

  • Does Binance have any further comment? 

German police said they requested Binance’s account records, which officers said Binance provided three to six months later. By that time, the police said the funds had long since been withdrawn or sent to a mixing service. The personal information held by Binance on the accounts was either fake or stolen from victims, officers said. As a result, police said they are struggling to make progress.

  • Does Binance have any comment on the German police's account of their investigation and their interactions with Binance?

  • Is Binance aware that personal information used to open accounts may be fake or stolen from fraud victims?

  • Does Binance have any further comment on this case?

Angus Berwick

Investigative reporter

Thomson Reuters

—----------------------------

From: Patrick Hillmann 

Date: Tue, May 24, 2022 at 8:32 AM

Subject: Re: Reuters' questions for Binance

To: Berwick, Angus (Reuters)

Cc: Wilson, Tom (Reuters)

Hey -

Since you are writing about Lazarus and Hydra, obviously you're going to want to talk to Tigran Gambaryan and Matt Price -- both of whom were senior agents working those two case files and are now leading our cyber-forensics team -- 

See more here:

https://www.securitymagazine.com/articles/96235-tigran-gambaryan-and-matthew-price-added-to-binance-investigations-team

They are former federal law enforcement, so certain areas will have to be off-limits. For instance, they can't share any information that could impact casework that may be ongoing. 

However, if we can have a 15-minute discussion off the record to lay down some groundwork, we could spend the following 45 minutes having a background conversation and follow-up with any other on-the-record written statements if required.

They'll be able to better help you understand those cases. As far as the other questions, I'll review them and see what we can do. It's 14 pages long and most of the questions date back several years, so we'll need a week at a minimum if you are actually looking for substantive answers.

Best,

Patrick

—---------------------------- 

From: Berwick, Angus (Reuters) 

Date: Tue, May 24, 2022 at 9:40 AM

Subject: RE: [EXT] Re: Reuters' questions for Binance

To: Patrick Hillmann

Cc: Wilson, Tom (Reuters) 

Hi Patrick,

Thanks for getting back to us. We would be very happy to have a conversation with Tigran and Matt. However, as with last time, we would only be able to do so on-the-record, because we would like to reflect Binance’s responses with attribution in the story. Please let us know if that will be possible. Regarding our questions, we would appreciate your response by the end of the week.

Best regards,

Angus Berwick

Investigative reporter

Thomson Reuters

—----------------------------

From: Patrick Hillmann 

Date: Tue, May 24, 2022 at 11:47 AM

Subject: Re: [EXT] Re: Reuters' questions for Binance

To: Berwick, Angus (Reuters) 

Cc: Wilson, Tom (Reuters)

So you won't speak with them unless it is on your terms? Even at the expense of the accuracy of your story? In the interest of your readers, I don't know how to respond to that other than to urge you to rethink this unnecessarily hard line you are taking.

How would an off-the-record conversation followed by an on-background conversation with written on-record responses be WORSE for your story than no conversation at all?

Do we really need to go through this again, where multiple individuals featured in your story (i.e. Navalny) have to come out afterward and correct your reporting? Why not just make the extra effort and get it right the first time?

Given the sensitive nature of the information they have related to potential ongoing investigations, they are not going to go on record and risk being misquoted on consequential information. This is standard practice for individuals who have had access to sensitive information as there could be legal ramifications for them personally.

Additionally, you need to provide the transactions and wallet addresses for the cases you note in questions #1, #7, #11, #26, #27, #30, #31, #33, #34, and #35. We are happy to have the internal forensics team review the data and provide holistic responses for each of your questions to ensure accuracy. 

Again, I want to try and help you write an accurate story.

Please share the requested transactions and wallet addresses in addition to letting me know if you are willing to meet with the investigators on background with supplemental written on-record statements. 

Best,

Patrick

—---------------------------- 

From: Berwick, Angus (Reuters)

Date: Wed, May 25, 2022 at 5:29 AM

Subject: RE: [EXT] Re: Reuters' questions for Binance

To: Patrick Hillmann

Cc: Wilson, Tom (Reuters) 

Dear Patrick,

We are sorry that Binance has declined our request for an interview. As we explained earlier, we cannot commit to keeping an entire briefing on background because it would not be ethical for us to withhold important information from an article.

Regarding the specific questions you noted, in our earlier email we shared with Binance calculations of illicit money flows based on our reporting. These questions cite an analysis of blockchain data, court documents and law enforcement statements, and also provide a breakdown to show the main contributors to the overall total. We are hoping that Binance will respond to these figures based on its full understanding of its business. 

We look forward to your response by the end of the week.

Best regards,

Angus Berwick

Investigative reporter

Thomson Reuters

—----------------------------

From: Patrick Hillmann

Date: Thu, May 26, 2022 at 9:12 AM

Subject: Re:[EXT] Re: Reuters' questions for Binance

To: Berwick, Angus (Reuters) 

Cc: Wilson, Tom (Reuters) 

Hey Angus,

We have shared your questions with Chainalysis and they do not stand by the numbers you are quoting and neither do we. I suggest you at least reach out to them as you clearly do not understand what "indirect" exposure means nor how deposits work on blockchain. 

