Bitcoin and other cryptocurrencies have traditionally been thought of as being digital currencies that are private, anonymous and untraceable. Over the past few years, more people have realized cryptocurrencies like Bitcoin are not private at all and can most definitely be tracked, leading to the rise of cryptocurrency forensic accounting firms. But how exactly are they able to track cryptocurrencies? What techniques do they use? Do they have access to special data that others do not even though blockchains are typically open and public?
There are blockchain forensics experts and there are blockchain forensics “experts.” Experts are unlikely to tell you the “how”, nor the specifics of their techniques — partially, since even if they were willing, odds are you don’t have access to the (often exclusive and expensive) forensics tools cryptocurrency forensics firms utilize. However, some fundamentals can be addressed.
Properties of Cryptocurrency
The vast majority of cryptocurrencies such as Bitcoin are not anonymous. Rather they should be considered as pseudonymous for reasons previously mentioned. Identity can be tied to public addresses even if though addresses don’t publicly list persons identity. Furthermore, bitcoin is extremely traceable and transparent, much more so than government-backed fiat currencies.
Tracking & Tracing Bitcoin
A bitcoin transaction involves a number of inputs known as the ‘total input’ and a number of outputs known as the ‘total output’. The total output is always slightly lower than the total input because of the transaction fee which is not included in the total output. A transaction can theoretically have an unlimited number of inputs, but the majority of transactions only have a single input. This means all the funds used in the applicable transaction come from the same address. The input itself comes from a UTXO (unspent transaction output) which is basically a balance that has not been spent yet that a user is eligible to use at any point in the future.
However, in the event there are multiple inputs, this may indicate “co-spending”, a heuristic often utilized to “cluster” wallets together. There are extensive other methodologies blockchain forensics experts utilize in this analysis, such as a review of exchange interaction, wallet types, transaction times, and other patterns to identify “who’s who” on the blockchain.
When a transaction occurs, there are always multiple outputs unless the full balance is sent. There are typically two, but just like with inputs there are hypothetically an infinite amount of output addresses in any transaction. There are normally multiple outputs due to the inherent nature of the Bitcoin protocol. Typically when an individual has an amount of BTC in their wallet, they don’t spend it all. They only spend a portion of it. If you were to spend and take cash out of your physical wallet in your pocket, you’d probably only take out the cash out you intend to use and you’d leave the rest in there. But this would be an inappropriate analogy for Bitcoin.
In a Bitcoin transaction, all the funds are always taken out of the wallet. Spent funds are then sent to an output address and any remaining funds are then sent to a ‘change address’. While the change address could hypothetically be the exact same address the funds were just sent from, in practice that almost never occurs. The change address is almost always a new address that has never been spent from before generated by the wallet software utilized by the sender. The funds sent to the new change address now become the new UTXO.
Let’s take a look at a typical Bitcoin transaction. In this transaction, there was a total input of 1.48391 BTC because there was 1.48391 BTC belonging to address 1KKsbtBzZjz34UT2fBSp3feveb56193j1k. The individual then sent 0.22531435 BTC to 33ST9NFHTVyxRFQu9QFooEGUyecdWjJpFV. After the transaction fee, this left the individual with 1.25800096 BTC which was sent to change address 15dSHRYiXu2Evv9RLFEm3zucChBmu39m6F of theirs which had never been used before. This can be visually demonstrated in the graph below:
Wallet software almost always utilizes new addresses where funds have never been spent before for ‘change’ due to security reasons. Once a transaction occurs, some would argue that address is not safe to use ever again since the private key associated with the address has been broadcasted, exposing it in the process, albeit in an encrypted form. What we can discern from this transaction is that 15dSHRYiXu2Evv9RLFEm3zucChBmu39m6F and 1KKsbtBzZjz34UT2fBSp3feveb56193j1k belong to the same person or entity.
We do not know who 33ST9NFHTVyxRFQu9QFooEGUyecdWjJpFV belongs to. It could belong to the same person, but it could be for a payment or service, or it could be funds sent to an exchange. We can’t say for sure right now. But certain wallet addresses are known to belong to certain individuals, entities, groups, and in some cases, organized crime and wallet attribution is indeed the next step in the process.
