A tool capable of tracking financial transactions with cybercrimes in Bitcoin
IMDEA software researchers Gibran Gómez, Pedro Moreno-Sánchez and Juan Caballero has created an automated open source tool to trace the financial relationships of malicious entities abusing Bitcoin technology, tested on 30 malware families. The study “Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration”, in which they present their research and the tool, was presented at the prestigious CCS’22 conference (ACM Conference on Computer and Communications Security) in November last year.
Cybercrime is the scourge of the digital environment. Fraud, phishing, identity theft, identity theft and data fraud are just a few examples of illegal activities on the network. Blockchain technology and cryptocurrencies, such as Bitcoin, have consistently attracted the attention of cybercriminals, who have often used them as a means of payment and even as a means of storing data for illegal purposes.
Aware of this problem, Gómez, Moreno-Sánchez, and Caballero have analyzed more than 7,500 Bitcoin addresses belonging to 30 malware families, including ransomware families, clippers, sextorsion, crypto-jackers, and info-stealers.
The main advantage of the back-and-forth exploration method, used in the study, is that it allows the tracking of all transactions produced by a Bitcoin address recursively. This means that if a Bitcoin address receives cryptocurrencies from another address, and this in turn sends them to a third address, the entire path of the cryptocurrencies can be traced from the first address, or from the last.
As Gómez points out, “One of the main advantages of the tool is that the user can replicate the entire process in a transparent way, which allows the results to be verified.”
The tool, in addition to serving Bitcoin users themselves, could be particularly useful for law enforcement agencies, as it would allow them to identify paths between malicious addresses and deposit addresses used by operators of illegal activities belonging to financial entities regulated by KYC policies, such as such as exchanges (cryptocurrency exchanges). This means that the National Police can, for example, use such routes as evidence to obtain a court order to demand from a stock exchange personal information relating to the addresses involved, and to find out who the final recipients of the illegal money are.
In addition, Gómez advises users to take certain precautions before carrying out transactions to avoid becoming the target of cybercrime: “It is important to be careful when including the destination address in a transaction. It is necessary to check several times that the destination address is correct for to avoid clippers.” To prevent malware, he suggests always using antivirus software and running frequent computer scans and finally performing constant backups to avoid losing important data that could result from a ransomware attack.
– This press release was originally published on the IMDEA Software Institute website