Again, we are VERY happy to give you a full hour with our people, but it will have to be on background. And please do not try and misrepresent this as an "ethical" decision. We spoke with your editors last time and they were clear that Reuters conducts hundreds of background interviews on a daily basis -- so let's not play make believe. You have written 10,000 words on us this year and have done so without making the most basic effort to get the story right.

Finally, as I indicated when you first reached out, we will not be able to get you thorough answers until Monday. You have sent 14 pages of multi-paragraph long questions that go back four years (most of which are confusing and meandering) and you refuse to share ANY data sources that you cite in your questions. It is unreasonable and impossible to get you answers in less than a week.

Patrick

—----------------------------

From: Berwick, Angus (Reuters) 

Date: Thu, May 26, 2022 at 11:46 AM

Subject: Re: [EXT] Re: Reuters' questions for Binance

To: Patrick Hillmann

Cc: Wilson, Tom (Reuters) 

Thank you Patrick, Monday will be fine. We look forward to Binance’s responses.

 Best regards,

Angus Berwick

Investigative reporter

Thomson Reuters

www.reuters.com

—----------------------------

From: Berwick, Angus (Reuters) 

Date: Fri, May 27, 2022 at 6:41 AM

Subject: RE: [EXT] Re:Reuters' questions for Binance

To: Patrick Hillmann 

Cc: Wilson, Tom (Reuters) 

Dear Patrick,

 Following up on our previous questions, here is the full breakdown of the calculation that we arrived that, for your consideration. Please let us know if you have any comment on this breakdown and the cases mentioned.

 Best regards,

Angus

Dates

Case

Country 

Amount

Darknet markets

2017-April 2022

Hydra Market

Russia

$781 million

2017-Feb 2022

Other darknet markets

Various

$58 million

Scams

2019-2021

Finiko ponzi scheme

Various

$838 million

2020-2022

European investment fraud schemes

Various

At least $10 million 

2021

Thodex scam

Turkey

$17 million

2021

Cyber Storm fraud case

Pakistan 

$100 million

2021

Fetch.ai fraud

Britain 

$2.6 million

2021

StableMagnet fraud

Hong Kong, various

$22.3 million

2017-2022

Other scams

Various

$110 million

Hacks

2018

Zaif

Japan

$10 million

2020

Electrum

Various

$13 million

2020

Eterbase

Slovakia

$3 million

2021

Other hacking cases

Various

$1 million

Other

2020

WazirX foreign exchange violations case

India

$382 million

Angus Berwick

Investigative reporter

Thomson Reuters

Read Our Response

From: Patrick Hillmann 

Date: Mon, May 30, 2022 at 4:54 PM

Subject: Re: [EXT] Re: Reuters' questions for Binance

To: Berwick, Angus (Reuters) 

Cc: Wilson, Tom (Reuters)

Angus,

Here you go. If you could please give us a heads up when the story publishes, it would be appreciated. Really hoping to see more of our responses reflected in this article than in previous iterations. Please note the responses about direct vs indirect. You guys continue to conflate the two. A simple call to Chainalysis can correct that.

Have a good one.

Best,

Patrick

QUESTIONS 

1. From an examination of blockchain data, court records and statements by law enforcement, Reuters has calculated that Binance processed transactions totalling at least $2.4 billion stemming from hacks, investment frauds and online illegal drug sales between 2017 and 2022. Reuters shared this calculation with two leading industry analysis firms, which agreed with the estimate. The calculation includes several dozen small cases and the following large cases: $780 million on Hydra Market, $840 million from the Finiko ponzi scheme, $100 million from Pakistan’s Cyber Storm fraud case, and $381 million from the WazirX illegal online betting case. 

  • Does Binance consider this calculation accurate? If not, please can you explain where the inaccuracies lie?

  • Does Binance have any further comment on this figure?

These figures are not accurate and we confirmed with Chainalysis that these numbers do not reflect their estimates either. As Reuters rejected our request to review the data on which these estimates are based, there is no way for us to provide a meaningful response.  One of the key benefits of the blockchain is the immutable record of transactions.  If Reuters would like to share the transactions and wallet details on which these estimates are based, we would happily review them. However, you are most likely conflating “direct” with “indirect” exposure and including deposit data, which obviously a platform can only be held responsible for after a potentially illicit deposit is made. 

 For instance, imagine a drug dealer walks up to your house and slips a bag of illicit material into your mailbox. You obviously couldn’t have prevented them from depositing the illicit materials, but it’s incumbent on you to do the right thing by contacting law enforcement and providing them the info they need to catch the perpetrator. That is why Binance has spent tens of millions of dollars hiring and resourcing the most sophisticated cyber forensics team on the planet, composed of more than 120 security and industry experts across the globe including former senior law enforcement investigators from the IRS, FBI, U.S. Secret Service, Europol, Dutch National Police, and agencies in the U.K., Singapore, and Brazil.

2. Chainalysis, a blockchain research firm, concluded in a 2020 report that Binance received criminal funds totalling $770 million in 2019 alone, more than any other crypto exchange. Afterwards, Mr Zhao accused Chainalysis on Twitter of “bad business etiquette.”

