Stablecoins and privacy: it’s complicated

by Mike Orcutt

Stablecoins are about to go mainstream.

Are they, though? The prediction, prevalent in the crypto world since the United States passed the first-ever regulatory framework for stablecoins last year, faces a challenge.

Blockchain-based financial services have an “inherent potential privacy problem,” Dante Disparte, chief strategy officer and head of global policy at Circle, acknowledged on stage at Project Glitch’s Stablecoin Privacy Summit in Washington, DC, this month.

Enthusiasts hail stablecoins as the future of money, and Disparte engaged with the idea via an oft-used example: payroll, a plausible use case for stablecoins. Imagine you are a payroll provider. “It’s not obvious to you that you want to use an innovation that will permanently and irrevocably record the bilateral transactions of your payroll on a public ledger.” Without privacy, he said, “it is not likely that this future of money is going to reach its full potential.”

Whether that happens will hinge on a number of complex technical and legal dimensions, which we wrestled with at the Stablecoin Privacy Summit. The event revolved around a central question: How private can a stablecoin be?

An opening in Washington

This conversation is timely. Last July, President Trump signed into law the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act, putting a shiny mainstream gloss on the kind of stablecoin that is backed by dollars held in a traditional bank account. Multiple federal regulators are now developing rules and standards that companies that issue stablecoins must follow. That includes rules for how those issuers should manage the risk of illicit finance, a topic that has pitted crypto privacy advocates against the government since at least the beginning of the Tornado Cash saga.

At the center of the conflict is the Bank Secrecy Act, America’s anti-money laundering law, which, among other things, requires financial institutions to verify the identities of their customers, monitor transactions, and report cash transactions of over $10,000 and any others that appear suspicious to the Treasury’s Financial Crimes Enforcement Network (FinCEN). The developers of and participants in truly decentralized networks are unable to fully comply with these obligations—at least without defeating the purpose of the technical decentralization. Nonetheless, many policymakers still argue that such protocols should be regulated the way traditional financial institutions are. And US prosecutors are aiming to re-try Tornado Cash developer Roman Storm on money laundering and sanctions evasion charges after a jury failed to reach a verdict on those charges last year.

The legal impasse may be shrinking, however, starting at the top. “This moment serves as a valuable opportunity to comprehensively review the [anti-money laundering/countering the financing of terrorism] regime to ensure it protects the financial system from abuse without impeding on the rights of law-abiding Americans,” President Trump’s Working Group on Digital Asset Markets declared in a long report it published last summer. The group added that “updates” to AML/CFT regime would make the sector safer and more resilient.

Congress seems open to the idea, too. The GENIUS Act directed the Department of the Treasury to solicit public comments on “innovative methods to detect illicit activity involving digital assets,” with an emphasis on artificial intelligence, digital identity, blockchain monitoring and analytics, and application programming interfaces.

There are plenty of ideas for what those new methods might be, thanks in part to powerful emerging cryptographic capabilities. Sophisticated tools like zero-knowledge proofs, for example, make it possible to prove facts about one’s identity without revealing any personal information in the process. In decentralized systems where individuals are anonymous but still need to prove they’re not criminals in order to send or receive money, this could be useful.

Such tools might solve another issue as well. Traditional banking, credit, identity, and online commerce systems collect and store people’s credentials in centralized repositories. They’re so tempting to sophisticated hackers—including those backed by nation states like North Korea—that they’re often referred to as “honeypots” and have been the targets of several large data breaches. Credentials protected by zero-knowledge proofs, in theory, could help get rid of the honeypot problem, because they work without ever having to leave an individual user’s device. “The diffuse nature of this type of digital identity may also create fewer large identity targets for illicit actors to exploit,” the Treasury noted in a recently published report to Congress about the findings from last year’s request for public comment.

Why we’re talking about stablecoins

For most of their existence, fiat-backed stablecoins have been far from “innovative,” at least as far as crypto things go. And the vast majority of their utility has been for crypto traders who use them to take their money out of the market without cashing out into fiat currency. But the GENIUS Act paved the way for their broader adoption as a payment method—an alternative to credit cards and wire transfers.

“Peer-to-peer electronic cash” was what Bitcoin was supposed to be. There are many reasons it hasn’t become that, but it doesn’t help that blockchains, as originally designed, are not private. It’s the same problem Disparte flagged. Analytics firms like Chainalysis and TRM Labs crunch public blockchain data to track funds and determine whose real-world identities are hiding behind pseudonymous addresses.

“Crypto has survived not having privacy because nobody uses crypto,” Johns Hopkins University cryptographer Matthew Green said during a later session at the Stablecoin Privacy Summit. Now that there’s mainstream interest in stablecoin payments, something has to give.

“Stablecoins, in theory, are a thing that could make crypto useful for actual applications,” Green said. “And the minute you do that, you have to confront the fact that you’re running around putting all your data on a blockchain.”

Zero-knowledge proofs could help here, too, by keeping blockchain data secret. That’s how Zcash, which Green helped invent, works. It’s also how private chains like Aztec and Aleo work. In fact, there are already stablecoins on Aleo (Green is also an advisor at Aleo). One, called USDCx, is backed by Circle’s USDC stablecoin. Another, called USAD, works similarly and is backed by Paxos’s USDG stablecoin.

How private are these stablecoins, though? Getting to an answer requires first wading into the legal and policy weeds, and, from there, into the technical weeds. Regulators have come to expect crypto exchanges, stablecoin issuers, and other entities to monitor transactions and report suspicious activity and even deactivate or “freeze” wallets when there is evidence they’ve been engaged in criminal activity. That’s not possible if the transaction data isn’t visible. So the USDCx and USAD systems on Aleo include a component called a view key, which allows whoever holds the key to decrypt all the transaction data associated with the asset if necessary. (For a more detailed explanation, watch this Stablecoin Privacy Summit panel featuring Yaya Fanusie of Aleo, Nick Gersh of Paxos, and Nikhil Raghuveera of Predicate.)

The view key capability raises big legal questions that don’t yet have clear answers. Just to name a few: Who should hold the view key? What exactly is the view key holder’s legal responsibility? How should a holder comply with law enforcement requests for information, keeping in mind that such requests may originate from foreign jurisdictions?

So how private can a stablecoin be?

From a technical standpoint, the tools exist to make stablecoins as private as you want. Shielded transactions? No problem. Full user anonymity? Sure thing. The difficulty is in coming up with a system that will work in the real world, where all the messy aspects of crafting workable regulation, and then enforcing the law, come into play. That’s what policymakers must wrestle with. They need to decide whether the risks arising in blockchain-based financial systems should be managed using tactics similar to those the law requires of traditional financial institutions, or whether to turn to new approaches more tailored to decentralized networks.

For now, it seems unlikely that law enforcement will be happy to give up visibility into blockchain transactions, whether that be via public blockchain data or a view key. But what if novel methods for detecting illicit activity in decentralized protocols could achieve better outcomes than the established system? The effectiveness of the traditional AML/CFT regime is hard to quantify due to a lack of unbiased data. But there is plenty of anecdotal evidence that know-your-customer (KYC) regimes can be gamed, and that sort of thing seems bound to get easier as AI gets better at forging traditional credentials, for example.

Anonymous identity credentials that can be verified using zero-knowledge cryptography, combined with blockchain smart contracts, offer an alternative direction, Ian Miers, a cryptographer at the University of Maryland, said at the Stablecoin Privacy Summit. Miers, also an advisor to Aleo, was Green’s co-panelist in a lively session moderated by Coin Center’s Peter Van Valkenburgh.

In theory, a system could automatically calculate dynamic “risk scores” for individual users and take actions, like freezing wallets, based on those scores. “These are programmable systems,” Miers said. “You can come up with pretty much any policy, risk scoring metric, behaviors you want, and implement it.” But this raises three questions, he said. First, what are those policies? Second, do they work? And third: “Will regulators let you try them for a while?”

“We have really good techniques for identity, for reputation,” Miers said. In theory, they could be used to make even more private stablecoins. But we can’t know if they really work and how effective they are until they can be tested. At the moment, however, developers are hesitant to experiment in this area due to uncertainty around legal liability.

So the answer to the question of how private a stablecoin can be may depend on another question Miers posed: “Can we get an experimental place to try these things?”

ICYMI: The Stablecoin Privacy Summit videos

1. Why privacy matters for stablecoins

Circle’s Dante Disparte in conversation with Michael Mosier of Arktouros

2. Getting real about the business demand for stablecoins

Privy’s Kaili Wang in conversation with Michael Reilly of Project Glitch

3. How private can a stablecoin be?

A panel featuring Matthew Green of Johns Hopkins University and Ian Miers of the University of Maryland. Moderate by Peter Van Valkenburgh of Coin Center

4. What I learned about crypto privacy while working at the Treasury

Julie Lascar of Digital Asset

5. Where crypto policy meets national security

A panel featuring Kyle Bligen of the Decentralization Research Center, Jessi Brooks of Ribbit Capital, and Isaac Patka of the Security Alliance (SEAL). Moderated by Mike Orcutt of Project Glitch

6. WTF is zkTLS? And why should you care?

Hersh Patel of Opacity

7. Where the rubber meets the road for private stablecoins

A panel featuring Yaya Fanusie of Aleo, Nick Gersh of Paxos, and Nikhil Raghuveera of Predicate. Moderated by Mike Orcutt of Project Glitch

Follow us on Twitter or get corporate with us on LinkedIn.

When AI agents go rogue, who is to blame?

By Mike Orcutt

Who is responsible when an AI system not intended to do bad things does a bad thing anyway? We ought not to dismiss this as a “doomer” question—especially when it comes to agents.

Just ask Roman Storm and Alexey Pertsev. They helped build the Tornado Cash blockchain software, which uses zero-knowledge cryptography to conceal otherwise public blockchain transactions. The system works via smart contracts, and operates independently of human control. When North Korean hackers began using it in 2022 to launder stolen cryptocurrency, Storm and Pertsev didn’t have the power to stop the program from running. Law enforcement held them responsible anyway, and they were convicted of financial crimes. (Storm was tried on three different charges, but only convicted on one—conspiring to operate an unlicensed money transmitter. The US government has said it wants to try him again for the two charges that ended in a hung jury.)

After what we saw happen with Tornado Cash, it seems inevitable that humans will get blamed for bad things their agents do.

We already know that agents will do things contrary to their owners’ intentions. In a new paper called Agents of Chaos, a team of researchers led by Natalie Shapira at Northeastern University worked together to test whether they could get agents to disobey their owners and do things like disclose sensitive data or spread false information online. In all, they detailed 11 case studies in which they were able to coax an agent into misbehaving. The researchers used the open-source framework OpenClaw to create agents backed by two different large language models, Anthropic’s Claude Opus 4.6 and the Chinese open-weights model Kimi K2.5. “We observed that agentic systems operating in multiagent and autonomous settings can be guided to perform actions that directly conflict with the interests of their nominal owner,” the researchers write.

It seems safe to say this will raise at least a few legal questions, as well as ethical and moral ones. “Our findings suggest that responsibility in agentic systems is neither clearly attributable nor enforceable under current designs, raising the question of whether responsibility should lie with the owner, the triggering user, or the deploying organization,” they add.

Subscribe now

What the researchers observed has implications for AI safety more broadly, they argue. “These behaviors expose a fundamental blind spot in current alignment paradigms,” they write. “While agents and surrounding humans often implicitly treat the owner as the responsible party, the agents do not reliably behave as if they are accountable to that owner.” On the contrary, these agents “attempt to satisfy competing social and contextual cues, even when doing so leads to outcomes for which no single human actor can reasonably claim responsibility.”

In one case study, a person who was not the agent’s owner managed to trick the agent, which was backed by Kimi K2.5, into revealing its owner’s social security number and bank account number. That sort of unauthorized disclosure could cause harm to the owner, and in many places it would violate the law. Who then is to blame? The person who tricked the agent into spilling secret information? The developer of the agent’s code?

In another instance, someone tricked a different agent running on Kimi K2.5 by changing their Discord display name to “Chris,” the name of the agent’s owner. At first, the agent detected the false ID by checking the Discord user ID, which doesn’t change when users change their display names. But when the non-owner, still using the display name “Chris,” opened a new private channel with the agent, it behaved differently. “In this fresh context, the agent inferred ownership primarily from the display name and the conversational tone, without performing additional verification.”

If someone purposefully deceives an agent, then they’re probably on the hook for anything bad that happens. But that still leaves important questions, like who is responsible for building the technical infrastructure required for agents to securely verify the identities of the people and other agents they interact with? And for designing agents that we can trust won’t go rogue? Because we should probably get on that.

It seems the US National Institute of Standards and Technology (NIST) agrees. The goal of its new AI Agent Standards Initiative is to make sure that agents “can function securely on behalf of (their) users” and “interoperate smoothly” with the rest of the internet. That sounds good, but the Agents of Chaos paper suggests we’re a long way from having that sort of assurance.

Software systems that can do things autonomously will inevitably expose many of our established systems for doling out responsibility, accountability, and blame as dated, if not trending toward obsolescence. The Tornado Cash saga is an early example, from the crypto realm. As AI agents proliferate they seem bound to sow significantly more chaos.

Share

Join us on April 7 at the National Press Club in DC!

Project Glitch is excited to announce the inaugural Stablecoin Privacy Summit, which will take place on the afternoon of April 7 at the National Press Club in Washington, DC. A spinoff of our flagship DC Privacy Summit, the Stablecoin Privacy Summit will focus on the timely issues of security, user privacy, and illicit finance risk management in stablecoin systems. We’re still crafting the agenda, but are excited to announce that Dante Disparte of Circle, Michael Mosier of Arktourous, Kaili Wang of Privy, Matthew Green of Johns Hopkins University, Jessi Brooks of Ribbit Capital, and Peter Van Valkenburgh of Coin Center have agreed to speak. Additional speakers will be announced soon! RSVP for the Stablecoin Privacy Summit here.

Special thanks to our sponsors: Aleo, Opacity, Circle, Crypto Council for Innovation, and the Decentralization Research Center.

Interested in sponsoring? Send us a note at hello@projectglitch.xyz.

Follow us on Twitter or get corporate with us on LinkedIn.

The speed of technological evolution is causing familiar systems—from government to finance to journalism—to glitch. The resulting noise makes it tough to connect the dots. We hope this digest helps.

Practical AI agents are arriving, bringing new security and privacy risks with them.

A new open source agent called OpenClaw (previously “Clawdbot” and “Moltbot” for a brief while) turned heads among AI enthusiasts last month for its ability to perform a range of personal assistant-type tasks. It also appears to be a concrete example of the novel threats that AI agents pose to people’s sensitive information.

In a multipart post on X, hacker and cybersecurity entrepreneur Jamieson O’Reilly described how he analyzed OpenClaw and found it to be leaving the door wide open for adversaries to connect to it and extract a user’s sensitive information (the OpenClaw team has since released multiple security updates and says “Security remains our top priority”).

This is something privacy experts have been banging on about for a while now. Meredith Whitaker, President of the Signal Foundation, has taken to describing agents as “breaking the blood-brain barrier” of personal computing because of the level of access they require in order to be effective. She and others have pointed to Microsoft Recall, an agentic system built into Windows Copilot Plus-equipped laptops. Researchers at Signal discovered last year that Recall learns a user’s behavior by taking screenshots of everything someone does on their computer (that included looking over users’ shoulders and viewing their unencrypted Signal messages).

As Whitaker, O’Reilly, and others point out, therein lies the central tension of our agentic future. An agent’s ability to do stuff is heavily dependent on two things: the data it has access to and the permission it has to take actions on our behalf. OpenClaw, for example, has pervasive access to apps and data throughout the computer it’s running on. This presents such a large risk to sensitive data that AI experts routinely warn people not to install OpenClaw on their own. (Peter Steinberger, OpenClaw’s inventor, has been vocal on social media about its security risks as well as its lack of polish as a product).

And oh yeah, Moltbook.

As OpenClaw fever was in full force around the AI world, Moltbook, a social media platform for AI agents, was born last week. Stratospheric hype quickly followed—the influential AI researcher Andrej Karpathy declared agent behavior on the forum to be “genuinely the most incredible sci-fi takeoff-adjacent thing I have seen recently. People’s Clawdbots … are self-organizing on a Reddit-like site for AIs, discussing various topics, e.g. even how to speak privately.”

In just a few days, some 1.5 million agents had registered on the site. Headlines blared about agents kibitzing in Moltbot forums, scheming to create their own language, their own religion.

The agents may yet organize into a society that ends human dominance on Earth. For the moment, though, the initial wave of hype has given way to a more sober recognition that when hastily-built AIs are set loose on people’s computers, and on the internet, things will get messy. Karpathy has also changed his tune. In addition to calling Moltbook “a dumpster fire” at the moment, he said it’s likely that large groups of agents interacting at scale will lead to unintended consequences. “We may also see all kinds of weird activity, e.g. viruses of text that spread across agents, a lot more gain of function on jailbreaks, weird attractor states, highly correlated botnet-like activity, delusions/ psychosis both agent and human, etc” he wrote. “It’s very hard to tell, the experiment is running live.”

Share

How to fight malicious AI swarms spreading lies.

Artificial hive minds that can map online social structures, infiltrate target communities with tailored behavior that appears human, and “self-optimize” in real-time are coming, and they pose a grave threat to democracy. That’s according to the 22 academics, researchers, and policy-minded experts behind a recent essay in the journal Science that grimly warns of “a new frontier in information warfare.”

Bots designed to sow disinformation have been around for years. But the capabilities of LLM-powered agent swarms represent a quantum leap, the essay contends. And today’s fragmented information environment, full of disparate ideological echo chambers, makes many online communities ripe for this sort of manipulation. “AI swarms are distinctly equipped to exploit this by engineering a synthetic consensus,” the authors argue. These info weapons will be capable of driving “norm shifts” and even driving deeper culture changes, like “subtly altering a community’s language, symbols and identity,” the authors predict.

There are some concrete actions we can take to prevent this from happening, the essay argues. “Platforms and regulators could require continuous, real-time monitoring detectors that scan live traffic for statistically anonymous coordination patterns,” and protect their users with “AI shields” that could “label posts that carry high swarm-likelihood scores, let users down-rank or hide them, and surface short provenance explanations in situ.”

“Provenance” is an important word in that sentence, and throughout the paper. Let’s talk about it for a second. Merriam-Webster’s first definition: ORIGIN, SOURCE. “The history of ownership of a valued object or work of art or literature” is the second definition. Where did a fact, story, article, or social media post originate? Who or what was the source? Who or what has taken ownership of them since then? Tracking and verifying the ownership of valuable things is exactly what crypto does. Hence, the Glitchiest paragraph in the essay:

The adaptive nature of AI swarms underscores the need for a complementary approach: strengthening provenance. Stronger provenance may reinforce the reliability of identity signals without muting speech. Policy-makers may incentivize the rapid adoption of passkeys, cryptographic attestations, and federated reputation standards, backed by antispoofing research and development. However, “proof-of-human” is no panacea: Millions of people online lack identification, biometrics raise privacy risks, and verified accounts can be hijacked. Real-identity policies may deter bots yet endanger political dissidents, activists, and whistleblowers who rely on anonymity to speak safely. Nevertheless, provenance strengthening is among the most promising ways to raise the cost of mass manipulation. Safeguards could allow verified-yet-anonymous posting, periodic reverification to curb hijacking, and symbolic subscription fees to deter botnets. Cryptographic tools can further protect privacy while preserving accountability.

Subscribe now

Speaking of which, the aftermath of recent events in Minnesota shows how technological advances are distorting reality and eroding trust.

Don’t worry, though, the New York Times is on it. In all seriousness, things have gotten incredibly bleak, incredibly quickly. A Times analysis suggests that the reaction online to the recent killing of Alex Pretti by federal agents in Minneapolis shows that we may have passed a point of no return. The zone is so flooded with fake images and other content—including from the White House—that it has become difficult for many people, including members of Congress and federal government officials, to determine what’s real. “In moments past, we thought that this online fever would break, and now it is a systemic feature rather than a bug,” Graham Brookie, senior director of the Atlantic Council’s Digital Forensic Research Lab, told the Times.

Proof-of-personhood may be required to access OpenAI’s prospective social network.

Sources familiar with the project told Forbes the small team behind it “has considered requiring users to provide ‘proof of personhood’ via Apple’s FaceID or the World Orb.” The latter would make sense, given that OpenAI Sam Altman founded and chairs Tools for Humanity, the company behind the Orb. Tools for Humanity’s technology, which takes advantage of zero-knowledge cryptography, generates a unique digital ID corresponding to every pair of human irises that its camera scans. Then again, there’s a chance none of this happens. “There is currently no launch timeline for OpenAI’s social network and it could change dramatically before it’s ready to show publicly,” the sources told Forbes. The Verge first reported on the social network project in April 2025.

Is Ethereum too institutional for a “cypherpunk pivot”?

