Tracing Stolen Bitcoin

Ross Anderson has a really interesting paper on tracing stolen bitcoin. From a blog post:

Previous attempts to track tainted coins had used either the "poison" or the "haircut" method. Suppose I open a new address and pay into it three stolen bitcoin followed by seven freshly-mined ones. Then under poison, the output is ten stolen bitcoin, while under haircut it's ten bitcoin that are marked 30% stolen. After thousands of blocks, poison tainting will blacklist millions of addresses, while with haircut the taint gets diffused, so neither is very effective at tracking stolen property. Bitcoin due-diligence services supplant haircut taint tracking with AI/ML, but the results are still not satisfactory.

We discovered that, back in 1816, the High Court had to tackle this problem in Clayton's case, which involved the assets and liabilities of a bank that had gone bust. The court ruled that money must be tracked through accounts on the basis of first-in, first out (FIFO); the first penny into an account goes to satisfy the first withdrawal, and so on.

Ilia Shumailov has written software that applies FIFO tainting to the blockchain and the results are impressive, with a massive improvement in precision. What's more, FIFO taint tracking is lossless, unlike haircut; so in addition to tracking a stolen coin forward to find where it's gone, you can start with any UTXO and trace it backwards to see its entire ancestry. It's not just good law; it's good computer science too.

Posted on March 28, 2018 at 6:30 AM • 27 Comments


WinterMarch 28, 2018 8:39 AM

The comments in the linked blog post point out some reasons for caution. However, It seems to be a better way of tracing stolen money than the alternatives.

I doubt its use for reclaiming stolen bitcoins outside of "English" jurisdictions. Over here, any transaction entered in good faith is final. Stolen goods cannot be reclaimed from those who accepted them in good faith.

keinerMarch 28, 2018 9:15 AM

Hmmm, could all bitcoins be fully tracked over their entire life time? Nightmare for the darknet, I would guess...

SethMarch 28, 2018 9:38 AM

Winter, the paper seems to address your concern, and those of most of the commenters. Surprisingly, it is very light on the technology side, it seems to be focused on practical applications and policies. It seems that the goal is not recovery of bitcoins as much as tracking and preventing stolen bitcoin from being easily used.

The researchers have created a list of known stolen bitcoin, which they're calling the "taintchain", that any bitcoin can be compared against. Using current methods of tracking stolen bitcoin most bitcoins in use are tainted, but with the proposed FIFO approach it reduces it to 20% or so that are bad. So, it would be possible (or even required) for bitcoin exchanges to refuse "bad" bitcoin.

Of course it seems that any intelligent thief would quickly change their strategy so that the bitcoin couldn't be tracked using FIFO, but perhaps I missed that part of the paper. I also wonder how quickly it could react to new reports of stolen coins.

jbmartin6March 28, 2018 11:23 AM

I'm not sure I understand the point here. Bitcoin is just a ledger operation, i.e. plus or minus some amount. It is inherently fungible, meaning there is nothing to distinguish one portion of it from another. If I have a bitcoin and they use this method to decide that bitcoin was one stolen ten hops ago, I could potentially be required to return it? The paper touches on this, noting the danger of damaging the fungibility of bitcoin. My best guess is it is a way of identifying money launderers or other miscreants by looking at nodes with an unusually high number of 'tainted' coins

WinterMarch 28, 2018 11:56 AM

"It is inherently fungible, meaning there is nothing to distinguish one portion of it from another. "

Indeed, but the addresses that received the stolen money would be like bank account numbers. We could envision that these addresses would be blacklisted so the bitcoins could not be moved or spend. I do not see how this could be implemented in any way given the speed of bitcoin transactions. By following the money trail, the receiving ends could be leaned upon to "help the police with their inquiries".

I doubt this would be practical, but knowledge is power. If tainted bitcoin can be tracked, things will be learned about the thieves.

Jesse ThompsonMarch 28, 2018 1:58 PM

Yeah, this still attacks fungibility.

The basic response to a FIFO analysis is that fugitive pours bitcoins into a mixer first, non-fugitive pours bitcoin in next, mixer is set to pay out in unpredictable order and winds up paying non-fugitive first and fugitive next.

Now fugitive's bitcoins are no longer traced by FIFO (we're presuming they poured in equal amounts for the simplest to envision outcome) while non-fugitive is completely on the hook. Now non-fugitive can't bring their bitcoin to an exchange to cash out without allowing LEO to shove a camera up their bum first in a series of humiliating attempts to prove they weren't original fugitive, but ultimately just punishment for ever using a mixer or attempting to be anonymous to begin with.

Things get even darker when inputs and outputs fail to match up precisely, you wind up with a position a lot like Haircut where each user has X% of their funds tainted. How is that supposed to pan out, anyhow? Everyone who tries to cash out at the exchange gets only X% of their funds locked? We could have just done that with haircut and ignored FIFO entirely.

