De-anonymizing Bitcoin

Andy Greenberg wrote a long article—an excerpt from his new book—on how law enforcement de-anonymized bitcoin transactions to take down a global child porn ring.

Within a few years of Bitcoin’s arrival, academic security researchers—and then companies like Chainalysis—began to tear gaping holes in the masks separating Bitcoin users’ addresses and their real-world identities. They could follow bitcoins on the blockchain as they moved from address to address until they reached one that could be tied to a known identity. In some cases, an investigator could learn someone’s Bitcoin addresses by transacting with them, the way an undercover narcotics agent might conduct a buy-and-bust. In other cases, they could trace a target’s coins to an account at a cryptocurrency exchange where financial regulations required users to prove their identity. A quick subpoena to the exchange from one of Chainalysis’ customers in law enforcement was then enough to strip away any illusion of Bitcoin’s anonymity.

Chainalysis had combined these techniques for de-anonymizing Bitcoin users with methods that allowed it to “cluster” addresses, showing that anywhere from dozens to millions of addresses sometimes belonged to a single person or organization. When coins from two or more addresses were spent in a single transaction, for instance, it revealed that whoever created that “multi-input” transaction must have control of both spender addresses, allowing Chainalysis to lump them into a single identity. In other cases, Chainalysis and its users could follow a “peel chain”—a process analogous to tracking a single wad of cash as a user repeatedly pulled it out, peeled off a few bills, and put it back in a different pocket. In those peel chains, bitcoins would be moved out of one address as a fraction was paid to a recipient and then the remainder returned to the spender at a “change” address. Distinguishing those change addresses could allow an investigator to follow a sum of money as it hopped from one address to the next, charting its path through the noise of Bitcoin’s blockchain.

Thanks to tricks like these, Bitcoin had turned out to be practically the opposite of untraceable: a kind of honeypot for crypto criminals that had, for years, dutifully and unerasably recorded evidence of their dirty deals. By 2017, agencies like the FBI, the Drug Enforcement Agency, and the IRS’s Criminal Investigation division (or IRS-CI) had traced Bitcoin transactions to carry out one investigative coup after another, very often with the help of Chainalysis.

Posted on April 11, 2022 at 6:04 AM38 Comments

Comments

Winter April 11, 2022 7:08 AM

Laura Shin has a nice story about how the infamous 2016 Genesis DAO hacker was identified using analysis of transactions. It is in her book, but you can read about it here:

ht-tps://new-capital.eu/journalist-claims-she-identified-the-2016-dao-hacker-proof-shows-investigators-de-blended-wasabi-transactions/

ht-tps://protos.com/bitcoin-mixing-coinjoin-wasabi-chainalysis-samourai-privacy-wallet/

ht-tps://news.bitcoin.com/de-mixing-wasabi-coinjoin-transactions-a-deep-dive-into-chainalysis-deanonymizing-claims/

There is also the case of the couple caught trying to launder billions of dollars in stolen bitcoin. They too were caught by analyzing the ledger.

Justice Dept. Seizes $3.6 Billion in Bitcoin and Arrests Married Couple
The couple were accused of conspiring to launder Bitcoin that had been stolen in 2016 from Hong Kong-based Bitfinex, one of the world’s largest virtual currency exchanges.
ht-tps://www.nytimes.com/2022/02/08/us/politics/ilya-lichtenstein-heather-morgan-bitcoin-laundering.html

Laura Shin will tell this story in more detail:
ht-tps://www.barrettsportsmedia.com/2022/03/29/law-crime-laura-shin-partner-for-bonnie-and-clyde-crypto-podcast/

Ted April 11, 2022 9:06 AM

Oh darn, the book isn’t available until November 15, 2022.

To get the audiobook or the kindle version, that will be the question. Thank goodness there is an app that lets you make pdf’s of long articles. Looks like a good one for highlighting.

Clive Robinson April 11, 2022 10:58 AM

@ ALL,

Bitcoin had turned out to be practically the opposite of untraceable: a kind of honeypot for crypto criminals that had, for years, dutifully and unerasably recorded evidence of their dirty deals.

Hands up those that did not realise this from reading of two things,

1, Crypto-Coin anti “dual spend” measures.
2, A thoroughly public record of all the coin transactions.

OK put your hand down if you were not familiar with communications “traffic analysis” or the financial equivalent “transaction analysis”.