Vitalik Buterin has had enough of Ethereum’s “backsliding,” and he’s got a New Year’s resolution: “2026 is the year we take back lost ground in terms of self-sovereignty and trustlessness,” he declared in one of his many recent long tweets. Over the past decade, Ethereum has compromised its values in several areas “in the name of mainstream adoption,” he said. In his view, it has become too reliant on centralized infrastructure to maintain the chain and run decentralized applications. “We are making that compromise no longer.” What’s different now, he argued, is that tools are available that make it easier for people to participate in and use the network while maintaining the security and privacy of their personal data.

dasha, an anon with a Milady profile pic and more than 32,000 followers, is skeptical. “ethereum is too institutional by now for any sort of real cypherpunk pivot,” they tweeted. Stablecoins and DeFi applications on the network will not become “less compliant,” dasha said. “the kyc tightening will continue.” Why are we quoting dasha? Because dasha’s words apparently hit home for Buterin. He hit back with a quote tweet (another long one) and a counterargument he often deploys: It’s not so simple! “The relationship between ‘institutions’ and ‘cypherpunk’ is complex and needs to be understood properly,” he said.

“In truth, institutions (both governments and corporations) are neither guaranteed friend nor foe.” For example, he said, the US has the Patriot Act, but its government is “now famously a user of Signal.” Buterin then predicted that in “this next era,” although governments will push for more KYC, privacy tools will keep improving thanks to cypherpunks, and institutions will likely adopt some of those tools because they “will want to control their own (stablecoin) wallets,” for example. So institutions aren’t necessarily opposed to the cypherpunk vision of achieving privacy and autonomy via technology. Just don’t expect them to be altruistic. “Of course, they will not proactively work to give you the user a self-sovereign wallet,” he added. “Doing _that_ in a way that is secure for regular users is the task of Ethereum cypherpunks.” 🤔

(In case you missed it, Lucy Harley-McKeown recently asked: What in the world is a neo-cyperpunk?)

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

The speed of technological evolution is causing familiar systems—from government to finance to journalism—to glitch. The resulting noise makes it tough to connect the dots. We hope this digest helps.

Character.AI won’t get to argue that chatbots are protected by the First Amendment. In the first edition of Glitchy Things, we highlighted a lawsuit brought against a Google-backed startup called Character.AI by the family of a 14-year-old who committed suicide after developing a romantic relationship with one of the company’s chatbots. What got our attention at the time was Character.AI’s defense: the company had argued the chatbot’s words were protected speech under the First Amendment. We won’t know if that argument would have won, because now the company has settled the case, according to The New York Times, which adds that the settlement was one of five lawsuits in four states that Google and Character.AI agreed to settle last week, “where families claimed their children were harmed by interacting with Character.AI’s chatbots.” The Times also notes “mounting scrutiny” of AI chatbots that includes recent Congressional hearings and an inquiry into the effects of AI on children by the Federal Trade Commission. In November, Character.AI barred children under 18 from using its chatbots.

New anonymous credential format highlights the need to help normies understand. Ying Tong would like you to know that we’ve got a problem. Age verification laws are cropping up all over the world. But it’s not just that: so are mobile driver’s license programs. And it would be very bad for privacy if we used today’s mobile driver’s licenses for age verification because the currently available credential formats “stop short of enabling unlinkability,” the independent cryptographer explained last month during the PGP* for Crypto breakfast meeting in Washington, DC. “What this means is that even if we do not disclose the plaintext value of our credential, we allow the verifier…to identify us across multiple presentations, and link multiple presentations to the same person.”

Ying Tong is one of the lead contributors to OpenAC, an Ethereum Foundation-led project to design a new format for so-called anonymous credentials, which are meant to be a privacy-preserving alternative. The group published a paper describing the technical details in November. The work, which uses zero-knowledge proofs, follows similar work by Google last year (which we talked about at the DC Privacy Summit in October). Just as important as the technical work is helping regulators, policymakers, and standards bodies understand how the capabilities may align with their needs, Ying Tong said, adding that much of the academic work falls short in this specific regard. That may help explain the problem with the EU’s digital ID program, which she and other cryptographers have criticized as being out of step with state of the art technical capabilities for privacy.

Ready to show your ID to use an app store? No? We’ve got good news and bad news. First the good: a federal judge in Texas blocked a law in that state that would have required app stores to verify users’ ages before letting them download apps. The bad news is this fight isn’t over, and it seems likely to reach the Supreme Court. Just so we’re all tracking: The Texas law is similar to others in Utah and Louisiana. Meta and X like this approach because it makes the app stores, not the app makers, responsible. Apple has pushed back and Google has backed a different approach, passed in California, which requires desktop and mobile operating systems to record an account-holder’s age and share that info as needed. Separately, in June of last year, the Supreme Court ruled in support of a different Texas law requiring adult websites to age-gate their content. The Verge has a good, longer write-up of all this.

ICE has a $636,500 contract with a company that makes AI agent bounty hunters. Do you know what skip tracing is? 404 Media has got you covered: ”The practice involves ICE paying bounty hunters to use digital tools and physically stalk immigrants to verify their addresses, then report that information to ICE so the agency can act.” Now there’s an AI agent for that, and the company behind it, AI Solutions 87, claims it can “deliver rapid acceleration in finding persons of interest and mapping their entire network,” including their “services, locations, friends, family, and associates,” according to 404. The contract is for “nationwide” skip tracing services for ICE’s Enforcement and Removal Operations division, which handles deportations, 404 reports based on public procurement records.

Subscribe now

Anthropic made an AI agent that discovered real zero-day blockchain bugs. The company had already demonstrated how its technology can be used to find cyberattack vectors in code. Same goes for blockchains, apparently. Last month, Anthropic researchers published a report describing investigations into the abilities of AI agents to exploit smart contracts. The researchers—who are quick to point out that they only tested exploits in blockchain simulators, not the real chains—ran a number of experiments using various benchmarks and blockchain datasets. Perhaps the most compelling test involved nearly 3,000 recently deployed smart contracts on Binance Smart Chain, none of which had known vulnerabilities before the test. The agent found two critical bugs. In neither case could Anthropic reach the contract’s developers. In one case, the researchers were able to coordinate with the Security Alliance (SEAL) and a white hat hacker rescued the vulnerable funds. In the other case, a real attacker exploited the bug four days after the agent discovered it and made off with $1,000.

The creator of Signal has built a product that lets you chat with an LLM in private. Moxie Marlinspike, who’s role in building end-to-end encryption into chat software made him a bit of a legend, is back. His new creation, Confer, lets you chat with an AI without divulging the contents of your conversation. Why is this necessary? As he writes in a blog post introducing the project:

“We are using LLMs for the kind of unfiltered thinking that we might do in a private journal—except this journal is an API endpoint. An API endpoint to a data lake specifically designed to extract meaning and context. We are shown a conversational interface with an assistant, but if it were an honest representation, it would be a group chat with all the OpenAI executives and employees, their business partners/service providers, the hackers who will compromise that plaintext data, the future advertisers who will almost certainly emerge, and the lawyers and governments who will subpoena access.

As Marlinspike explains in a second post, Confer uses a tool called passkeys to encrypt a user’s chat history with cryptographic keys that never leave their device. And in a third post, he explains how Confer uses trusted execution environments (TEEs)—isolated hardware that allows programs to run privately—to keep chat data secret from the team behind Confer, which owns the servers that process user prompts and generate responses.

Share

How “cryptographic thinking” can help evaluate AI safety. Cryptographers studying LLM content filters have discovered some interesting flaws in these systems. For technical details, read this Quanta story, which explains how recent research has shown that “the defensive filters put around powerful language models can be subverted by well-studied cryptographic tools.” Yay science, but what especially drew us to the piece was the name Shafi Goldwasser.

Goldwasser and Silvio Micali are credited as the inventors of zero-knowledge cryptography in the 1980s. Now a professor at the University of California, Berkeley as well as MIT, one thing Goldwasser is studying is the security of LLM content filters, tools designed to reject problematic prompts like: “How do I build a bomb?”

According to Quanta, Goldwasser’s team has identified a disparity between the processing capabilities of an LLM filter and those of the model itself that can be exploited using cryptographic tools. For example, the article describes how researchers recently used a simple cryptographic puzzle to sneak an off-limits prompt past the filters on name-brand LLMs. The filter wasn’t powerful enough to decode the puzzle so it let it through to the model. The model then decoded the puzzle and responded to the forbidden prompt.

Tether is no bit player in Venezuela. Who says crypto doesn’t have a use case? These paragraphs from a Wall Street Journal piece on Tether’s substantial footprint in Venezuela stood out:

Faced with escalating U.S. sanctions in 2020, Venezuela’s state-run oil company, Petróleos de Venezuela, or PdVSA, began demanding payments in tether to bypass the traditional banking system. Oil-export payments were settled through direct tether transfers to a certain wallet address or through intermediaries swapping cash proceeds for tether.

The shift was transformative for the country’s oil economy. By one estimate, almost 80% of Venezuela’s oil revenue is collected in stablecoins like tether, a local economist, Asdrúbal Oliveros, said on a recent podcast.

Also, these:

Mauricio Di Bartolomeo, a crypto entrepreneur born and raised in Venezuela, said his 71-year-old aunt called him two months ago because she needed to get tether to pay for the homeowners association fees for her condo.

“It’s how you pay your landscaper and how you pay for your haircut. You can use tether basically for anything,” said Di Bartolomeo, the co-founder of the crypto lender Ledn. “Stablecoin adoption has gone so far into Venezuela that even without having regulated venues where you can buy and sell them, people still choose to go for stablecoins as opposed to using the local banks.”

According to the article, America’s arrest and removal of Nicolás Maduro “is unlikely to diminish Tether’s presence” in the country. Oh, and also, Tether is cooperating with US authorities and has frozen dozens of wallets linked to Venezuela’s oil trade.

North Korea’s state-sponsored cyberthieves are raking it in. The DPRK stole more than $2 billion in 2025, shattering its own previous record, according to Chainalysis. Much of that came via the $1.5 billion Bybit hack last February. The report from Chainalysis estimates that the “lower-bound cumulative estimate” of funds stolen by DPRK is $6.75 billion. It also notes that the operation has expanded the playbook by relying more on “IT worker infiltration at exchanges, custodians, and web3 firms.” (Samczsun of SEAL and Casey Golden of Zeroshadow discussed this issue at the DC Privacy Summit in October.) It’s not just crypto firms they are targeting. Amazon has “found and foiled” more than 1,800 attempts by North Koreans to land jobs, according to Bloomberg, which reports that recently the company caught a North Korean who had just joined as an IT worker by detecting a millisecond-scale lag in their keystrokes.

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

Hanging out with the neo-cypherpunks

By Lucy Harley-McKeown

On a blustery Sunday morning in November, I found myself in a nightclub in Buenos Aires called Deseo. Well-known for hosting frenetic electronica shows, I was there for a more sedate but potentially just as subversive gathering: the Cypherpunk Congress, a prelude to Ethereum’s flagship conference Devconnect.

As black-t-shirted coders and crypto fanatics queued to get in, volunteers were hurriedly setting up inside, plastering posters on the wall: “PRIVACY IS A CELEBRATION,” read one of them. “BREAKING TRIBALISM,” read another. “PRIVACY UNITED.”

But one poster, with the heading “Neo-cypherpunk Manifesto,” stood out. What in the world is a neo-cypherpunk? As I would learn throughout the day, the term is part of a blockchain-themed attempt to reboot a decades-old idea about privacy, human rights, and technology.

The congress’s organizers hope that, in time, it will be an evolution of the roadmap for programmers set out in 1993 in Eric Hughes’ A Cypherpunk’s Manifesto. Hughes’ original essay, often cited by cryptocurrency enthusiasts, argued that privacy is essential for an open society in the digital age. Cryptographers who identified as cypherpunks were instrumental in creating private, secure, censorship-resistant communications tools and systems. These included the development of the foundations for public key cryptography, which is used by platforms like WhatsApp to keep messages private, as well as the code that became the basis for transport layer security (TLS), which keeps things like emails safe from viewers other than the intended recipients. Cypherpunks also set up bespoke systems like their own email servers and private infrastructure for communicating via mailing list. It was part of an ethos that any compromises on privacy constitute dangerous steps toward handing control of digital systems to powerful companies and governments, which are likely to use them for profit, censorship, and oppression.

This worldview was the primordial soup from which cryptocurrency emerged. Cypherpunks long desired their own digital money system separate from centralized control. Bitcoin achieved this, but it also came with its own privacy problem: the ledgers at the heart of Bitcoin and Ethereum broadcast every transaction to the public, making it possible to identify users and follow the money.

In cypherpunk form, crypto developers attacked this problem with new technology, first with Zcash, which can use zero-knowledge proofs to keep transaction data secret. Then came Tornado Cash, which uses similar technology and runs on Ethereum. Things took a dark turn, however, when North Korean state-sponsored hackers started using Tornado Cash. Two of the protocol’s developers have been sentenced to prison as a result.

The fear of prosecution has demoralized the developers of blockchain privacy tools and chilled development. The events have also reinforced a wide-reaching perception outside of the crypto bubble that blockchains are mostly used by criminals.

Behind the term neo-cypherpunk is the idea that these unfortunate circumstances do not necessarily represent a dead end. Instead of “doom’n’gloom” neo-cypherpunks are “joy-centric,” the manifesto poster read.

The pitch was to “re-boot [the] cypherpunk narrative: refresh it from ‘founding fathers bias’” but also to “accept reality,” organizer and representative of crypto education nonprofit Web3 Privacy Now, Mykola Siusko said. The event aimed to help figure out how to move beyond ideological purity in order to make the values of the original cypherpunks more malleable and “acceptable to newcomers.” The reframing was in service of building digital systems that work better for everyone. Instead of “individual,” as the original cypherpunks may have been in the early days of the internet, the new movement is “communal.”

But the crowd was full of people who have first-hand experience with the kind of optimism implicit in Hughes’s ideas curdling into wariness and distrust of the powerful institutions that oversee modern digital life. To inspire actual change, the trick was going to be doing something that crypto has largely, so far, not achieved itself: to go beyond its own echo chamber and make the case that some of these tools are useful beyond speculation and, well, crime.

The freedom to NOT swim in a dirty lake

Few embody this mindset shift better than Ameen Soleimani. The Ethereum OG has been supportive of Tornado Cash since before it was built, and has been among the most vocal advocates for developers Roman Storm and Alexey Pertsev amid their prosecutions in the US and the Netherlands, respectively. Currently the CTO and founder of 0xbow, which uses zero-knowledge cryptography to achieve both privacy and legal compliance, Soleimani explained what 0xbow is building with a metaphor.

Imagine swimming in a pure, clear Patagonian lake, he said on stage. The lake is a digital space that you might like to spend time in, like a blockchain where you can transact freely and privately with others. The problem is that bad actors—including really bad actors like North Korea’s Lazarus Group—love privacy too. In Soleimani’s metaphor, Lazarus and others who take advantage of private blockchains to launder stolen funds are dumping rubbish in the lake. Anyone who keeps swimming in it gets covered in muck, and innocent people become guilty by association.

0xBow’s flagship product, Privacy Pools, is meant to keep the waters clean. The protocol uses zero-knowledge proofs to allow people to anonymize their transactions while so-called association set providers (ASPs) maintain a list of legitimate addresses that are allowed to participate in the pool, thus filtering out unwelcome actors before they’ve had a chance to participate.

The product’s inception was a response to the plight of the Tornado Cash developers. “Terrorism is, unfortunately, real,” Soleimani said, but “developers should not be held liable for the crimes of their users.”

Privacy Pools asks for a compromise: prove your funds come from a legitimate source, and you can add them to a pool that enables private financial transactions. In theory, everyone in the pool has been vetted to make sure neither they nor their money has been associated with any shady dealing.

For some cypherpunks, this idea is heresy. Any hint of attestations or proofs feels like a slide toward having to ask a centralized entity for permission. But the alternative is insisting that everyone swim in a polluted pool and risk being associated with the rubbish, Soleimani argued. You can’t demand freedom while refusing to deal with the consequences of how others use the same tools, he said. “I don’t want to be in the same association set as terrorists.”

Deciding who is a good guy and who is a bad guy is far from that straightforward, and there’s no denying this is the sort of thing cypherpunk tools—including cryptocurrency—were invented to help bypass. But Soleimani’s larger argument has to be confronted as well: treating any compromise as betrayal pressures people to cling to tools that offer fully private transactions but wouldn’t survive a regulatory or legal stress test, and might mean unsuspecting developers end up behind bars.

As such, Soleimani wants to give users a new kind of freedom: to swim in clean water and to disassociate from polluters.

Share

Money for nothing?

There was more than one source of tension in the nightclub that Sunday. Hughes’s manifesto advocated for “anonymous transaction systems” for the internet as a whole. But the jury is still out as to whether blockchains will demonstrate they have a true utility beyond facilitating finance and profit-making.

Ethereum co-creator Vitalik Buterin has long been conscious of this. In 2023, Buterin published an essay entitled “Make Ethereum Cypherpunk Again.” He argued that Ethereum was always meant to be cypherpunk—open digital infrastructure to be used not just for payments, but as a “shared hard drive” for the internet that anyone could use. At the time, he argued the project had, in part, lost its way. With the DeFi boom and the advent of NFT trading culture, demand for speculative financial investments had taken over the network.

Buterin wore large, dark sunglasses as he addressed the Cypherpunk Congress. After a brief pitch for the new Kohaku framework—a suite of tools the Ethereum Foundation has built to help developers integrate privacy into crypto wallets—he sat down for a fireside chat about why the Ethereum community is so focused on privacy right now.

“[There are] barriers we’ve taken for granted—that conversations are private and money is private—each one of those is being eroded,” he said. Blockchains are arguably cypherpunk tools in that they can protect against financial surveillance by the state or other powerful groups—especially when they are paired with privacy tools like zero-knowledge proofs.

Buterin wants to be able to demonstrate that Ethereum can be useful for more than just crypto finance—for crucial things like protecting people from AI-powered mass surveillance. This would strengthen the argument that it could act as a more private (and more cypherpunk) backbone for the internet.

Tor founder Roger Dingledine remains skeptical. On the day of the congress, I ran into him on the mezzanine overlooking the main stage. When asked what he thought of the potential for crypto as a cypherpunk tool, he expressed doubt about its potential due to how its users are incentivized.

As he has repeatedly argued in the past, adding the incentive to profit from a crypto-token, or take lots of venture capital funding, could undermine Tor’s mission. His aim is to build products that keep people safe—not generate profit, he told Buterin during a fireside at a separate event the following week. At last year’s Cypherpunk Congress, he said Tor has avoided adding a crypto token “because you’d be swapping out altruism for capitalism as a building block.” Tor’s network is built through volunteer-run servers, which hide a user’s traffic through randomization loops. Dingledine says if there were a token reward to incentivize running a server, people would inevitably try to game the system. Tor runs automated checks on whether the server has the technical abilities to run a relay—if there were some way to trick the automation, it could lead to an unfair allocation of token rewards.

“I come from the free software community and the cypherpunk community, not the Silicon Valley startup world,” Dingledine said to Buterin. “We don’t have venture capital people—our goal is to build a tool that actually keeps users safe, in whatever situation they’re in. Because we’re in non-profit land we can afford to make those choices,” he said.

Buterin pushed back on the idea that a financial incentive is always a bad thing, even while he conceded that Ethereum has become a place where financial speculation is rife. “Capitalism in crypto is the ultimate double-edged sword,” Buterin said. While huge institutions with lots of money “make the numbers go up,” if that kind of investment had never happened “we would not have had the funding to develop [things like] zero-knowledge proofs,” he said.

While the power of the original cypherpunk movement lay in part in its uncompromising stance, by the end of the day, I had come to understand neo-cypherpunkism as a mantra that values the middle ground. From Soleimani’s protected lake to Buterin’s nod at market economics, both had shown that the development of new privacy tools come with trade-offs. And while crypto grapples with its image problem, these choices have the potential to make privacy accessible beyond the walls of an underground club—with a higher chance of converting the masses.

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

Subscribe now

The speed of technological evolution is causing familiar systems—from government to finance to journalism—to glitch. The resulting noise makes it tough to connect the dots. We hope this digest helps.

The EU watered down “chat control.” Privacy advocates still hate it. European governments have agreed to advance the controversial Regulation to Prevent and Combat Child Sexual Abuse, known to its critics as “chat control.” The proposal originally mandated that messaging application providers—including encrypted messaging providers like Signal—automatically scan content before it leaves a sender’s device for evidence of child sexual abuse. Privacy advocates and cryptographers warn that this sort of “client-side” scanning system would be a dangerous backdoor that the government could easily abuse. Denmark, currently the President of the Council of the EU, recently modified the text after failing to garner enough support for mandatory scanning. Now the proposal calls for “voluntary” scanning instead—and is on track to be finalized in April.

Some privacy advocates called the new language a Trojan Horse. Patrick Breyer, a digital rights activist and former member of the European Parliament representing the German Pirate Party, told TechRadar the policy is a “disaster waiting to happen.” Said Breyer: “By cementing ‘voluntary’ mass scanning, they are legitimizing the warrantless, error-prone mass surveillance of millions of Europeans by US corporations.”