I think I'll let my distant ancestor handle this one:

We are to look upon it as more beneficial that many guilty persons should escape unpunished than one innocent person should suffer. The reason is because it’s of more importance to community that innocence should be protected than it is that guilt should be punished, for guilt and crimes are so frequent in the world that all of them cannot be punished, and many times they happen in such a manner that it is not of much consequence to the public whether they are punished or not.

But when innocence itself is brought to the bar and condemned — especially to die — the subject will exclaim: "it is immaterial to me whether I behave well or ill, for virtue itself is no security." And if such a sentiment as this should take place in the mind of the subject there would be an end to all security what so ever.

- - John Adams

BobMarch 28, 2018 2:27 PM

"We also looked at bitcoin laundries or mixes. These are based on the idea
that if you put one black coin in a bag with nine white ones and shake hard
enough, you’ll get ten white ones out. But depending on the algorithm in use,
FIFO tainting will decide that one of the outputs is black (and no owner of
a white coin will want to risk that outcome)"

"It's not just good law; it's good computer science too."

I don't see how it is good to falsely accuse people with a crime or manipulate them into thinking that it is better not exercise their right to privacy not to be mixed with the criminals.

David LeppikMarch 28, 2018 3:56 PM

I bet Etherium's smart contracts could be used to get around FIFO. That is, set up a smart contract where a wallet pays out to the intended recipient only after the same wallet has been used for unrelated transactions. Of course, such an obvious rule would be a red flag.

Sergey BabkinMarch 28, 2018 4:09 PM

In practice it probably isn't any different from the haircut, because the main problems are probably how to locate and deal with the thief, and whether the coin should be reposessed or not.

If the coin is still owned by the thief, it should definitely be reposessed. If the thief had used the coin to pay to a valid merchant, the coin should probably be not reposessed (although if the thief is caught and whatever he bought has been reposessed, the transaction should possibly be undone, returning the coin and the merchandise back).

This means that for each account containing the stolen coins we need to figure out somehow if it's a valid merchant or just another account owned by the thief and used to launder the coins. One way to do it would be to physically catch the thief and find all the accounts owned by him, which is not easy. Another way would be to look at the percentage of the stolen coins in the account. If the percentage is high, that is probably a laundering account, if the percentage is low then it's probably a valid merchant. And the percentage computation gives pretty much exactly the same computation with the haircut as with the FIFO. FIFO is actually worse in this regard because it introduces more randomness.

Of course, the percentage can be misleading too: if you open a new account, put 10 count into it, and then unknowingly get a payment of 90 stolen coins, suddently the account looks like a laundering one.

But in this sense FIFO works much worse than haircut: if you get a payment from a valid merchant who has 100K coins with 100 of them tainted, and FIFO gives you 90 out of these 100 tainted coins, your account suddenly becomes 90% tainted. But with teh haircut method you'd get 90 coins that are 0.1% tainted, and your acount would be only 0.09% tainted. So the dilution in the haircut method is not a bug, it's a feature.

Ann OminousMarch 28, 2018 5:01 PM

Bad currency drives out good. If FIFO tainting becomes popular but not universal, people will preferentially spend tainted coins by sorting the untainted ones into another wallet.

WinterMarch 29, 2018 4:56 AM

"U.S. authorities are absolutely in the wrong to tolerate Bitcoin or other digital "blockchain" currencies even for a minute. It is a scam."
"I see you as a troll, had to say it."

Actually, I think he has a point.

The same point has been made about gold. That was introduced as a payment method a few centuries BC to pay for mercenaries and other terrorists. It was a scam by the likes of King Midas (who lived in what is now Turkey, go figure) to finance his criminal campaigns to loot the neighborhood.

Ever since that time, cash has been used for criminal and terrorist purposes. Bitcoin is just as much a criminal means as cash is.

JG4March 29, 2018 6:13 AM

@Winter - The flipside of every tool of oppression is a tool for the advancement of human rights. One of my buddies got out of Vietnam for 8 ounces of gold, which bought him a ride in a badly overloaded boat. With the gold watch that he managed to keep through the multiple stops by pirates, he purchased cooking lessons in a refugee camp in Malaysia. He is an expert at cooking anything that you might catch. I was told in the past couple of years that the (past?) Chief Rabbi of Israel was a child of perhaps 6 or 7 years of age when he was sent to the camps. His mother sewed gold into the lining of his jacket. He spent all of the gold on bribes in the first 24 hours, but somehow managed to keep himself and his younger brother alive. His mother was not so fortunate. I probably said that Leo Szilard lived for four years in Nazi Germany with his suitcase packed. It was a great place to do nuclear research. He knew that he was leaving, and that when he was leaving, that he might want to leave quickly. The rest is history.

