LE tracking your crypto back to your real identity is the most avoidable OPSEC mistake one can make and yet that's how they seem to be catching everyo : OpSec | Torhoo darknet markets
Here is a list of notable individuals who were arrested thanks to, at least in part, their illicit crypto gains being traced back to their real identities :
Pharoah - Incognito founder
IntelBroker - Key figure on BreachForums
Son Jung-woo - Welcome to Video founder
Alan Bill ─ Kingdom Market founder
North Korea after every single major crypto hack
Thomas Pavey and Raheim Hamilton ─ Empire Market founders
Potentially thousands of Archetyp customers who transferred funds directly from Archetyp to an exchange they KYC'ed using their real identities since Archetyp decided it was wise to use payment addresses that all started with the same string
There are many, many others but those are the ones I remembered
As with all other OPSEC failures, people get too comfortable and end up getting caught
Let's talk about the obvious first:
Step 0: Run your own nodes, regardless of the opsec side of things you're being useful to the ecosystem anyways. You should definitely run your own monero node though, if you have to use BTC run your own node with whirlpool, it's not perfect in any way but it's better than nothing
Step 1: Should always be to make sure that your seed phrase is safe and cannot be found anywhere in the event that you get raided. If they find your seed you lose all your leverage and will most certainly get convicted. I personally recommend non-digital steganography to keep it safe DYOR
Step 2: Never link your phone to your crypto holdings, somehow so many of you still use your SMS providers 2FA solutions for various crypto related services. Use a physical 2fa like a yubikey instead. If you must use SMS 2FA for whatever reason get a silent.link number using monero
Step 3: Never send funds from DNMs directly to KYC'ed exchanges, yes, even if you used monero. If the market gets seized, they will most likely have access to all their monero addresses, and will send a letter asking all centralized exchanges for the customer information of every account that received funds from said wallets. Always bounce your transfers with an intermediary wallet.
Step 4: No, it is not your money... Get that idea out of your head immediately
That money is owned by the criminal version of yourself until it is laundered, not you. You want to be safe, don't spend it on anything that can be linked to your real life identity, nothing at all. Launder it, then use it, that rule has saved thousands of lives
Step 5: Mixers only work if you use them properly (s/o North Korea), don't deposit and withdraw the same amounts within 5 minutes, take your time otherwise find another solution because mixers won't work
Let's use a tricky situation as an example, say you received 10 BTC from a DNM, what now?
Here is what I would hypothetically do in that situation:
Step 1: Transfer it to one of your wallet
Step 2: Swap it for XMR
That sounds simple enough, but we're talking about 7 figs here so you need to take a few things in consideration:
1. Liquidity mostly sucks on atomic swaps, unless you're happy paying for a >10%+ slippage hit you won't be able to 1 click it, you'll have to divide it in smaller batches. Use sites like trocador and others to get insurances on the swaps or at least do your research on the KYC situation of said atomic swap. Some of them will block any transfers above a certain threshold and demand for proof of funds
2. Use privacy focused non-kyc CLOB exchanges, the only one I can personally recommend is Tradeogre but I know there are a few others out there who are apparently just as good, I just haven't used them. The pros of that solution is that you can get filled for size at decent prices thanks to the arbitrage bots that will happily supply you with liquidity as long as the spread is good enough for them, the con is that, even though its been running smoothly for years, it can exit scam at any point in time. (You can withdraw quickly, I recommend sending whatever you're comfortable with potentially losing and going through the coins batch by batch)
3. Make burner accounts with fake KYC at lower tier OTC desks and swap it through them, you'll get the best price doing it this way as long as you can trust your counterparty but it's a decent amount of work and if you pick the wrong shop they will confiscate your funds...