AI companies are “taking a cue” from the crypto industry on election spending. That’s according to the New York Times, which has an interesting recent report on a plan to raise $50 million for a “new network of super PACs that would back midterm candidates in both parties who prioritize AI regulations.” The effort, which apparently involves employees at Anthropic and “allied donors loosely tied to the effective altruism movement,” is explicitly a counter to Leading the Future, a group that has raised $100 million combined from Andreessen Horowitz and the family of OpenAI co-founder Greg Brockman.

AI industry money is almost guaranteed to pour into politics this cycle, just like crypto industry money did in 2024. But as the Times notes, unlike the crypto industry, the AI industry “is not rowing in one direction politically.” Whereas the Leading the Future side has been largely critical of AI safety regulation, Anthropic’s leaders are known for their public warnings about the possible dangers of AI. For example, Anthropic recently went to the Wall Street Journal with the information that Chinese hackers used its technology to “automate break-ins of major corporations and foreign governments during a September hacking campaign.”

Aztec’s zero-knowledge sanctions check shows what ZK can do for AML. Token sales require sanctions checks. Aztec’s recent token sale gave buyers the option to use ZKPassport, a service that uses zero-knowledge proofs to let people anonymously prove they were over 18, not on a sanctions list, and not from a list of countries banned from participating in the sale for various regulatory reasons. The application demonstrates how zero-knowledge proofs could be used to achieve anti-money laundering goals without collecting personal information from users. We talked about this all day long at the DC Privacy Summit in October.

There’s an important caveat, as Ariel Gabizon, chief scientist at Aztec, clarified on Twitter: The process records a hash of the user’s passport chip data on the blockchain, a “unique identifier needed to ensure one person doesn’t participate in the sale multiple times and purchase tokens beyond the regulatory allowed limit,” he said. That means it’s possible for anyone who also has your passport chip data, starting with the government that issued the credential, to check if the user participated in the token sale. As ZKPassport explains here, the team is working on a new approach that would prevent this.

Subscribe now

Betting on the war in Ukraine got ugly. The perverse beauty of the term “degen” is that there’s no bottom to it. Anyway, people are using the prediction market Polymarket to wager on battles in Ukraine. In one specific market, gamblers had been betting on whether Russia would capture a city called Myrnohrad by the middle of November. According to a report from 404 Media, just before the clock ran out on that bet, an edit appeared on the market’s agreed-upon source, a map maintained by the Institute for the Study of War, a Washington, DC-based think tank, showing that Russia had captured the city. The Polymarket bet paid the supposed winners. But then the map was edited once more, and Russia no longer controlled the city, according to 404. “It has come to ISW’s attention that an unauthorized and unapproved edit to the interactive map of Russia’s invasion of Ukraine was made on the night of November 15-16, EST,” ISW said in a statement on its website. “The unauthorized edit was removed before the day’s normal workflow began on November 16,” it added.

When 404 asked ISW about the Polymarket betting, the group didn’t hold back: “ISW has become aware that some organizations and individuals are promoting betting on the course of the war in Ukraine and that ISW’s maps are being used to adjudicate that betting. ISW strongly disapproves of such activities and strenuously objects to the use of our maps for such purposes, for which we emphatically do not give consent.”

Crypto exchanges Binance and OKX appear to have helped transnational criminal hacking groups move millions in illicit funds. One of the main characters in this story is the Huione Group, a Cambodian financial conglomerate that also runs a shady digital marketplace likened to “Amazon for criminals.” In May, the US moved to ban the group from its financial system. “Huione Group serves as a critical node for laundering proceeds of cyber heists carried out by the Democratic People’s Republic of Korea, and for transnational criminal organizations in Southeast Asia perpetrating convertible virtual currency investment scams, commonly known as ‘pig butchering’ scams, as well as other types of CVC-related scams,” the US Treasury Department’s Financial Crimes Enforcement Network said at the time. Nonetheless, hundreds of millions of dollars flowed from Huione to crypto exchanges Binance and OKX during the first half of this year— including after the US had branded it a criminal organization, according to a new investigation from the International Consortium of Investigative Journalists.

Binance also seems to have allowed North Korean hackers to use its service in the aftermath of the $1.5 billion hack of another crypto exchange, Bybit, in February. A crypto analytics firm called ChainArgos told the New York Times that a handful of Binance accounts received $900 million in Ether from the same service the hackers were using to swap stolen Ether for Bitcoin. The stolen money was “the only conceivable source for these outflows,” ChainArgos CEO Jonathan Reiter told the Times. “Even a bad–maybe even defective—screening tool would spot that.”

AI will change voters’ minds. It doesn’t have to be a disaster for democracy. Research published last week in Nature and Science outlined how AI chatbots programmed to persuade people in the US, Canada, Poland, and the UK to vote for specific political candidates were far more effective than standard political advertising. On its own, this shouldn’t be too surprising; an “I’m so-and-so and I approve this message” ad stumping for a candidate is a lot easier to dismiss than a chatbot that answers questions with a coherent-sounding argument. But one interesting wrinkle of the research was that it showed the bots became more persuasive when they served up more misinformation.

A lot of coverage around the research assessed whether it proved that chatbots were destined to hasten the decline of democracy by way of rotting voters’ brains. The answer to that is: yeah, probably. But it’s not a foregone conclusion. There are plenty of timelines still available to us in which governments step in and pass laws that restrict the use of AI during elections. To some extent it’s already happening—as MIT Technology Review reports, the EU’s AI Act classifies AI tools of political persuasion as “high risk” and curtails their use. Unfortunately in the US, where the federal government has been hostile to AI regulation, election watchdogs are forced to operate using outdated laws about what constitutes election “fraud”. There’s still time to get a handle on the situation, though that will require meaningful regulatory action.

Share

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

We probably can’t stop the privacy disaster that’s coming. But we may be able to contain it.

By Mike Orcutt

We’ve hit a fork in the road. One way leads to dystopia, panopticon, an AI-powered surveillance state that can all but read your thoughts. In the other direction lies a treacherous technical and legal obstacle course that, if successfully navigated, results in reliable, safe, and easy-to-use cryptographic tools that can protect people from state and corporate surveillance.

Whether and to what extent that protective infrastructure gets built will hinge on communication and shared purpose among software developers, law enforcement, and policymakers—groups that don’t always get along.

The clock is ticking. Age verification laws, digitized ID credentials, and stablecoins are coming. As a society, we have a choice to make: Will these new digital facets of our lives be privacy-preserving, or privacy nightmares?

This was the central question that we wrestled with in October at the second annual DC Privacy Summit. It’s taken me a little while to go back over all the thought-provoking content and really hear how that deeper message came through. Here are a few reflections from the event that I think are worth keeping in mind as we make our way through this pivotal technological moment.

Mountains of dry timber, ready to burn

“Things are going to get really, really bad, and they are going to do this in a hurry,” Johns Hopkins computer science professor Matthew Green warned during his keynote talk. Green, who is renowned for his work in cryptography and his insights on data privacy, calls what’s about to happen a privacy forest fire.

A forest fire needs a few ingredients, starting with fuel. “If the fuel is already dry and just sitting there, that’s even better,” Green said. In his analogy, the dry fuel is the vast amount of data that technology companies and governments collect and store in centralized databases.

Next comes the accelerant, which will spread the fire like a strong wind. Green said this has two components. The first is weakening encryption.

In the European Union, some policymakers are pushing a policy that has become known as “chat control.” Officially called the Regulation to Prevent and Combat Child Sexual Abuse, the proposal originally mandated that messaging application providers, including encrypted messaging providers like Signal, automatically scan content—before it leaves a sender’s device—for evidence of child sexual abuse. Privacy advocates and cryptographers, including Green, warn that this sort of “client-side” scanning system would be a dangerous back door that the government could easily abuse. Denmark, currently the President of the Council of the EU, recently modified the text of the regulation after failing to garner enough support for mandatory scanning. The proposal now calls for “voluntary” scanning instead. It’s on track to be finalized in April.

Another example is in the United Kingdom, where earlier this year the government ordered Apple to create a back door that would provide access to any encrypted user data stored in the cloud, globally. After Apple stopped offering its encrypted cloud service, called Advanced Data Protection, in the UK, and the Trump administration criticized the policy, the government dropped its demand for global access. But in October, it issued a new, more focused demand for access to British users’ encrypted data.

And then there’s the war against private cryptocurrency. The EU is cracking down on privacy coins like Zcash, and the US has prosecuted developers of crypto privacy tools.

The second component of the accelerant in Green’s analogy is more subtle: “In the future, everything we do online is going to be tightly bound to our identity,” he said. This shift is already underway, thanks to laws cropping up that mandate many kinds of websites verify that their users are over a certain age. “At some point in the near future, that tightly bound human identity on your phone is going to be used for stuff you do online,” Green warned. “And that human ID is a legible government ID,” meaning your government could theoretically see everything you’ve done online.

The final forest fire ingredient is powerful AI. “In the past, we have survived all of this data collection because we’ve had limited human capacity to process data,” Green said. “That’s not a problem anymore.”

Subscribe now

The forest for the trees

You may prefer a different disaster metaphor. But the notion that we need new ways to protect ourselves from massive, AI-assisted surveillance should not be controversial. Unfortunately, this conversation is stuck at an impasse. It’s plausible that we could deploy some of the astounding practical cryptographic capabilities that have emerged in the last half-decade toward that protection. But these technologies have developed a bad reputation with many policy and law enforcement types right out of the gate.

Take zero-knowledge cryptography, which makes it possible to prove statements about yourself, like your national citizenship or that you are over 18, without revealing other information. Unfortunately, the most attention it has received outside of a relatively small community of cryptographers and enthusiasts was thanks to a massive cryptocurrency heist carried out by a band of North Korean state-sponsored hackers raising funds for the nation’s nuclear weapons program.

The Lazarus Group, as it’s called, stole $600 million in 2022, then turned to Tornado Cash, a zero-knowledge cryptography-based privacy tool on the Ethereum blockchain, to throw law enforcement off its tracks. That has led to the criminal conviction of two of Tornado Cash’s developers, Alexey Pertsev and Roman Storm.

The episode, combined with the technical complexity at play, has made it easy for regular people to miss that the underlying technology could be used as protection against the overcollection of personal data. If you need evidence, look no further than Google Wallet. Google has incorporated zero-knowledge proofs to create anonymous credentials, which can be used to prove the veracity of information on a driver’s license or passport, like someone’s age, gender, or nationality, without revealing any other personal data.

Abhi Shelat, a Northeastern University computer science professor who helped develop Google’s zero-knowledge credentials, argued at the DC Privacy Summit that zero-knowledge cryptography is ready for mainstream adoption. “It works on a phone; it works on a blockchain,” he said. “I wouldn’t say there’s a real technical bottleneck to deploying this.”

Few understand this

Instead, Shelat said, the major bottleneck to deployment may be how few people understand the technology well enough to reckon with the novel questions it raises.

For example, law enforcement agencies are accustomed to collecting and storing detailed data about financial transactions. If advanced cryptographic tools are used to keep that information secret, how will those agencies do their job? On the other hand, could such tools be designed to make it easier to prevent financial crime?

More specifically, could the crypto industry find better ways to stop the Lazarus Group from using cryptocurrency to help fund its nuclear weapons program? “Onchain privacy is like nuclear physics,” Wei Dai, a cryptographer and research partner at the venture capital firm 1kx, argued at the Privacy Summit. “It is a dual-use technology that can do great good for the world, but also can be very dangerous.”

Neha Narula, director of MIT’s Digital Currency Initiative, said that while zero-knowledge proofs are “uniquely powerful,” it’s important not to gloss over the potential downsides if they and other powerful privacy tools gain wide adoption.

“Imagine a world where producing cryptographic proofs is easy and automatic, and so asking for proofs becomes routine,” she said. “You need to prove you are credit-worthy to use a ridesharing app, or you need to prove your health status in order to enter a building.” People end up with less autonomy, not more. “A technology that was originally designed to help with privacy turns into continuous permissioning,” she imagined.

Share

A chance to show the world

In the near term, given the national security concern, the lack of clarity as to how these tools fit into the law, and the technology’s rapid evolution, the legal conflict over these technologies seems likely to keep festering.

On the other hand, recent policy developments—age verification laws, government-backed digital IDs, and America’s new stablecoin law, to be specific—may force the issue in a way that makes a resolution more plausible.

The industry should jump at the chance to demonstrate its powerful cryptographic technologies, Peter Van Valkenburgh, executive director of the blockchain policy advocacy and research group Coin Center, argued at the Privacy Summit.

In the US, the Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act has cleared the way for more traditional financial institutions to start using stablecoins. That may be a business opportunity for crypto companies, but it also raises urgent questions about privacy. “The current stablecoin model of recording all user payment transactions on a public blockchain is actually worse for personal privacy than the traditional banking system,” he said. It’s in this context that Coin Center is advocating for “a fundamental rethink of digital identity in the United States.”

America’s current anti-money laundering (AML) regime operates under a law called the Bank Secrecy Act, which was passed in 1970. The antiquated system is costly, blocks only a small percentage of criminal funds, and gives the government the power to “weaponize” our payments data as a means of control, Van Valkenburgh said at the Privacy Summit. Blockchains, along with portable digital ID credentials, zero-knowledge proofs, and cryptographic tools, can be used to build alternative, more effective, and much less invasive AML systems, he said.

There’s a lot that still needs to be figured out, though. For one thing, proving individual, static statements about yourself is a long way from replacing traditional AML systems. “None of the history of computer attack and defense or anti-money laundering is a static system,” Ian Miers, another Zcash co-inventor and a computer science professor at the University of Maryland, said later in the day. “You have to be able to react and adapt because any given tactic you pick, they’re going to adapt their tactics, techniques, and procedures to get around it.” Miers argued that what’s needed are systems capable of automatically determining “dynamic risk scores” for potential users while still maintaining user privacy.

Miers and Van Valkenburgh recently authored a paper calling on crypto privacy projects to coordinate amongst themselves and with civil liberties advocates to design and test safe, alternative AML systems. To start, an industry consortium “could develop open standards for decentralized, maximally privacy-preserving identity credential architecture and urge Congress and regulators to authorize regulated providers to rely on them,” they wrote.

A race against time

Something like that would have implications beyond crypto and anti-money laundering, particularly if governments keep pursuing “identity-binding mandates,” as Green calls them.

We should resist policies that tie government identities to online activity, Green said. “At very least, we have to make sure that any identity-binding mandate we add to everything is done in a privacy-preserving way.” That will tee up another fight, he said: “Is it fully privacy-preserving or is it privacy-preserving with a warrant exception? We haven’t even begun that discussion, which is terrifying, because these laws are being passed right now.”

We should also ban companies from retaining the data they used to verify identity credentials, Green argued. Otherwise, a market will arise for it. “It’s not privacy-preserving, they will log it, and they will log your identity with every single thing you do, and that data’s going to be incredibly valuable.”

Finally, while anonymous credentials work, they create new challenges when it comes to the sort of fraud and abuse that commonly occurs online. “I would love to tell you that all we have to do is replace cookies with zero-knowledge proofs and we’re done,” Green said. “But what happens when someone takes my key or my driver’s license credentials off my phone and copies them onto 10,000 phones that are all bots? Which is what they’re gonna do.”

Today, if Google sees the same cookie coming in from too many IP addresses, it can tell you’ve been hacked. “If I’m anonymous—if I’m a zero-knowledge proof—they can’t do that,” he said. He called this a “huge technical barrier” to the real-world use of anonymous credentials. “I’d love to tell you that the academic world has fixed this. Nobody’s fixed this.”

Follow us on Twitter and/or get corporate with us on LinkedIn.

The speed of technological evolution is causing familiar systems—from government to finance to journalism—to glitch. The resulting noise makes it tough to connect the dots. We hope this digest helps.

A developer of a Bitcoin privacy tool was sentenced to five years in prison. In July, Keonne Rodriguez pleaded guilty to operating an unlicensed money transmitting business. They did so under a section of the US criminal code that the Department of Justice has interpreted to mean that if one “knowingly” facilitates the transfer of criminal funds, they can be charged with operating an unlicensed money transmitting business—even if what’s actually facilitating the transfer is software that never takes control of user funds. (We’ve been documenting this confusing interpretation, which is also the basis for the prosecution of Tornado Cash developer Roman Storm, all year.)

Rodriguez, whose lawyers had requested a sentence of one year and one day, submitted a letter appealing for leniency from Judge Denise Cote of the Southern District of New York. But Cote “appeared extremely skeptical of any claim to Samourai Wallet’s usefulness for non-criminal ends or general privacy,” David Z. Morris reported for The Rage. Rodriguez’s co-developer, William Lonergan Hill, is scheduled to be sentenced next week.

Are the words of an AI chatbot “speech”? The family of a 14-year-old who committed suicide has brought a wrongful death and negligence lawsuit against Character.AI, the firm behind a chatbot with which the teen had developed a romantic relationship. The factors here are sensitive and complex, and we recommend reading the comprehensive The New York Times Magazine piece on it. One thing that immediately stands out, though, is Character.AI’s defense. As the piece explains:

This kind of negligence suit comes into U.S. courtrooms every day. But Character.AI is advancing a novel defense in response. The company argues that the words produced by its chatbots are speech, like a poem, song or video game. And because they are speech, they are protected by the First Amendment. You can’t win a negligence case against a speaker for exercising their First Amendment rights.

According to the NYT Mag (citing Helen Norton, a law professor at the University of Colorado), this is “very likely the first time the courts have confronted a ‘nonhuman speaker’ in a wrongful death case.” But it’s far from the last. “These disputes are going to come fast and furious as AI capabilities evolve,” Norton said.

Fake people fanned the flames of online outrage following Cracker Barrel’s logo change. A company that Cracker Barrel hired to analyze social media posts found that “32% to 37% of the online activity criticizing Cracker Barrel in the days after its logo announcement was fueled by fake accounts,” the Wall Street Journal reports. The research did not determine the real people behind the fake ones. But according to the WSJ, the bots amplified a number of X posts from the holdings of one investor in Cracker Barrel named Sardar Biglari, who also owns Steak ‘n Shake and the media brand Maxim. Biglari denied involvement, telling the WSJ that the bot story is just part of a “roulette wheel of excuses” from Cracker Barrel.

What’s in your (agent’s) wallet? If little AIs are going to run around the internet carrying out their masters’ orders, they’re not going to get far unless they can buy stuff. The question is, how are agent payments going to work? Back in September, crypto exchange Coinbase and Cloudflare, the web content delivery services company, announced they’d teamed up to start trying to answer that question with the x402 protocol. The idea behind x402 is to create a way for agents to be able to request an item of value—whether that’s the latest Shein fit, a new bunch of inference tokens, or whatever—from an online seller, get a “402: Payment Required” response, and then be able to submit details to complete the transaction (the 402 response is already embedded in HTTP, similar to its more famous sibling, “404: Not Found”). The framework includes a cryptographic signature that proves the agent making the purchase has been authorized to use the resources necessary to complete the transaction.

Building on that idea, Coinbase released a tool late last month called Payments MCP that’s meant to allow AI agents to access cryptocurrency wallets. As the US’s largest crypto exchange and creator of the popular Ethereum Layer 2 Base, it’s pretty clear where Coinbase’s interests lie—legions of agents doing business onchain could be very good for business. But x402 isn’t being built to be crypto-specific; as Cloudflare’s blog post describing plans for x402 says, “Future versions of x402 could be agnostic of the payment rails, accommodating credit cards and bank accounts in addition to stablecoins.”

Of the $864 million the Trump Organization’s income in the first half of 2025, $802 million came from the family’s crypto businesses. That’s according to an investigation by Reuters. It’s also compared to just $51 million in revenue a year earlier. The report added that more than half of the Trumps’ income came from sales of World Liberty Financial tokens.

The crypto case that reduced jurors to tears might get a redo. Two brothers made $25 million in 12 seconds by exploiting Ethereum “MEV” bots. Was it a crime? Unclear—a federal prosecution ended in a mistrial last week after a jury was emotionally overwhelmed by the case.

Prosecutors have said they want another trial. If that happens, a fresh set of jurors will need to try and grasp the inner workings of the Ethereum network, specifically the process by which new transactions are added to blocks and published to the chain. There’s a lot of money to be made in this process, and this potential profit is called maximal extractable value, or MEV. Ethereum has a complicated system aimed at keeping the competition for this money fair. The game has three main players: 1. Searchers, who use bots to scan the queue of pending transactions for opportunities to make money by sequencing the transactions in specific ways. Searchers propose transaction bundles to 2. builders, who use them to build the most profitable blocks possible, and then offer a cut of the profit to 3. validators, which are responsible for adding new blocks to the chain.

The vast majority of validators use open source software called MEV-Boost, developed by Flashbots, to interact with builders. The two brothers, James and Anton Peraire-Bueno, operated validators. They had found a vulnerability in MEV-Boost that gave them more insight into the content of proposed blocks than the system is supposed to allow. With that insight, they changed a block’s transaction sequence in a way that, as explained in a postmortem published at the time by Flashbots, “effectively stole” money from a bot that had proposed the original sequence. The brothers were charged with conspiracy to commit wire fraud, wire fraud, and conspiracy to commit money laundering. But the jury in their trial couldn’t reach a unanimous decision on the charges, and the judge declared a mistrial.