For those still with their hands up, ask yourself the question,

“In a noiseless system what grass is there to hide in?”.

Because of anti double spend measures every coin or part coin has a unique identifier that can act like a “golden thread of truth” through every movment.

The only way you could hide is by some how exhausting the resources of those tracking…

As the resources required to trace are considerably less than to carry out transactions I hope it would be obvious that you could not hide that way either.

What does surprise me is just how long it’s taken crooks and more importantly law enforcment to realise this.

Were people actually falling for the hype of the schills trying to build their faux-speculation “long con”?

Who? April 11, 2022 1:02 PM

As I said a few times in this blog bitcoin has been designed to give privacy, not anonymity. Transactions on the blockchain are public, and it is good being it this way.

humdee April 11, 2022 2:08 PM

People believe what they are told. The older I get the more I realize how truly difficult it is to be an independent thinker. No person who looked at Bitcoin for more than five minutes would think it was anonymous.

I still don’t understand Bitcoin popularity. I read that damn paper a week after it was posted and thought “interesting intellectual exercise, no practical use.” Once again, I am surprised at how stupid people are. I shouldn’t be, but I am.

Oh well, I guess we are all dumb at something. Too bad these people’s stupidity will cost them time in prison.

Ted April 11, 2022 3:20 PM

I am not surprised that working the ‘Welcome to Video’ case changed people. I’d honestly like to shake it out of my head right now too.

There are so many interesting threads in this story though. Bruce highlighted some of the most helpful details in understanding how the de-anonymization process works. The software they used here was Chainalysis’s Reactor.

https://www.chainalysis.com/chainalysis-reactor/

Real life also has a lot of ‘in-the-maze’ color, and I can’t help but feel that Andy Greenberg has had more than a few cups of coffee with some of the people that were part of this case. Who would have thought “Octopus Guy” would have been so important to things moving forward?

Are these going to be the shaping moments that move Bitcoin towards more global acceptance – or does the cat and mouse game scuttle on?

SpaceLifeForm April 11, 2022 3:21 PM

There was a license renewal that comes to mind, from a previous article here that for some reason I can not find currently.

It may be disappeared for reasons.

So, I will not mention the two TLAs, other than to note that one is mentioned above.

Jesse Thompson April 11, 2022 4:26 PM

Well, to me this reads an awful lot like a news article about how “The Internet” isn’t private due to the way that your ISP can read what you’re typing into your telnet sessions if they feel like it.

@Clive Robinson et al, Hands up those that have used Telnet in the past 30 years expecting privacy from your packet carriers.

Now put your hands back down if you are both invisible and pink.

Good. Now that all hands are down, I think it’s lovely that one can route out low hanging fruit or people careless enough to boast about their school shooting plans on tiktok a year in advance.

But security is the tradeoff between cost and deterrence (eg, cost one can force an attacker to pay to succeed in an attack).. and it doesn’t cost much more for a bad actor to trade back and forth to Monero than it does to ditch Telnet for SSH and continue using the internet like just about nothing has changed.

And what would either of those do to the cost of eavesdropping, again? IIRC it would go up, but I’m not trying to pose as an expert or anything.

Erdem Memisyazici April 11, 2022 5:27 PM

It was a dumb idea from the beginning but at least it caught some criminals in the process of people realizing that. My approach is always to communicate the facts directly but also it’s better than weakening encryption on purpose to catch dumb criminals.

I am surrounded by so many smart people that I forget it’s not a proper sampling of the population sometimes.

Clive Robinson April 11, 2022 8:04 PM

@ Erdem Memisyazici,

I am surrounded by so many smart people that I forget it’s not a proper sampling of the population sometimes.

It is easy to forget that any “voluntary group” of people, have some “common interest(s)” and thus are by definition “self selecting” so not “a proper sampling of the population”.

I almost had to kick myself to remember that when reading an observational medical study that used “blood samples” from “blood donors”.

So the fact their blood got genotyped and put in a database, that somehow became available to authorities…

Amongst many other things tells us how some will abuse not just statistics, “which is often par for the course”, but also ethics, of basic human decency, trust and charity for their fellow man.

We sometimes talk of “informed consent” but in all honesty how can anyone be sufficiently “informed” of all that some “directing minds” chose to do given any small opportunity.

After all, when you use a credit card to make a purchase, are you sufficiently “informed” to know everything that those “third party business records” are going to get used for?