I think that the divisibility, fungibility, (relative) durability, and recognizability of both barley and gold have been discussed before. People who live on roots and cabbages are more difficult to tax than those who eat grains. One of the aims of empire is to wipe out the peasants who are impossible to tax, because they live at the margin of survival, and replace them with more profitable tenants, who will use the coin of the new realm. So much the better if a high-functioning local psychopath can be found to run the show via a network of sociopaths. Your point is well taken that this highly portable medium of exchange is particularly convenient for hiring mercenaries and assassins. I doubt that was the first use, but certainly an early use. It may be noted that cash serves the same purpose and that many hundreds of billions of dollars of no-bid contracts have been paid to mercenaries in the past 15 years. I've probably pointed out, but not for a long time, that these media of exchange are proxies for Gibbs free energy. There is a lot of diesel fuel in every ounce of gold.

Every living system requires a steady supply of high-quality energy to maintain homeostasis. I may have posted the links to tie the emergence of self-replicating entropy maximizers back to the spontaneous emergence of order in any non-equilibrium thermodynamic system. It goes a long way to explaining pretty much everything. Empires are entropy maximization systems, but their entropy maximization is not necessarily your entropy maximization. Entropy maximizer is just another word for self-optimizing resource-extraction asset-stripping engine, a self-organizing adaptive system. The four mechanisms of adaptation in living systems are genetics, epigenetics, gene regulation and intelligence. The machines use various forms of artificial intelligence.

I think that someone (possibly me) posted a brilliant article a few months ago about corporations being the first artificial intelligences, a sort of crowd-sourced intelligence for optimizing cashflow. Vance Packard wrote many good books, and one of them was The Pyramid Climbers. It has been too long since I read it to remember if he identified sociopaths and psychopaths as the ones who would climb fastest to hold the reins of power. Another of his excellent books is The Hidden Persuaders. Again, too far back in time to remember if he included Bernays in the bibliography. Persuasion is just another tool for entropy maximization, as are sugar, alcohol, slavery, whaling, opium smuggling, petroleum, and all of the other businesses of empire. Or as they call it, manufactured consent. Just make sure that your consent is not manufactured by them.

If blockchain is a mechanism for scaling trust, it will turn out to be very important. One of the many problems with psychopaths and sociopaths is that they can't always be trusted.

WinterMarch 29, 2018 6:45 AM

"If blockchain is a mechanism for scaling trust, it will turn out to be very important. One of the many problems with psychopaths and sociopaths is that they can't always be trusted."

I should have added the [SARCASM] tags. ;-)
Obviously, I agree. However, those who are against money are the likes of the churches. They are not opposed to money for the sake of the people, but because money also makes free.

However, I disagree about psychopaths. They are like sharks and can never be trusted.

cashMay 11, 2018 10:57 PM

Zcash or any other zksnark/zkstark cryptographically private coin, and monero to some extent, all combined with mixes, exchanges, and even fully legit storefronts... all running within anonymous overlay networks... will entirely defeat this and all other tracking papers. And there's nothing you can do about it short of turning off the internet. Good luck with that.

Krebs AnthonyFebruary 24, 2019 11:37 PM

Most binary options companies out there are fraudulent. They are all scams. I have been a victim of their activities. I invested about $480,000 and when i wanted to withdraw after some weeks, I was unable to reach their contact numbers or emails with which we stayed in touch. I assumed they were having some maintenance routing check, as that had happened in the past. After some weeks, I was contacted again by them and was asked to invest which i refused and told them i wanted to withdraw my money. After this, i didn’t hear from them again. At this point, I started to feel like i had been duped. I was lost and shattered as i had lost most of my savings. I was depressed for about 4 months. I was too ashamed to tell anyone about it, not even my children. I finally summoned the courage to tell my friend who came to visit me in the UK from New Zealand. He told me about a firm which specializes on helping get money back called bitcoin retrieval genius. I contacted them and was guided to recovering most of my money. I was a great feeling to get some of my money back, as i had given up all hope.You can also contact him via
Email-bitcoinretrievalgenius AT GMAIL DOT COM

Adib beccaMarch 13, 2019 11:18 AM

Those who have fallen victim to currency heists either through mismanaged exchanges or hacks have the option of filing a complaint with the FBI’s Cyber Criminal Unit or other law enforcement agencies. An obstacle in going this route is the lack of emphasis placed on recovering stolen Bitcoin; to date, no one has received jail time for hacking an exchange or electronically syphoning digital currency. Broadly speaking, law enforcement agencies remain undecided as to whether or not stealing digital currency constitutes a crime, but if you wish to get your stolen or lost cryptocurrency back, i recommend contacting “Quickfundsrecovery(@)gmail” he helped me recover over 4 btc he can help you get your stolen bitcoins back, his services are fast and affordable.