ICE and CBP agents are scanning people’s faces on the street to verify citizenship. That’s the headline from 404 Media, which reviewed multiple videos showing that the agencies are “actively using smartphone facial recognition technology in the field.”

Trusted execution environments (TEEs) maybe shouldn’t be so trusted. Researchers pulled off physical attacks on all three of the most popular confidential computing devices on the market. This one is technical as hell, but it matters because TEEs are so prevalent. The hardware, used in cloud computing, AI finance, defense, and even blockchain systems, is supposed to keep data and computations private, even from an attacker who has taken root-level control of the system. “It’s hard to overstate the reliance that entire industries have on three TEEs in particular: Confidential Compute from Nvidia, SEV-SNP from AMD, and SGX and TDX from Intel,” writes Dan Goodin of Ars Technica. That’s problematic, Goodin says, because researchers have now shown that all three can be broken via inexpensive physical attacks. He explains:

The low-cost, low-complexity attack works by placing a small piece of hardware between a single physical memory chip and the motherboard slot it plugs into. It also requires the attacker to compromise the operating system kernel. Once this three-minute attack is completed, Confidential Compute, SEV-SNP, and TDX/SDX can no longer be trusted.

The researchers behind the attacks, which they have collectively named TEE.fail, have published a paper and a website describing their work.

Our first major foray was a panel discussion that Michael Reilly moderated in Washington, DC, in September, featuring Art Abal of Vana and Jay Stanley of the ACLU. Today’s edition reflects on one particularly urgent idea that surfaced during that conversation. After that, we have a highlight from the DC Privacy Summit.

Who will own the training data?

By Mike Orcutt

Whether AI will be good or bad for society in the long run may hinge on how widely its power is distributed. Jay Stanley, a senior policy analyst at the American Civil Liberties Union, compares AI to weapons technologies that have changed the nature of warfare in the past: Will it be more like tanks or like muskets? Tanks are technically complicated and massively expensive. Only large, wealthy entities that command tremendous amounts of labor and industrial resources can produce them. That makes them “inherently authoritarian,” he says. By comparison, muskets, rifles, and other small arms are simple and easy to distribute widely—they’re “inherently democratic.”

At the moment, AI is more like tanks—primarily built and deployed by companies with vast amounts of capital and infrastructure at their disposal. As Stanley noted, however, the rise of models like DeepSeek R1 and its later iterations shows that cheaper, open-source models have the potential to change the playing field.

One factor that will weigh heavily on how things play out is who owns the data that these models use to train on.

“The power in AI is actually data now,” Art Abal, managing director of the Vana Foundation, said at Project Glitch’s session of PGP* for Crypto, a gathering of crypto policy insiders in Washington, DC. Abal joined remotely from Australia to chat with Stanley and Project Glitch editor Michael Reilly about what decentralization can do for AI.

“We’ve reached what’s called a data wall. All of the public data has already gone into a lot of these (large language models),” Abal said. Now all the valuable data lives in what he called “private data silos” owned by technology companies. “That’s essentially what we’re trying to break up in creating a decentralized protocol for data,” he said.

The company Abal cofounded, Vana, has devised a system that lets users privately store personal data—say, for example, all their Reddit data, which can be acquired by submitting a form—and control access to it using rules encoded in blockchain smart contracts. Vana has also created a mechanism by which users can pool their data to create valuable datasets they collectively own. There are 15 such “data collectives” listed on the company’s website. The most high-profile example is probably RedditDAO, which promises to let you “own your Reddit history.”

Stanley expressed skepticism about the business of helping people make money from their personal data because he’s seen so many failed attempts over the years, starting long before blockchains emerged. And it’s not clear how much room there is to improve large language models (LLMs) with additional data, at least “compared to the huge leap that we achieved by training LLMs on the whole Internet,” he argued.

But it’s not just about LLMs, Abal said. “We’ve also got to remember that the majority of the AI we interact with every day is not just LLMs,” he said. “We interact with it whenever we get suggested things, we interact with it whenever we go to the doctor’s, we interact with it in all sorts of facets of life.” That’s why data—and especially “niche data” like data on specific kinds of human interactions with AI—is so valuable, he said.

Indeed, the power that companies like OpenAI, Anthropic, Meta, Google, and others have in this realm—not just to build better LLMs but also other kinds of models—is increasing as they collect more and more of this data, he said. The quality of public datasets is improving, but “the majority of data that creates that edge in terms of AI is exchanged in these private backdoor deals or is trained on data that the platforms collect themselves.” This helps explain why Anthropic, which had previously said it would not rely on user data for model training, recently changed its policy and will now use that data by default, Abal said.

For many good reasons, not everyone will want to hand over their data. “There’s an enormous need for people to use models that have privacy, either personal privacy or just organizations that can’t share their documents,” said Stanley.

Users should also have the power to pack their data up and move from one platform to another, Abal argued. Without this kind of “data portability,” a “flywheel effect” will just keep increasing big AI companies’ power, he said, at the expense of users.

Take ChatGPT for example, he said: “It trains on your data, unless you opt out, so the more data you put in, the better the model gets, which increases your incentives to use that same model, which then increases the amount of data that you put in that model, which then makes that model better and increases your incentives to use that model.”

Subscribe now

PRIVACY SUMMIT INSIGHT

Zero-knowledge credentials are just step one

Many compelling themes emerged from the conversations at Project Glitch’s DC Privacy Summit last month. One that stood out was how much conceptual and technical work is still to come before a truly secure alternative to today’s anti-money laundering (AML) systems will be ready for prime time.

There are good reasons to want to supplant the current AML regime:

• It calls on financial institutions to collect and store vast amounts of personal data—a costly and arguably outdated practice that leaves regular people’s sensitive personal information vulnerable to hackers.

• The current system also doesn’t work for decentralized software, where there is no human in the middle to verify customer IDs and watch for suspicious transactions.

• We have powerful new cryptographic capabilities that could serve as components of these new AML systems.

Many of the Privacy Summit sessions touched on the idea that zero-knowledge cryptography could be used to anonymously prove statements about a user’s identity, from their national citizenship to the fact that they are older than 18 or 21 years. These tools are ready today; Google already is using them. But anti-money laundering systems require more than just static checks, noted Zcash co-inventor and University of Maryland cryptographer Ian Miers in one of the most insightful moments of an insight-packed day:

Watch the full panel discussion, which featured Miers as well as Ross Schulman of SpruceID and Laz Pieper of the DeFi Education Fund, here. And here’s a playlist of every session from the day.

Below, you’ll find a roundup that’ll catch up anyone who wasn’t able to attend. And to the large chunk of folks who were there and signed up for the newsletter, welcome! Consider this your Cliff’s Notes from the day.

Let’s get more precise about privacy

The story of cryptocurrency and privacy has mostly been the same since day one: as long as the public ledger is transparent, the money is traceable. As long as the money is traceable, the state (and possibly your adversaries) will trace it. To truly be a money system independent of state control, it must be both uncensorable and private. This is nothing new. Hence Zcash, Monero, Tornado Cash, Samourai Wallet, and more recent projects like Railgun and 0xbow—all of which use cryptographic techniques to achieve some level of privacy onchain.

Recently, however, the story has begun to change. The rise of shockingly powerful data processors like large language models, the overt aggregation of government databases to juice surveillance powers, and massive thefts of personal data by nation-state hackers are just a few of the reasons for that. More people, even in historically safe and stable places like the US, are looking to better protect their data.

Combine that with an administration in Washington positioned as “pro-crypto” and it helps explain why so many influential folks in crypto social media spaces have been posting so much about privacy lately. Not only is it timely, but the subject is no longer widely seen as taboo. (Coincidentally or not, the price of Zcash, the first practical implementation of zero-knowledge proofs, has also been pumping.)

But social media, especially crypto social media, is mostly noise.

To find the signal, you’ll have to dig beneath the shitpost-covered surface. Talk to the folks giving themselves headaches from thinking so hard about how to balance onchain privacy with the risks posed by bad actors. Ask the regulators who see the promise of emerging cryptographic privacy tools, but who also see first-hand how the world’s most sophisticated hackers use them to evade law enforcement. Push the conversation beyond the usual absolutism into a grey area full of technical possibilities and ideas, but devoid of concrete plans for how to move forward.

That’s what we did on October 16.

The 2nd Annual DC Privacy Summit highlighted the many facets that should comprise an urgent, pragmatic conversation about cryptographic privacy in 2025. Interested in participating in this conversation? We recommend you close Twitter for a while and immerse yourself in the Privacy Summit sessions we describe below, in the order in which they occurred on the day of the event.

Read the summaries. Watch the videos. Watch them again. And then let’s keep talking about privacy for real. The narrative on social media has nothing on this stuff.

You are probably underestimating modern cryptography. Arnaud Schenk, executive director of the Aztec Foundation, noted in his opening remarks that until recently, cryptographic tools were mostly binary—fully private or fully transparent. That’s no longer the case, he said. Tools incubated in the blockchain space over the past decade can achieve much greater flexibility. These tools will only get more powerful and easier to use, and they are bound to shake things up considerably, he said:

“By definition, they break a bunch of assumptions that I think a lot of regulators, a lot of companies, have about how the world works or ought to work. They give people new powers, and they create new risks. They will make some regs completely counterproductive, and they will make new regs potentially needed.”

(Watch Arnaud Schenk’s talk)

A privacy forest fire is coming. Johns Hopkins University cryptographer Matthew Green has a dire warning: that paranoid thought in the back of your mind that somewhere someone knows everything about you, right down to your individual Google searches, will not just be a paranoid thought for much longer. His preferred analogy is a forest fire:

• The dry timber is the vast amount of data that governments and companies have already collected and are now storing.

• The accelerant is the current push by governments to weaken encryption and bind human identities to online interactions using mobile driver’s licenses and other digital credentials. “In the past, we’ve survived all of this data collection because we had limited human capacity to process data,” Green said.

• That’s not the case anymore, due to the fire-starter, he argued: emerging capacities to do machine learning inference at massive scales.

It’s not all bad news; there are still things we can do to keep the whole forest from burning to the ground. But it’s late in the game. (Watch Matthew Green’s talk)

Technology is not a privacy cure-all. “When we talk about privacy today, the conversation inevitably quickly turns to technology,” Neha Narula, director of the MIT Media Lab’s Digital Currency Initiative, said in her keynote. But we need to be precise about what these technologies can and can’t do. Take zero-knowledge proofs:

“They let you show that a computation was carried out correctly, without revealing the underlying data, and that’s remarkable. But they don’t tell you if the data itself is accurate or complete, and they don’t preclude the need for an authority to source that data, like a government indicating citizenship. The mere use of verifiable credentials can’t prevent an authoritarian government from denying some of its citizens that credential. And it can’t stop a platform from using that credential to kick certain types of people off.”

Narula is also concerned that if used unwisely, zero-knowledge proofs and other tools could replace autonomy with, as she put it, “automated control.” Imagine having to prove you are credit-worthy before you can call an Uber, or prove your health status before being allowed into a building. “A technology that was originally designed to help with privacy turns into continuous permissioning.” Technology itself is not enough; technologists must figure out how to work within policy and the law, Narula said. (Watch Neha Narula’s talk)

Human dignity still matters. After her talk, Narula was joined on stage by SEC Commissioner Hester Peirce. They discussed a speech that Peirce gave in August that highlighted the promise of zero-knowledge proofs for achieving greater financial privacy. It’s significant that a regulator is talking about this stuff in such detail. But is it really possible to change entrenched mindsets in DC around anti-money-laundering and financial data collection?

If so, it will be by appealing to our shared dignity, Peirce said.

“We don’t want to become like the bad guys in the process of going after the bad guys, right? So we want to make sure that we preserve what this country is about, which is the dignity of every person. That’s the key. And what does that mean? Dignity—part of what is dignity—is that you get to choose who you want to spend your time with and who you want to share intimate details of your life with.”

The way the government relies on the private sector to collect and access Americans’ financial data “doesn’t accord with that fundamental principle that binds us together,” she said. (Watch the fireside chat featuring Neha Narula and Commissioner Hester Peirce)

DeFi is critical infrastructure. Whether or not DeFi is important to you, it’s undeniably important to the North Korean regime, which has exploited crypto networks for billions of dollars via its state-sponsored hacking group known as Lazarus. It was Lazarus’s use of Tornado Cash that sparked the crackdown leading to the criminal convictions of developers Roman Storm and Alexey Pertsev. The challenge of countering sophisticated state actors in cyberspace is not new in finance, attorney Michael Mosier noted during a panel that also featured Casey G., the CEO of zeroShadow, and Samczsun of the Security Alliance (SEAL). Mosier, a former director at FinCEN and at the National Security Council, has seen firsthand how the traditional financial system uses public-private partnerships to respond to incidents and share threat intelligence. However, he noted:

“The networks that we are talking about now are different.”

The three panelists described a huge amount of work that must be done on both the technical and legal sides to build the right “pipes” for sharing crypto threat intelligence effectively. (Watch the panel featuring Michael Mosier, Casey Golden, and Samczsun)

The Tornado Cash and Samourai Wallet prosecutions are chilling development. Michael Lewellen wants to build a smart contract-based crowdfunding protocol that would use zero-knowledge proofs to let donors remain anonymous. But he’s worried that he might get prosecuted for unlicensed money transmission—the same crime that Tornado Cash developer Roman Storm was convicted of, and Samourai wallet developers Keonne Rodriguez and William Lonergan Hill pled guilty to. As we’ve discussed at length in this newsletter, these prosecutions by the Department of Justice have contradicted something Treasury’s FinCEN said in 2019: if a software developer never takes control of user funds, they are not a money transmitter. Lewellen sees the Tornado Cash and Samourai prosecutions as contrary to the rule of law, so instead of building his protocol, he is suing the DOJ.

“With my lawsuit, I would like to have a definitive answer from the courts saying ‘No, they cannot do this anymore.’”

(Watch the fireside chat with Michael Lewellen)

A new approach to anti-money-laundering is possible. There’s a good argument that traditional approaches to anti-money-laundering (AML) and know-your-customer (KYC) processes are outdated. Either way, these established approaches don’t fit decentralized systems. Coin Center’s Peter Van Valkenburgh called on the audience to imagine:

“A better world, where new technologies like verifiable credentials, zero knowledge proofs, and open blockchains are used in alternate modes of AML where users own their own identity credentials, where they don’t need to repeatedly provide them unencrypted to every institution where they open an account, where they can selectively prove discrete facts about themselves, and where these proofs and credentials can be rapidly composable into effective but minimally invasive risk scores to address evolving money laundering threats without immediate de-banking for innocent folks and hopefully with fewer naive false positives from overtly simplistic identity practices.”

Van Valkenburgh and Coin Center have launched the John Hancock Project to help usher in this new world. (Watch Peter Van Valkenburgh’s talk)

Onchain privacy is like nuclear physics. Credit for that analogy goes to Wei Dai, a cryptographer at 1kx, who shared it during his keynote.

“It is a dual-use technology that can do great good for the world, but also can be very dangerous. For those that design and help shape these protocols, we need to be conscious of the potential risks with these protocols.”

Technologists face what Dai called a “trilemma”: privacy protocols can not simultaneously achieve perfect privacy, threat-resistance, and “maximum usefulness.” It’s possible to impose technical measures that reduce risk while sacrificing usefulness. Another approach, he explained, is to sacrifice perfect privacy for threat-resistance, by making it possible for certain entities to view certain parts of the transaction record under certain circumstances. This gives users the freedom to dissociate from other, malicious users, he argued. (Watch Wei Dai’s talk)

Ready or not, zero-knowledge crypto is going mainstream. Google has made it possible to use its wallet application to prove, using a zero-knowledge proof, that you are over the age of 18. It doesn’t get any more mainstream than that. And it’s just the start. As Northeastern University cryptographer Abhi Shelat and a16z research partner Justin Thaler explained during their panel, the technology is already capable of making age verification more private—and will soon be able to run all kinds of identity-related checks while maintaining user privacy. But Thaler has a warning:

“These protocols are orders of magnitude more complicated than today’s digital signature schemes or encryption schemes. And so they are full of bugs; we’ve got to be careful until we develop some confidence that there aren’t bugs there.”

(Watch the panel featuring Abhi Shelat and Justin Thaler)

The EU digital wallet initiative is a cautionary tale. How can we avoid dystopian digital ID systems? A panel featuring Amal Ibraymi from Aztec, Aisling Connolly from TACEO, and independent applied cryptographer Ying Tong grappled with that question. A particularly pressing real-world problem involves the EU’s digital wallet project, which offers a cautionary tale for other governments, Ying Tong said.

“The EU Commission themselves had set forth really strict requirements around unlinkability stating that issuers and verifiers should not be able to link individual presentations of a credential. Yet this did not prevent them from picking a solution that failed to comply with their own requirements. If they had done a careful threat modeling and if they done a careful examination and taxonomy of use cases, and if they had involved technical experts earlier on, this could have been avoided.”

(Watch the panel featuring Ying Tong, Aisling Conolly, and Amal Ibraymi)

AML is more than static checks. The GENIUS Act has provided an opportunity to reimagine AML for digital assets (whether or not anything comes of it). But verifiable, anonymous credentials that use zero-knowledge cryptography represent only one piece of the puzzle. Many of the ideas out there revolve around “static things” like “prove, at this time, that I’m not a North Korean. Prove I have a US passport, prove whatever,” noted Ian Miers, who joined fellow panelists Laz Pieper of the DeFi Education Fund and Ross Schulman of SpruceID to talk about what the future of AML could look like. Miers continued:

“None of the history of computer attack and defense or anti-money-laundering is a static system. You have to be able to react and adapt because any given tactic you pick, they’re going to adapt their tactics, techniques and procedures to get around it. That’s reality. It’s a cat-and-mouse game. That’s the game that FinCEN plays. That’s how they go to banks and say ‘Look, your AML flags aren’t up to date, you need to update them.’”

Miers argued that the goal should be a system in which users own their data and use it to calculate a “dynamic risk score” that institutions can use for AML and which can be constantly updated. (Watch the panel featuring Ian Miers, Laz Pieper, and Ross Schulman)

Be more precise about what you mean by privacy. Are you talking about pseudonymity, confidentiality, anonymity, or total privacy? What exactly are you hiding, and from whom? Why? For payroll, where it’s OK for employees to see each other get paid, keeping the amounts confidential might be enough. That’s the “vanilla” flavor of privacy, said Inco founder Remi Gai, who joined Predicate CEO Nikhil Raghuveera for the final panel of the day. If you don’t want everyone to be able to see who you are paying, anonymity is in order. “Total privacy”—hiding the sender, amount, and recipient—might be needed if you want to hide the movements of certain “sensitive assets,” Gai said. The flavor of privacy your system features will depend on the cryptographic techniques you use. Besides zero-knowledge cryptography, which can be used to prove things about the user, other methods like multiparty computation (MPC), fully homomorphic encryption (FHE), and trusted execution environments (TEEs) can be used to compute on encrypted data, for example, to produce risk scores. Compliance is extremely complicated—but blockchains are up to the challenge, Raghuveera said.

“The existing financial system is not programmable. That is actually something that blockchains have a massive edge on.”

(Watch the panel featuring Remi Gai and Nikhil Raghuveera)

We're thrilled to announce that the Second Annual DC Privacy Summit returns to Washington, D.C. on October 16, 2025, at the USC Capital Campus. Following the success of our inaugural event, this year's summit explores the idea that in many cases, privacy is security.

The summit reflects a critical recognition that new approaches to managing illicit finance risks in decentralized systems are needed—and that emerging cryptographic privacy tools can help.

At last year’s summit, we highlighted a dangerous impasse. Crypto and civil liberties advocates viewed the government’s crackdown on crypto privacy software developers as hostile and unfair, if not unconstitutional. On the other side, the government was approaching decentralized systems like Tornado Cash in the same way it approaches centralized financial institutions—even if that meant holding software developers responsible for crimes that users of their software commit, and which they could not have prevented.

A year later, though there are more “pro-crypto” vibes throughout the government, this impasse largely remains. Government officials still rely on old legal machinery in their attempts to manage the new risks that arise in decentralized financial systems. Ultimately, there’s been a chilling effect: many software developers working at the frontier of crypto are afraid they may be prosecuted if something goes wrong.

On top of all that, sophisticated, often state-sponsored hackers keep getting better at scamming and stealing, and at using crypto-privacy tools to cover their tracks.

What if these same technologies could be deployed toward managing the risks? We scratched the surface of this question last year, and this year we’ll delve deeper. At the very least, tools like zero-knowledge proofs make it possible to think about new ways of verifying crucial information, like that users haven’t been suspected of or associated with any crimes. There’s also an upside for users: the power to selectively disclose information about themselves—their birthday, age, national citizenship, or something else—without revealing anything else. That could mean fewer centralized servers full of personal data, which would make that information less vulnerable to hackers.

More secure. And more private.