It is the consequence of the neo-con mantra of “Do not leave money on the table”, which makes the collection and unregulated sale of peoples records so very very scary.

As some know I don’t use “plastic” but “cash” because my “informed” opinion is that I would be “a bl@@dy f@@l” to use cards.

Some especially the current political encumbrants of the UK want to stop me having the right to make that choice… They want to force everyone in the UK to be part of their “surveillance net” so that new ways of taxation and control can be brought in. Oh and of course vastly increased profits for the banking industry who would not have any competition in the payments methods.

Some have said I’m “odd” for chosing to stick with a payment method that is hundreds if not thousands of years old, so “understood” rather than leap into the nonsense of Credit / Debit cards that is not even half a century old.

Lets face it, the block chain and what it shows in the way of financial audits is a public view of what most credit/debit card companies hold in their records…

So should I look down on those that have lept into crypto-coins?

But then there is a mobile phones, and the detailed third party records they hold, including “location data” to a very high degree of accuracy.

The fact I’m effectively forced to carry a tracking device in my pocket by “Social Preasure” does not sit easy with me. It is not “informed consent” in any way, my choice would be complearly different if it was available to me.

But it’s not, society has made it a “Hobson’s Choice” and in the process given much power to people who realy should not be alowed to have it…

So in a decade maybe two will I be looked down upon as a ludite because I’ve not jumped into the crypro-coin cesspool that others have so joyfully created out of speculative greed and scalping of what is a “long con” that also destroyes the environment, privacy, and freedom of choice…

SpaceLifeForm April 11, 2022 9:26 PM

@ humdee

re: People believe what they are told

If they can not think for themselves, they join a cult.

hxtps://www.thedailybeast.com/inside-the-bitcoin-2022-conference-in-miami-beach

“We’re a cult, absolutely,” he said. “One hundred percent. I love the bitcoin cult.”

“This is something really special,” I overheard a man saying to his friend as they left the convention center. “There is love here.”

“I’m addicted now,” he added. “I can’t wait for next year.”

Clive Robinson April 11, 2022 11:34 PM

@ Ted,

… or does the cat and mouse game scuttle on?

It “scuttle’s on” getting faster and faster.

In the UK the current political encumbrants want to get rid of cash and make all transactions, even giving your child spending money at a fair “fully traceable”. Why power and cobtrol over orhers.

Remember New Zealand and one or two other places, have made “any payment to children” the equivalent of “loans to be repaid to the government as offset to old age care” that their parents will incure.

In the UK local governments deliberatly instatutionalised old people in rancid holes of “Old folks homes” where the people working their abused them in just the same way as those who subscribed and uploaded videos. The local government then stole these peoples assets to pay for other things such as nice new council offices etc.

In the UK the previous political encumbrants bankrupted the nation, and through a think tank they made clear that “local property taxes” would be based on not just what you spent but your neighbours spent on various items. So if you were a little old lady eaking out an existance on a very meager insufficient to be poor state pension living in the same home she and her now long deceased husband had bought as newlyweds sixty years ago. Even though it was in an unfashionable area and for just one or two thousand pounds, but now due to changes in fashion worth a thousand times that with neighbours earning hundreds or thousands of times her pension. The “caring sharing party” would want her to pay tens of thousands of pounds or many times her state pension to stay in her home of near on a lifetime…

The list of such aberant political behaviours and ideas goes on almost indefinately. The people that think up these ideas are in reality no different to the subscribers of that video website. They do not have morals, they see ethics as impediments to what they believe are their “entitlments”. That is they want some kind of assets to obtain/buy power, to get control over others, who are not in a position to defend themselves.

But ask yourself does the UK government have to out-law money?

No technology is now well beyond the point that every bank note with it’s individual serial number could be read and recorded against the purchases just as it does with credit card serial numbers…

This is what technology does, it creates markets for those with no morals or ethics to get assets, power and control over those who can not defend themselves.

Do you remember the UK newspaper that decided not just on “hot desking” but “hot crotch watching” of the employes with “under the desk technology”? Specifically sold on the notion of “control” of people in a worse way than cattle or possessions.

There is no difference in these people, be it CSAM or other it is the power to control that turns them on, what the rest of us mear mortals call “abuse”. The only difference is if their chosen method of abuse of orhers has yet been made illegal, and if it has, how rarely or not it is prosecuted.

