Bitcoin transactions: a digital discovery of illicit activity on the blockchain
| Published date | 02 January 2018 |
| Date | 02 January 2018 |
| Pages | 109-130 |
| DOI | https://doi.org/10.1108/JFC-12-2016-0078 |
| Author | Adam Turner,Angela Samantha Maitland Irwin |
| Subject Matter | Accounting & Finance,Financial risk/company failure,Financial crime |
Bitcoin transactions: a digital
discovery of illicit activity on
the blockchain
Adam Turner and Angela Samantha Maitland Irwin
Department of Security Studies and Criminology, Macquarie University,
Sydney, Australia
Abstract
Purpose –The purpose of this paper is to determine if Bitcoin transactions could be de-anonymised by
analysing the Bitcoin blockchain and transactions conducted through the blockchain. In addition, graph
analysis and the use of modern social media technology were examined to determine how they may help
reveal the identityof Bitcoin users. A review of machine learning techniques and heuristicswas carried out to
learn how certainbehaviours from the Bitcoin network could beaugmented with social media technology and
other data to identifyillicit transactions.
Design/methodology/approach –A number of experiments were conducted and time was spend
observing the networkto ascertain how Bitcoin transactions work, how the Bitcoinprotocol operates over the
network and what Bitcoin artefacts can be examined from a digital forensics perspective. Packet sniffing
software, Wireshark,was used to see whether the identity of a user is revealed when they set up a walletvia
an online wallet service.In addition, a block parser was used to analyse the Bitcoin client synchronisationand
reveal informationon the behaviour of a Bitcoin node when it joins the network and synchronisesto the latest
blockchain. The final experiment involvedsetting up and witnessing a transaction using the Bitcoin Client
API. These experimentsand observations were then used to designa proof of concept and functional software
architecture for searching,indexing and analyzing publicly available data flowing from the blockchainand
other big data sources.
Findings –Using heuristics and graphanalysis techniques show us that it is possible to build up a picture
of behaviour of Bitcoin addresses and transactions, then utilise existing typologies of illicit behaviour to
collect, process and exploitpotential red flag indicators. Augmenting Bitcoin data, big data and social media
may be used to reveal potentially illicit financial transaction going through the Bitcoin blockchain and
machine learningapplied to the data sets to rank and cluster suspicious transactions.
Originality/value –The developmentof a functional software architecture that,in theory, could be used to
detect suspiciousillicit transactions on the Bitcoin network.
Keywords Heuristics, Social media, Machine learning, Bitcoin blockchain, Functional architecture,
Illicit transactions
Paper type Research paper
1. Introduction
Articles about the risks posed by Bitcoins and other crypto-currencies are never far from the
headlines. A number of high-profile investigations and prosecutions suggest that Bitcoins
are becoming the currency of choice for many criminals (Roy, 2016;Sonawane, 2016;
Greenberg, 2016;Faolain, 2016). They are being used to buy and sell illegal drugs (Martin,
2014;Aldridge and Décary-Hétu, 2014) and internet malware bots and spying tools
(Paganini, 2012) on online dark market sites. They are also being used to launder funds
through online games (Richet, 2013) and fund acts of terror (Nauert, 2015;Pick, 2015). A
number of law enforcement agencies have investigated the misuse of Bitcoins and their
facilitation of criminal activity (Southurst, 2014). The FBI considers the anonymousBitcoin
Bitcoin
transactions
109
Journalof Financial Crime
Vol.25 No. 1, 2018
pp. 109-130
© Emerald Publishing Limited
1359-0790
DOI 10.1108/JFC-12-2016-0078
The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/1359-0790.htm
payment network to be an “alarming haven for money laundering and other criminal
activity”(Zetter, 2012). As far back as 2012, the FBI were expressing concerns about the
difficulty of tracking the identity of anonymous Bitcoin users and remonstrating how law
enforcement agencies were experiencing difficulty identifying suspicious users and
obtaining records for Bitcoin transactions (Federal Bureau of Investigation, 2012).
Unfortunately, these difficulties are still present with law enforcement agencies still
experiencing difficultiesidentifying illicit users of these currencies.
On 7 September 2016, there were over 15.8 million Bitcoins in circulation, with a total
market capitalization of over $9.7bn[1]. On the same date, there were over 250,000
transactions being conducted per day[2]. As the volume of Bitcoin transactions increase, it
becomes increasingly more difficult to keep track of the transactions going through the
blockchain[3].
Although the Bitcoin blockchain records all of the transactions conducted, the Bitcoin
structure actually facilitates anonymity because of the absence of personally identifiable
information (PII) which links sellers and buyers to actual transactions. It also achieves
anonymity through the use of public and private key pairs. So while the transactions
themselves are not hidden, the individuals engaged in those transactions are largely
anonymous.
Although Bitcoin users do not provide PII, they are not completely anonymous. Bitcoin
users can and have been tracked by careful analysis and examination of transactions,
primarily by analysing the repeateduse of specificpublic keys associated with payments.
Once the transactions associatedwith specific public keys have been identified, software
can be used to construct a patternof behaviour based on those transactions. For example:
software can map user transactions across the network;
analyse the repeated use of specific public keys; and
pair transactions across data sets to find individual network users
In so doing, a picture of where individualsshopped, how much they spent and the frequency
of transactions can be developed.They may also be linked to third-party transactions where
personally identifiableinformation was collected by those third parties.
While careful analysiscan uncover those that use multiple sets ofpublic keys to complete
transactions, new services such as Dark Wallet and Bitcoin Fog propose to enhance the
anonymity of transactions by allowing illicit transactions to digitally “piggyback”on non-
illicit transactions –this is similar to the mingling of funds that is common in money
laundering. This createsa single transaction that obfuscates both legitimate and illegitimate
coins. By mixing bundles of Bitcointransactions together and simultaneously sending them
to new Bitcoin addresses, which are also controlledby the same users, anyonewatching the
transactions cannot see whose coins went where. This technique erases any ownership-
identifying traces on the coins. It is feared that Dark Wallet services combined with a Tor
Browser may allow Bitcoinsto be transferred with complete anonymity.
The rest of the paper is structured as follows: Section 2 discusses the Bitcoin
infrastructure, including the Bitcoin wallet (2.1), the Bitcoin miner (2.2), the full blockchain
node (2.3), network discovery (2.4), the Bitcoin blockchain (2.5) and anatomy of a bitcoin
transaction and transaction structure (2.6). Section 3 provides a review of literature, and
Section 4 discusses research designand methods. Section 5 provides details of the results of
the forensic experiments and discusses observations of the forensic artefacts. Section 6
discusses the findings of the research and experiments, and Section 7 outlines a proof of
concept and technical and functional architecture for identifying illicit transactions going
JFC
25,1
110
To continue reading
Request your trial