  • Why did Mr Zhao accuse Chainalysis of “bad business etiquette”?

  • Did Binance consider Chainalysis’ report accurate? If not, please can you point to the inaccuracies?

Chainalysis has proven to be an invaluable asset in the fight against cyber and financial crime. We have an excellent working relationship with Chainalysis.  

Throughout the questions posed to Binance, Reuters has conflated direct and indirect exposure. 

For example,  Indirect exposure: A known Hydra vendor sells something on Hydra and receives 1 BTC to their wallet. They then send this BTC to someone else for any reason, not necessarily illicit. That person then transfers some of that BTC to someone else, who doesn't know its history. This third person then deposits some of that to their Binance account. Binance now has indirect exposure to Hydra. 

vs. 

Direct exposure: An identified Hydra vendor deposits proceeds directly into a Binance account. Binance now has direct exposure to Hydra. 

3.  An article published in January showed that Binance kept weak anti-money laundering checks whilst it promised tougher compliance, despite concerns raised by senior company figures. In response to that article, Binance said the reporting was “wildly outdated.”

  • Does Binance have any further comments on our January article? In what way was the reporting outdated?

With all due respect, your reporting in January was misinformed and relied on outdated information to try and establish an inaccurate narrative about how Binance operates today. On 16 December 2021, Binance published a blog detailing how it uses KYC to keep users safe. Reuters did not reflect the contents of this blog in its article despite it being flagged in advance. 

4. During a 2020 video call with staff, Mr Zhao said know-your-customer rules were “unfortunately a requirement” of Binance’s business.

  • Why did Mr Zhao state that KYC rules are “unfortunately a requirement”? Does he still hold this view? 

  • Does Mr Zhao have any further comment on this statement? 

CZ has stated publicly, and Binance company policy has been published confirming, that know-your-customer rules (KYC) are both mandatory and welcome, as they are essential to fostering a safe environment for the first billion users to the Web3 industry. Not all of our peers or competitors agree with us, nor do many users, but we are unwavering in our belief that KYC is of great benefit to users now and in the long run. 

5. Our reporting indicates that at times, Binance’s compliance team has struggled with its workload. In January 2019, Mr Zhao asked other departments to help the compliance team run background checks due to an “overwhelming” number of new users. A team member complained to colleagues that one user was able to open an account by submitting three copies of the same receipt from a meal at an Indian restaurant.

  • Does Binance have any comment on this reporting?

  • How many employees did Binance’s compliance team have in January 2019? How many does it have now?  

Today, Binance KYC verification is highly sophisticated involving a wide range of leading external vendors, surpassing the requirements seen in traditional finance in many cases. In addition, we continue to build new partnerships with some of the world’s leading experts in the field.  As an example, recently we partnered with data analytics firm Kharon and cloud-native screening provider Neterium to further strengthen our KYC capabilities, and further improve our ability to detect illegal crypto activity on our platform. 

6. Our reporting indicates that in late 2017, Mr Zhao unveiled a new strategy for Binance’s next phase of development. Mr Zhao said: “Do everything to increase our market share, and nothing else.” Mr Zhao said this was “the single goal for the entire company” ahead of profit, revenue and comfort.

  • Why did Mr Zhao instigate this new strategy?

  • How did this new strategy affect Binance’s enforcement of compliance?

  • Was compliance a lower priority than market share for Binance at the time this strategy was launched?

  • Does Mr Zhao have any further comment on these statements? 

Neither CZ nor any other Binance business leader has ever suggested that increasing market share should supersede compliance obligations. 

DARK NETS 

7. Reuters reviewed detailed data on Binance client transactions on “darknet” sites. According to the data, Binance processed $780 million worth of drug sales on the world’s largest darknet market, a Russian language site called Hydra, from 2017 to 2022, making it the most popular mainstream exchange among Hydra users.

  • Does Binance have any comment on this figure? Does Binance consider it accurate? If not, please can you explain how it is inaccurate?

As the world’s largest exchange, it is logical that a significant percentage of all crypto transactions are processed through Binance.  However, this figure is inaccurate and overblown. We suggest you reach out to Chainalysis, who has confirmed for us that this figure is incorrect. 

Further, you are conflating “direct” with “indirect” exposure and including deposit data, when a platform can only be held responsible for what it does after a potentially illicit deposit is made.  

For instance, imagine a drug dealer walks up to your house and slips a bag of illicit material into your mailbox. You obviously couldn’t have prevented them from depositing the illicit materials, but it’s incumbent on you to do the right thing by contacting law enforcement and providing them with the info they need to catch the perpetrator. That is why Binance has spent tens of millions of dollars hiring and resourcing the most sophisticated cyber forensics team on the planet, composed of  120 security and investigations specialists from across the globe, including former senior law enforcement investigators from the IRS, FBI, U.S. Secret Service, Europol, Dutch National Police, and agencies in the U.K., Singapore, and Brazil. 

8. In April, the U.S. Justice Department seized Hydra’s servers and indicted its alleged administrator. The Justice Department said Hydra had received in total around $5.2 billion in cryptocurrency for drug sales.

  • Does Binance have any comment on the Justice Department’s investigation into Hydra? 