That said, congratulations, now you have your monero and cut all traces of your illegally gained funds
Personally, I would send said monero to another 3-10 wallets while randomizing the amounts of coins sent for good measure. Most of you will call it overkill, that's fine, I'd rather overkill than spend the next decade in jail. The black marble attacks of 2024 made me rethink my opsec, that's just me though
If you need to purchase things for your illicit operations, prioritize buying things with monero even if you end up pay a premium, peace of mind is invaluable. If monero isn't an option purchase a single use debit card with monero
Regardless, now comes the hard part, in order to spend it you need to launder it, or, (not recommended) you need to turn it into some sort of fiat so you can use it in your everyday life
You have many laundering options, here are some of them:
1. Pay a professional 20-30% to do it for you
2. Use crypto ATMs and p2p services to get cash and reinvest in a physical business, though with a million it's gonna be tricky
3. Buy a crypto twitter/youtube account and offer paid services like software or ebooks and launder it that way (most beginner friendly option)
4. Fake NFT launches or Token listings (only recommended for those that know what they're doing)
5. Use 2 accounts and trade against yourself on DEXs using illiquid pairs (only recommended for those that know what they're doing)
Now if you don't want to launder your funds for whatever reason you have some options but none are bulletproof
There are a few debit card that are no kyc and allows you to deposit with crypto for up to 100k a month like moon, Solcard, Kemycard, Plasbit etc
However, people have gotten caught by the SEC that way, either by rooting the transactions back to the user or simply by using the cameras in the ATMs to identify the perpetrators
Prioritize cash, P2P markets are your best bet
But you should really be laundering it unless this is a short term thing only, otherwise you're self sabotaging yourself
TLDR: Be smart, use monero with your own node, launder your money, and you should be fine
FYI; I didn't go super in depth with what is actually possible for those working with a budget and good infrastructure like ghost businesses, having debit cards under aliases, trusts and holdings, multi-level laundering etc because hopefully those who have the means and the need for such tools are already in the know, that said I can make another post about that in the future if there is interest
Stay safe boys,
Largo
Eventually money has to reach somewhere. The problem was none of the aforementioned individuals had done enough steps to obfuscate the crypto itself.
People often get confused laundering the crypto is the same as obfuscating it when they are two different steps. That's one of the few key differences with traditional money laundering.
Lets not forget LE have a myriad of tools to identify and observe network traffic if you don't get that right the obfuscating or laundering parts would barely keep you out of jail in the long run.
I can give you my opinion on some of the suggestions. Few can work if approached correctly but there are additional risks more than what meets the eye for those whom aren't experienced of the works.
If you involve yourself in professional money laundering networks what most users don't see is they are inheriting the sins of other participants and connecting themselves to all of it.
If the launderer is cleaning for cartels, ransomware groups, human trafficking networks, terrorists the risk profile is immediately raised. The launderer might have more moderate clients like crypto traders or normal businesses trying to stash away some profits. No possible way to know and if you ask no guarantee you'll get any real answer.
You might only be a crypto trader yourself but to launder it through a high risk network immediately puts a lot of scrutiny and weight on you as prosecutors could argue with enough circumstantial evidence you are part of the entire network.
Crypto ATMs can be a risky option. They already are tagged as medium risk if you use cash to convert to crypto as per the crypto AML percentages guide /post/d4252cb91d5619bb4bd3. Crypto ATM companies collaborate with LE regularly and as you mentioned too cameras are used to identify users.
By now everyone understands cash businesses are seen as very risky by banks and tax authorities. If you don't have a real business substance behind it, you can almost guarantee it will generate issues in the long term or when you actually get to any significant amounts.
Such would work if you never get audited or put under investigation. The problem is everyone gets audited eventually. If you don't have the background in it such options should be cautiously considered. Laundering isn't only about getting the money through the systems but telling a clear reasoning per transaction and as a whole alongside with a clear background (a wood worker with 20 years of experience suddenly making crypto accounts would seem abnormal).
NFT trading and trading with yourself are known ways of laundering. When attempting a laundering strategy you can almost be sure someone has already done it before and is known to authorities. It's nice you put them as advanced as a small slip up can cost the entire strategy very much. Most of them have been mentioned in one or other way in /d/Laundromat
From opsec perspective churning should have been explained in the post as well reference the Breaking Monero series. Monero isn't magical protection and neither is Tor.