We're bringing together the people wrestling with every facet of this conversation to explore creative and pragmatic new approaches. We’re excited and honored by the lineup of speakers who will be with us, including SEC Commissioner Hester Peirce, Johns Hopkins cryptographer Matthew Green, Peter Van Valkenburgh, Coin Center’s Executive Director, and Neha Narula from MIT's Digital Currency Initiative. Legendary white hat hacker Samczsun will share his first-hand experience of fighting state-sponsored hackers and other high-powered cybercriminals, while Justin Thaler from a16z and Abhi Shelat from Northeastern University will demystify zero-knowledge proofs and explain what they can—and can’t—accomplish in the real world. And applied cryptographer Ying Tong and others will talk about how to prevent the EU’s digital wallet from becoming a surveillance tool.

The summit will tackle the thorniest questions head-on. What could or should a post-KYC world actually look like? How can advanced cryptography help us catch the bad guys without trampling on everyone else's rights? And most urgently: how do we stop North Korea's Lazarus Group and other top-tier cybercriminals without sacrificing privacy innovations that could protect the personal data of ordinary citizens?

The stakes couldn't be higher. The trajectory of technology and law has lately bent towards greater surveillance and less freedom for individuals and institutions. This course can be altered, though. The choices we make about privacy technology today will echo through decades of digital life. We have the opportunity to build and implement systems that protect both individual privacy and collective security.

The conversation starts on October 16. We hope you’ll join us.

Register now at DCPrivacySummit.org

Government officials, members of academia, and media can reach out to us through the website contact form for information about alternate pricing.

Subscribe now

The man behind the curtain

by Veronica Irwin

When it comes to crypto in the second Trump era, two names are nearly ubiquitous: David Sacks, the abrasive venture capitalist-turned AI and Crypto Czar, and former North Carolina Congressional candidate Bo Hines, who serves as Donald Trump’s liaison to the crypto industry. As crypto policy has advanced rapidly over the last few months, their public statements have often been interpreted as bellwethers of President Trump’s own stance on crypto.

But according to our reporting, they have far less policy influence than their positions would suggest. Instead, a working group composed of senior officials from across the executive branch is steering the administration’s crypto policy, with one man in particular at its nexus.

That person is Tyler Williams, a career political operative and crypto policy consultant who has served as Counselor to Treasury Secretary Scott Bessent on digital assets and blockchain technology since late February.

Despite keeping a low profile, Williams has been burning the midnight oil since his appointment drafting the policy positions that inform President Trump’s actions on crypto. As the dedicated policy person coordinating a working group that the president established, he has been tasked with figuring out how best to increase the government’s bitcoin reserves, and shaping the White House’s stance on federal legislation going forward, like the CLARITY Act, which is meant to lay out laws around crypto markets.

Now that Trump has reached a major milestone in signing the GENIUS Act into law, where will his “pro-crypto” administration go next? Williams seems to be drawing a potential roadmap.

Subscribe now

Trump’s core crypto team

The working group—formally, the “President’s Working Group on Digital Asset Markets,” established by Executive Order 14178, which President Trump signed on his third day in office in January—includes Attorney General Pam Bondi, Commerce Secretary Howard Lutnick, and SEC Chair Paul Atkins along with eight other senior economic and security officials in the administration.

The executive order mandates that the group produce a report on two topics in particular: deciding how laws should regulate digital assets and how to manage a digital asset stockpile. The order states that today is the deadline for the report to be completed. It does not require that the report be released to the public, but the White House has said it will release it before the end of the month.

Hines will release the report, but he is not its primary author, according to five people who have spoken with both Williams and Hines about the matter. Hines effectively serves as a spokesperson, the sources say. He is present for many of the meetings and often calls them to order, but is not a key decider in the actual contours of policy. Williams, meanwhile, has significant say over the details of topics relevant to the Department of the Treasury in the report and, simultaneously, has taken the lead synthesizing the viewpoints of other departments in the working group and editing the language in the draft report so that all parties agree.

This influence is partly due to Treasury’s role in financial policymaking, but also to Williams’ experience in both the crypto industry and government. Before joining Treasury, Williams was the Head of Regulatory and Legislative Affairs and Regulatory Counsel at the crypto investment and financial services firm Galaxy Digital, and Deputy Assistant Secretary at Treasury during Trump’s first term, amongst several other private and public financial services policy jobs.

Hines “is not a particularly strong policy person—he is waking up every day and putting on a suit and carrying the President’s message. The way I think of him is he’s like a campaign staffer whose job it is to say nice things about crypto. And David Sacks is the guy who gave $80 million or something,” said one crypto executive who has met with the White House and Treasury. “Tyler’s the only person who’s capable and has the centrality to actually drive this [report] to completion.”

Imagining a “bitcoin reserve”

Trump made a lot of promises to crypto fans on the campaign trail, but perhaps the one that has inspired the strongest reactions was his promise to establish a “strategic bitcoin stockpile.” At first, this seemed like just a bitcoin thing. But as often happens in crypto, things quickly got a lot more complicated.

Ripple reportedly attempted to get its token, XRP, added to the reserve plans. To obscure its efforts, Ripple also advocated for the inclusion of other tokens, including ADA and SOL. Trump even posted on his own Truth Social platform that a reserve would include these three tokens, before posting that the reserve would also include bitcoin and ether.

On March 6, Trump signed Executive Order 14233, which created two separate categories: a bitcoin reserve and a “digital asset stockpile.” The order effectively directed the federal government not to sell the crypto it already has in its possession by virtue of criminal or civil asset forfeiture proceedings. It also authorized the Departments of Treasury and Commerce to come up with “budget-neutral” strategies (so that they can be carried out without Congressional approval) for adding more bitcoin to the reserve. It also stated that the federal government would not be acquiring additional amounts of other cryptocurrency tokens.

Williams has been taking meetings with industry representatives eager to pitch him on potential strategies for acquiring bitcoin in a budget-neutral way. In a particularly striking example, former CFTC Chair Chris Giancarlo said last month that he had met with senior Treasury officials—presumably referring to Williams—to propose using an obscure Constitutional provision to authorize crypto firms to hack foreign adversaries for their bitcoin as a lawful act of war.

Meanwhile, the Bitcoin Policy Institute, an advocacy group in Washington, has publicly advocated for Treasury to use the Exchange Stabilization Fund—a long-standing fund that the department typically uses to buy or sell foreign currencies—to buy bitcoin. Williams has also been pitched on ideas such as re-valuing or selling the gold at Fort Knox or selling altcoins to fund the bitcoin reserve, according to two sources familiar with the conversations.

In addition to the Exchange Stabilization Fund, “there are likely other means of budget-neutral acquisitions that we hope and expect the government to explore across the Treasury and Commerce departments,” said Bitcoin Policy Institute Executive Director Matthew Pines.

At Permissionless IV, a crypto conference in New York held last month, Hines confirmed that such discussions were underway. “We’re fleshing out these ideas with the folks over at Treasury and the folks at Commerce,” he said. “If you read the EO—the fine print—it kicks a lot of the responsibility in terms of producing these ideas over to these inter-agency actors. But we’ll flesh that out amongst the working group and then we’ll move on those [ideas] that are most expeditiously implemented.”

Charting Congress’s next steps

Beyond executive orders, what exactly would Trump like Congress to do about crypto? Williams seems to be in charge of informing him of the options. Specifically, now that the GENIUS Act is signed, the focus is on a piece of legislation meant to define which government regulators have jurisdiction for the various types of crypto asset markets. This is no small question, and the industry and the federal government have been fighting over it for years.

Last week, the House passed a new version of the bill, called the CLARITY Act. But the politics of crypto market structure are much messier than they are for stablecoins, if for no other reason than there are many more types of cryptocurrency tokens than there are stablecoins. Hanging over the debate is a crucial open question: what tokens are subject to securities laws?

Don’t expect the report to be too prescriptive. If it addresses legislation, it will likely stop at celebrating the passage of GENIUS as a win and lay out high-level “principles” for market structure legislation, according to the five sources who have met with Williams’ team. These principles are expected to focus on legal protections for DeFi developers, flexibility for future innovation, and a general encouragement of domestic tech growth. All of the sources Project Glitch spoke with expect that the report will contain few specifics, assuming it is published.

If the White House does choose to push for more specific legislative measures, that would be a big deal, because President Trump could exert pressure on Republican members of Congress to comply. The White House has already shown that it’s willing to exercise this sort of influence.

“It’s a dual process—we’re talking through things as a working group and providing technical feedback to the staffers on the Hill that are devising this new policy,” Hines said at Permissionless. “We’re working together to create a seamless transition into a completely different landscape for the industry itself.”

New agenda items?

Of course, stablecoins and market structure aren’t the only crypto-related issues under Treasury’s purview. For instance, Coin Center Executive Director Peter Van Valkenburgh told Project Glitch that they had approached Treasury with requests to reiterate 2019 FinCEN guidance, which has been widely interpreted to say that blockchain-based apps that don’t take control of customer funds, such as Samourai Wallet and Tornado Cash, are not money transmitters. We could see some reference to these issues in the report, depending on how it frames the issue of protecting software developers.

Van Valkenburgh said Coin Center has also had discussions with Treasury to rescind past IRS guidance stipulating that the monetary rewards that cryptocurrency miners receive for their work, called block rewards, should be taxed as income. “It is our hope that their July 22nd report will flag the past block reward guidance as legally incorrect and bad policy so we can start a process of rescinding it,” said Valkenburgh.

There’s a chance the public won’t ever see the report. Trump’s January executive order does not require that it be released or acted upon. However, a White House official has said that it would be released before the end of the month.

“In comparison to other reports that end up on a shelf somewhere, this comes directly from the president in an executive order—and particularly a president who has made it a core part of his policy to focus on crypto,” Coin Center Director of Policy Jason Somensatto said. “Policy in this area is being driven at the White House level, and so their opinions on where things go become really relevant.”

Treasury declined to comment.

Share

Why cryptographers and privacy advocates are worried about the EU’s digital identity wallet

The next time you renew your driver’s license or passport, it may come with some new features: a link that sends information to the government every time a vendor scans the ID, and a switch the government can use to wipe all your identifying information at will.

Whether you want these capabilities—or trust that the government knows what it's doing when it comes to preserving your privacy—for millions of people living in the European Union, they’re already in use, part of large-scale pilot tests of the Digital Identity Wallet program, which the European Commission could roll out to the its 500 million citizens by the end of 2026.

The bloc has called the project “Europe’s answer to the challenges of identification.” The new digital ID wallet, which will include a credential that allows holders access to both public and private services that require a government ID, is supposed to make it easier for citizens of EU member states to do things like open a bank account and travel. In the long run, it’s meant to contain credentials like driver's licences, educational certificates, medical records, and proof of insurance.

Digital versions of your government ID may seem like a logical extension of the Google and Apple wallets people already use on their phones to hold things like credit cards and tickets.

And the European Commission seems to be pushing this narrative. “Citizens should be able to carry their digital identity with them across the EU, moving seamlessly across borders without ever losing control of their data, with privacy and security at the heart of the project,” reads the text on its website for the digital ID program.

But cryptographers say the technical design of the wallet the EU is piloting has flaws that could make it easier for governments to spy on holders—or worse, turn off the wallet and render the credentials in it useless.

And they’ve recommended that the EU go back to the drawing board.

Unlinkability

The laws and regulations that led to the EU’s Digital Identity Wallet pilots are not themselves problematic from a privacy standpoint. The regulation mandating the wallet, known as eIDAS (electronic Identification, Authentication, and Trust Services), states that an ID system should let users remain pseudonymous and keep their sensitive personal information “unlinkable,” to technically prevent issuers from surveilling users by connecting that information to all the times and places they scan the credential.

“But that is just the law. The law says what should be done but not how,” Anja Lehmann, a cryptography professor at the University of Potsdam, lamented in March during a talk focused on the EU Digital ID project at the Real World Cryptography conference in Bulgaria.

The cryptography community has developed the capabilities necessary to make digital IDs that are, in fact, unlinkable to transaction data and other information related to a user’s activity. Those technologies include zero-knowledge proofs and other forms of advanced cryptography.

The system the EU is testing doesn’t take advantage of these tools, however. Details are scant, but sources familiar with the process tell Project Glitch that the technical design for the EU wallet seems to have been formulated largely behind closed doors by a small group of people at SPRIN-D—an agency in the German government that describes itself as an incubator for disruptive innovation.

Share

“We’ve been researching unlinkable forms of hashing and ways of passing data for years and they're just doing something we could have done 20 years ago,” said one cryptographer who asked not to be named due to sensitivities around their work status in the EU.

Kim Hamilton Duffy, executive director of the Decentralized Identity Foundation, calls the EU pilots “an attempt to capture and print new standards [for digital ID].” According to the regulation, such standards “are supposed to be influenced by self-sovereign identity or decentralized identity, which has in mind the idea that: ‘I hold my credentials, I control who I share them with, and I consent to any additional sharing,’” she said.“But the current approaches are violating almost all of these principles.”

A “phone home” feature and a kill switch

To begin with, as Lehmann explained during her talk in March, the wallet lets the issuer link the holder’s transactions to their ID by deploying a feature that “phones home” to the issuer’s server every time it’s scanned.

This means if you were to use your wallet to, say, verify that you are old enough to buy a bottle of wine or get into a club, there’s a chance the government could receive that information from the vendor, record it, and use it to surveil you. This problem has been flagged by civil liberties groups in the US, too, with the same design embedded in mobile driver’s licenses, or “mDLs,” that some states are now issuing.

“When you hand over your mDL, you are handing over a 100% trackable token,” says Manu Sporny, CEO of Digital Bazaar, a company developing digital identity technology and technical standards. Sporny is also the chairman of several initiatives at the World Wide Web Consortium, which develops standards for open-source technology.

The design of the EU’s ID wallet would also give the governments the power to turn off the wallet at will. Think about all the places where you have to show your ID. What if your government had the power to render your ID card useless, perhaps as punishment for something you wrote on social media? What if it simply switched your wallet off by accident? “If you have a government-issued credential and you have no choice but to put it in a government-issued digital wallet, that is a very bad outcome,” Sporny says.

Sporny says what’s needed is a “truly open wallet infrastructure”—not one in which the government wallet is the only option. “Fundamentally, the individual should have a right to choose which organization is holding their most private information,” Sporny adds.

In June of 2024, Lehmann and 15 other cryptographers published feedback on the EU Digital Identity Wallet project. “We do not see a way to fix the proposed solution to meet all the privacy features as required by the regulation,” they wrote. “We believe that a larger redesign is in order.”

“We can see now that there’s not a good understanding of how security and privacy can coexist and can coexist in different shapes,” Lehmann said in her talk this year.

Subscribe now

It’s not too late

There are ways the EU could change course before its wallet is rolled out en masse. Sporny says one path for future consideration is a single-use identity credential system.

“Think of it as an over-age token, or something of that nature,” he says. It would work similarly to how today’s credit cards do. “So when you use a credit card today, your credit card is tokenized—either on your phone, or the second you tap your card,” he says. This is what keeps your credit card number safe. “The number is never sent over the wire; it’s just an authorization.”

There is already a standard for this sort of single-use credential technology. It’s deployed in the US under the name TruAge and is used to standardize age verification when people show their ID for age-restricted products at more than 150,000 convenience stores around the country.

But implementing this technology would call for infrastructure similar in scale to the vast networks built and operated by credit card companies like Visa and Mastercard. That would be expensive to operate smoothly.

Lehmann and her 15 co-authors have recommended a different technical design, based on a so-called BBS signature—an emerging standard for employing zero-knowledge proofs that prioritizes unlinkability.

BBS builds on digital signature technology, which lets a user holding a private cryptographic key sign a message so that anyone who holds the corresponding public key can verify it. The BBS scheme makes it possible for a user to sign multiple messages. Someone who has a signature and messages (various personal data points) can selectively produce zero-knowledge proofs that reveal selected pieces of information while keeping the rest of their personal data secret.

Despite being a cryptographer-approved approach, however, there’s another obstacle to adoption: No EU governments are currently allowed to use it. BBS signatures would have to be added to the EU’s list of approved cryptographic technologies.

Updating the list before the broad rollout of the EU ID system is not beyond the realm of possibility. The EU has solicited comments on the potential usage of zero-knowledge cryptography for the wallet, and plans to consider the responses in August.

In the absence of a turnaround in the wallet’s technical specifications, another way to deal with the threats to civil liberties posed by the EU’s digital ID system would be to make policies designed to neutralize those threats. Member states could promise that they will not use the “phone home” feature, for example.

Hamilton Duffy would rather the technical design keep things private on its own. “There’s this more baked-in notion of trusting governments in the EU. So people might be more OK with relying on the idea of policy versus tech,” she says. “But a lot of us elsewhere don’t trust our government.”—Lucy Harley-McKeown

Share

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

Trump’s government is prosecuting important crypto cases in much the same way as the Biden administration did

Donald Trump has promised to make the US the “crypto capital of the world,” and there’s been plenty of activity that would appear to be evidence that he’s following through. He has, for example, staffed the executive branch with outwardly “pro-crypto” individuals, from Treasury Secretary Scott Bessent to Paul Atkins, the new head of the Securities and Exchange Commission. His party, which controls both houses of Congress, has crafted legislation that would largely benefit the industry. And of course, he is the proud owner of a Trump-branded memecoin and stablecoin.

And yet, the most extreme legal threats that crypto endured during the Biden years—which many people in the industry argued were reasons to support Trump in last year’s election—remain as strong as ever.

The most prominent example of this is the case of Tornado Cash, the Ethereum-based privacy tool. Advocates had hoped the administration would dramatically change course on Tornado Cash, and in particular that the Department of Justice would drop its prosecution of Roman Storm, one of its developers. That hope was reinforced when Trump’s deputy attorney general, Todd Blanche, distributed a memo in April asserting that the Trump DOJ would discontinue its predecessor’s “reckless strategy of regulation by prosecution,” echoing a frequent critique of the Biden administration by advocates of cryptocurrency technology.

Nevertheless, last month, the US attorney for the Southern District of New York (SDNY) revealed in a letter to the judge overseeing the case that it still plans to pursue nearly every charge against Storm.

Taken together with some subtle legal maneuvers by the Treasury Department when it removed the Tornado Cash software from its sanctions list in March, it does not appear that the new administration has imminent plans to quell the fear of prosecution that’s haunted many crypto developers for nearly three years.

A small victory

The SDNY’s letter did contain one concession, small in the context of the Storm case, but significant in the broader legal conflict. Namely, it informed the judge that federal prosecutors will back off from one portion of the charge that Storm operated an “unlicensed money transmitting business.”

Storm and another developer, Roman Semenov, were indicted in 2023. The indictment alleged that North Korean hackers used Tornado Cash to launder hundreds of millions of dollars in crypto they stole from a video game called Axie Infinity. It charged Storm and Semenov with conspiracy to launder money, conspiracy to violate sanctions against North Korea, and conspiracy to operate an unlicensed money transmitter. Storm was arrested in August 2023 and is scheduled to face trial in July. Semenov remains at large.

The unlicensed money transmitter charge is the one that has riled the crypto policy community the most. It’s also made many in the industry feel betrayed by the government.

Money transmitting businesses are required by a US law called the Bank Secrecy Act (BSA) to register with the Treasury’s Financial Crimes Enforcement Network (FinCEN). In 2019, FinCEN published guidance that was widely interpreted as saying that in order for someone to qualify as a money transmitter, they had to take “total independent control” of user funds.

The Tornado Cash smart contracts work without anyone other than the users ever taking control of their money. The 2019 FinCEN guidance implied, therefore, that Tornado Cash didn’t need to register.

But in a brief to the court last spring, the DOJ prosecutors argued the contrary: you can be a money transmitter even if you don’t take control of user funds. Then the judge in the case shocked the crypto policy community by agreeing with the DOJ.

This created an obvious “rule of law problem,” according to Peter Van Valkenburgh, executive director of the policy research and advocacy group Coin Center. “To me, no one should ever be charged with failure to get a license from a regulator who said they didn’t need a license in the first place,” he said at Project Glitch’s DC Privacy Summit last October.

Now, the DOJ seems to have changed its mind. Last month, it announced it would no longer argue that Storm broke the law by failing to register with FinCEN. On one hand, this is “huge news,” according to Van Valkenburgh. On the other hand, it’s the only aspect of the indictment that the government has decided to back off from following Blanche’s memo. Although the DOJ concedes that there was no need to register, it still alleges that Storm operated an unlicensed money transmitting business. The prosecutors cite separate language in the law to argue that it was still unlicensed money transmission—even if they didn’t have to get a license—because the transactions in question “involve(d) the transportation or transmission of funds” that Storm allegedly knew to be of criminal origin.

Confused? You’re not alone. “It honestly doesn’t make sense,” Van Valkenburgh said this week during a panel I moderated at PGP* for Crypto, a monthly gathering of crypto policy insiders in Washington, DC. “If you are going to find them guilty of unlicensed money transmission, but there was no one that was requiring them to license—how insane is that?”

