Following the Money: Are Bitcoin Black Market Purchases Really Anonymous?
This article is the second in a two-part interview with University of California-San Diego researcher Sarah Meiklejohn on her new research paper, "A Fistful of Bitcoins: Characterizing Payments Among Men With No Names." Part One provides an introduction to her paper and illustrates her findings on anonymity within the Bitcoin protocol.
Meiklejohn’s paper, “A Fistful of Bitcoins: Characterizing Payments Among Men With No Names,” provides a snapshot of the bitcoin economy as of April 2013.
The bitcoin economy of today looks a bit different than it did in April, back when notorious black marketplace Silk Road was still facilitating nearly $2m in monthly sales, and the price of 1 BTC was edging towards with the $100 mark.
However, many of the same concerns remain in the community today. Namely, with online black markets becoming the prime target of law enforcement, will those who participate in such actions face repercussions for their involvement?
University of California, San Diego researcher Sarah Meiklejohn recently completed a paper that traced the movements of bitcoin in April using heuristics, a specific problem-solving technique that allowed her to trace individual bitcoins from consumer-facing exchanges like Mt. Gox to marketplaces such as Silk Road.
Her comments to CoinDesk suggest that the answer is no, and furthermore, the US could take actions against past users. Meiklejohn said:
In an exclusive interview, Meiklejohn discusses how her research was able to prove to reporters that coins seized from the account of Ross Ulbricht, the accused Dread Pirate Roberts, had passed through Silk Road. Meiklejohn also discusses if it will be possible to prosecute bitcoin users in connection with the Silk Road case and whether it's possible to hide criminal transactions using the block chain today:
CoinDesk: If it's so hard to stay anonymous with a large amount of money, how are people getting away with large-scale theft?
Sarah Meiklejohn (SM): The point of the work was not to completely de-anonymize users. At best, what we can do is cluster these addresses together and say, 'These are all one user' but we still don't know who that user is.
The point was that this might erode your anonymity sufficiently to the point where an agency with subpoena powers would be able to step in.
For example, the thing we identified the most was transactions with services. Deposits into Mt. Gox, withdrawals from Mt. Gox, deposits into Silk Road, withdrawals from Silk Road.
Obviously, with all these transactions, we can say: 'look, there is an individual depositing bitcoins into Mt.Gox', but we certainly can't say which individual, unless that individual has identified their addresses publicly, in a forum or something.
In and of itself, we're not de-anonymizing the thief or the user, but the thing is – once you start transacting with services that know your real-world identity, you're making yourself vulnerable to these agencies that are going to that service or exchange and saying: 'I need to know who this is'.
We're not getting you all the way there but we're following these bitcoins to the doorstop of Mt. Gox. One of the most frustrating parts of bitcoin is that you can see this happening and there's nothing you can do about it.
I've had people email me and say, “I had these bitcoins stolen, can you help?” and I write back and say, “I can track them, but it's not clear what that's going to do for you.” If I say, “I saw your bitcoins go to Mt.Gox, it's not clear what that buys you.”
CoinDesk: Have you worked with law enforcement so far, and are they interested in this work?
SM: I've talked to a few different law enforcement agencies. Yep, there is definitely interest.
CoinDesk: Do you know of any bitcoin thieves who have been prosecuted successfully?
SM: No, but I have a favorite story about stolen bitcoins. In April, the mining pool Ozcoin had mined a block, and they wanted to pay their miners. Then someone hacked their script to steal the bitcoins.
Apparently the operator of this mining pool was a nice, respected guy in the bitcoin communtiy, and people really rallied around it – starting this witch hunt to follow the stolen bitcoins.
They didn't go very far. They went one hop, and then another hop to Strongcoin. Luckily Strongcoin is very identifiable, because all of their transactions go to this one strong address. The bitcoins then sat in Strongcoin, and the members of the bitcoin community really pressured the owners of the Strongcoin wallet service to turn the bitcoins in.
When the thief tried to spend the bitcoins, Strongcoin somehow hacked their own system so that the bitcoins went back to the owner, Ozcoin.
So this wasn't law enforcement, but this was kind of a sign that if you can track these flows of bitcoins and identify what they're doing, then you can implore that service to step in – and they did.
CoinDesk: I know you were not involved in the FBI's investigation of the Silk Road. But describe what you've observed with the Silk Road addresses since the case became public. Does that give you any insight into the FBI's work?
SM: I confirmed for some reporters that the funds flowing to the seized coins/FBI address were directly from the Silk Road, and that some of the coins flowing to Dread Pirate Roberts' seized coins were from Silk Road.