  • Has Binance been contacted by U.S. or German authorities regarding Hydra? How did Binance respond to any information requests? 

Requests were sent to all major exchanges related to Hydra.  Binance was the first exchange to respond and offer assistance.  It’s also important to note that more traditional financial institutions were used to fund the operation of Hydra and the market itself.  

9. On Hydra’s Russian-language forums, which we reviewed prior to the site’s closure, since 2018 customers recommended using Binance to pay sellers, citing the anonymity Binance afforded its clients at the time by allowing them to register with just an email address. One user wrote, “This is the fastest and cheapest way I’ve tried.” Traders exchanged dozens of messages in 2021 and early 2022  about using Hydra on Binance’s own Russian community Telegram chat. One wrote last year, “The Hydra is thriving.”

  • Was Binance aware that Hydra users were using Binance to process transactions?

  • Does Binance have any further comment on these posts?

Today, Binance KYC verification is highly sophisticated involving a wide range of leading external vendors, surpassing the requirements seen in traditional finance in many cases. In addition, we continue to build new partnerships with some of the world’s leading experts in the field.  As an example, recently we partnered with data analytics firm Kharon and cloud-native screening provider Neterium to further strengthen our KYC capabilities, and further improve our ability to detect illegal crypto activity on our platform.

10. According to a report by the United Nations Office on Drugs and Crime, Hydra increased the availability of drugs in Russia and drove a surge in demand for synthetic psychostimulants like methamphetamine and mephedrone. Deaths from overdoses nearly doubled between 2018 and 2020, with cases of drug-related infections such as chronic hepatitis C on the rise too, figures from Russia’s anti-drug agency show. The U.S. Drug Enforcement Administration said Hydra’s services “threaten the safety and health of communities far and wide.”

  • Does Binance have any comment on the impact of Hydra in Russia and on the specific assertions of the two drug agencies?

We work closely with law enforcement - including the DEA - to target the illicit drug trade daily. For example, in the few weeks, we have helped the DEA identify and seize 130 accounts linked to suspected drug money laundering in Mexico.  This is all part of our daily work and effective collaboration with Law Enforcement.

In fact, Binance currently employs the core of the team that led the investigation which resulted in the takedown of Hydra Market.   

Matthew Price, Binance’s current Head of Intelligence and Investigations, Americas, launched the investigation into Hydra Market and led the team which employed sophisticated investigative techniques to target and dismantle the world’s largest darknet market. Our investigations team employs the same sophisticated techniques to protect our users and help law enforcement target and dismantle the networks of those who seek to exploit the blockchain for criminal purposes.    

11. One Hydra user told us she started buying mephedrone and ketamine on Hydra in 2019 to help cope with her bipolar disorder. Friends who used Hydra told her Binance was the safest way to pay dealers. Some of them used fake personal information to open Binance accounts, she said, but she uploaded a copy of her passport. Binance never blocked or queried any of her payments. She said the system’s anonymity made it easy. She continued to use Hydra and Binance until its closure.

  • Does Binance have any comment on this person’s account? 

  • Was Binance aware that Hydra users were using Binance?

Today, Binance KYC verification is highly sophisticated involving a wide range of leading external vendors, surpassing the requirements seen in traditional finance in many cases. In addition, we continue to build new partnerships with some of the world’s leading experts in the field.  As an example, recently we partnered with data analytics firm Kharon and cloud-native screening provider Neterium to further strengthen our KYC capabilities, and further improve our ability to detect illegal crypto activity on our platform.

12. Our reporting indicates that Binance was aware of the risk of illegal finance in Russia. Binance’s compliance department assigned Russia an “extreme” risk rating in 2020, citing unspecified money-laundering assessments by the U.S. State Department. In such instances, company policy required Binance to not accept users, according to a risk rating document produced by Binance’s compliance department. State Department reports from 2019 and 2020, without mentioning Hydra or Binance, warned that drug trafficking organisations in Russia were using virtual currencies to launder proceeds.

  • Which U.S. State Department assessments was Binance’s compliance department referring to?

  • What actions did Binance take to mitigate the risk of illegal finance and money laundering in Russia?

  • Does Binance have any further comment on this reporting? 

Binance has taken more action against Russian money-laundering operations than any other crypto exchange to date. This includes removing Suex, Chatex, and Garantex from Binance and helping law enforcement deplatform these bad actors across the industry.

It is also entirely accurate to say that without crypto the Hydra case would never have been solved.  The ability to trace the flow of funds to identify where the market was hosted is the reason the case is closed. 

Our expert team of investigators wrote the playbook for leveraging blockchain tracing to identify and takedown the worst of the worst actors in the crypto space, including Hydra Market.  They continue to leverage those skills to protect our users and help law enforcement target and dismantle those who seek to exploit the blockchain for criminal purposes.   

13. Binance targeted Russia for expansion in 2018, saying in a press release then that its crypto community was “hyperactive.” Our article published in April detailed Binance’s efforts to dominate the Russian crypto market. Binance has continued to provide limited services in Russia since the country’s invasion of Ukraine.

  • Was Binance aware of its use by Hydra users whilst it was growing its market in Russia?