Those “dark minds” you have glimpsed do assuradly come from all walks of life. Because they are there in every bureaucracy, hierarchy, or human group you can imagine. All that is diferent is their choices of methods to get assets, status, power, control and which of those end goals they favour.

It’s built in to humans and depending on who you believe it’s 5-20% of the population… Look around your work place, they are not generally difficult to spot once you know what to look for.

Clive Robinson April 11, 2022 11:51 PM

@ Jesse Thompson,

Clive Robinson et al, Hands up those that have used Telnet in the past 30 years expecting privacy from your packet carriers.

Err I never did even back in the mid 1970’s with 300baud dial up and mechanical teletypes like the KSR and ASR units.

It might be that by that time I’d been a proficient lock-picker for atleast half a decade.

I have no expectation of privacy except that I gain inside my head or from systems I’ve carefully considered designed and built from first principles and base insecure components.

You could put this down to a life long passion, not to know other peoples secrets or invade there privacy, but to descover how the designs of others to ensure secrets and privacy fail and usually fail badly.

Why? So I can learn and do better, oh and it’s fun. Think of it like playing chess on a horizon spanning board with hundreds if not thousands of pieces with way more complicated moves…

It’s got to the point I just glance at a high level system description and know where the likely failings are, so where to take my “pick and shovel” and “strike gold”.

Rabus E. April 12, 2022 3:24 AM

to take down a global child porn ring

Just a lie to have total surveillance and censorship.
At the same time Russian solders rape Ukrainian children and pregnant women. And where are all ‘child porn’ fighters now? They shut up. Silence.

lurker April 12, 2022 5:26 AM

@Clive Robinson

Remember New Zealand and one or two other places, have made “any payment to children” the equivalent of “loans to be repaid to the government as offset to old age care” that their parents will incure.

Such payments are regarded as “deprivation of property” when calculating the worth of the older person for means tested age care, and “any payment” means
Gifts in excess of NZ$6,000.00 per year in the 5 year period before application for a residential care subsidy; and
Any gifts that exceed NZ$27,000 in any 12-month period prior to the 5 year period.

If you’ve got enough to afford aged care without a govt subsidy, then they don’t care how much you give away. Gift Duty was abolished 12 years ago.

lurker April 12, 2022 5:44 AM

@Clive Robinson

In the UK the current political encumbrants want to get rid of cash and make all transactions, even giving your child spending money at a fair “fully traceable”. Why power and cobtrol over orhers.

They say death and taxes are unavoidable, but embalming and monumental masonry pale in comparison to the tax industry. But the current leeches and ticket clippers are unnecessary. Even without the traceability of credit/debit cards, or the public traceability of the block chain, every cash transaction through a till or registered trading company is now traceable as to its where, when and how much. That is all the information needed to tax the transaction, they don’t need to know who.

Clive Robinson April 12, 2022 7:46 AM

@ lurker,

That is all the information needed to tax the transaction, they don’t need to know who.

Whilst the “where, when and how much” is recorded “by the till” it does not record the

“who”

Needed for control of individuals and limitation of “money laundering”.

But als it does not stop builders and the like doing “cash in hand” thus avoiding,

1, VAT.
2, Personal Tax
3, Personal National Insurance / stamp.

The UK Gov has in the past indicated that something like Quater of “all such taxes” are lost in the “black economy”.

Personally I think otherwise. In the EU they once talked of the “29th Economy”. Refering to the fact that the non visable “black economy” was worth something like 10% of the EU economy.

Much of which EU Governments could have stoped if they had changed the VAT rules to stop “Carousel Fraud” between states and “Missing Trader Fraud” inside of states,

https://en.wikipedia.org/wiki/Missing_trader_fraud

If you can track down the figures some put it as high as a single states tax take.

As for the NZ I said “remember” for a reason, originally it was going to be much harsher, and became a very hot political potato hence it did get “toned down”, other countries however are still talking “account for every penny” type rules.

The reason is the aged are for various reasons living longer 80-90 is becoming normal as for making it beyond a hundred thousands do in the UK (or did pre-Covid).

