1. What do bitcoin addresses look like?
Bitcoin addresses are a series of Latin letters and numbers and do not contain the names of their owners, giving users a false sense of anonymity. However, bitcoin transactions are recorded without encryption, which means they can be tracked.
Much depends on how the address is used and what traces of activity are left on the network. For example, transactions from a bitcoin address posted in the owner’s signature in emails or forums are fairly easy to trace.
But if it was created in a separate system with an Internet connection through an anonymous TOR network and was charging bitcoins solely from a mining pool like Eligius, which does not require registration to start working, the task becomes much more difficult.
However, by using serious analytical tools and spending some time and resources, it is possible to get close to a bitcoin owner.
2. What can any user track?
The simplest transaction tracking solutions are provided by numerous bitcoin blockchain blockchain reviewers. They are usually used when they want to make sure that a transaction was successful and not hanging in the unconfirmed.
Anyone can become a bit of a detective and use these online platforms to obtain, in a few clicks, information about previous transactions with a particular bitcoin address, its current balance, the amounts that have passed through it, or lists of addresses for incoming (input) and outgoing (output) transactions. Enter transaction ID (TXID, TxHash), address, hash, or block height into the block browser’s search bar, and you’ll instantly know their status.
Try Block Explorer or Blockchain.com to get started with block explorers. Similar data with different display options are also provided by OXT, Token View, Blockcypher, Insight, Sochain and Blockstream Bitcoin Explorer. With Cryptocurrency Alerting, you can set up alerts for yourself about activity from an address of interest, and the Blockseer tool will allow you to “follow bitcoin” by visualizing the connections between addresses involved in transactions.
3. Is it possible to hide from tracking?
Given bitcoin’s pseudo-anonymous nature, it’s worth remembering that measures to counter transaction tracking are only relatively effective. Even a popular bitcoin transaction anonymization technology such as CoinJoin, which combines multiple transfers from different users into one transaction with a large number of outputs and does not require transferring bitcoins to a third-party service, does not guarantee complete anonymity. After all, inputs and outputs will still be reflected in the network, and transactions can be identified using the coinjoinsudoku toolkit.
Nevertheless, such measures should not be neglected in order not to become an easy victim of cryptojackers. For example, in some cases, you can generate a new address for each new transaction or counterparty, put a ban on sending confidential transactions through cryptocurrency exchange accounts, and use open-source wallets.
4. Are there commercial tools to track BTC transactions?
When transactions need to be tracked very quickly or need to be done on an ongoing basis, it becomes inefficient to analyze the data manually. When this is the case, researchers are aided by commercial solutions that build a layer of additional information on top of publicly available data, reflecting who is interacting with whom online. Let’s look at the most popular ones.
Perhaps the most well-known company in the field of bitcoin transaction tracking is U.S. blockchain analytics startup Chainalysis. Since 2015, it has been helping the U.S. Federal Internal Revenue Service (IRS) uncover tax evaders from cryptocurrency transactions. The company cooperates with Europol, law enforcement agencies of different countries and cryptocurrency exchanges.
The company’s main products are Chainalysis Reactor and Chainalysis Know Your Transaction (KYT). Reactor allows initiating an automatic investigation from any moment when there is at least a small lead in the crypto data. Developed as an anti-money laundering tool, users of KYT use the API to monitor vast amounts of information in real time and identify high-risk transactions. For example, the cryptocurrency exchange Binance has been working with Chainalysis KYT since the fall of 2018 to “create a blockchain ecosystem where everyone feels safe.”
However, Chainalysis tools do not involve public access, and therefore do not provide an opportunity to evaluate the methodology used and rule out false positives. There have been cases when participants of legal proceedings questioned the reliability of transaction data provided by Chainalysis because of that.
In January 2018, Bitfury Group (one of the world’s largest developers and providers of blockchain solutions) introduced to financial institutions and law enforcement agencies a tool Crystal created specifically for bitcoin-related investigations.
Crystal analyzes information in the bitcoin blockchain, focusing on specified addresses and transaction sets, and goes outside the network and collects query-relevant data from all available sources: sites, topic forums, etc.
The tool visualizes the movement of funds up to the final address and withdrawal of crypto-assets into fiat currency and sends the results to the client’s email. While manual tracking can be problematic, Crystal’s work results in a list of specific addresses where the money has reached, as well as identifying all paths of delivery.
Investigation can delve into transaction risk assessment and tracking suspicious transactions by BTC address, but the developers claim that ultimately, by applying a unique clustering algorithm, Crystal is able to identify the real name of the coin holder.
In version 2.2, Crystal added a few more features for the convenience of investigators. For example, clients can set up notifications of activity at a particular address with the ability to add a list of addresses involved in a transaction to the monitoring and visualization in one click, as well as track transactions between addresses via intermediaries.
As an example of Crystal’s effectiveness, its creators cite the investigation into the WannaCry ransomware virus. In May 2017, it caused nearly $1 billion in damage to its victims in four days, affecting the U.K. Public Health Service, Spain’s largest telecom company Telefónica, U.S. logistics giant FedEx, and users from 150 countries. Using their tool, Crystal’s creators tracked the movement of funds from the attackers’ bitcoin wallets (to withdrawal points through the Changelly and ShapeShift crypto exchanges) in three hours and determined who was behind the attacks.
Bitfury also investigated the September 2018 hack of Japanese bitcoin exchange Zaif, which lost $60 million in crypto assets, including 6,000 bitcoins, to hackers.
Researchers determined that some of the stolen funds were sent for withdrawal through the cryptocurrency exchange Binance, another part was split into small amounts and distributed to numerous addresses through mixers, gaming services and other crypto exchanges, while 30% remained at previously unreported addresses, presumably belonging to the hacker. The addresses registered to unknown persons were then placed under further surveillance by Crystal.
Established in 2013 in London, blockchain analytics solutions provider Elliptic once served as a cold wallet for storing private keys to bitcoin addresses, but then refocused on providing anti-money laundering services to cryptocurrency exchanges and financial services.
Elliptic has also developed software that law enforcement agencies use to track bitcoin terrorist financing. Elliptic works with the FBI and CIA and is known for investigating criminal activity on the darknet.
As the company explains, with the help of web scraping of “clean” web resources and darknet, as well as monitoring of court document registries, one can get data with mention of crypto-addresses, analyze them, and then in darknet try to interact with them or repeat their logic.
Elliptic uses machine learning algorithms to calculate the real owners of darknet wallets: the software focuses on addresses that are accurately used on a particular marketplace, and then uses this technology to identify other addresses and transactions on the same marketplace. For law enforcement, the findings are visualized graphically in the transaction browser.
The London-based startup’s cooperation with the FBI and CIA is not subject to disclosure. However, it is known that the company played a significant role in the cases of a UK Portsmouth-based darknet drug dealer sentenced to 16 years in prison, who sold ecstasy for bitcoins, and a businessman who tried to import firearms parts bought on the darknet for bitcoins into the UK.
In addition, in July 2018, Elliptic experts said that Russian military intelligence (GRU) officers accused of interfering in the 2016 U.S. presidential campaign conducted bitcoin transactions and laundered money using cryptocurrency through the BTC-e exchange.