  • Does Binance have any further comment on its Russian market? 

Conflating Hydra and Binance’s growth plans for Russia is over-reach, to put it mildly. Reuters seem to be implying that every Russian was "aware" of Hydra and assumes every Russian customer was dabbling in Hydra. This is ridiculous. 

A review of Chainalysis, or any other tool, shows that every major exchange, including Coinbase, Bittrex, Paxful, KuCoin, and Houbi had indirect exposure to Hydra.  This is both a sign of how large the Hydra market was and of how misleading a measure indirect exposure is.   

Today, following international sanctions against Russia, Russian users with wallets exceeding the value of EUR10K are not permitted to trade on Binance

LAZARUS

 14. Our reporting indicates that a North Korean hacking group known as Lazarus has used Binance to launder some stolen cryptocurrency. The U.S. government and the United Nations have accused Lazarus of conducting cyber theft to fund North Korea’s nuclear weapons programme. Chainalysis estimated that Lazarus has stolen crypto worth $1.75 billion from 2017 to 2020 that then flowed through various exchanges. Chainalysis did not identify the exchanges.

  • Does Binance have any comment on this reporting and on Chainalysis’ estimate?

  • What measures has Binance taken to prevent Lazarus using Binance to launder stolen crypto?

At  Binance we proactively share intelligence with law enforcement to map out North Korea’s modus operandi globally.  We also leverage our internal investigations capabilities to block North Korean funds that attempt to touch our platform.  There is not a single exchange out there that North Korea doesn't try to use, yet we believe no other exchange is as aggressive against them as Binance.

Specifically, many Binance team members were involved in the initial investigation that led to the identification of the group and the tracing of the funds from the $250 million theft from an exchange.  The vast majority of funds went to other exchanges.

 15. In September 2020, Lazarus broke into a Slovak crypto exchange called Eterbase and stole virtual currency worth some $5 million. The following day the hackers opened dozens of anonymous Binance accounts, using only emails for identification, and within 30 minutes traded approximately half of Eterbase’s stolen crypto, according to Binance’s correspondence with Slovak national police.

  • Does Binance have any comment on the Eterbase hack and the hackers’ use of Binance to launder some of the money? 

We fully cooperated with requests received from Slovak authorities and helped them to identify the relevant accounts on Binance as well as other exchanges. 

16. After news of the Eterbase hack circulated, Mr Zhao tweeted: “Will do what we can to assist.” But when Eterbase emailed Binance’s support centre on Sept. 10 2020, a Binance team member told the company that Binance could not share any account data.

  • Following Mr Zhao’s tweet, what did Binance do to assist Eterbase?

  • Did Binance decline to share account data with Eterbase and if so why?

  • Does Binance have any further comment?

After news of the Eterbase was circulated, Binance fully cooperated with requests received from Slovak authorities. Binance directly helped Slovak Police identify the relevant accounts on both Binance as well as other exchanges. 

Binance also spoke directly with the CEO of Eterbase.  The request for data itself was received through our Law Enforcement channel when it was in fact drafted by Eterbase's counsel; we responded, stressing that for Binance to be able to share any customer-related data, we require a request from a government law enforcement agency. We responded to the actual law enforcement request, providing actionable intelligence, after we had received it from the Slovak Police 

17. Eterbase submitted a criminal complaint in September 2020 to Slovak National Crime Agency, which requested information from Binance, saying in a letter that the funds were stolen by “anonymous attackers united under the Lazarus hacking group.” Binance declined, telling police they could not identify accounts connected to the hack. The following July, after another police request, Binance sent the agency records on 24 accounts, saying they had been empty for “over nine months” as “the assets were instantly traded.”

  • Why could Binance initially not identify accounts connected to the hack?

  • Does Binance have any further comment on the account of the incident given by police and Eterbase? 

We received the initial law enforcement requests on June 3, 2021. The initial enquiry requested details on addresses we could not identify as deposit addresses. It later transpired these were in fact hot wallet addresses. These addresses could not be linked to a specific user while the subsequent, more detailed LE request allowed us to identify the actual deposit addresses at Binance as well as other exchanges and we provided the relevant reports to the Slovak Police 

18. The account records that Binance sent to Slovak police show the only personal information Binance held on the account holders was their protonmail email addresses, many of which were based on misspelled well-known names such as “bejaminfranklin” and “garathbale.” Within a half hour of opening most of the accounts, the Lazarus hackers passed an unspecified “security check” allowing them to withdraw crypto. Each account then converted portions of the stolen funds into just under two bitcoins, the withdrawal limit for a basic account.

  • What does an account “security check” consist of? How could Binance carry out a security check on anonymous accounts?

  • Does Binance have any further comment on these transactions? 

Today, Binance KYC verification is highly sophisticated involving a wide range of leading external vendors, surpassing the requirements seen in traditional finance in many cases. In addition, we continue to build new partnerships with some of the world’s leading experts in the field.  As an example, recently we partnered with data analytics firm Kharon and cloud-native screening provider Neterium to further strengthen our KYC capabilities, and further improve our ability to detect illegal crypto activity on our platform. 