AndyApril 9, 2019 8:37 PM

“Quickfundsrecovery(@)gmail” are crooks and of very low profi level. they ask the victim to create a new blockchain wallet, then ask remotely to open it and import any of non-spendable btc address. after that they ask 1 btc to "unlock" the funds.
they don't have even a bit of shame

Mark May 8, 2019 12:06 PM

An uptick in digital heists of virtual currencies has left many crypto investors wondering if they have any options for tracing illicit Bitcoin transactions and recovering their stolen funds.
The short answer is that ‘it’s possible, but difficult.’ The long answer is that ongoing developments in the regulatory landscape surrounding cryptocurrency may offer victims more recourse going forward.

Recover all funds lost to binary options scam, Bitcoin scam or basically any stolen money. The government is doing absolutely nothing to peg this menace. I even filled a report about my loss to the FBI and paid for proper trace and possible recovery of my lost investment. Time wasting and their lackadaisical attitude made me look elsewhere for help.
Thankfully, my old friend referred me to a colleague of his (who specializes and has the required skilled set in recovering funds lost to the wrong hands .
Contact quickfundsrecovery(@) gmail Com

David Jones May 8, 2019 12:08 PM

If you have lost your money to scam through western union, money gram, Binary options, PayPal, Perfect Money or any cryptocurrencies and you want to get it back from the scammer, I recommend you get in touch with Quickfundsrecovery on Gmail
This is 100% legit and real, and also no upfront payment or fees. They just assisted me in recovering the bitcoins I lost to Yobit scam cryptocurrency website. I am thankful and grateful for the support of the services they rendered.

andrewMay 15, 2019 3:32 PM

I've been a bit reluctant in sharing my experience in bad investment, but here it is. If you’re a victim of stolen funds through binary options or any other investment scheme, and you need ways to get your money back, I recommend you contact BITSOLUTIONS7 |AT| AOL.COM to help you recover them. They just assisted me in recovering my investment with 72 options. I am thankful and grateful for their support. 
WhatsApp/SMS : +1 (708) 740-4928

Josh RadnorJune 13, 2019 5:33 PM

Literally, all binary option brokerage are scam. But In recent times a lot of victims have been able to successfully get their money back and I am thankful for that development. If you are a victim of plus500 or any other binary option brokerage, report your case to Hackshield |@| so they can ensure that you get all of your money back to the last cent. They're one of the very few that actually pull strings.

Tony Anderson June 14, 2019 10:51 AM

Times have changed. Technology is evolving everyday. There are new innovations that do not only trace bitcoin addresses but find out what platform or exchange they belong to. Anyone would agree that this is a big step in recovering coins. I lost over $120000 to IQ Option but thanks to Quickfunds and his team for their professional and Ethical service rendered in recovering all of my money from this scam binary options company. You can mail them if you need to recover your money back also. Information is Key.
Mail; Quickfundsrecovery @ gmail .com
Text : +1(262)872-0558

Todd RyanJune 28, 2019 10:38 AM

REGULATION NOTICE: There are many binary options companies which are not regulated all around. Most of these offshore companies are not supervised, connected or affiliated with any of the regulatory agencies such as the Commodity Futures Trading Commission (CFTC), National Futures Association (NFA), Securities and Exchange Commission (SEC) or the Financial Industry Regulatory Authority (FINRA), Cyprus Securities and Exchange Commission. Beware of where you invest your money and if you lost your money, kindly get back to me via (Quickfundsrecovery for assistance on how to recover your money in an interval of 72Hours.

Jabari HopsonJuly 8, 2019 11:10 AM

Hi Everyone, I like to update the community on actions related to the fraudulent activity on my card that resulted in €20000 in cash being stolen from my card. I went ahead and decided to seek solution on how to recover funds or money stolen back from the internet back into my accounts in less than 5 days [bitcoinrecovery @ consultant DOT com] processed my reports for investigation in amount lost. Just 11 days after the unfortunate incident cell number plus ONEfive1six34 ONE1871 contacted me with instructions on how I can safely receive recovered funds. I am pleased they reviewed informations in my claim and took action before 5 days. I would like to thank BITCOINRECOVERY [at] Consultant. Com community in particular, for very quick and detailed help. Also they suggested how to add security on my funds which I now use.

Jeanne GregoryJuly 20, 2019 12:56 AM

I used to be addicted to gambling and i stopped last November.My life changed the moment i met a professional crypto/bitcoin mining expert.He helped me with bitcoin mining that i make $10,000 from weekly.i will forever be indebted to this binary expert for the great services he's got,he helped me up when i was almost selling my inherited house from my dad.He assisted me to acquire lots of money through his mentorship.i am confident to introduce him to you all and you can contact him as well on here [CryptobinaryExpert AT Hotmail dot com]if you need help mining bitcoin for Gain,retrieval of frozen/stolen bitcoin wallet or any related crypto currency investments.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.