BITCOIN
De-anonymization and Money Laundering Detection
Strategies
Bernhard Haslhofer
Austrian Institute of Technology (AI...
BITCRIME
• Bilateral (AT/DE) research project (10/2014 - 10/2016)
• Multidisciplinary team of researchers, policy makers,
...
De-anonymization
Strategies
Cross-reference block chain and external data
3
E1 Tx
A1
A2
A3
Cross-reference block chain
and external data
(cf. Reid and Harrigan 2013)4
E2
E1 Tx
A1
A2
A3
Ty
A1
A4
A5
Cross-reference block chain
and external data
(cf. Reid and Harrigan 2013)5
E2
E1 Tx
A1
A2
A3
Ty
A1
A4
A5
Cross-reference block chain
and external data
(cf. Reid and Harrigan 2013)6
E1
Tx
A1
A2
A3
Ty
A1
A4
A5
Cross-reference block chain
and external data
(cf. Reid and Harrigan 2013)7
E1
Tx
A1
A2
A3
Ty
A1
A4
A5
indexed. While previous works [2, 4] employed a forked version of bitcointools 4
, the newer bi...
E1
Tx
A1
A2
A3
Ty
A1
A4
A5
indexed. While previous works [2, 4] employed a forked version of bitcointools 4
, the newer bi...
De-anonymization
Strategies
Learn P2P Network Topology
10
Learn P2P Network Topology
Bitcoin network
E2
E1
C
Attacker Machines
Connect to Bitcoin servers
Log servers forwarding IPx...
Bitcoin network
E2
E1
C
forward IPx
Attacker Machines
Connect to Bitcoin servers
Log servers forwarding IPxIPx: {E1, E2, …...
Bitcoin network
E2
E1
C
Attacker Machines
Listen for transaction hashes
Log first q servers

forwarding Tx hash
Compare set...
Bitcoin network
E2
E1
C
forward Tx
Attacker Machines
Listen for transaction hashes
Log first q servers

forwarding Tx hash
...
Money Laundering
Detection Strategies
Scan block chain for known patterns
15
Scan block chain for known
patterns
Placement Layering Integration
Smurfing/

Structuring
Problem: Mixing services can anon...
Reverse Engineer Mixing
Services
(Möser et al., 2013)17
Problem: Mixers work very well -> finding relations is hard
Money Laundering
Prevention Strategy
Transaction Blacklisting
18
19
Towards Risk Scoring of Bitcoin Transactions
Malte M¨oser, Rainer B¨ohme, and Dominic Breuker
Department of Information...
References
• HM Treasury (2015). Digital Currencies: response to the call for
information. Available at: https://www.gov.u...
Nächste SlideShare
Wird geladen in …5
×

BITCOIN - De-anonymization and Money Laundering Detection Strategies

776 Aufrufe

Veröffentlicht am

Overview of existing AML strategies

Veröffentlicht in: Technologie
0 Kommentare
0 Gefällt mir
Statistik
Notizen
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Keine Downloads
Aufrufe
Aufrufe insgesamt
776
Auf SlideShare
0
Aus Einbettungen
0
Anzahl an Einbettungen
7
Aktionen
Geteilt
0
Downloads
9
Kommentare
0
Gefällt mir
0
Einbettungen 0
Keine Einbettungen