19. A 2020 Binance compliance document says the exchange should provide no business to North Korean users due to U.S. sanctions. But the Lazarus account holders used virtual private networks to obscure their devices’ locations, our reporting shows.

  • Was Binance aware that North Korean users were using VPNs to access Binance?

  • Did Binance take measures to prevent users based in North Korea or elsewhere from using VPNs to access its platform? If so, please can you give details.

  • Does Binance have any further comment on the use of VPNs?

North Korean state operatives employ sophisticated means to evade restrictions at all financial firms, including traditional banks.  This includes front companies, high quality forged documents, third-country IP addresses and other means to bypass controls. This isn't unique to Binance. Reuters is encouraged to read further information here: https://home.treasury.gov/system/files/126/20220516_dprk_it_worker_advisory.pdf 

At Binance, we employ sophisticated analysis and in-depth investigative work to identify North Korean state actors' signatures and proactively monitor and disrupt their attempts to abuse our platform (and violate our Terms of Service).  Binance team members are leading the industry and government in this space and are recognized as experts in countering North Korean crypto laundering. We work hand in hand with numerous government agencies that target the illicit use of crypto by North Korea.

Binance was able to identify and close numerous accounts linked to North Korea operatives. We were able to ascertain what VPNs they were using and we used this info to identify those accounts. 

As a matter of policy, Binance discourages users from using VPNs to access its services.

20. Eterbase has been unable to trace or recover the funds. After the hack, it stopped its operations and later filed for bankruptcy. Eterbase’s founder, Robert Auxt, says: “Binance had no idea who was moving money through their exchange.”

  • How does Binance respond to Mr Auxt’s statement?

  • Does Binance have any further comment on Eterbase?

Binance has clear visibility into its user base because we require our users to go through the most rigorous KYC process in the industry.  Binance last reached out to the Slovak investigator on Saturday, February 19, 2022, and offered further assistance with the case and asked the investigator for his availability for a video call. The investigator has not responded. 

21. In April, after another Lazarus hack in which it stole over $600 million from the Ronin blockchain project, Mr Zhao said on Twitter that an unspecified amount of the money was transferred to Binance. Mr Zhao said Binance had recovered almost $6 million.

  • What total amount of the hacked funds was transferred to Binance?

  • Has Binance recovered additional funds?

  • Has Binance been used by Lazarus to exchange funds stolen in any other hack? 

The recent Lazarus theft from Ronin/Axie went to other major exchanges. At Binance we were able to identify and freeze over $5 million of the Ronin hack that eventually ended up at Binance. We are now assisting law enforcement with this investigation. 

In summary, North Korea has attempted to use numerous exchanges and fiat platforms to launder funds for years.  Binance aggressively targets these actors and leads the industry in identifying and neutralizing these actors.  We are actively working with law enforcement to target numerous North Korean campaigns by sharing intelligence, proactively freezing accounts and shutting down their networks before they can successfully escape with stolen funds. 

MONERO 

22. Since 2017, Binance has allowed traders on its platform to buy and sell the cryptocurrency Monero, which obscures the digital addresses of senders and receivers, offering users near-total anonymity. A Beginner’s Guide to Monero authored by Binance and currently available on Binance’s website says Monero is “desirable for those seeking true financial confidentiality.” Binance’s trading data shows it now processes Monero trades worth over $200 million a day, far more than other exchanges.

  • Why did Binance decide to allow traders to buy and sell Monero?

  • Does Binance plan to continue to offer Monero trading?

  • Does Binance have any further comment on its Monero trading?

Details of how Binance evaluates projects are available here https://www.binance.com/en/support/faq/053e4bdc48364343b863d1833618d8ba

23. Law enforcement agencies around the world have warned that Monero’s anonymity makes it a potential tool for money launderers. The U.S. Department of Justice, in a 2020 report, said it considered the use of “anonymity enhanced cryptocurrencies” like Monero “a high-risk activity that is indicative of possible criminal conduct.”

  • Does Binance agree with the U.S. Justice Department’s opinion of Monero?

  • What actions has Binance taken to mitigate such “high-risk activity”? 

There are many legitimate reasons why users require privacy - for example when NGOs and opposition groups in authoritarian regimes are denied safe access to funds.  The legitimate right to privacy is why many technology providers provide encryption on their devices and messaging services. 

24. Mr Zhao has spoken in favour of “privacy coins” like Monero. During a 2020 video call with staff, Mr Zhao said privacy was part of people’s “financial freedom.” Mr Zhao didn’t mention Monero, but said Binance had funded other privacy coin projects.

  • What is Mr Zhao’s opinion of Monero? Has his opinion changed since 2020?

  • Does Mr Zhao have any further comment on Monero and privacy coins? 

Financial freedom, privacy, and effective law enforcement assistance coexist as a result of proper AML policies and practices on the Binance platform. Please see our blog on KYC, Identity Verification, and How Is It Increasingly Important for Crypto.

25. On darknet forums that we reviewed, dozens of users wrote about buying Monero on Binance to purchase illegal drugs. One wrote that Monero was essential to anyone buying drugs on the dark web.

  • Was Binance aware that Binance users were using Monero to buy drugs on the dark web? If so, what steps did it take to prevent such usage?  

