Skip to main content

Amid rising tensions between Ukrainian and Russian military forces, Elliptic, a blockchain analysis company, released a report claiming that $570,000 worth of cryptocurrency donations have been sent to multiple non-government organizations in Ukraine resisting Russian forces. Among the range of cryptocurrencies being used by these groups, bitcoin specifically accounts for hundreds of thousands of dollars’ worth, with some groups exclusively raising funds in BTC.

The analysis firm made this conclusion by tracing wallet addresses posted on websites of these organizations supporting the Ukrainian army. For instance, the picture below was taken from the website for “Come Back Alive,” one of the largest groups supporting the Ukrainian army, which allows a quick path to donations and an even quicker path to traceability paired with the absence of privacy:

Organizations meant to help Ukraine resist occupation by Russia are raising significant amounts of bitcoin donations. But they need to do so more privately.

The bitcoin account listed on a donations page for Come Back Alive. Source.

Aptly named from its first donation of bullet-proof vests to the army, inscribed with the words “Come Back Alive,” the easy traceability of this group’s bitcoin donations is significant, since it saw over $200,000 worth of bitcoin donations come in the second half of 2021, per Elliptic.

The Problem With Easily-Traced Bitcoin Donations

These groups are the meat-space manifestation of the decentralization that Bitcoin is meant to enable. Privacy for one can mean privacy for us all and just because this isn’t your battle today, that doesn’t mean tomorrow is guaranteed. Groups like “Come Back Alive” show us that sovereignty is a necessity in matters of war, but so is privacy. So, how do we fix the easy traceability that this group and others are seeing?

Dmytro Kharkov, a former member of the Ukrainian Mamay Institute think tank and current freelance economist and analyst based in Ukraine, emphasized that privacy is of the utmost importance during these rising tensions.

“The belief that privacy means less during a war is incorrect. On the contrary, as the war directly threatens people’s lives and property, privacy considerations become central to most people,” Kharkov said. “For example, in 2014 [during the first active phase of the Russo-Ukrainian War], armed terrorists from the so-called DPR and LPR actively expropriated wealth and property, such as automobiles in the occupied regions of Ukraine. Due to the minimal awareness of Bitcoin back then, people were unable to effectively protect their property.”

In addition, Kharkov pointed out that the use of bitcoin-based donations and the growing need for their privacy is a trend that will only grow in contemporary warfare.

“Moreover, Ukraine’s case illustrates that modern wars include not only conventional warfare but also ideological subversion, propaganda, fake news, cyber warfare, etc.,” he explained. “Under such conditions, privacy becomes the central aspect of people’s freedom preservation. One of the major benefits of Bitcoin is raising the questions of maintaining privacy in the face of war. After considering one’s conditions, technical expertise, plans and preferences, every person can make better-supported decisions.”

Clearly, privacy matters. In fact, some might say it matters most in moments like this. But how can groups like “Come Back Alive” maintain their privacy while still allowing potential donors an easy method of providing funds?

BIP47: Payment Codes

Bitcoin Improvement Proposal (BIP) 47 is known as “reusable payment codes for hierarchical deterministic wallets.” It might sound complicated, and it is, but it’s also exceptionally user-friendly once implemented correctly. BIP47 can be broken down into four points:

  1. Payment Code: An extended public key. Think of this as a normal address that you’d send Bitcoin to, as “Come Back Alive” is using on its site, except that when this one is used, it creates a “notification address. This is ultimately a decoy address.
  2. Notification Address: this is found by using a “notification transaction,” which happens when a doner interacts with the payment code, or address mentioned above. This transaction happens when a doner sends bitcoin to the address (payment code). A secret is derived from this transaction which leads users to a “designated input.”
  3. Designated Input: This is the first input of the “notification transaction.” This reveals the “designated public key” being used in the transaction in which the outputs are being sent.
  4. Designated Public Key: This is the actual address for which the coins will be spent.

To summarize, a payment code is a decoy address that allows every individual transaction to never re-use the same wallet address, allowing privacy for the reception of funds and privacy for donor identity. 

The Power Of BTCPay Server

Considering that the goal of groups aiding Ukrainian forces is to accept large amounts of donations from givers across the world, the idea of creating a new public address manually, even by the day or week, can seem egregiously burdensome for groups like “Come Back Alive.”

Another option is utilizing a BTCPay server, which is an open-source and self-hosted payment processor for Bitcoin. A service like BTCPay allows its users to automate the creation of new addresses for each transaction, though it does require a bit of a self-starter attitude.

How does BTCPay offer heightened levels of privacy?

Organizations meant to help Ukraine resist occupation by Russia are raising significant amounts of bitcoin donations. But they need to do so more privately.

BTCPay Server's description of its privacy assurances. Source.

According to the BTCPay website:

“Re-using an address for receiving payments is a privacy issue. Providing a different address manually to each customer is not an optimal solution. Imagine having to send a unique email to everyone that wants to pay you with cryptocurrency.

BTCPay solves the address reuse issue. It automates the checkout process for the merchant by creating a new invoice with a unique address created from the merchant's wallet, each time a customer pays using BTCPay.”

While the fact that BTCPay is self hosted means that a certain amount of technical know-how is required to use it, getting past the setup allows for easier, automated maintenance. Organizations like the ones currently supporting the Ukrainian military, could benefit greatly by setting up BTCPay Server, which would utilize the same methods as outlined in BIP47, allowing a single-use address perception to be associated with the identity of the group, while providing donation transactions with a greater level of privacy.

Using Bitcoin Privately Is Central To Its Potential

Privacy is existential to Bitcoin. Groups like “Come Back Alive” represent decentralized communities organizing around a shared goal — in this case, their belief in resistance to nation-state rule. It is imperative that, when opportunities arise to truly provide an opt-out financial system, the Bitcoin community rally behind that cause and do the due diligence of privacy education.

Methods like BIP47, its automation through services like BTCPay, as well as future improved implementations of it, will all be necessary for the preservation of privacy and security at scale.