Keine Notizen für die Folie

BITCOIN - De-anonymization and Money Laundering Detection Strategies

  1. 1. BITCOIN De-anonymization and Money Laundering Detection Strategies Bernhard Haslhofer Austrian Institute of Technology (AIT) APWG eCrime Symposium Barcelona, 2015-05-26
  2. 2. BITCRIME • Bilateral (AT/DE) research project (10/2014 - 10/2016) • Multidisciplinary team of researchers, policy makers, and law enforcement agencies • Goal: research strategies for mitigating crime risks in virtual currencies • https://www.bitcrime.de/ 2
  3. 3. De-anonymization Strategies Cross-reference block chain and external data 3
  4. 4. E1 Tx A1 A2 A3 Cross-reference block chain and external data (cf. Reid and Harrigan 2013)4
  5. 5. E2 E1 Tx A1 A2 A3 Ty A1 A4 A5 Cross-reference block chain and external data (cf. Reid and Harrigan 2013)5
  6. 6. E2 E1 Tx A1 A2 A3 Ty A1 A4 A5 Cross-reference block chain and external data (cf. Reid and Harrigan 2013)6
  7. 7. E1 Tx A1 A2 A3 Ty A1 A4 A5 Cross-reference block chain and external data (cf. Reid and Harrigan 2013)7
  8. 8. E1 Tx A1 A2 A3 Ty A1 A4 A5 indexed. While previous works [2, 4] employed a forked version of bitcointools 4 , the newer bitcoin clients indexed the full blockchain using LevelDB instead making the publicly available bitcointools obsolete. Instead, we used Armory 5 to parse through the blockchain, and wrote wrapper classes that extracted the relevant information required to construct the transaction graph. 5.1.2 Web Scraping Many users, in particular early adopters, are interested in driving bitcoin use into more mainstream public use. One way they do this is to try to encourage transactions. A common practice is to attach a bitcoin address as a signature to emails or forum posts. In forum posts especially, users contribute to the community, for example with new mining software or a tutorial on how to get set up to use bitcoins, and leave their address in the signature block. They expect to receive tips from forum readers that find their post helpful. This practice created a natural attack vector to the anonymity of the block chain. We can easily tie user information to transactions in the block chain. We used a python package called Scrapy6 to fetch and parse the forum pages(fig. 3). We wrote a spider that crawls bitcointalk.org in a breadth-first manner looking for post signatures that might contain bitcoin addresses (i.e. it matched the regular expression r‘1.{26,33}’). We then took this string and verified that it was a legitimate bitcoin public key (bitcoin addresses include a built-in checksum) to avoid attempting to annotate a large number nodes that can’t possibly appear in the blockchain. Figure 3: A typical user signature line that includes a bitcoin address for ‘tipping’. We were able to find a large number of forum users that can be directly linked to their keys in the transaction graph. We ran the scraping code for just under 30 hours. During this time we followed links up to four deep from the home page. This covered a total of 44,086 pages and 89,088 posts that included a A3 Cross-reference block chain and external data (cf. Fleder et al. 2015)8
  9. 9. E1 Tx A1 A2 A3 Ty A1 A4 A5 indexed. While previous works [2, 4] employed a forked version of bitcointools 4 , the newer bitcoin clients indexed the full blockchain using LevelDB instead making the publicly available bitcointools obsolete. Instead, we used Armory 5 to parse through the blockchain, and wrote wrapper classes that extracted the relevant information required to construct the transaction graph. 5.1.2 Web Scraping Many users, in particular early adopters, are interested in driving bitcoin use into more mainstream public use. One way they do this is to try to encourage transactions. A common practice is to attach a bitcoin address as a signature to emails or forum posts. In forum posts especially, users contribute to the community, for example with new mining software or a tutorial on how to get set up to use bitcoins, and leave their address in the signature block. They expect to receive tips from forum readers that find their post helpful. This practice created a natural attack vector to the anonymity of the block chain. We can easily tie user information to transactions in the block chain. We used a python package called Scrapy6 to fetch and parse the forum pages(fig. 3). We wrote a spider that crawls bitcointalk.org in a breadth-first manner looking for post signatures that might contain bitcoin addresses (i.e. it matched the regular expression r‘1.{26,33}’). We then took this string and verified that it was a legitimate bitcoin public key (bitcoin addresses include a built-in checksum) to avoid attempting to annotate a large number nodes that can’t possibly appear in the blockchain. Figure 3: A typical user signature line that includes a bitcoin address for ‘tipping’. We were able to find a large number of forum users that can be directly linked to their keys in the transaction graph. We ran the scraping code for just under 30 hours. During this time we followed links up to four deep from the home page. This covered a total of 44,086 pages and 89,088 posts that included a A3 Cross-reference block chain and external data (cf. Fleder et al. 2015)9
  10. 10. De-anonymization Strategies Learn P2P Network Topology 10
  11. 11. Learn P2P Network Topology Bitcoin network E2 E1 C Attacker Machines Connect to Bitcoin servers Log servers forwarding IPx (Biryukov et al., 2014)11
  12. 12. Bitcoin network E2 E1 C forward IPx Attacker Machines Connect to Bitcoin servers Log servers forwarding IPxIPx: {E1, E2, …, En} (Biryukov et al., 2014) Learn P2P Network Topology 12
  13. 13. Bitcoin network E2 E1 C Attacker Machines Listen for transaction hashes Log first q servers
 forwarding Tx hash Compare sets and suggest pairs (IP, T) IPx: {E1, E2, …, En} (Biryukov et al., 2014) Learn P2P Network Topology 13
  14. 14. Bitcoin network E2 E1 C forward Tx Attacker Machines Listen for transaction hashes Log first q servers
 forwarding Tx hash Tx: {E1, E2, …, En} Compare sets and suggest pairs (IP, T) IPx: {E1, E2, …, En} (Biryukov et al., 2014) Learn P2P Network Topology 14
  15. 15. Money Laundering Detection Strategies Scan block chain for known patterns 15
  16. 16. Scan block chain for known patterns Placement Layering Integration Smurfing/
 Structuring Problem: Mixing services can anonymize relationship between sender and receiver 16
  17. 17. Reverse Engineer Mixing Services (Möser et al., 2013)17 Problem: Mixers work very well -> finding relations is hard
  18. 18. Money Laundering Prevention Strategy Transaction Blacklisting 18
  19. 19. 19 Towards Risk Scoring of Bitcoin Transactions Malte M¨oser, Rainer B¨ohme, and Dominic Breuker Department of Information Systems, University of M¨unster, Germany Abstract. If Bitcoin becomes the prevalent payment system on the In- ternet, crime fighters will join forces with regulators and enforce black- listing of transaction prefixes at the parties who offer real products and services in exchange for bitcoin. Blacklisted bitcoins will be hard to spend and therefore less liquid and less valuable. This requires every recipient of Bitcoin payments not only to check all incoming transactions for possible blacklistings, but also to assess the risk of a transaction being blacklisted in the future. We elaborate this scenario, specify a risk model, devise a prediction approach using public knowledge, and present preliminary re- sults using data from selected known thefts. We discuss the implications on markets where bitcoins are traded and critically revisit Bitcoin’s abil- ity to serve as a unit of account. 1 Introduction Whenever a merchant receives a 100-dollar note, she is well advised to carefully
  20. 20. References • HM Treasury (2015). Digital Currencies: response to the call for information. Available at: https://www.gov.uk/government/consultations/digital- currencies-call-for-information • Reid and Harrigan (2013). An Analysis of Anonymity in the Bitcoin System. Available at: http://arxiv.org/abs/1107.4524 • Fleder et al. (2015). Bitcoin Transaction Graph Analysis. Available at: http://arxiv.org/abs/1502.01657 • Biryukov et al. (2014). Deanonymization of clients in Bitcoin P2P network. Available at: http://arxiv.org/abs/1405.7418 • Möser et al. (2013). An Inquiry into Money Laundering Tools in the Bitcoin Ecosystem. Available at: https://maltemoeser.de/paper/money-laundering.pdf 20

×