Update: The Yang2020 campaign appears to no longer be accepting cryptocurrency donations. A partner of mine filled out the form in December 2018 and never heard back. If you have any information please contact me here.
In July 2018 Andrew Yang’s campaign made headlines by being the first presidential campaign to accept cryptocurrency contributions. Myself and a partner tested their process for accepting cryptocurrency and discovered a severe deficiency that exposes the Yang2020 campaign to bad actors. Let’s walk through their current contribution process, point out the issue, and recommend better alternatives to ensure Yang2020 and other political campaigns doing this in the future do not expose themselves.
Yang2020 Cryptocurrency Contribution Process
- Complete their form by supplying name, address, employment info, and the amount and type (Bitcoin or Ether) of cryptocurrency you will be contributing.
- Book a 15 minute call with a member of their compliance team.
- On the call confirm you will not share the wallet address they give you and also answer the following questions: Are you an American citizen? Are you donating money free of coercion? How did you hear about Andrew Yang? Is there a specific reason why you prefer to donate cryptocurrency over traditional money?
- Via email receive the wallet address to send the contributions to.
- Send cryptocurrency to the wallet address.
- Via email receive a receipt from the campaign.
- Yang2020 transfers the cryptocurrency to their Gemini account where they convert it to US dollars.
During the call the representative of the campaign said:
I’m going to share our public address after the call, I’ll email it over to you and we need to make sure you don’t share that. If you were to share that out and people were to send us unsolicited money then we would kind of be screwed just because how strict the FEC guidelines are we wouldn’t be able to account for it.
I then asked if they were giving a different wallet address to each contributor and was told their team is “doing it on a case by case basis to be on top of who’s donating what.” Concerned, I asked what would happen if another contribution was made after mine to the same wallet address. The rep replied:
Based on what the FEC said all the funds in that wallet would become invalid because we wouldn’t be able to account with any certainty what came from where.
After the call, the Ethereum and Bitcoin wallet addresses I received were the same exact ones my partner received. Besides the fact that I was told each contributor would be receiving different wallet addresses, sharing out the exact same wallet address to multiple contributors is bad practice if your goal is to keep track of where funds are coming from. Especially given tracking the source of cryptocurrency payments is much more difficult than payments made with a credit card. Furthermore, this increases the chance that a rogue contribution would be sent, thus making all funds in that wallet “invalid.” Suppose a bad actor wanted to invalidate contributions made by others, all they would have to do would be to send another payment after their initial one. This would be further complicated if some of those funds from the wallet had already been converted to US dollars.
Recommendations for Improving the Process
The simplest way for Yang2020 and other campaigns to accept cryptocurrency is to use a payment processor like Coinbase Commerce or CoinGate. This will save campaigns the trouble of having to manage their own wallets and make it much easier to keep track of donations. The other option is to generate a new wallet address for each individual donation, send the funds to your exchange (Yang2020 used Gemini), and never use the wallet again.
Cryptocurrency greatly reduces barriers to entry by opening finance to anyone with a smartphone, but that doesn’t mean it is a silver bullet. Especially for campaign contributions and other transactions where non-anonymity is vital, at least right now fiat currency is going to be safer. I have no doubt that in time it will be very easy to send cryptocurrency transactions that can easily be verified as coming from a specific individual. And on top of that, it will be much easier to determine that the funds an individual is sending are clean. Until then, we are in an in between stage where we must tread carefully.