North Korean hackers have successfully cashed out the first $300 million of the proceeds from their record-breaking $1.5 billion crypto theft from the ByBit Exchange. They are getting good at this: crooks linked to North Korea have stolen more than $6 billion in cryptoassets since 2017 (with the proceeds reportedly spent on the country’s ballistic missile program). Elliptic says the incident is almost certainly the single largest known theft of any kind in all time, a record previously held by Saddam Hussein, who stole $1 billion from the Iraqi Central Bank on the eve of the 2003 Iraq War.
That’s the thing about anonymous, untraceable digital assets: the bad guys have them too. This incident nudges the crypto community between the Scylla of crime and Charybdis of censorship. Do you accept anonymity, and accept the societal harms that results on the basis that overall it is better for citizens going about their everyday lives to avoid surveillance or do you accept censorship and accept that not all transactions should be allowed? Privacy is an emotive topic, anonymity even more so, and when it comes to money and payments it is important to understand the nuances!
The privacy-first and anonymity-first views seem diametrically opposed. But there may well be a way to support both positions in such a way as to enhance net welfare. At the moment, the middle-ground perspective focuses on Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations for centralized exchanges and custodial services, while maintaining some degree of anonymity for peer-to-peer transactions. We will return to what this means in practice shortly, but first let us detour into an economic, rather than technological, perspective.
I remember reading J.P. Koning’s excellent paper on central bank digital currency (CDBC) for Brazil and coming across his reference to Narayana Kocherlakota, former CEO of the Federal Reserve Bank of Minneapolis, who wrote (in 2016) that economists do not know very much about the topic of anonymity and that the profession “model it more systematically”. Well, I have a couple of new data points to feed into that modelling.
If we focus first on the specific issue case of CBDC, I have argued before that central banks are better positioned than banks or other intermediaries when it comes to safeguarding data because a central bank has no profit motive to exploit payments data. We might take this argument further and say that if the central bank were to place transaction data into some form of data trust that would facilitate data sharing to the benefit of citizens, then personal data could be pooled to the benefit of all.
(In a data trust, structure, data stewards and guardians would look after the data or data rights of groups of individuals with a legal duty to act in the interest of the data subjects or their representatives.)
There are data points to support this argument. For example Australian consumers say that they value transaction privacy to the extent that they are prepared to pay A$5 more for an account that shares transaction data with the central bank instead of with commercial banks, even assuming that the financial crime authority, the Australian Transaction Reports and Analysis Centre (AUSTRAC), can access the transaction data in either case. Interesting.
Now let us move on to focus on payments in general.. One of the key discussions to be had around the subject of payments is anonymity. One of the advantages of cash, to some people, is its anonymity. Hence, these people might say, digital cash should exhibit the same fundamental characteristic.But, as is obvious, there are limitations on the use of cash for criminal enterprises of one form or another because it is impractical (and dangerous) to hoard large amounts of banknotes.
Banknotes are of course the historically most-favoured instrument of money launderers around the world. Their favourite too, the $100 bill, is anonymous in practice even though every $100 bill has a unique serial number and could in principal be tracked, traced and monitored on its journey from Hollywood to Medellin. It is, of course, much too complicated and time-consuming and expensive to do this.
(And, it has to be said, and a great many of the intermediaries have no incentive to comply with monitoring mechanisms of any kind.)
Despite the practical anonymity, it is expensive and inconvenient to transport suitcases full of cash around the world. Plus, if you do transport suitcases full of cash around the world, you might get caught just as Tara Hanlon from Leeds was. She pleaded guilty to money laundering offences worth more than £5m after she was arrested as she tried to board a flight to Dubai with more than £1.9m in cash in suitcases. Putting the cash down your pants does not help either, as another Brit discovered when she was arrested with cash in her underwear. Laundering wads of banknotes is therefore expensive. And while we might look those expenses as a tax on criminal activity that is justified, it is of no benefit to society if that tax is paid to other criminal enterprises.
In contrast, anonymous digital cash is a tax dodger’s dream. The rich and powerful can whizz limitless wonga around the world at the press of a button and what residual democratic control we might have over their activities evaporates into the ether. Unfettered criminal enterprise, not to mention state-sponsored economic terrorism, is made cost-effective to the point of being irresistible. If we cannot stop the criminals then perhaps we should take a more economic approach to capture the tax for the benefit of society, not miscreant middlemen.
How might we do this? Well, in that paper on Brazil, J.P. comments on the idea of permanently negative interest rate on anonymous CBDC. The thinking here is that as we all understand that criminality and tax evasion impose costs on society, it may be worthwhile to design anonymous payments systems in a way that recoups some of the costs these activities impose. We could, in other words, have a national digital currency in which anonymous transactions cost more than non-anonymous transactions. That, in my view, is an idea worth exploring.
One potential implementation (referenced by J.P. in his paper) is the “Crime Pays System” or CPS as conceived by the artist Austin Houldsworth. It was his idea to have me present CPS at the British Computer Society (BCS). We had my alter ego set out the new payment system to an unsuspecting audience (you can read more and see the video here). In this system, we suggrsted that payments would be either “light” or “dark”. The default transaction type would be light and free to the end users. All transaction histories would be recorded in public (eg, on a shared ledger) which would allow anybody anywhere to view the transaction details. The alternative transaction type would be dark. With this option advanced cryptographic techniques would make the payment completely invisible with levy applied. We thought this might reach 20%, with the revenue generated taken by the government to substitute for the loss of taxes and cost of crime in the dark economy.
What a cool idea. And here’s data point that might indicate that light and dark transactions are real. On 3rd March 2025, when the pump and dump frenzy accompanying President Trump’s remarks about creating a national cryptocurrency stash had passed, Bitcoin was trading at around $88,000 on exchanges. But in the peer-to-peer (P2P) markets, it was trading around a third higher. That is, there are appear to be a “no KYC” premium of around a third. It has long been clear, in fact, that P2P markets are a great option for building “a non-KYC stack of bitcoin” that cannot be tied to individual identity.
This premium is the existence proof of the validity of the “light and dark” transactions idea. I do not know what this will mean in terms of the economic modelling of anonymity, but what is means to mean is that if there is going to be a premium paid for anonymus transactions, then that premium should go to society not offshore crypto mixers, tumblers or launderers.
Snippings 