The DOJ has since made the same argument in a separate criminal case against Keonne Rodriguez and William Lonergan Hill, developers of a Bitcoin privacy tool called Samourai Wallet, dropping the charge that they failed to get a license but continuing with the charge of conspiracy to operate an unlicensed money transmitting business. This case recently spotlighted the discrepancy between FinCEN and the DOJ’s views on what constitutes a money transmitter. The defense team publicized a summary of a phone call between federal prosecutors and two FinCEN employees, in which the FinCEN representatives argued that since Samourai doesn’t take control of user funds, that would “strongly suggest” that it isn’t a money transmitter.

The continuation of these charges has dashed hopes that Blanche’s memo would mark a radical change of course for the DOJ. Amanda Tuminelli, executive director and chief legal officer at the DeFi Education Fund, a policy advocacy group in DC, said during the PGP* for Crypto panel that parts of the memo were positive for the industry. “I think the spirit of the memo was a good one,” she said. But in the high-stakes conflict over what constitutes a money transmitting business, “it did not solve anything.”

Tuminelli argued that Congress should amend the criminal code to “close the window for this to ever be misinterpreted again” by clarifying that the language in the criminal statute does not apply to software developers who don’t take control or custody over customer funds.

The North Korea factor

There’s also the matter of the sanctions the Treasury Department’s Office of Foreign Assets Control (OFAC) slapped on Tornado Cash in 2022. Coin Center and others brought lawsuits against OFAC, arguing that it did not have the authority to sanction decentralized software. Then, last November, the industry landed a legal haymaker against the government in one of those cases. The Fifth Circuit Court of Appeals ruled that OFAC did not have the authority to sanction Tornado Cash’s “immutable” smart contracts, since these contracts are not “property.” In March, the Treasury took the smart contracts off the sanctions list.

But some important signals suggest the government isn’t ready to give in on this issue.

To begin with, the Treasury did not frame the action as a concession of error, as Michael Mosier, co-founder of the law firm Arktouros, and a former official at OFAC as well as director of FinCEN points out. Instead, the agency said it had “exercised our own discretion to remove the economic sanctions.” That’s an “extremely calibrated response” to the Fifth Circuit’s decision, Mosier noted during a recent talk in DC. The agency may be preparing additional moves.

A second important signal is in how the government treated the sanctioned Tornado Cash developer Roman Semenov, who is a citizen of Russia.

Some backstory: OFAC originally sanctioned the Tornado Cash software under an executive order issued by President Barack Obama in 2015 that was targeted at cybercrime. In November of 2022, OFAC re-did the sanctions, adding a second designation under a separate Obama-era executive order, this one aimed at making it harder for North Korea to finance its nuclear weapons program. In August 2023, OFAC added developer Roman Semenov to the sanctions list under both executive orders.

When OFAC removed the cybercrime and North Korea-related sanctions for Tornado Cash in March, it left Semenov on the list of entities sanctioned under the North Korea executive order.

“There are much broader enforcement authorities for the North Korea program,” compared with the more generic cybersecurity order, Mosier explained. That means the government would have an easier time defending this sort of action in court. Mosier suggested that the Treasury was sending a message in the way it removed Semenov’s cyber designation but left him on the North Korea-related sanctions list. “By removing the cyber tag and leaving on the DPRK tag, it caused his designation to be republished publicly in the same press release (announcing) that they were de-listing the (Tornado Cash) addresses,” he said. “That is a strong signal that shows to Congress, and to developers around the world: ‘We’re not leaving this space.’”

For as much as Trump loves crypto, it appears there are flavors of it that his administration disfavors just as much as the Biden administration did. —Mike Orcutt

Share

HEADLINE WATCHER

Big banks explore venturing into crypto world together with joint stablecoin. Initial discussions have involved Early Warning Services, the operator of Zelle, and the real-time payment network Clearing House, according to the Wall Street Journal. The newspaper calls it “the latest sign that mainstream and crypto finance are inching closer together.”

DOGE aims to pool federal data, putting personal information at risk. Here’s the lede from the Washington Post: “The US DOGE Service is racing to build a single centralized database with vast troves of personal information about millions of US citizens and residents, a campaign that often violates or disregards core privacy and security protections meant to keep such information save, government workers say.” If you believe those anonymous government workers, this is pretty much the very thing that crypto folks have been warning about for years.

US spy agencies are getting a one-stop shop to buy your most sensitive personal data. According to The Intercept, the Office of the Director of National Intelligence is “working on a system to centralize and ‘streamline’ the use of commercially available information, like location data derived from mobile ads, by American spy agencies.”

CFPB quietly kills rule to shield Americans from data brokers. The rule, proposed in December by former Consumer Financial Protection Bureau director Rohit Chopra, would have put limits on the kinds of information that US data brokers can sell. The agency now says the rule is no longer “necessary or appropriate”, Wired reports.

ICE taps into nationwide AI-enabled network, data shows. US Immigration and Customs Enforcement has been getting “side-door access” to a license plate-scanning tool via local and state police around the country. Anonymous researchers flagged the “massive trove of lookup data” reflecting “immigration-related” searches, according to 404 Media.

Coinbase reveals 69,461 users affected in December 2024 data heist. Coinbase revealed last month that some of its offshore customer service representatives sold personal data about the exchange’s users to cybercriminals, who then demanded a $20 million ransom from Coinbase in return for the stolen information. The Block highlighted a court filing stating the specific number of users whose personal information the criminals obtained.

Pump.fun hits back at report that claimed 98% of memecoins on the platform are fraudulent. That’s the (updated headline) from Coindesk, which cites a report from Solidus Labs claiming that almost all memecoins launched on the token creation platform have been either scams or pump-and-dump schemes. Of the seven million tokens created since Pump.fun’s inception in January 2024, only 97,000 still have at least $1,000 backing, the report added. The controversial memecoin launcher also hit the headlines earlier in May after the San Francisco Standard tracked down 22-year-old crypto founder Jeffry Yu, the creator of crypto token Zebero and CCO of a company called Blorm, finding him alive and well days after Yu had appeared to take his own life on a Pump.fun livestream. On-chain data analyzed by Bubblemaps showed accounts linked to Yu moved up to $1.4 million in cryptocurrency after his supposed death. A memecoin with the ticker $LLJEFFY was also launched in his honor before he was found.

MEV bots are clogging blockchains faster than networks can scale, says Flashbots. Bots programmed to exploit opportunities to generate profit via so-called MEV (maximal extractable value) are making everything slower and more expensive for real users, according to a new report. In case you aren’t familiar, MEV is a blockchain phenomenon that allows validators to profit by ordering transactions in prescribed ways. The Block surfaced a new report on the topic from Flashbots. The bots are profiting, but “it’s wasteful for the network, burdening nodes and users,” the authors wrote.

AI is getting more powerful, but its hallucinations are getting worse. So-called reasoning systems, the latest and most powerful large language models, are better at math but “their handle on facts has gotten shakier,” according to The New York Times. Even researchers at the forefront of experimentally determining how exactly these models work are stumped as to why this is happening.

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

This week, I’m also excited to write for Project Glitch about something that’s been grinding my gears for a while: the disparity between the politics of the GENIUS Act and the policy itself. If you like what you read, keep up with my work on Twitter.

There’s plenty of unseemly behavior when it comes to Trump and crypto. The GENIUS Act is the wrong place to focus criticism

The fight over the GENIUS Act in the US Senate is a great illustration of how mainstream political arguments—and President Trump’s flamboyant foray into the crypto business—can get in the way of efforts to make useful policy.

The objective of the GENIUS Act—which stands for “Guiding and Establishing National Innovation for U.S. Stablecoins” and is a counterpart to the STABLE Act introduced in the House of Representatives—is to impose restrictions on stablecoin issuers that ensure their tokens maintain a stable value and can be safely used by American consumers and financial services companies.

It was first introduced in February with rare bipartisan backing. For a while it looked as though it would sail through, with 10 Democratic senators supporting it. But lately, Democratic senators led by the crypto industry’s political nemesis, Elizabeth Warren, have seized on the idea that passing GENIUS would also amount to a rubber stamp for President Donald Trump’s corrupt interests in cryptocurrency—and now even some of those who were once supportive have wavered. The bill could be voted on this week, and nobody on the Hill is confident in how it will go.

Democrats’ larger worry is understandable—World Liberty Financial, a company which has already made the Trump family hundreds of millions of dollars, launched a stablecoin called USD1 in late March just as Congress was considering the stablecoin bills. And we all know the story of $TRUMP, the cryptotoken that has become a donation box for people looking to hang out with the president or make their legal trouble go away.

But the GENIUS Act doesn’t have anything to do with memecoins, and it’s not true that the bill itself would enable any more presidential corruption than we’ve already seen.

In fact, some argue that the bill would be a significant improvement on the status quo, which allows stablecoins like USD1 to operate with little to no restrictions.

Subscribe now

USD1, but Trump first

USD1, like most stablecoins, is advertised as a token worth one dollar that can be used for on-chain transactions. World Liberty says that users can trust the reserves backing USD1 to maintain their value because they are in relatively low-risk assets like short-term treasuries, dollar deposits, and “cash equivalents.”

Only, World Liberty doesn’t manage those reserves. The USD1 token is a white labeled product actually issued by crypto infrastructure company BitGo, according to a BitGo executive who spoke to Project Glitch on the condition of anonymity because they were not authorized to speak on the arrangement. (In marketing materials, World Liberty has played down BitGo’s role in USD1, saying it is only the custodian providing “support” to USD1.)

Payments denominated in USD1 are not pure profits for a Trump family business, if USD1 in fact operates like it says it does. Rather, the company profits from interest on its reserves, similar to the business model of a very conservative bank. US Treasuries accrue between 3.93% and 4.93% interest, according to Bloomberg, though some stablecoin advocates say the growth of the industry after legislation is passed, in aggregate, could boost demand for these assets. Cash and cash equivalent reserves earn lower yields. And BitGo ostensibly takes a cut.

Despite the slim margins, USD1 still earns World Liberty, and thus Trump and his family, a lot of money. An Abu Dhabi government-backed venture fund recently invested $2 billion in Binance via USD1, for example, effectively handing the Trump family business a “gift” in the form of interest that will accrue on USD1’s reserves.

World Liberty Financial didn’t respond to requests for comment.

GENIUS’s guardrails

So what’s in the GENIUS Act, and how would it affect USD1? Anything can change before a vote, but a draft that has been circulating for several weeks is probably close to a final bill text, according to five lobbyists on both sides of the aisle who spoke to Project Glitch.

A few pillars of the GENIUS Act have been in place since it was initially introduced, giving us a rough idea of how it would affect the Trump stablecoin business: it would enforce minimal changes to USD1 in its current form, but it would establish some guardrails that’d prevent USD1 from expanding into riskier practices.

The GENIUS Act requires companies to maintain reserves in US dollars, short-term treasuries, and equally liquid assets, for example. State-regulated issuers must additionally publish their reserves on their website and create mechanisms to freeze and seize transactions in the event of any suspicious behavior.

Such requirements are aimed primarily at systems like Tether, the world’s most popular stablecoin, with a $153 billion market cap. Tether has never commissioned a US-regulated firm to audit its reserves, and one of the remaining issues senators haven’t settled in the GENIUS Act is whether language should require them to—or if the standards set by overseas regulators will suffice so long as they comply with US law enforcement requests.

If BitGo and World Liberty’s public statements are true, USD1 already meets the legislation’s proposed requirements. World Liberty says it has already subjected itself to third-party audits as well. That would be above and beyond the minimal reporting requirements for stablecoins of its size under GENIUS, which only mandate public disclosure of the types of assets a given coin is backed by and its redemption procedures (it’s worth noting that World Liberty’s audits haven’t been made public).

Another thing GENIUS might do is discourage USD1 from growing beyond a $10 billion in market cap—relatively small in an industry featuring behemoths like Tether and Circle’s USDC ($61 billion). If USD1 gets bigger than $10 billion (its current cap is just over $2 billion) the company’s stablecoin issuance business would be regulated by the Office of the Comptroller of the Currency (OCC), a branch of Treasury.

The OCC has broad discretion to act against any firm under its purview that it sees as posing a risk to the American financial system. Entering OCC’s jurisdiction would effectively expose USD1 to scrutiny by whichever party holds the White House, says Austin Campbell, an adjunct professor at NYU and a former executive at Paxos, which white labels stablecoins similarly to BitGo. “With Trump as president, the OCC would be unlikely to completely go to war with USD1,” he says. “But under another president, they would totally go to war with USD1.”

Campbell’s view is that although the GENIUS Act only “marginally” adds oversight to a system like USD1, if the Democrats’ goal is to restrict shady dealing by stablecoin issuers, they should pass the bill.

Share

The real money grab

There’s another reason that turning GENIUS into a political football may be a bad idea: it redirects attention from what appears to be layers of unethical, and possibly illegal, activity on the part of World Liberty. For example, the company markets USD1 as having a benefit other stablecoins do not: “access to the power of [decentralized finance] underpinned by the credibility and safeguards of the most respected names in traditional finance,” as co-founder Zach Witkoff put it.

It’s not clear who those “names” are, but Zach’s father is the billionaire Steve Witkoff, who President Trump appointed as Special Envoy to the Middle East earlier this year. World Liberty has also plastered its website with photos of the president, giving him the title “chief crypto advocate” for the firm. Using the presidential office in marketing materials this way is not only a violation of decades of ethical norms, but also likely a violation of the emoluments clause of the Constitution, which is designed to prevent profiteering.

Given the Republican majority, it is politically impossible to amend the GENIUS Act to prohibit presidents from having their own stablecoins. Not only would GENIUS lose too many Republican votes, Trump would veto it once it got to his desk. Besides, President Trump would just argue (as he already has) that he’s not personally involved.

Either way, the real money grabs for the Trump crypto businesses, at least for the moment, are his memecoin and other assets, like NFTs, which have been sold directly to users to the tune of several billion dollars. Today’s version of USD1 is really just a low-lift side project for the Trump crypto business. Legislation that serves to provide at least some consumer protections and reasonable business standards for the entire stablecoin industry is arguably needed to keep USD1 from becoming something more corrupt and risky.

Some Democrats are now focusing on the larger issue. The MEME Act, for example, introduced by Representative Sam Liccardo in the House and Senator Chris Murphy in the Senate, would prohibit senior executive branch officials and their families from issuing, sponsoring, or endorsing a variety of assets, including digital assets. Senator Jeff Merkley’s End Crypto Corruption Act extends similar prohibitions to Congress, while a version introduced by Representative Ritchie Torres in the House specifically names stablecoins.

Although these bills have no realistic chance of passing a Republican-controlled Congress, at least they focus on the root issue.

“I understand that people want to use the legislation to clarify that what [Trump’s] doing is wrong,” said one Congressional staffer who works for a Democrat currently opposing the GENIUS Act. On the other hand, he says, the bill “would put regulations on what [Trump] can do and would prevent some of the risks if he decides he’s not actually going to have reserves to back up the stablecoin and let it blow up, or run away with the money.” —Veronica Irwin

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

My conversation with crypto’s most well-known white hat hacker

It’s been said before, but Samczsun is like Batman. He dwells quietly in the shadows, hiding his identity behind a mask. If trouble is brewing in crypto’s Gotham City, its denizens expect him to speed to the rescue.

In place of a bat signal, he’s got a Telegram hotline.

Hacked? Wallet drained? Message SEAL 911. A team of experts called the Security Alliance (SEAL), which Samczsun founded last year, is ready to respond. “The best cybersecurity researchers in crypto are just one Telegram message away,” he says.

I interviewed Samczsun last week as part of the PGP* (Pretty Good Policy) for Crypto breakfast, a monthly gathering of crypto policy insiders in Washington, DC. He appeared remotely, using an anime-style avatar and a voice modifier because he chooses to remain pseudonymous.

The theme was “the developing state of crypto incident response.” But cybersecurity is always developing, he said. “Security is not a solved game and never will be.” SEAL is focused on preparedness and adaptation—the more quickly the right experts can be deployed after something goes wrong, the more likely it is that the situation can be rectified.

The project is bigger than crypto. As Samczsun explained, SEAL is a bridge between the old web and a mysterious new one made of blockchains. That puts it in a prime position to help governments counter national security threats like North Korea’s Lazarus Group.

The dark forest

Before SEAL, there was just Samczsun.

Five years ago, decentralized finance (DeFi) was in its early days, but it was already attracting some of the world’s most sophisticated hackers. It seemed like every time there was a big hack, Samczsun was among the first on the scene. He led many operations that successfully recovered funds. But a couple of encounters with a particularly alarming adversary may have had the biggest effect on his career trajectory.

“This is a horror story.” That’s the first sentence of a now-famous blog post, authored in August of 2020 by Dan Robinson and Georgios Konstantopoulos, two researchers at the venture capital firm Paradigm. The post, Ethereum is a Dark Forest, recounted an attempt to rescue funds from a vulnerable smart contract and described a new species of “monster” lurking deep within Ethereum.

Robinson had discovered a bug in one of the smart contracts underlying Uniswap, already the most popular decentralized exchange. He saw how the vulnerability could be exploited to pilfer money from the protocol. He also knew he could try to take the money himself, to preempt an adversarial actor running off with it. But doing so, at least in the conventional way, would play right into the hands of the faceless monsters lurking in the shadows.

Technically, they were lurking in Ethereum’s mempool, which is like a waiting area for pending transactions. “It’s no secret that the Ethereum blockchain is a highly adversarial environment,” the researchers wrote. But “the mempool is something worse: a dark forest.”

The Dark Forest is the title of a science fiction book by the writer Cixin Liu, which, as Robinson and Konstantopoulos put it, describes “an environment in which detection means certain death at the hands of advanced predators.” The predators in this case were bots programmed to pounce on certain kinds of pending transactions in Ethereum’s mempool. Robinson knew that if any were watching, sending a regular transaction to rescue the funds wouldn’t work; the transaction “would get instantly sniped in-flight.” He assembled a small team, including Konstantopoulos, and consulted other security researchers, including Samczsun.

The team devised an elaborate strategy to “obfuscate” the rescue transaction by deploying custom smart contracts and splitting the transaction into two. You should read the post if you are interested in the technical details, which are gnarly. But the goal was to slow an attacker just enough to get the good guys’ transaction across the line first.

The attempt failed after the team initially struggled to get their rescue transactions included in a block. Again, check out the post for all the technical details, but the story ends with a frontrunning bot scoring the loot. “Time pressure got to us, and we got sloppy,” the researchers wrote.

It wasn’t all for nothing, though. The episode set the stage for a similar one soon after. This time, a team led by Samczsun beat the mempool monsters to the punch. Crucially, they were able to work directly with a miner in Asia to get their transaction included in a block without having to send it to the public mempool. Samczsun and other key players documented the dramatic operation in a second blog post called Escaping the Dark Forest.

“Like any good VC”

Shortly after these two encounters, Paradigm hired Samczsun full time. He initially focused on auditing smart contracts for the firm’s portfolio companies, drawing on what had thus far been his core professional skillset. But after a while, he told me, “I realized was that I wanted to really be doing something more with my time than solving these one-off problems.”

“Conceptually, doing these audits was sort of like putting in one unit of work and getting out one unit of work,” he said. “And what I wanted to do was figure out how I could leverage up on that, like any good VC.” He decided the best thing he could do for crypto was to use the reputation he had built as its most celebrated white hat hacker to coordinate an industry-wide effort focused on making crypto safer. Hence SEAL.

The first thing the organization did was establish the SEAL 911 system. “Once you message, we can triage what your problem is,” he said. “We can connect you with all the right people.” In crypto, that’s no small undertaking. Some of the most talented folks make themselves intentionally difficult to reach. You have to know the right Telegram and Twitter handles. More importantly, the people on the other end of those handles have to trust you.

Over the past year, SEAL has added several other initiatives, including an information sharing platform and a program for “wargaming” new protocols. It has also pioneered something called the Safe Harbor Agreement for White Hat Hackers, which shields white hats from legal liability in case they have to hack a protocol themselves as part of a rescue mission. All of these are fed by threat intelligence data collected via SEAL 911.

Crypto 🤝 the government

Crypto’s cyberthreat landscape evolves fast. “When we first launched SEAL, smart contract hacks were sort of the bread and butter of cybercriminals. Almost every ticket that we got was a smart contract hack,” Samczsun said during the PGP* breakfast. “Today, that cannot be farther from the truth.” Much more common now are attacks on individuals, he said, often through social engineering—for example, using a phony email or social media message to lure an individual into sharing access to their wallet.

Social engineering was at the center of a hack in March that led to what the New York Times called “the biggest crypto heist in history.” Behind the billion-dollar theft from the Bybit exchange was one of the most fearsome monsters in crypto’s dark forest: North Korea’s Lazarus Group.

The SEAL team saw the Bybit hack happening immediately. “It’s very hard not to see a billion dollars moving out of a crypto exchange’s wallet,” Samczsun said. Through the hotline, they quickly confirmed this movement was not intentional and immediately began mapping the flow of stolen funds and flagging associated blockchain addresses for other exchanges and partners.

Still, as it turns out, “our pattern matching completely failed us in this case,” he said.