In the UK Government policy stopped the Covid Massacre of the aged in Care Homes getting out, but “Excess Mortality Figures” made it obvious that something was going on. As JonKnowsNothing has repeatedly pointed out, it’s not just the health care, pensions, and Care Home costs worth billions the Government got to save, it was also the extra taxation on the “Bank of Mom-n-Dad” via capital gains and death duties where they often got a “twofer”. But also it alowed certain people who were getting billions in “Covid Aid to business” to divert the money into buying up assets that could then be used for “rent seeking” income. Which has also pushed the average price of UK homes up by more than the “total family income” of well more than half the families in the UK in the same time period…

As the song from around the great depression says

“Nice work if you can get it, and buddy can you tell me how?”

lurker April 12, 2022 3:23 PM

@Clive Robinson, re money laundering

The “who” does not matter in some jurisdictions if tax is paid on the transaction. If the proceeds of crime can be made automatically taxable, the taxman is happy; catching the crims is not his job. Keeping police out of tax records is holy writ for NZ IRD. If the cash economy can be shrunk to miniscule size, it will be so much harder to shift those pallets of bricks of banknotes. How to do this? India and China are both trying in their own ways to introduce a Central Bank Digital Currency with mixed results so far. Several small Carribean nations have tried, but they are only a sideshow.

Of some significance is the movement of money through “financial services”, and “trust” mechanisms. These are not taxable in many regimes, yet they are recorded and thus traceable. By making all transactions traceable directly by govt, all transactions could become taxable. It would then be easy to institute a transaction tax, ie. a tax on the use of money. If all transactions are traced and taxed there are two benefits to both govt. and the punter:
a) with every use of money being taxed, all other taxes can be abolished;
b) the rate of transaction tax can be so low as to make avoidance uneconomic.

Such a simplication of the money and tax system is unlikely because 1) those using the most money would now have to pay the most tax, and 2) the world could not redeploy the resulting army of unemployed accountants.

Clive Robinson April 12, 2022 6:25 PM

@ lurker,

India and China are both trying in their own ways to introduce a Central Bank Digital Currency with mixed results so far.

In the case of India and China, the aim is unlikely to be tax but control.

What better way to exert control over an individual than by stopping their access to the funds they need to buy the most basic of necesities?

If you think this unlikely then please think again, the current leaders of both States have what you might call “A Percieved Muslim Problem” and are currently using “education camps” and the like.

China’s “Social Credit” system already exerts control over the populous… Getting rid of “cash” and putting things through a “central control entity” would be a totalian leaders fantasy.

Expect to see alternatives to cash build up like the use of phone service cards.

Prof Ross Anderson of both Edinburgh and Cambridge Universities did some interesting research into this a while back. I know he reads this blog from time to time, it would be nice if he could give an update.

But if push comes to shove, wiser people will “plan ahead” that is they will build up stocks of “tradeble” items of small physical size but comparative high value to hedge against such control.

To be honest I realy do not think “Crypto-Currency” has much of a future except for “speculation” and “long con” and similar criminal activity.

If you want a central bank Crypto-Currency just issuing what are serial numbered certificates signed just as we do with PubKeys and CA’s and code would be one heck of a lot less expensive in virtually every way…

SpaceLifeForm April 12, 2022 11:37 PM

Let’s see who fesses up

hxtps://www.fdic.gov/news/financial-institution-letters/2022/fil22016.html

Therefore, the FDIC is requesting all FDIC-supervised institutions that are considering engaging in crypto-related activities to notify the FDIC of their intent and to provide all necessary information that would allow the FDIC to engage with the institution regarding related risks. Any FDIC-supervised institution that is already engaged in crypto-related activities should promptly notify the FDIC. Institutions notifying the FDIC are also encouraged to notify their state regulator.

SpaceLifeForm April 12, 2022 11:50 PM

hxtps://meta.wikimedia.org/wiki/Requests_for_comment/Stop_accepting_cryptocurrency_donations

hxtps://web.archive.org/web/*/https://meta.wikimedia.org/wiki/Requests_for_comment/Stop_accepting_cryptocurrency_donations

This RfC was open to community input between January 10, 2022 and April 12, 2022.

Excluding new accounts and unregistered users, the tally is 232 to 94, or 71.17% in support of the proposal. These results indicate overall community support, with a significant minority in opposition.

Thus, the Wikimedia community requests that the Wikimedia Foundation stop accepting cryptocurrency donations.