We stand against anyone who uses crypto, blockchain technology, or cash to buy or sell illegal drugs.  Accordingly, we comply with all AML requirements and we recommend all users do the same by using regulated exchanges, like Binance, knowing appropriate AML checks will be run in the background.  

We also believe privacy is a fundamental right and are supportive of privacy driven initiatives.  Therefore, at Binance, we strive to provide properly KYC’d account holders with different choices and different levels of privacy, including the use of listed privacy coins. 

However, it is fundamental that all account holders follow the laws of the jurisdiction wherever they reside when it comes to crypto trading. We will always assist law enforcement in the fight against crime, including the illegal drug trade.  

26. Our reporting indicates that hackers have used Binance to convert stolen funds into Monero. In August 2020, hackers hijacked a cryptocurrency wallet belonging to an Australian man named Steve Kowalski by tricking him into downloading malware. They removed the 1,400 bitcoins he held in the wallet, worth some $16 million at the time. Investigators hired by Mr Kowalski traced most of his bitcoins through a series of wallets to four Binance accounts, where the coins were exchanged for Monero, according to testimony and blockchain analysis reports filed as part of an ongoing civil complaint Mr Kowalski submitted last year against Binance and other parties in Miami-Dade County, Florida.

  • Does Binance have any comment on Mr Kowalski’s case?

  • Does Binance have any comment on Mr Kowalski’s investigation into the theft of his funds? 

On October 3,  2020, Coinfirm contacted Binance on behalf of Mr Kowalski.  Binance investigators reviewed Coinfirm’s findings and instituted a temporary courtesy seven-day freeze of the four user accounts identified by Coinfirm, notifying Coinfirm that this freeze was temporary and that Coinfirm or Mr Kowalski would need to have law enforcement reach out to Binance about Mr Kowalski’s claims. We provided clear instructions to Coinfirm, including a link to where law enforcement requests may be submitted on our web portal. Law enforcement did not reach out to Binance over the following week regarding Mr Kowalski’s claims and the temporary freeze was lifted.  

A German law enforcement officer reached out to Binance on October 31, 2020, asking for account freezing.  However, this officer never responded to our follow-up questions.   

27. Mr Kowalski’s investigation showed that a U.S. software consultant called Brandon Ng, then living in Florida, was the owner of the Binance accounts. Mr Ng testified to the court that a crypto trading partner, who he knew online only by the username MoneyTree, deposited the bitcoins in his Binance accounts. MoneyTree, Mr Ng said, paid him a 1% commission to convert the bitcoin into Monero on Binance and then transfer it back. 

  • Does Binance have any comment on Mr Ng’s Monero trading activity on Binance?

  • Does Binance have any further comment on Mr Ng? 

Binance protocol is to investigate all allegations of misconduct about activities conducted on the Binance platform.  If our professional investigators uncover credible evidence of inappropriate activity they take appropriate action.   

In this situation, Binance was clear and direct with Coinfirm about what we required in order to restrict the four accounts beyond the temporary period, and we shared our openness to cooperation with law enforcement.  

28. Mr Ng’s Monero trading had earlier raised alarms at the Poloniex crypto exchange, where he also had an account. In mid-2019, Mr Ng’s Poloniex account was frozen after it was flagged for “high risk exposure” to money laundering due to Monero withdrawals totalling over $1 million, according to Poloniex records filed with the court.

  • Was Binance aware that Poloniex had flagged Mr Ng as such? Why did Binance not do the same?

  • Does Binance have any further comment on his trading? 

Binance was made aware of Poloniex’s response to Mr. Ng’s trading activity in mid-2019 on its exchange.   

29. Mr Kowalski’s private investigators and lawyers contacted Binance soon after the theft, before Mr Ng converted the funds, and repeatedly asked Binance to permanently freeze Mr Ng’s accounts, their written communications indicate. The communications indicate that Binance declined, allowing Mr Ng to exchange the stolen bitcoin for Monero over several months. A Binance team member told one of Mr Kowalski’s private investigators in a Telegram message that “while it is highly likely the paths leading to this account are malicious,” Binance could not prove the accounts were “facilitating laundering.” When the investigator persisted, the team member upbraided him for “several issues with your tone.”

  • Does Binance have any comment on its communications with Mr Kowalski’s investigation team? 

Binance protocol is to investigate all allegations of misconduct about activities conducted on the Binance platform.  If our professional investigators uncover credible evidence of inappropriate activity they take appropriate action.   

In this situation, Binance was clear and direct with Coinfirm about what we required in order to restrict the four accounts beyond the temporary period, and we shared our openness to cooperation with law enforcement.  

FRAUD CASES 

30. Police officials in four countries told Reuters that among Binance’s growing customer base in recent years were organised crime groups. According to police in Germany, investigators began seeing criminals in Europe turn to Binance in 2020 to launder some of the proceeds from investment fraud schemes that stole over €750 million from victims, many of them pensioners, through fake trading websites. Other investment frauds targeting people in Turkey, Britain and Pakistan also used Binance, authorities have said.

  • Is Binance aware of these investment fraud schemes?

  • What actions has Binance taken to tackle such schemes?

