People still mention the $625K bounty the IRS posted to crack Monero’s privacy. A lot of misinfo is still being posted about it, but here are the facts.
It’s important to note that there were two $625K contracts awarded, one to Chainalysis, and one to Integra FEC. These contracts were completed in 2021, they’re now ancient history. They’re no longer open or unclaimed.
Here’s all of the available docs, from US government web sites:
First, the Request for Information, published 2020-06-30.
This gives a high level view of what they’re interested in:
This RFI is associated with a pilot IRS Criminal Investigation Division (CI) program. CI Cyber Crimes is requesting information about systems that will allow developers and testers to conduct investigative research of distributed ledger transactions involving privacy cryptocurrency coins (e.g., Monero (XMR), Zcash (ZEC), Dash (DASH), Grin (GRIN), Komodo (KMD), Verge (XVG), and Horizon (ZEN)); Layer 2 off-chain protocol networks (e.g., Lightning Network (LN), Raiden Network, Celer Network); Side-chains (e.g., Plasma and OmiseGo); and tracing challenges following the integration of the Schnorr Signature algorithm.
Acquiring applications to allow an investigation to more easily trace privacy coins and other protocols that provide anonymity to illicit actors would allow investigations to be more effective, as well as facilitate a higher level of deterrence by making it harder to conceal criminal activity. It also provides an investigative efficiency that is currently limited.
We are primary interested in: 1) an interactive prototype that provides a GUI for clustering transactions involving a user (similar to tools provided by companies like Chainalysis, CipherTrace, Coinbase, and Elliptic but for the privacy coins and obfuscation technologies); 2) associate user distributed addresses with distributed ledger addresses of users (individuals or entities) suspected or known to be involved in nefarious activities; 3) provide a library of distributed ledger addresses associated with names of users engaged in known or suspected nefarious activities; 4) provide OSINT information/research about identified users, 5) has a mechanism for sharing investigative research between investigators, 6) ability to import/export investigative data in various file formats (e.g., csv and jpg); and 7) an estimate of the cost and return on investment (ROI).
Just noting – the example coins aren’t listed in alphabetical order. I think we can safely assume that Monero is IRS Enemy #1.
Then, the Request for Proposals, published 2020-09-04.
The original goals of the work:
The primary goals of this solution challenge are:
Provide information and technical capabilities for CI Special Agents to trace transaction inputs and outputs to a specific user and differentiate them from mixins/multisig actors for Monero and/or Lightning Layer 2 cryptocurrency transactions with minimal involvement of external vendors
Provide technology which, given information about specific parties and/or transactions in the Monero and/or Lightning networks, allows Special Agents to predict statistical likelihoods of other transaction inputs, outputs, metadata, and public identifiers with minimal involvement of external vendors
Provide algorithms and source code to allow CI to further develop, modify, and integrate these capabilities with internal code and systems with minimal costs, licensing issues, or dependency on external vendorsAll solutions must support cryptocurrency transactions that occurred in 2020. All solutions for the must support open standards for interoperability (common file formats, REST APIs, etc. as appropriate) to facilitate easy integration into internally developed IRS-CI cryptocurrency analytic systems and data.
When responding, please keep the three above goals in mind. We are looking for solutions which provide the best results for tracing obfuscated cryptocurrency transactions using Monero and/or Lightning, however all three goals are important and a solution that produces good statistical likelihoods of transaction parties but does not provide easy to integrate source code will not be rated as highly as one that provides both source code that can be integrated with CI systems and produces good statistical likelihoods of transaction parties. Contractors may choose to submit solutions to address Monero or Lightning transactions, or both as all approaches will be considered.
Note that the contractors were free to target either Monero or Lightning Network, at their option. So successful completion of these contracts didn’t necessarily mean a successful attack on Monero – they could have just gone for the easier target, LN.
The contracts were awarded to Chainalysis and Integra FEC, published 2020-09-30. The work was structured in two phases, $500k for Phase 1 lasting 8 months to develop a Proof of Concept, and then $125K for Phase 2 lasting 4 months for testing and deployment.
You can do a web search for the two contract IDs
Integra Contract No. 2032H8-20-C-00040 Chainalysis Contract No. 2032H8-20-C-00041
and you’ll find that the contracts were completed and both companies were eventually paid in full.
Integra Payments Chainalysis Payments
The contracts began on 2020-09-30 and ended on 2021-09-29. Three months later, 2021-12-10 Chainalysis started advertising support for Lightning Network.
I’ve never been able to locate any relevant announcements from Integra at all, but presumably if they had succeeded they’d be advertising to their customers too.
I haven’t found any follow-ups on those contract IDs listing whatever results were finally delivered, but if Chainalysis had tackled Monero and succeeded, I believe they would have blogged about it and advertised it as an offering to their customers. They haven’t done so.
Now with this info you can draw your own conclusions.
submitted by /u/homrqt
[link] [comments]