Winter April 13, 2022 12:59 AM

@SLF
“Therefore, the FDIC is requesting all FDIC-supervised institutions that are considering engaging in crypto-related activities to notify the FDIC”

I would not be too optimistic. They are preparing rules to enforce Know-Your-Customer and Anti-Money-Laundering regulations. They would force any institution that is bound by KYC&AML regulations to only process cryptocurrency addresses for which they can verify the origin and destination of the money.

Effectively, there is a system in the works that will divide all cryptocurrencies into whitelisted, legal currency and the rest that cannot be touched by banks or exchanges. I would not be surprised if they will find a way to force miners to reject any transactions that involve non-whitelisted addresses.

4ndr34 April 13, 2022 10:23 AM

In nowadays Inter-networked, electronically invasive and ubiquitous environment, your privacy exists just in the measure of how much money someone other than you extracts from it.

Given that and back to the main topic I have always wondered how much a PUBLIC log of PERMANENT transactions between UNIQUE addresses, read it a blockchain, could insure any kind of privacy or anonymity…

…Even maintaining your own digital wallet and just mining crypto, that is without using any “exchange”, that means that you never, ever, exchange real world currencies with the crypto in your wallet, lets enough traces behind… (…maybe if you never, ever spend that crypto for any real world products or services, maybe, but I wouldn’t be so sure…)

SpaceLifeForm April 13, 2022 2:56 PM

@ Winter

It’s a trap

Watch the circular spin around the cryptocurrency drain.

The FDIC is looking to find those willing to lie, and provide documentation that will be used against them in court.

hxtps://www.bloomberg.com/news/articles/2022-04-13/circle-bank-charter-application-coming-in-near-future

Nick Levinson April 13, 2022 8:58 PM

Currency can be partly traced, giving a hint of who might have had it recently. I don’t remember where I read this, but it said that the Mafia in the U.S. (La Cosa Nostra) offered a service to its members: Say a member stole a million dollars in currency. It might be traceable. The thief could sell the million to the Mafia, which would pay 50% from a different source of currency. The Mafia would then distribute the million to other members around the nation with instructions not to spend it for 6 months. Then it would get spent from many places in the nation at once (not necessarily all of it right away). Much currency, maybe most of it except collectibles and other long-term stashes, tends to get into banks, which periodically turn over piles of it to the Dep’t of the Treasury, which records the serial numbers (this likely can be done automatically and rapidly with other identifiers), allowing keeping a partial history of each bill. The Mafia system apparently makes that pointless for clues to finding the Mafia’s thief’s general location.

Clive Robinson April 13, 2022 10:12 PM

4ndr34,

I have always wondered how much a PUBLIC log of PERMANENT transactions between UNIQUE addresses, read it a blockchain, could insure any kind of privacy or anonymity…

There was no way it could. A creature not having a unique name or number, does not make it “invisable” importantly it does not make it’s actions “invisable”.

Therefore only one tiny correlation like a loose thread in a knited scarf or similar, will when pulled unravel it all, no matter how many different coloured threads there may be.

We call such a loose thread a “correlation” and they are way way to easy to make. Buy anything and it has to go somewhere, that leaves a thin thread.

Years ago on this blog I noted that puting RFIDs in clothing for stock control, would by, a “unique combination” of “non unique numbers” be a very useful identifier, and that perhaps microwaving your underware and similar to destroy RFIDs might be a consideration.

Later people started talking about Faraday Wallets and the like for NFC Bank / Credit / Loyalty / Access cards, even though those are often unique without interrogation.

But whilst in theory one person can go to extrodinary lengths to keep their ID out of events they participate in like transactions or just general communications that underly nearly all human events. They have no control over the other parties in such events (something Dec 37 participents are finding out).

A lack of “name or number” in a database, does not make “who” any less visable to a trained eye or algorirhm.

Prof Ross j. Anderson has for many years now been banging on about how you can not make a database both fully anonymous and usefull. Contrary to what many want to claim so they can profit by selling databases there is no anonymity in a database someone is prepared to pay for. In fact outside of very trivial almost made up databases no database is anonymous.

It’s why the likes of Palantir are so scarry, all they realy exist to do, is de-anominize other peoples databases, repackage two or more of them in their de-anonymized form into many new custom databases and then sell the resulting new databases to others…

It’s what Cambridge Analytica did with Facebook data and other databases. The power to control people overtly, covertly, or even subconsciously becomes immense.

But then we should all know that right?