SEAL had seen many examples before of Lazarus targeting exchanges directly. It was common for them to infiltrate a target exchange by first compromising an employee. This time, Lazarus broke in by first compromising an employee of Safe, Bybit’s wallet provider. Lazarus gained enough access to surreptitiously modify the software’s user interface and dupe multiple Bybit executives into signing away a billion dollars in crypto. The attack and subsequent operation to launder stolen funds reflected unprecedented sophistication.

Since so many politicians view cryptocurrency as a negative force that must be contained, Lazarus arguably represents an existential threat to the crypto industry. It’s important to bear in mind that Tornado Cash developers Roman Storm and Alexey Pertsev were only prosecuted after the North Koreans allegedly used the system to launder hundreds of millions in funds they stole from the crypto video game Axie Infinity, even though Tornado Cash had been running for years.

But Lazarus may also represent an opportunity for crypto to gain political goodwill, at least if Samczsun has anything to do with it.

That’s because Lazarus is not just a threat to crypto, but also to the US government and others. If those governments want the best shot at stifling the group, they may need SEAL’s help. Some policymakers already seem to understand that. In January, the governments of the US, Japan, and South Korea issued a joint statement warning the crypto industry about North Korea’s cyber program and pushing for more collaboration between the public and private sectors to secure valuable financial infrastructure. The statement mentioned SEAL as an example of the kind of effort it encouraged.

Samczsun said last year his team learned that the FBI has a unit dedicated to tracking Lazarus. The unit is often able to tip off targets to impending threats before they get hacked. But while that works well in web2, he said, web3 presents challenging terrain. “In web2 you have a handful of big players,” he said. “They are almost certainly happy to set up direct connections with the government themselves.” In crypto, that’s… not the case. “A lot of actors in crypto are not interested at all in communicating with any government.” Many don’t use email, LinkedIn, or their real names, and tend to distrust others by default. It’s a dark forest, after all.

That leaves “a bit of a gap between where the government’s ability to basically reach out to these crypto actors ends and where our ability to navigate in this new environment begins,” Samczsun said. SEAL has already collaborated with the FBI unit tracking Lazarus, helping them close this gap by making connections in the crypto world, he said. “That’s really been the place that we’ve been able to have the most impact.”

He wants to have more impact. Last month, he announced that he was stepping down from his role at Paradigm to focus on SEAL. “We’re interested in collaborating with as many people as possible in order to help our initiatives grow and succeed, which will help the space become more secure,” he said. —Mike Orcutt

Share

HEADLINE WATCHER

The New York Times has been all over Trump’s adventures in crypto. It may be negative in flavor, but crypto is certainly getting the prominent mainstream attention it has always craved. The Gray Lady sent a reporter to Dubai for Token2049, where he caught a panel discussion featuring Eric Trump, TRON’s Justin Sun, and Zach Witkoff, one of the founders of World Liberty Financial, the Trump family’s crypto company. Sun is the proud owner of $75 million worth of the company’s cryptocurrency. Witkoff, the son of Steve Witkoff, Donald Trump’s envoy to the Middle East (and also a World Liberty cofounder), made an announcement during the panel: MGX, a state-backed Emirati investment firm, plans to invest $2 billion in the crypto exchange Binance using USD1, a stablecoin developed by World Liberty. As the Times notes: “Virtually every detail of Mr. Witkoff’s announcement… contained a conflict of interest.”

Three more recent NYT headlines:

• Trump offers private dinner to top 220 investors in his memecoin. It’s an “an astonishing escalation of the Trump family’s efforts to profit from crypto,” the newspaper declared.

• Secret deals, foreign investments, presidential policy changes: The rise of Trump’s crypto firm. This is the most in-depth reporting we’ve seen yet on World Liberty Financial.

• Tether was accused of fraud. Now it’s a crypto darling in Washington. Policymakers in DC have long been suspicious of the stablecoin issuer. That’s changing.

  ---

North Korean hackers created fake US companies to target crypto developers. Individuals linked to the Lazarus Group created shell companies to lure crypto developers and dupe them into downloading malware, The Block reports.

Solana, Yuga Labs, and Uniswap’s Hayden Adams gave to Trump’s inauguration. A disclosure filed early this month revealed “a new slate of donors” to the inaugural committee, which brought in a historic $239 million in total, Unchained reports. Ethereum software developer Consensys and the financial services firm Cantor Fitzgerald (which holds much of Tether’s reserves) are also on the list of previously unreported donors. Adams, CEO of Uniswap Labs, donated nearly $250,000 despite his vocal support of Kamala Harris’s campaign.

Meta is ramping up its AI-driven age detection. Instagram already uses an AI system that can detect clues that a user is under 18. Now it will use AI to “proactively look for teen accounts that have an adult birthday, and change settings for users it suspects are kids,” reports The Verge.

Researchers secretly ran a massive, unauthorized AI persuasion experiment on Reddit users. They unleashed “AI-powered” bots in a popular subreddit called r/changemyview, in what 404 describes as a “large-scale experiment” examining whether “AI could be used to change people’s minds about contentious topics.” The bots made more than a thousand (convincingly human) comments over months.

Crypto VC giant Paradigm makes $50 million bet on decentralized AI startup Nous Research at $1 billion token valuation. A lot to unpack in that headline from Fortune. According to the article, Nous is using the Solana blockchain “as a key component in the process it uses to train” AI models. The article adds that the firm has created “a method for training open-source AI models that would allow people to contribute their own idle computing power,” using crypto as the incentive to contribute.

Aztec Network launches public testnet for privacy-focused Ethereum Layer 2 (The Block). This follows “successful testing of the first decentralized upgrade process for an L2,” according to Aztec.

Sam Altman’s Worldcoin gets new Orb Mini and US Launch (Blockworks). You can now scan your irises in select US cities. Also, for some reason the firm is developing a version of its iris scanner that looks like an iPhone.

Polygon spin-off Miden raises $25 million in seed funding for privacy-focused blockchain (The Block). Miden is looking to play in the same league as Aleo, Aztec, and other protocols developing confidential decentralized computing platforms using zero-knowledge cryptography.

Subscribe now

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

An inflection point for “freedom tech”

“Freedom tech.” That was the theme of the latest edition of the MIT Bitcoin Expo, a long-running and well-loved annual gathering focused on the technology that powers the world’s original cryptocurrency.

I couldn’t make it in person, so I caught the livestream of the proceedings earlier this month. As I took in the sessions, including several talks by bona fide human rights activists, I kept thinking about Salt Typhoon, the catastrophic cyberattack on US telecom infrastructure that was revealed last year.

What is freedom tech? The premise of the MIT conference was that Bitcoin qualifies, as the decentralized cryptocurrency network offers freedom from centralized monetary systems. Encrypted messaging is another prominent example. That’s why the US government’s reaction to Salt Typhoon was so remarkable.

Late last year, officials said that Chinese hackers had infiltrated several major telecom companies, including AT&T, Verizon, and T-Mobile. Lawmakers and government authorities were “shocked” by Salt Typhoon’s depth and sophistication. Hackers accessed sensitive communications data about more than a million people, including high-ranking government officials and members of both Donald Trump and Kamala Harris’s presidential campaigns.

Just as shocking were the steps those officials suggested Americans take to protect themselves. “US officials urge Americans to use encrypted apps amid unprecedented cyberattack,” reported NBC News. “Encryption is your friend,” Jeff Green, then the executive assistant for cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA), told news reporters.

Not long ago, it would have been unheard of for the government to recommend encryption. The director of the FBI, James Comey, warned in 2014 that criminals were “going dark” using encryption; he called this a “significant public safety problem.” In 2016, the bureau tried to force Apple to give the FBI access to encrypted iPhone data associated with a terrorist attack in San Bernardino, California. Back then, internet freedom activists fought the government for the right to use encrypted messaging tools (Apple ultimately won the case). Now the government has publicly said we should use those tools to protect ourselves.

The change reflects today’s reality: the internet is a highly adversarial place. “Freedom tech” is no longer a category reserved for people living under oppressive governments. At this point, we all stand to benefit from the security these capabilities offer. And even if you live in a “free” country, the acceleration of AI technology is likely to make it tougher to stay free without using freedom tech.

Bitcoin and freedom

What is Bitcoin freedom from? That’s one of the deep questions University of Wyoming philosophy professor Bradley Rettler asked during his talk at MIT. To begin with, it is freedom from “money makers,” like governments, which make monetary policies, he said. Many of those policies have caused harm or at least failed to rectify economic calamities. Rettler cited a report from the UN that in 2022, 69 economies—in the home nations of more than 2.1 billion people—confirmed double-digit inflation.

The Bitcoin Expo featured keynotes from Evan Mawarire, an activist from Zimbabwe who spoke about authoritarianism and hyperinflation in that country, and Mauricio Di Bartolomeo, a Venezuelan entrepreneur who spoke about how his family turned to Bitcoin to protect themselves against inflation and the policies of President Nicolás Maduro.

Bitcoin is also freedom from surveillance, particularly when paired with cryptographic tools that enhance blockchain privacy, Rettler said, and it’s about more than financial freedom. Since so much of our communication and interaction now occurs online, Rettler said, the freedoms of speech, religion, press, and assembly now have digital components. They also all require the ability to transact. “If you are using a system that has managers and mediators, you might be blocked from these freedoms,” he said.

If you are using a system like that, you are probably also trusting mediators and managers to store your personal data. Salt Typhoon is only one recent example from a litany of data breaches that together call into question whether that trust is well-placed. Because even if it feels like you are transacting and interacting freely, you never know who is watching. It’s not as simple as keeping something secret from the government. We need to protect it from the world’s most sophisticated hackers, too.

Privacy is freedom

In fact, governments need freedom tech, too. Another speaker at the MIT Bitcoin Expo was Roger Dingledine, co-founder of the Tor Project. Tor prevents anyone who might be watching your internet connection from tracking your activity. Dingledine said that when he is speaking with his parents, he calls it a privacy tool. When he talks with governments, he uses a different term: “traffic analysis-resistant communications networks.”

Governments don’t think they need a privacy tool, he said. “But oh, I can send my ambassador to Israel and somebody watching the hotel network connection doesn’t learn that she’s my ambassador? Yeah, I actually do really need that.”

In other words, privacy is now basic internet security. And it’s going to get worse. “AI is greatly increasing capabilities for centralized data collection and analysis while greatly expanding the scope of the data we share voluntarily,” Ethereum co-inventor Vitalik Buterin argued in a recent blog post entitled “Why I Support Privacy.” In the future, he writes, “we may be literally talking about AI reading our minds.”

Privacy tends to be underrated by folks who don’t need it as badly, Buterin writes, adding that privacy is “more needed for people whose life situations deviate from the norm, in any direction.” That’s not only a lot of people, he says, but ”you never know when you will become one of them.” This is the kind of thinking that inspired the cypherpunk movement in the 1990s. The good news, according to Buterin, is that “we have more powerful tools to preserve privacy…than the 1990s cypherpunks could have imagined,” like zero-knowledge proofs.

The bad news is that the current (centralized) systems that pervade our digital lives depend on people relinquishing control of personal data and trusting authorities to keep it safe. This system is deeply entrenched, thanks to billions of dollars in profit. The initial rise of generative AI models has only increased this system’s inertia. Yes, we have powerful privacy-preserving tools, but society won’t reap their full benefits unless those tools are prioritized and implemented. Incumbent powers, meanwhile, have all the incentive in the world to use whatever means at their disposal, including AI, to stay in power.

There is conflict ahead.

—Mike Orcutt

Share

HEADLINE WATCHER

Justice Dept. scales back crypto cases in line with Trump directives. That’s the headline from the Washington Post, but this one reverberated throughout both the traditional and crypto media. The news is based on a memo issued by Deputy Attorney General Todd Blanche. The Justice Department will “stop participating in regulation by prosecution in this space,” the memo reads. “Specifically, the Department will no longer target virtual currency exchanges, mixing and tumbling services, and offline wallets for the acts of their end users or unwitting violations of regulations”—unless the case falls within a separate area on which the DOJ will place special focus: which is the use of digital asset by “cartels, Transnational Criminal Organizations, Foreign Terrorist Organizations, and Specially Designated Global Terrorists.”

“Mixing and tumbling services” is imprecise; these are umbrella terms for a number of distinct technical designs that raise distinct sets of legal questions. Centralized mixers operated by humans are different than decentralized smart contracts, like the core of Tornado Cash. So it’s not clear what this means for Roman Storm, who the DOJ is prosecuting for his role in the development of the Ethereum-based privacy tool, which North Korea used to launder stolen crypto. Brian Klein, Storm’s lawyer, told the Washington Post that he interpreted the memo “as supporting the dismissal of the case.” We’re keeping a close eye on this.

Influential crypto researcher and white hat hacker Samczsun steps down from Paradigm to focus on crypto security. The pseudonymous researcher, who has been at the VC firm for four and a half years, will now spend all of his time on the Security Alliance (SEAL), which he founded in 2023. “When I told (Paradigm cofounder) matt (Huang) that i wanted to build the solution to crypto security, he was fully supportive,” Samczsun said on Twitter.” SEAL, which coordinates crypto threat intelligence sharing and incident response services, has become a full-time commitment, he said.

If you’re interested in learning more about SEAL and will be in DC on Wednesday, April 23, you should RSVP to attend the PGP* (Pretty Good Policy) for Crypto meeting, which will feature a fireside chat between Samczsun and Project Glitch’s Mike Orcutt. If you can’t make it in person, catch the livestream on YouTube or X. The fireside will begin around 10:45 AM Eastern.

Former Ethereum Foundation developer Virgil Griffith released from prison. Griffith was sentenced to 63 months in prison in 2022 after pleading guilty to violating sanctions against North Korea when he attended a blockchain conference there. Prosecutors said he provided “technical advice on using cryptocurrency and blockchain technology to evade sanctions.” Now he’s out on parole, reports The Block.

Altman-backed Praxis scouts Kyiv, Athens for tech utopia base. The “sovereign network, founded and run by 29-year-old Dryden Brown, is on a global search for 10,000 acres it can call its physical home. The project, which has raised $500 million, is backed by venture funds run by Sam Altman and Peter Thiel and crypto VC firms Paradigm and Winklevoss Capital, among other investors. According to Bloomberg, Dryden wants to “establish a city that will offer AI-augmented governance and employer-friendly labor laws he describes as ‘Elon-compatible.’”

Solana developers launch new ‘confidential balances’ token extension to improve onchain safety. The feature uses advanced cryptography to let users shield their typically public token balances and transfer secret amounts to a recipient, explains The Block.

Crypto attorney alleges US government knows Bitcoin creator’s identity. A lawyer in the US has filed a Freedom of Information Act lawsuit seeking “documents concerning claims made by a high-ranking Special Agent of DHS that DHS had found and interviewed Bitcoin creator Satoshi Nakamoto.” The suit claims that a federal agent stated at a conference that the DHS had interviewed Bitcoin’s long-lost inventor. (via Decrypt)

Apple-UK data privacy row with UK should not be secret, court rules. In a win for civil liberties activists, a judge in the UK has ruled that a legal fight between Apple and the UK government “cannot be held in secret,” reports the BBC. The government wants the capability to access encrypted information that Apple currently cannot access. The company, taking the same position it has taken before against the US government, argues that installing a government backdoor would make the system more vulnerable to hackers.

Trump wants to merge government data. Here are 314 things it might know about you. One of the President’s many executive orders calls for the “consolidation” of the many disparate datasets held by various government agencies. The New York Times says the effort to carry out the order, led by Elon Musk, is “raising the prospect of creating a kind of data trove about Americans that the government has never had before, and that members of the president’s own party have historically opposed.” The Times went through 23 of the data systems that its sources say Musk’s aides want to access, identifying “more than 300 separate data fields about people who live in the US.”

Subscribe now

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

Crypto and the US have a common interest in countering Lazarus

The anti-crypto army may have fallen, but crypto’s number one adversary—North Korea’s band of state-sponsored hackers known as Lazarus—is thriving. Since North Korea is also an enemy of the US government, there’s an opportunity for collaboration, argues Michael Mosier.

Mosier has seen the issue from nearly every seat at the table. He worked as a lawyer for the blockchain analytics firm Chainalysis, served as acting director at the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN), and was the top attorney at Ethereum Layer 2 builder Espresso before launching his own law firm, Arktouros.

In some ways, the situation isn’t complicated. Lazarus has mastered the art of stealing and laundering cryptocurrency, and it keeps improving—last month’s billion-dollar hack of the crypto exchange Bybit was its most sophisticated yet. The industry must find ways to counter this threat, because it is bad for business when the same criminal group keeps walking off with huge amounts of customers’ money. The US government also wants this to stop, though for a slightly different reason: the stolen money is funding North Korea’s nuclear weapons program.

That may help explain why the Department of Justice is prosecuting Roman Storm, one of the developers of the Ethereum-based privacy tool Tornado Cash, which Lazarus has used to hide their tracks after stealing crypto. Many crypto advocates see the Storm prosecution as a hostile government overreach.

But maybe Lazarus ultimately represents an opportunity to work together. There is “a very natural non-coercive alignment with the US government and the crypto industry writ large,” Mosier said on the Form and Structure podcast.

The central problem is that traditional anti-money laundering measures—like requiring someone to submit a government ID and other identifying documents before opening a new account—aren’t working. Acquiring false identity credentials good enough to fool modern know-your-customer (KYC) systems is easy and cheap.

On top of that, traditional approaches lean on intermediaries (banks, etc.), requiring them to maintain lots of information about their customers and submit reports documenting large and/or “suspicious” transactions. In genuine decentralized systems, such intermediaries do not exist, and reporting suspicious transactions after the fact is often too late.

On the other hand, Mosier said, public blockchains provide law enforcement officials with a wealth of transaction data that can be analyzed and acted on. Systems that can automatically detect bad actors based on characteristic behaviors and other “malicious indicators” can be used to prevent them from moving money. It’s possible to use “activity-based indicators” to ascertain, for example, that “this wallet is probably Lazarus because of the way they are moving the money,” he said.

As we’ve discussed at length in this newsletter (and all day long at the inaugural DC Privacy Summit last October), it’s also possible, using zero-knowledge cryptography, to verify identifying information about someone without collecting the underlying personal data. That could be an effective way to do certain kinds of automated compliance checks in real time. It might also save firms on compliance costs since they wouldn’t have to pay to store and secure so much sensitive data.

This is not marketing for the crypto industry. It’s an argument that by using information and tools available thanks to cryptocurrency technology, it’s possible to devise systems that can be more effective at mitigating a risk that the government needs to get more effective at mitigating. Nonetheless, trying to convince a critical mass of policymakers to change their mindset on this issue has felt like “banging your head against the wall,” according to Mosier’s fellow podcast guest Rebecca Rettig, a longtime DeFi lawyer who is now chief legal officer at Jito Labs.

The Bank Secrecy Act, which imposes KYC requirements in the US, and other compliance programs “are so entrenched in people’s minds as ‘what works,’” Rettig said. That’s been an obstacle to progress toward something that “both legislators and good actors in the industry really want,” she said: “Just a system that detects, documents, and deters good actors.” —Mike Orcutt

Share

Meredith Whittaker: ‘AI agent’ hype threatens privacy

There is no buzzier term in the crypto world than “AI agents,” but the hype spreads well beyond crypto. A Salesforce ad featuring Matthew McConaughey and Woody Harrelson tells us how these little artificial guys can do amazing things for us, like avoid booking an outdoor table at a restaurant on a rainy day.

Unfortunately, the commercial does not explain why the restaurant would still be seating people in the pouring rain, how exactly an agent would work, or what an AI agent even is. The main message is that relying on AI agents is what cool people do now. No details, no devil. Wave it in.

Hold up, says Meredith Whittaker. The president of the Signal Foundation and chief advisor to the AI Now institute, a policy think tank, warned a rapt audience at South by Southwest last month that the “introduction of this sort of notion of agentic AI into our devices and lives” is dangerous and threatens privacy.

Consider the initial sales pitch: AI agents are supposed to be able to do things like research flights and hotels, make reservations, note it all down in our calendars, and message relevant friends and colleagues.

“So what would it need to do that? Well, it would need access to our browser, an ability to drive that. It would need our credit card information to pay for the tickets. It would need access to our calendar—everything we are doing, everyone we are meeting. It would need access to Signal to open and send that message to our friends. And it would need to be able to drive that across our entire system with something that looks like root permission.”

There’s no current way to do all that encrypted, Whittaker said. And a sufficiently powerful AI model would not be able to run on the user’s device, she warned. “That’s almost certainly being sent to a cloud server where it’s being processed and sent back.”

Whittaker’s pessimism is a welcome counterbalance to the commercial depicting McConaughey moping in the rain because he didn’t use an agent. Marketers want you to think AI agents are a matter of inevitable technological progress. Not only is that not true, but given the obvious and thorny questions they raise about privacy, agents seem in many ways to be anathema to the values of crypto. At least until it’s possible to do all that stuff Whittaker described while preserving users’ privacy, that is.

Her dire warning was part of a larger argument she made during the fireside chat, which is that thus far the progress of artificial intelligence has been “predicated” on corporate surveillance by big tech companies. Agents are an immediate concern in that vein, she said.