  • Does Binance have any further comment on its use by fraudsters?

Binance proactively discusses fraudulent schemes with law enforcement agencies and we work together not only on detection but also on the implementation of specific crime prevention measures. Naturally, discussing detection or mitigation steps publicly would defeat the efficacy of such measures. We will review if Reuters would like to provide the UID numbers and transaction records associated with the above claims.  

31. A Vienna-based non-profit organisation, the European Funds Recovery Initiative, which supports victims of investment fraud, has received 220 complaints from people whose stolen savings were converted into crypto. Almost two-thirds lost money that was funnelled through Binance, totalling over $8 million, the organisation says.

  • Is Binance aware of this organisation and its findings?

  • Does Binance have any comment on this reporting?

Please provide the UID numbers and transaction records and we will provide a more robust response.  

32. Police officers and lawyers told us that it is harder for fraud victims to recover funds that pass through a crypto exchange than funds that pass through a bank. Consumers can ask banks to freeze or reimburse money. Binance’s website says Binance requires law enforcement to make such a request and victims to sign non-disclosure agreements as a condition for freezing assets. The European Funds Recovery Initiative says it has followed Binance’s process to recover stolen funds without any success.

  • Can Binance confirm that the European Funds Recovery Initiative has contacted it regarding stolen funds?

  • Why does Binance require victims to sign non-disclosure agreements?

  • Why does Binance require law enforcement to make requests to freeze or reimburse stolen funds?

  • Does Binance have any further comment on its measures to tackle fraud?

Unlike traditional banking transactions, crypto transactions are one-way, and cannot be reversed.  Banks are able to reverse transactions.  We rely on Law Enforcement to investigate fraud and work closely with them to help identify and target malicious actors.

We work with law enforcement to gain official court orders with for the freeze or seizure of funds to help affected persons. 

33. In late 2019, Konrad Alber, a retired lawyer in Germany, invested most of his savings on a trading platform called Grandefex. Last June, when he asked Grandefex to pay him his expected profits, he found his money had been converted into crypto and transferred to Binance. Mr Alber sent a letter to Binance, but said he never heard back. His case is now under investigation by the Baden-Baden prosecutor’s office. 

  • Did Binance receive a letter from Mr Alber? Did it respond?

  • Has Binance been contacted by authorities regarding his case?

  • Does Binance have any further comment on the case?

Binance has no record of receiving a letter from Mr. Alber.

It would be inappropriate to comment on Law Enforcement requests as we must protect customers' rights to privacy and to protect investigative measures.   

34. Last October, a cyberpolice unit in the German city of Braunschweig coordinated with Bulgarian authorities to raid a call centre, run by a company called Dortome BG, in the capital Sofia, which police said ran hundreds of fake online trading platforms. They obtained evidence, including a database showing the operators had taken in deposits totalling €94 million. After the operation, police said they tracked the money through a series of bank accounts to Binance and Kraken.

  • Has Binance been contacted by this cyberpolice unit? Is Binance aware of this criminal investigation?

  • What actions has Binance taken to tackle such investment fraud schemes?

  • Does Binance have any further comment? 

We are tackling these issues on multiple fronts - we provide law enforcement with actionable assistance, mostly in the form of identifying victims, and suspects and, whenever possible, freezing the criminal proceeds.

We have already been involved in a discussion with several law enforcement agencies regarding the modus operandi used by different criminal groups as well as the measures that can be taken to effectively fight the fraudulent investment schemes.

We continue focusing on crime prevention on our platform. Like many companies in both the traditional and cryptocurrency industry, we run a number of internal automated and manual checks, details of which we cannot disclose to avoid tipping off the criminals. 

More overt crime prevention methods are available in form of several Binance Academy articles or customised security warnings popping up after a user’s registration or before the withdrawal of the funds.

Examples of Binance Academy crime prevention articles can be found here: https://academy.binance.com/en/articles/5-common-cryptocurrency-scams-and-how-to-avoid-them or https://academy.binance.com/en/articles/pyramid-and-ponzi-schemes

35. German police said they requested Binance’s account records, which officers said Binance provided three to six months later. By that time, the police said the funds had long since been withdrawn or sent to a mixing service. The personal information held by Binance on the accounts was either fake or stolen from victims, officers said. As a result, police said they are struggling to make progress.

  • Does Binance have any comment on the German police's account of their investigation and their interactions with Binance?

  • Is Binance aware that personal information used to open accounts may be fake or stolen from fraud victims?

  • Does Binance have any further comment on this case?

It would be inappropriate to comment on Law Enforcement requests both due to customer protection reasons and to protect investigative measures.  We are tackling these offenses on multiple fronts - we provide law enforcement with actionable assistance, mostly in the form of identifying victims, and suspects and, whenever possible, freezing the criminal proceeds.

We have already been involved in a discussion with several law enforcement agencies regarding the modus operandi used by different criminal groups as well as the measures that can be taken to effectively fight the fraudulent investment schemes.

We continue focusing on crime prevention on our platform. Like many companies in both the traditional and cryptocurrency industry, we run a number of internal automated and manual checks details of which we cannot disclose to avoid tipping off the criminals.