If not, why not?

JonKnowsNothing April 13, 2022 11:05 PM

@ Clive, @4ndr34, @All

re: you can not make a database both fully anonymous and useful.

iirc(badly)

A few years back, when the neocon-neoliberal-libertarian UK government began to strip mine their NHS databases for pocket change, a data set was put up for sale and it ended up in the hands of a Google owned 3dParty Health Insurance data broker.

The public front end of the arrangement was that everything would be anonymized and no individual identifiers would be included. Google insisted that some part of their zip code system be included. (1) Just the first gross 3-4 digits.

It took Google less than 24 hours to ID every single person in the data set which was pretty much everyone in the UK, and linked to all their health issues, prescriptions, diagnosis, plus all the standard health metrics.

Once Google had it, they didn’t give it back, they’d paid good money for it.

Finders Keepers, Losers Weepers.

===

1) I’m not sure how the zip or postal codes work in the UK.

Random Commenter April 16, 2022 4:55 AM

The bitcoin blockchain is a PUBLIC ledger, its how it works. Every transaction is viewable by anyone. So none of this is a surprise.

Its when you hold it in on exchange that requires verifiable details or try to turn it to fiat that anonymously held bitcoin becomes attributed to an individual. Buying it with fiat usually offers another link to ownership at that point.

What I found more interesting is the honeypots that chain analysis and the FBI etc use. Sites where people can check transactions/amount of verification of a transfer outside of an exchange (or inside when they outsource that search to the honeypots) thinking that doing it away from an exchange where the search is linked to a login they are safer. But the sites are honeypots logging the IP, browser useragent info etc against that address for intelligence reasons. Your monero transfer suddenly got less anonymous if you checked stuff on the wrong one of these popular sites.

More Sense than Money April 16, 2022 6:09 AM

Boys&Girls

Always remember that crypto is not even speculating and most definately not investment.

Why? Bevause all those crypto systems are designed to be some form of con.

Look for the con and generally they are easy to find…

Take those “exchange fees” for example, they are but one area you need to consider…

Look at the loss of Fiat currency that the ConstitutionDAO was,

Weeks after the event, around $23 million had yet to be refunded, partly due to these fees, with one contributor reported as having to pay $70 in fees to donate $200, and another $70 to get it refunded. The median contributor had donated $217 to the project, and some fees were more than the value of the donation.

https://en.m.wikipedia.org/wiki/ConstitutionDAO

So someone was getting rich quick with fees like that…

They are all “cons” of one form or another, just ignore the shills and find the con. If you can not find the con, then perhaps investing in anything is not something you should think about, because you will get fleeced. What is it they say about a fool and their money?

Petre Peter April 16, 2022 3:58 PM

I pre-ordered the book. People who wanna’ catch pedophiles with their pants down should look into “perverted justice”. I found out about it from Jayson E. Street’s book. Thanks Jayson 😉

Anonymous April 19, 2022 2:29 PM

This is a pretty bad article, in my opinion. Sure, it’s written like an exciting movie script, but it doesn’t tell us anything new. There are people who use Bitcoins thinking they’re anonymous who are idiots, and some of those idiots are also criminals. The fact that it took the FBI so long to take down a site that exposed its real IP address in HTML and to catch people who purchased Bitcoins through central exchanges with their credit card only tells us that the FBI is inept, just not quite as inept as some criminals are.

The truth is that Bitcoin is not anonymous, but pseudonymous. If purchased anonymously initially, it becomes very difficult to track down the buyer (although the blockchain is an absolute treasure trove of OSINT, so even if purchased anonymously, you can screw up later and retroactively deanonymize yourself).

I can take only a few things away from this article:
1. The FBI are incompetent and got bamboozled by a dumb criminal and his broken site for years.
2. Bitcoin is not anonymous, and we already knew that. Those who don’t know that won’t learn.
3. The author really, really wants you to see the FBI as heroes, with the implicit conclusion that the government can see everything and that hiding from them is either impossible, or undesirable.

(re-submitting this after a few changes since I think it didn’t get through due to an offensive word)

Ted April 19, 2022 2:50 PM

The author really, really wants you to see the FBI as heroes

The investigation was actually picked up by the IRS-CI and then aided by HSI.

Anonymous April 19, 2022 2:57 PM

@Ted

You’re right. I read the article about a week ago and didn’t re-read it before posting that comment.