With these volumes of bitcoins flowing through the network, it's impossible to miss. 26,000 BTC flowing into an address within a few hours, that doesn't happen all the time.
CoinDesk: Has anything interesting happened with these addresses since then to make you wonder what the FBI is doing?
SM: The most interesting thing with those addresses will be in years when the case is over. For now, they have to keep those bitcoins in those addresses for evidence.
Once the trial is over, it sounds like what they're supposed to do is cash out, liquidate the assets. That's going to be interesting to see. Cashing out that volume of bitcoins now would take months, given the volume of trading. And who knows what bitcoin will look like in a year or two or whenever the trial is over. That will be something interesting.
In the meantime, the thing I find the weirdest about those addresses are these protest messages. I call it spam or graffiti. You ping the address with some tiny amount of bitcoins, and you attach a public note.
It ranges from advertisements for gambling sites to anti-government protest messages. It's kind of funny. The block chain is the global history of bitcoin, and that graffiti will be around forever.
CoinDesk: Do you expect a lot of individual Silk Road customers to be prosecuted?
SM: I would be surprised if some of the bigger drug dealers were not prosecuted, because it seems so easy at this point.
The FBI now has all the data for Silk Road, they can see how much these guys earned, and they can see the addresses they used. So it really seems like they have a lot of what they need to be able to prosecute them. I would say probably small-time individual users, just buying a little bit of weed, are probably not going to be prosecuted.
CoinDesk: What does the Silk Road case say about bitcoin crime? Do you feel like this case is showing people that the party's over? Or will the criminals just become more clever?
SM: If you know how bitcoin works and are very motivated to protect your anonymity, that is possible. The problem is there are more people who don't know.
We saw a lot of people buy their bitcoin from Mt. Gox or another exchange, then transfer the bitcoins that they just bought directly from their Mt. Gox address to the Silk Road account, and that's how they buy the drugs.
We saw a lot of that, and that's the biggest mistake – not understanding that hopping directly from an exchange that knows who you are to the site where you want to buy drugs is probably not a good idea.
CoinDesk: More sophisticated criminals would do what?
SM: Let's say you're a drug dealer. You've taken in a bunch of bitcoins, now you want to cash out. The first thing would be to withdraw to an address that you own that is outside of Silk Road and outside Mt. Gox. Then you would want to mix those bitcoins. Right now, this is somewhat tricky to do at scale.
Our experience with mix services was not great – one service stole our bitcoins and with the other one, they didn't come back very mixed. One of them was fine – but we only tried to mix 1 or 2 BTC. So who knows, once you scale.
Once you've mixed your bitcoins, you could drop them into an exchange and cash out.
That would be it. We wouldn't be able to track that. I don't know if I really want to be advertising that to future criminals, [laughs].
There's this tension between privacy and anonymity, and then usability. If you're not super into bitcoin, if you're just doing this as a way to make money, at some point, doing what I just described might be unattractive. That might be enough of a deterrent to not bother.
We've actually been looking into a form of ransomware recently. The idea is, someone holds something hostage and demands payment in bitcoins. I was trying to look for information about this, and I found a bunch of users online complaining about being held ransom – not that they were being held ransom, but that dealing with bitcoin was such a pain.
CoinDesk: What kind of things were they being threatened with if they didn't pay?
SM: This ransomware can come in a bunch of different forms. The most direct thing is, they just lock down your computer and say, 'Give us 2 BTC at this address and we'll unlock your computer'. It's a form of malware.
They've infected your computer, but rather than monetizing it using one of the ways that botnets typically do, they monetize very directly – by getting you to give them money in exchange for getting your computer back.
Our group just had a paper accepted ["Botcoin: Monetizing Stolen Cycles," lead author Danny Yuxing Huang, published 6th December] exploring bitcoin mining and the usage of botnets to mine bitcoins. The classic way that botnets make money is to send spam, do port scanning or steal credentials.
But it's this long-term process of monetization. And now there's ransomware – that's a more direct way. This other thing we've been seeing [over the past 18 months] is probably the most direct form you could imagine, which is just mining bitcoins.
So, I compromise your machine, and then I use your machine to mine bitcoins. I'm literally minting bitcoins with your infected machine.
We wanted to look and see how common that was, how much money these botmasters could make doing this, and get a sense of the landscape. It's definitely happening, and it definitely seems profitable.
Some of the pretty big botnets like ZeroAccess were doing this. [According to lead author Huang, hundreds of thousands of infected computers or more are mining bitcons, yielding hundreds of thousands of dollars in profit.]
This interview has been edited for clarity and length. Return to Part One of our interview with Meiklejohn here.
FBI image via Shutterstock
DISCLOSURE
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.