Binance really loved telling people to use VPNs, allegedly

So I read through the CFTC complaint against the world’s largest cryptocurrency exchange, Binance, and it seems like the lawyers are having fun with this one. For instance: “Binance’s decision to prioritize commercial success over compliance with US law has been, as Lim paraphrased Zhao’s position on the matter, a ‘biz decision.’” I never get tired of reading these complaints.

Now to be clear, I don’t think Binance is the only entity ever to decide that skirting US law to acquire more customers — after all, US pharma companies have been making billion-dollar settlements over that exact same “biz decision.” But I do think explicitly writing that you are deliberately doing that is a real clown move. A government body can’t hold you accountable for conversations they can’t hear; they can, however, throw anything you put in writing back in your face. And mens rea matters — you can’t call something an oopsily doopsily mistakey-wakey if you’re also saying in a written record that it’s a business decision. 

The complaint alleges that Binance deliberately broke the CFTC’s rules in trading derivatives, such as Bitcoin futures. Do you think the CFTC put on some Warren G when they released this? Anyway, they intend to regulate.

I’ve mentioned before that I feel Changpeng “CZ” Zhao, in kneecapping Sam Bankman-Fried’s FTX, had in fact painted a target on his own back. In fairness, Binance has been the target of multiple investigations before the fall of FTX over its own token, insider trading, and money laundering. So maybe it wasn’t the FTX fall that prompted this. 

To legally let people trade derivatives in the US, Binance should have registered with the CFTC, the regulator says. Instead, Binance made a bunch of noise about pretending it was only for customers outside the US, while encouraging American residents to use virtual private networks to obfuscate their location so they could trade on the platform. VPNs essentially hide a person’s IP address and browsing information, and are commonly used by normal people to do things like stream the current episode of The Great British Bake-Off before it appears outside of the UK.

In Bloomberg’s money laundering story, a Binance spokeswoman denied that the exchange encouraged VPN use. But in the CFTC’s complaint, compliance officer Samuel Lim repeatedly wrote that people should use VPNs to trade on Binance from the US! For instance:

  • In February 2019, Lim told Zhao “a huge number” of Binance’s customers who trade less than two Bitcoin “could be U.S. citizens in reality. They have to get smarter and VPN through non-U.S. IP.”
  • In September 2019, Binance added a pop-up that asked customers to self-certify they weren’t a US person by clicking on a button in the window. As of January 2020, about 20 percent of Binance’s customers were nonetheless located in the US, according to revenue reports sent to Zhao.
  • An employee with the title Money Laundering Reporting Officer told Lim “I HAZ NO CONFIDENCE IN OUR GEOFENCING.”
  • Binance itself gave US customers helpful hints about how to use VPNs by publishing “A Beginner’s Guide to VPNs” on its site. The complaint says the guide nudged customers by telling them a VPN can be used “to unlock sites that are restricted in your country.” (This does not appear in the current version, as far as I can tell.)
  • The CFTC says that the guide was used to teach US customers to bypass Binances’s IP-based controls on who could use the site, and Zhao and other members of senior management knew that. Lim said in a chat, “CZ wants people to have a way to know how to vpn to use [a Binance functionality] . . . it’s a biz decision.” And also “We are actually pretty explicit about [encouraged VPN use] already – even got a fking guide.”
  • Lim again: “they can use vpn but we are not supposed to tell them that . . . it cannot come from us . . . but we can always inform our friends/third parties to post (not under the umbrella of Binance) hahah.”
  • More Lim: “Yes, it still is. Because if US users get on .com we become subjected to the following US regulators, fincen ofac and SEC. But as best we can we try to ask our users to use VPN or ask them to provide (if there are an entity) non-US documents. On the surface we cannot be seen to have US users but in reality we should get them through other creative means.”

This is, I’m sure, very cool and normal compliance. But I’d like to focus on the direct quotes, because, again, we love a bitchy direct quote!

Binance used Signal, WeChat, and Telegram to communicate both internally and with customers. Some of the direct quotes in the complaint — such as those with an unnamed US trading firm — are from Zhao’s Signal chats. 

The CFTC writes that Zhao used Signal with auto-delete on “even after Binance received document requests from the CFTC and after Binance purportedly distributed document preservation notices to its personnel.” It then lists a number of things that were set to auto-delete including “group chats titled ‘Finance’ ‘HR,’ ‘Mkt hr,’ and ‘CEO office.’”

I wonder how much of Zhao’s auto-deleting Signal chats the Feds got! Do they have Zhao’s phone or something? 

Anyway here are some other greatest hits of the complaint:

  • Compliance officer Lim explaining to a colleague, “after receiving information ‘regarding HAMAS transactions’” that “terrorists usually send ‘small sums’ as ‘large sums constitute money laundering.’ Lim’s colleague replied: ‘can barely buy an AK47 with 600 bucks.’”
  • Lim on Russian accounts: “Like come on. They are here for crime.” The response from our friend the Money Laundering Reporting Officer? “we see the bad, but we close 2 eyes.” My love, the meme is I pretend I do not see it.
  • Binance’s policy was that no one had to do KYC as long as the customer withdrew less than two Bitcoin a day. “The notional value of two BTC in July 2019 was more than $22,000 and in March 2021 was more than $100,000,” the complaint says.
  • Binance is trading on its own platform through 300 accounts that are “directly or indirectly” owned by Zhao. It hasn’t told its customers that, though!

I don’t think this is going to be the last we hear of the Feds looking into Binance. These are only civil charges, after all. And if one part of the US federal government has Zhao’s Signal chats, other branches probably have them, too.

Binance did respond: “Upon an initial review, the complaint appears to contain an incomplete recitation of facts, and we do not agree with the characterization of many of the issues alleged in the complaint,” Zhao said in a statement. The statement says many other things, but it doesn’t deny any of the many specifics in the complaint. And that’s the thing, an incomplete recitation of facts is not a wrong recitation of facts!

This is all pretty brazen. Like, maybe not “Wirefraud” as the name of your groupchat brazen, but shameless nonetheless. It suggests that Zhao isn’t worried about being caught. Now, he is in Dubai, but Dubai has been under pressure to clean up its act ever since an international financial crimes task force added the United Arab Emirates to its money laundering watch list. I wonder how any more legal documents we’ll see before someone in the UAE starts to consider Zhao extradition material. It might depend on how much more bad behavior he decided to put in writing.

Update 7:15PM ET: Adds Binance response.

https://www.theverge.com/2023/3/27/23659109/binance-cftc-vpn-signal-notes