Ted April 19, 2022 3:31 PM

@Anonymous

No worries 🙂 In some ways it was a tough article to read due to the nature of the Welcome to Video site. However – similar to your take – I heard someone call the users of the site “naive” for not realizing that Bitcoin was traceable. I have never bought Bitcoin and didn’t know it could be done anonymously. Interesting to hear that people could still be at risk of being identified. I wonder if the makers of the Reactor software considered how those features could be integrated within their program.

Anonymous April 19, 2022 4:00 PM

@Ted

The nature of the site doesn’t bother me because it’ll always be hyped up by the media. I don’t doubt that the site was awful, but graphical descriptions for the purposes of book sales don’t instill confidence in their reporting.

In this case, both the feds, the users of the site, and the creator of the site were naive at best. There are far more interesting cases out there than this one which, honestly, makes everyone look bad.

I have never bought Bitcoin and didn’t know it could be done anonymously.

Purchased at a Bitcoin kiosk with cash, or traded for cash from someone locally. The addresses and transactions are all public, but who owns the address is not. That’s why it’s called pseudonymous (like pseudonym), not anonymous.

SpaceLifeForm April 19, 2022 4:55 PM

@ Anonymous, Ted

Purchased at a Bitcoin kiosk with cash, or traded for cash from someone locally.

Kiosk: Did you see the camera inside the kiosk taking the pic of you?

Street: It is not on the blockchain until one of the parties does something with it on the internet.

It is dead cash until that point. It could be a scam transaction using a bogus address.

Clive Robinson April 19, 2022 5:00 PM

@ Anonymous, Ted, ALL,

That’s why it’s called pseudonymous (like pseudonym), not anonymous.

Yes and few understand the difference and why…

As you say,

The addresses [used] and transactions are all public, but who owns the address[es] is not.

The “pseudonymous” is “anonymous” under a couple of very limiting conditions,

1, There are no transactions that end up in the block-chain.
2, Both addresses start as anonymous and do not do a “real-world” transaction.

The point to note is “transactions” in all but a very few limiting cases, de-anonymize the addresssses.

The reason this happens is the anti-doublespend feature that so far is present not just in BitCoin but all crypto-currencies of alleged worth.

Can this “feature” be got around?

Well yes it can sort of. Consider a “blinded transaction” via a tangible good that has inhetant worth but no tracability such as a serial number or transaction paperwork.

As an example lets assume I’ve purchased gold coins for cash in the past as a “speculative hedge”. Now I decide speculating in BitCoin is going to make a better return.

So I create a “new “address” and privately give you gold coins in exchange for one of your BitCoins.

All that goes on the blockchain is the transfer from your “old address” to my “new address”. There is nothing to stop you now creating your own “new address” and using the gold coins you got from me to buy a BitCoin from someone else.

Providing we do not do anything further there is no way via the block-chain to link my “new address” and your “new address”. Providing the commodity transactions are private and the commodity is not back-tracable then “in theory” you can wash crypto-coins backwards through private trades into “new addresses” then anonymously trade the actuall “new address”.

The reason I say “in theory” is that maintaining the required level of Operational Security and Transaction Security is extreamly difficult as mistakes are easy to make.

The other problem is a generic one of getting the “new addresses” onto the public-blockchain of the crypto-coin of choice… Which in reality is not realy “public” but a “gated resource” where you have to get past the gate-keepers, who have their own reasons for not alowing your address to remain anonymous.

Anonymous April 19, 2022 5:25 PM

@Ted

Kiosk: Did you see the camera inside the kiosk taking the pic of you?

Not all of them do that, and such records are not always kept for long.

@Clive

Yes and few understand the difference and why…

As much as I dislike The Grugq, he describes the distinction wonderfully with his visual depiction of many people in different, flashy costumes vs many people in one costume.

The “pseudonymous” is “anonymous” under a couple of very limiting conditions,

In many situations, pseudonymous is sufficient, as long as all endpoints are safe. Like I mentioned earlier, it does empower OSINT, but that’s not necessarily game-breaking. The criminals in question were only caught when they purchased Bitcoin at a central exchange that logged everything. Even a Bitcoin mixer would probably be enough to protect them (although I remember hearing about an ISS World talk about blockchain analysis against mixers).

And I hate to nitpick, but it’s Operations Security, not Operational Security. 🙂

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.