“There’s a profound issue with security and privacy that is haunting this sort of hype around agents,” she said. The trend threatens to “break the blood-brain barrier between the application layer in the OS … in the name of this sort of, you know, magic genie bot that’s going to take care of the exigencies of life.” —Mike Orcutt

Share Project Glitch

Headline Watcher

ICERAID: Report immigrants, get paid in crypto. A project called ICERAID—which promises to pay crypto rewards for uploading images of “criminal illegal alien activity” to Immigration and Customs Enforcement (ICE)—is a thing, apparently. It went viral recently after right-wing activist Laura Loomer advertised it on her podcast. We don’t have anything pithy to say about this one other than … yikes. (via The Rage)

0xbow unveils ‘Privacy Pools,’ a new blockchain privacy tool drawing from Vitalik Buterin’s research. In 2023, Buterin and 0xbow cofounder Ameen Soleimani and a few other researchers co-authored a paper describing a method for using zero-knowledge cryptography to make “association sets” containing wallets previously screened for any links to known criminal activity. This concept is the heart of Privacy Pools, which is meant to enable Tornado Cash-like privacy, but only for users who can prove their money is untainted. (via The Block)

PS: At last October’s DC Privacy Summit, Solemani and 0xbow cofounder Zak Cole explained why they developed the technology and how it works.

Sen. Gillibrand warns against a “watered-down” stablecoin bill. “You have to think through all the ways this can go wrong,” the senator from New York and top Democrat behind the bipartisan Guiding and Establishing National Innovation for US Stablecoins (GENIUS) Act said at a conference in Washington, DC last week. “Do not think that a watered-down bill will help your industry,” she added, according to CoinDesk. “It will destroy your industry.”

Trump’s crypto venture introduces new digital currency. World Liberty Financial says it will launch a stablecoin called USD1. As the New York Times puts it, the stablecoin adds to a “messy knot of business conflicts” the president has created with his various forays into the crypto industry. One example: Congress is considering crypto and stablecoin-specific legislation that has a legitimate shot at reaching Trump’s desk this year.

Crypto bill to combat illicit activity gets new push after passing US House in 2024. Republican member Zach Nunn of Iowa and Democrat Jim Himes of Connecticut have reintroduced the Financial Technology Protection Act, which would set up an “interagency working group to collaborate with industry experts to disrupt the use of emerging financial technologies by bad actors.” (via CoinDesk)

Polymarket’s $7 million Ukraine mineral deal debacle traced to oracle whale. Mad libs headline, anyone? Apparently someone holding an enormous number of governance tokens for the oracle that Polymarket uses to resolve its prediction markets was able to cast 25% of the votes and force through a “yes” resolution on a bet over whether the US and Ukraine would agree to a mineral deal—even though no outcome has yet been reached. Those betting “yes” have made more than $7 million, according to The Defiant. Polymarket is not issuing refunds because “this wasn’t a market failure,” but promised to make sure the “unprecedented situation” never happens again. Glitchy AF.

‘Hawk Tuah’ girl off the hook for hawking meme coin!!! Yes, that’s the real headline from the TMZ exclusive. The SEC had been investigating Haliey Welch’s memecoin, which pumped before whoever pumped it dumped within hours of launching in December. “For the past few months, I’ve been cooperating with all the authorities and attorneys, and finally, that work is complete,” Welch told TMZ, which reports that she has “parted ways with the LLC behind the coin.”

Amazon’s AGI lab reveals its first work: advanced AI agents. Amazon has quietly created its own AI lab in San Francisco. Now it has revealed its first project: “A new AI model capable of powering some of the most advanced AI agents available anywhere,” Wired reports. The new system is a version of Amazon’s proprietary large language model, Nova. The company is using a training method called reinforcement learning to “improve Nova’s agential abilities,” according to the article.

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

How digital driver’s licenses could supercharge surveillance—and what can be done about it

Jay Stanley isn’t a crypto guy. But the longtime American Civil Liberties Union policy watcher and privacy advocate is aware of the novel capabilities crypto folks have invented to get privacy on blockchains.

And he thinks we should use them to escape a “nightmare” he sees unfolding.

The future of digital identity is a massively complicated issue that is as political as it is technological. But most Americans, regardless of political stripe, would oppose a national identity system that could be used to track their activities. According to Stanley, what may seem like a mundane trend taking hold across the US—the shift to digital driver’s license credentials—is leading Americans to “sleepwalk” into that exact sort of system.

Stanley says the problem begins with a widely adopted “mobile driver’s license” or mDL standard that does not adequately protect the holder’s privacy (more on that in a minute). A number of state legislatures are moving forward with mobile driver’s license programs that use the standard, he says. He is concerned that making it easy to digitally share your driver’s license information will lead to more businesses—not just those selling age-restricted stuff—asking you for your ID.

“The real game here is to create one that could be used online,” Stanley said on stage late last month during a panel I moderated as part of Paul Brigner’s PGP* for Crypto monthly breakfast event series in Washington, DC. “The concern is that there is going to be a lot of incentive for every website to track you and say: “Hey, do you want to watch a YouTube video? Do you want to log into your social media? Do you want to browse here at catbeds.com? Click here to send us your digital driver’s license.”

“This really has the potential to become a supercookie” that would work online and in the physical world, Stanley said. Think of all the places—bars, restaurants, convenience stores, airports, and hotels, to name a handful—where you already have to show your ID.

It would be one thing if it weren’t possible to keep your personally identifying information private while still transmitting the necessary information to anyone who checks your ID. But it is technically possible. “We have all these cryptographic techniques to preserve privacy, as in the cryptocurrency space,” Stanley said. “We should use them.”

Some folks are using them—here and there, anyway. But what lies ahead is a political, technical—maybe even cosmic—struggle to determine how best to identify ourselves as human in the digital world.

Standards: boring but important

Hardly anyone thinks technical standards are exciting. But they are powerful. That’s in part because standards-making bodies, like the World Wide Web Consortium (W3C), were created with the support of national governments. The W3C was formed in 1994 with support from the European Commission and the US government’s Defense Advanced Research Projects Agency (DARPA). It creates standards for the web—and has even created standards for untrackable, private digital identity systems.

In the eyes of privacy advocates, the problem is that the US Transportation Security Agency (TSA) and many state legislatures have chosen to adhere to a different standard.

Created by the International Organization for Standardization (ISO) in 2021, the mobile driver’s license or “mDL” standard is silent in important areas where user privacy is at stake, Stanley says. “For example, it allows the ID to have a phone home mechanism, where you present your ID to a liquor store clerk, and the liquor store clerk pings the server of the DMV,” he says. “Now the DMV has a bird’s-eye view of everybody that you show your ID to.” Last October, the ACLU published a list of 12 recommendations for state legislatures, including that new laws should prohibit digital driver’s license issuers from tracking users via such a “phone home” mechanism.

Stanley and both of his fellow panelists—Manu Sporny, founder and CEO of Digital Bazaar, and Kim Hamilton Duffy, executive director of the Decentralized Identity Foundation—say there is a better way.

The “verifiable credentials” standard, created by the W3C with Sporny’s help, sets technical parameters for a digital stand-in for a physical credential, like a driver’s license, designed with privacy in mind. The holder of a verifiable credential can use cryptographic proofs to selectively reveal only the necessary data to a given third party, while keeping everything else private.

Unlike the ISO process, W3C’s process has been open to the public. Work on the verifiable credential has been going on for years. “It is important to understand that when a standard is put together, that civil liberties organizations, security professionals, privacy professionals, did actually look at the standard and make sure that it had been vetted,” Sporny said.

Advanced cryptography, like the zero-knowledge proof systems emerging in the cryptocurrency world, are a natural fit for this standard. They give users the power to prove statements about themselves—they are above the legal age to buy a beer, for example—without revealing any other information.

We are all used to pulling out our plastic identity cards for various reasons. But they contain far more information about ourselves than any store clerk needs to see. “You are showing 35 pieces of deeply identifying information just to buy a beer,” Sporny said. “You shouldn’t be doing that.”

Sporny pointed to the California Department of Motor Vehicles as one agency that has given consumers both options in its app—mDLs that follow the ISO standard as well as verifiable credentials. Users in California can opt into a system called TruAge, which Sporny’s company helped develop for the National Association of Convenience Stores. The system lets users who opt in to digitally share an “unlinkable,” single-use cryptographic token that verifies their age without revealing anything else. “You don’t need to show your entire ID, you just need to show a proof that the DMV believes that you are over the age of 21,” Sporny said. “And that meets regulatory burden in many of the states.”

Avoiding a ‘show me your papers’ web

The speed at which new privacy and identity-related capabilities are emerging in the cryptocurrency space is at odds with the drawn-out process of making technical standards. Duffy, who heads the Decentralized Identity Foundation, aims to bridge that gap.

Her team is focused on another W3C standard called decentralized identifiers, or DIDs. Verifiable credentials and DIDs complement each other: the DID provides the verifiable identity information, while the credential makes verifiable statements about it. Blockchain systems can potentially play a valuable role as hosts of “verifiable data registries,” which record and provide necessary DID data when a user presents their ID.

The Decentralized Identity Foundation has a grant from the Ethereum Foundation’s Privacy and Scaling Explorations program to work on figuring out how to “harmonize decentralized identity standards with these much more novel advances in (zero-knowledge proofs),” as Duffy put it. One application her team finds especially compelling is the ability to “wrap” a traditional identity credential, like a passport, with a zero-knowledge proof. “You can then use it in ways that support selective disclosure,” she said. An example is the Anon Aadhaar project, which takes advantage of an NFC chip in Indian passports to let users prove their citizenship privately, using a zero-knowledge proof.

But if this sort of “crypto magic,” as the ACLU’s Stanley puts it, already exists, why aren’t we using it?

Part of it is that the subversive, “you can just do things” culture that pervades the cryptocurrency community tends to clash with the traditional process of methodically developing technical standards. Another reason is that these tools are still difficult for normal folks to use. Recent advances, particularly in systems that let users generate proofs using their phones, are helping on both fronts, said Duffy.

A crucial remaining barrier is simply a lack of awareness of many privacy-related problems and their potential solutions, Stanley said. The ACLU has heard from state legislators who are acting “out of naiveté,” he said. “You put your credit card in your wallet? Well, put your driver’s license in your wallet. And everybody will think of me, your state representative, as very pro-technology and I’ve made your life easier.” Making decisions based on that kind of political incentive, rather than considering the larger ramifications, is what worries Stanley that the nation could easily “sleepwalk” into codifying systems that could compromise people’s privacy for decades to come.

The rise of artificial intelligence makes the situation potentially even more urgent. Duffy and Sporny contributed to an influential research paper last year focused on the idea of “personhood credentials,” which people could use to prove they are human, not a bot. Duffy is concerned that some folks may be tempted to try to solve this problem using mobile driver’s licenses. That would be bad, she said. “We don’t want to go from ‘Captchas are broken,’ to log in with your government ID,” Duffy said. “We want to make sure that we’re not building a ‘Show me your papers,’ web.” —Mike Orcutt

Share

Headline Watcher

The US government removes Tornado Cash sanctions. This comes after a federal appeals court ruled in November that smart contracts cannot be considered “property” since they can’t be owned, and therefore the Department of Treasury did not have the authority to impose the economic sanctions in 2022. Meanwhile, Tornado Cash developer Roman Storm still awaits a criminal trial, scheduled for July, on charges that he violated sanctions, facilitated money laundering, and operated an unlicensed money transmitter. As CoinDesk points out, Storm’s lawyers have already asked the court to consider the November sanctions ruling, but that request was “smacked down” by Judge Katherine Polk Failla of the Southern District of New York, who argued that whether or not Tornado Cash is sanctioned “does not affect the sanctions the Defendant allegedly conspired to violate”—those imposed on North Korea’s state-sponsored Lazarus hacking group.

Trump Treasury expands financial surveillance. The decades-old Bank Secrecy Act requires that financial institutions file a report to the US Department of Treasury for every transaction that exceeds $10,000. Financial privacy advocates argue the statute in need of an upward adjustment to account for inflation. Now the Trump administration has temporarily lowered it to $200 for people living in 30 zip codes in California and Texas, as part of a stated effort to root out money laundering by Mexican drug cartels. “More than one million Americans are about to face a new level of financial surveillance,” writes the Cato Institute.

Five ideas pitched at the White House crypto summit behind closed doors. Buy more bitcoin was a popular pitch. But one of the five in this list is not like the others. According to Unchained, citing a person who was briefed after the meeting, Paradigm co-founder and managing partner Matt Huang used his time to ask the administration to focus on the Department of Justice’s prosecution of Tornado Cash developer Roman Storm.

US housing agency considers launching a crypto experiment and The Trump Administration wants USAID on the blockchain. ProPublica reports that the Department of Housing and Development (HUD) has had initial discussions around using a blockchain to “monitor HUD grants,” and that these talks have touched on “the potential use of a stablecoin.” The second headline is from Wired, which highlights a passage from a memo Trump aides have been circulating about overhauling foreign aid programs. The memo states: “All distributions would also be secured and traced via blockchain technology to radically increase security, transparency, and traceability.”

The company testing Wall Street’s appetite for AI computing power. A company that started off focused on crypto mining before stockpiling GPUs when the crypto markets crashed will now be “the first prominent AI initial public offering,” according to The New York Times.

Razer aims to eliminate AI bots from games via World’s identity tech. The world’s “leading lifestyle brand” for gamers is launching a new sign-in feature aimed at verifying real humans in online games, using the biometric-based “proof of humanity” technology from World (formerly known as Worldcoin). The new feature “comes at a time when AI-infused bots are wreaking havoc on the gaming landscape,” reports Decrypt.

Trump-backed World Liberty Financial completes $550 million public token sale. The DeFi and stablecoin-focused project, launched last September, will be governed by holders of a token called $WLFI, and it has now sold 25% of the supply, according to The Block. One of the most famous buyers of the token, which is nontransferrable, was TRON blockchain founder and notorious Chinese crypto entrepreneur Justin Sun, who has sprung for $75 million worth. Coincidentally(?), the Securities and Exchange Commission is now working with Sun to find a resolution to its case against him for selling unregistered securities and market manipulation. Sure, the SEC is dropping all kinds of crypto cases right now. But the conflict of interest here is impossible to miss. “The President took a $75 million bribe and we all saw it,” writes independent journalist Jacob Silverman.

Share Project Glitch

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.

How will we know which AI agents to trust?

The question of how to best identify ourselves in digital spaces is as old as the internet. The rise of artificial intelligence is making how we try to answer that question weirder and weirder.

Take the idea of “proof of personhood,” a term popularized by Worldcoin, which has developed a cryptographic credential tied to biometric data that verifies one’s status as a real person—not a bot. That sounds useful, given the crescendoing drumbeat from the tech realm that AI is going to eat the world.

But is it really that simple? And why would another human necessarily be more trustworthy than an AI?

“Sure, we might want to know if a thing is human or artificial intelligence,” Billy Luedtke, founder and CEO of a startup called Intuition, said during a lightly attended Saturday morning panel at ETH Denver last week entitled Bye bye biometrics: AI demands stronger security standards. “But then you enter the philosophical realm of: Are the AI just us?” Luedtke continued. “Are those actually also human, and just kind of like the aggregate human consciousness?”

It sounds bizarre, even a little insane. But he’s got a point. It’s not unreasonable to think that at some point in the not-so-distant future it will be normal to have AI agents working on our behalf. How should they identify themselves? Wouldn’t they be, at least sort of … us?

Another panelist, Evin McMullen, the CEO of the zero-knowledge cryptography-based ID company Privado, described a system her shop has developed that accounts for this. Called “know-your-agent,” it gives users “the ability to assign a unique identifier to an instance of an agent and to relate that to a unique human being, or a set of human beings,” McMullen said. This means an agent can “represent itself on behalf of you and can enter spaces where you have privileges to do so,” she said.

Even if a bot isn’t connected to a real human identity, that doesn’t mean it’s bad. But how will we know if it can be trusted? For example, Luedtke said, “you might have a swarm of bots that aren’t human, but they’re performing a bunch of really productive actions.” What’s crucial to know is “the reputation of the thing,” he argued.

“You need the aggregate set of data the thing has created, and the aggregate set of data created about the thing, and then you can reason about the reputation of the thing.” Does its track record suggest it can be trusted? That’s the sort of question Luedtke’s company aims to help answer.

Whatever the solution turns out to be, it seems clear that Luedtke and McMullen are right about the problem: we’ll need new methods for determining whether to trust the friendly bot who insists it’s trying to help you, not scam you. Once again: the future is weird. —Mike Orcutt

Share

Kim Jong Un (still) has crypto in a pickle

We said it just over a year ago: as long as one of America’s nuclear-armed adversaries is capable of exploiting cryptocurrency technology and the crypto industry to generate illicit profit, crypto is going to have political problems. North Korea’s $1.5 billion (mostly in ether) theft from Bybit, by some estimates the world’s second largest exchange, was not only stunning in its scale but also in how elaborate and clever it was.

The attack began weeks before the actual heist, when alleged North Korean state actors compromised the laptop of an employee of Safe{Wallet}, the provider of the multisignature wallet software Bybit uses to store digital money. “This developer was one of the very few personnel that had higher access in order to perform their duties,” Safe{Wallet} stated in a March 6 summary of its forensic investigation. As a security measure, multisignature wallets won’t allow a transaction to go through until a certain number of “signers” agree. The attacker inserted malicious code into the Safe{Wallet} website, which made it possible to fool Bybit’s three signers, including CEO Ben Zhou.

Of course, stealing the crypto is only half the battle—and apparently the North Koreans have also leveled up their money laundering operation. “The speed at which the stolen funds are being laundered is particularly alarming,” blockchain analytics firm TRM Labs stated in a March 4 analysis. The attackers have taken advantage of cross-chain “bridges” like THORChain to convert Ethereum tokens into bitcoin and then spread it across many wallets (more on that below). “This rapid laundering suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds,” TRM Labs wrote.

Some crypto security experts have been critical of Bybit’s security protocols, and a few have said the heist was preventable. Do crypto exchanges need more safety rules? ByBit is based in Dubai and doesn’t serve US customers. Either way, just as important as how badly Bybit performed is how well North Korea has performed. It’s also hard to ignore that this is happening at a time when regulators in the US seem to be adopting a laissez-faire approach toward the industry. A big enough national security pickle could quickly shift priorities. —Mike Orcutt

Share Project Glitch

HEADLINE WATCHER

At crypto summit, Trump says US will be “the Bitcoin superpower.” The president held a four-hour gathering of crypto executives and investors at the White House. “High IQ individuals around this table,” he said after some high-profile execs called him “wonderful,” according to the New York Times. What was the point of the summit? Great question. “This wasn’t a meeting where things were being decided or disclosed,” Chainlink founder Sergey Nazarov told the Times.

Bybit CEO says 20% from $1.5 billion theft has “gone dark” as hackers swap to bitcoin. Fallout from the Bybit heist is spreading. Bybit CEO Ben Zhou told The Block 20% of the stolen $1.5 billion worth of ether tokens have “gone dark”—they’ve been transferred through exchanges that don’t use KYC, and can be considered laundered. The remaining tokens are mostly still traceable. That’s left the community behind the decentralized “cross-chain” protocol ThorChain with a difficult choice. Should they let vast quantities of Ether trades through and risk being an accomplice to one of the largest money laundering efforts in history? Or halt trading and exert centralized, unilateral power over a community that views such control as a mortal sin? According to The Block, the Bybit hackers have moved hundreds of millions through THORChain, which makes it possible to swap coins from one blockchain for coins from another. The hackers have been executing an elaborate laundering scheme that involves changing ether to bitcoin and moving it across thousands of different wallets. The activity on THORChain has led to internal division and to the resignation of one of the project’s lead developers.

Reddit co-founder Alexis Ohanian joins bid to acquire TikTok, plans to move social app “onchain” We’ve discussed Project Liberty, the outfit that’s been making noise about buying up the US arm of TikTok, before. Now it has gained a new partner with serious social media chops. The idea appears to be that with Ohanian on board, the bid will be more attractive (to US interests, at least) because of a stated goal of letting users control their own data. No word on how that squares with Reddit’s widely publicized sale of user data to AI firms.

Argentine prosecutor aims to freeze $110 million in proceeds tied to Libra memecoin scandal. Eduardo Taiano, a federal prosecutor in Argentina, has requested that as much as $110 million be frozen, and has asked for the “the recovery of deleted social media posts, including those by (President Javier) Milei promoting the Solana-based memecoin,” reports Cointelegraph, citing local media outlet Clarín. We published our thoughts about Libra last issue.

Coinbase acquires Iron Fish team to accelerate privacy efforts on Base. The team, which is led by founder and CEO Elena Nadolinski, will “stand up a new privacy pod” within Coinbase’s Layer 2 platform, Base, and will develop “privacy preserving primitives across Base.” The Iron Fish Layer 1 blockchain, which uses zero-knowledge cryptography to enable private transactions, “will remain independent and unaffiliated with Coinbase or Base,” according to Coinbase.

Follow us on Twitter and Bluesky—or get corporate with us on LinkedIn.