While we can’t reveal too many details concerning how we’re able to attribute wallets to specific individuals, businesses, or organizations, one vital methodology we utilize is address clustering. Looking into the transaction history of 1KKsbt, we can see tx hash 4ea29747ad418b1bcbc562a3b8aab216ff683f0b099ab1ffef14b59beb0a3abc whereby 1KKsbt co-spends with 6 other addresses. We can, therefore, ascertain that 1KKSbt and all of those 6 other addresses belong to the same person.
If a wallet address is fresh (new) and not otherwise known to us we can still watch this address for other transactions in the future. We can also look at how closely it’s linked to other addresses that are known through exposure analysis. It’s very possible that in a few more transactions or ‘hops’ as it’s sometimes called, some of the funds could wind up on Binance for example.
These are the fundamentals behind forensic accounting for Bitcoin. However, this is an overly simplified version of how forensic tracking works. In many cases, we work with hundreds or even thousands of transactions that need to be analyzed and tied together in order to determine links between different addresses. Also, it should be noted that some other cryptocurrencies, like Ethereum for example, operate differently because they don’t generate UTXO’s in the same manner as Bitcoin.
Linking Cryptocurrency Wallets to Identity
Knowing that a series of public addresses happen to be controlled by the same person is only half the battle. In most cases, we still need to find out who that individual is. The most common route utilized to identify individuals relies on working with cryptocurrency exchanges individuals use or are suspected to have used. Since individuals typically are required to go through KYC (Know Your Customer) identification, exchanges can typically provide law enforcement with trading, deposit, and withdrawal history when ordered to do so.
For identification purposes, what we need to pay the most attention to is deposit and withdrawal history. The vast majority of times individual deposit and withdraw funds to their own off-exchange wallets, so we can typically deduce that such wallets belong to them.
While there are a variety of other techniques to link public addresses to individuals, cryptocurrency exchanges are the route most typically utilized.
Advanced Attack Vectors Used by Bitcoin Forensics Firms
There are currently two main attack vectors currently cryptocurrency forensics firms utilize when looking to link ownership of public addresses together when more basic tracking attempts have failed.
Dusting attacks are solely aimed at deanonymization and linking wallets together and are one of the newest conceived of attack vectors already frequently being used. How it works is an attacker (or forensics firm) sends extremely small amounts of Bitcoin (often under $0.01) to wallets they suspect are owned by the same individual. In most Bitcoin transactions, there is typically only one input from a previous UTXO, however, multiple inputs can easily be combined and often are done so automatically through wallet software.
For example, if you want to pay someone 0.45051 BTC and you happen to have 0.00001 BTC in a wallet, your wallet software may automatically combine the 0.00001 BTC with other inputs that together equate to 0.4505 BTC to form a total input of 0.45051 BTC. However, when the transaction is completed, it becomes obvious to any observer that the owner of the wallet that held only 0.00001 BTC is also the owner of the wallet(s) that held/paid the 0.4505 BTC. If the attacker happened to know who one of the wallets belong to, they now know who all the other wallets belong to and can also trace transaction history associated with those new wallets as well.
These dusting attacks pose no threat other than deanonymization and they only actually work once the owner spends from the wallet address that has been attacked. If the individual never spends from that wallet again, there is no deanonymization risk.
Packet Sniffing & Eavesdropping Attack
This attack involves intercepting data during transmission from a computer or server, effectively monitoring and tracking network traffic. Unsecured networks like public wifi networks are frequent targets for such attacks. This type of attack is not just a deanonymization technique but also an attack vector used to steal other data as well such as passwords or private keys, which would lead to theft of cryptocurrency assets.
Thoughts on Attack Vectors
It’s important to note that these attacks are not attempts to attack the Bitcoin network itself but rather attacks to deanonymize individuals. Examples of attacks on the Bitcoin network itself would include a 51% attack or a Sybil attack. Furthermore, eavesdropping and dusting attacks both frequently cost hundreds or more often thousands of dollars to attempt. It is unlikely that an individual or organization will mount such attacks unless they are being compensated to do so despite costs.