How Blockchain Tracking Has Led to Major Cryptocriminal Busts
One of the most common misconceptions about cryptocurrency is that holdings and transactions are anonymous. In reality, the underlying blockchains or digital ledgers that enable cryptocurrencies to function are also a tool that law enforcement or amateurs can use to anonymize the alphanumeric addresses that make up people’s cryptocurrency wallets.
Longtime technology journalist Andy Greenberg traces the evolution of these techniques – known as “blockchain analytics” or “blockchain surveillance” – in his new book, “Tracers in the Dark.” The topic is more relevant than ever. During the rapid collapse of the crypto exchange FTX, which declared bankruptcy last week, keen observers of the chain watched as millions of dollars in cryptocurrency disappeared – either because the exchange was hacked – or, as some have speculated, an insider pulled off a heist The transparency that blockchain provides is unlike anything else in finance, for better or for worse.
Grid spoke with Greenberg about his new book, the basics of blockchain analytics, and its growing use by law enforcement and other practitioners. This interview has been edited for length and clarity.
Grid: What made you want to write this book?
Andy Greenberg: I was covering anonymity technologies and cryptography and the dark web even before I had ever heard of cryptocurrency. I wrote a book about WikiLeaks, Tor, and the cypherpunks—that whole movement of people seeking privacy and trying to use encryption to take power from governments and corporations and give it to individuals — these types of crypto-libertarians.
I first came across Bitcoin in 2011. I actually first learned about it from a video of a speech Gavin Andresen, a Bitcoin developer, gave where he described it as a cyberpunk invention by this mysterious guy, Satoshi Nakamoto. From the very beginning, my interest in Bitcoin was about its potential anonymity and untraceability and the ways it could monetize a whole new contraband market on the dark web. And of course I misunderstood those privacy promises, but I don’t think I was alone in doing so.
I mean, in my defense, Satoshi Nakamoto – himself – said in the first email, introducing the Bitcoin White Paper to a cryptographic mailing list, in the points describing the features of the system, that “participants can be anonymous.” That’s a big part of why it was immediately adopted by the likes of Silk Road and seen as the perfect digital money that could be used without revealing your identity.
G: Which in the beginning of crypto made sense – these are just alphanumeric addresses, why would we assume we could figure out who the person behind it was?
AG: I agree. We all knew the blockchain existed – it wasn’t a surprise that it recorded every transaction. But linking them to a person didn’t seem like there was any way to do it. And so, you know, if not anonymous, at least it seemed like Bitcoin was pseudonymous, and it seemed close enough to a lot of us.
G: But over time it became clear that the situation was not so simple.
AG: Jump forward to the 2010s and there was more and more evidence, both in the research community and glimpses of it in the tech world, that people were actually tracking Bitcoins. But it was never clear how definitive this tracking was and how trackable Bitcoin really was. And then it was really only in 2020 that I started to see, for example, announcements from the Ministry of Justice, of one major bust or takedown after another where they wanted to thank Chainalysis, a company I was only vaguely aware of. And then I began to look deeper.
At first I thought that this company Chainalysis clearly has their hands in just so many of these fascinating cases, I thought maybe I should just write a piece about Chainalysis. But immediately when I started talking to the company’s co-founders, I saw that there was an opportunity to do something much bigger.
They have really been instrumental in one big case after another, from Mt. Gox hack [the largest cryptocurrency hack to that point in time] to the takedown of AlphaBay, the largest dark web drug market in history, to the Welcome to Video child exploitation dark web site, where hundreds of people were arrested [for possessing or creating child sexual abuse imagery]. I started to get more ambitious about trying to tell each of these stories, not just from Chainalysis’ point of view, but from the perspective of the detectives who actually did these cases and used Chainalysis. And cryptocurrency tracking more generally, like this kind of secret weapon, is taking down one massive cybercriminal operation after another.
G: Chainalysis is a name people may not be familiar with, but they have a wide range of contracts with the US government – who are they and how did they become known?
AG: I was a bit shocked to learn in one of my first conversations with them, that they had just taken a funding round that made them a billion dollar company – like a true unicorn. Which seemed a little unlikely for this niche ability to track cryptocurrency. But in the process of reporting this book, I began to see not only how profitable they are, how many customers they have and how big an industry this is, but then Chainalysis just kept growing. Now it was an $8.6 billion company. Bitcoin [and other cryptocurrencies] has its ups and downs, but this industry of tracking cryptocurrency, in particular, is just exploding unabated.
G: What is the goal of this larger industry? How do the companies differ?
AG: This entire industry is now focused on just picking up any clues that might undo what once seemed to be the anonymity or untraceability of cryptocurrencies. They are all, I think, now competing for the best minds in the research world. Each blockchain is a permanent record of transactions that can be studied for years to find new clues to develop new techniques to identify people – sometimes back in time, to find patterns or identify specific criminal acts. It is an endless playground for big data analysis and has lent itself to a truly vibrant world of researchers in academia and the private sector. While academia publishes its findings, and sometimes as a sort of public service announcement — as did Sarah Meiklejohn, the lead author of the original paper that kind of broke the entire field of cryptocurrency tracking wide open — the private sector, meanwhile, hold these techniques very closely, competing to develop new secret tools that can identify people and identify behavior. As for what really sets these companies apart, they all have a core set of techniques that are now pretty publicly known for tracking cryptocurrencies, but they also have their various unique abilities and tricks, some of which they have never publicly disclosed.
G: Can you describe some of the analytical techniques that these companies use?
AG: Sarah’s paper laid out what remains some of the most basic crypto tracing techniques that people still use today. The first is if you can follow the money to a cryptocurrency exchange, or some other institution where people have to reveal their identity, then you can subpoena that exchange for an identity. That’s the basic way this works. She and her co-authors laid out the techniques to make it possible. There are really two different parts to this. One is clustering. If you look at the blockchain, it can look just like, well, hundreds of millions of addresses now, but Sara highlighted and invented some techniques to create clusters that can show dozens or even millions of addresses that all belong to the same person or institution .
For example, if you can show that in a transaction many Bitcoins are used from many different addresses at the same time, then the same person must control all the keys for these user addresses. In another case, she showed that many Bitcoin wallets have this change feature where to send Bitcoins from an address, you have to spend all the coins in that address at the same time and then receive the change for the transaction. If you do not use them all at the same time, you will receive change at a different address. Sarah Meiklejohn had this realization that if you can figure out what the change address is, you can separate the change address from the recipient’s address – perhaps because the change address has never received a payment before, while the recipient’s address has.
Then you can start following along as a kind of wad of bills as it is sent from address to address while always obsessing over the same person. It’s what she calls a “peel chain” where you see a pile of bills moved from address to address – as one bill at a time is peeled off and given to someone else as it’s used over time. These peeling chains can sometimes be followed all the way to an exchange, and then some can be identified. So that’s the multi-input trick and the change trick are two pretty powerful techniques to start making these clusters. It already took a ton of the mystery out of what seemed like an endless sea of anonymous addresses.
Her other big innovation was to just start interacting with many Bitcoin services almost like an undercover operator. She just sent money in and out of dozens of exchanges and gambling services, bought random objects for Bitcoin from tons of different e-commerce sites that accepted Bitcoin and even put money into Silk Road and took it out again and again. All so that she could identify some of the addresses of the services almost like a drug cop, like buy and bust, and once she identified those addresses, she would sometimes now be able to connect them to whole clusters that she built with these other tricks.
In this 2013 article, she took a big bite out of any notion of Bitcoin’s anonymity or traceability. But it would really take years for people to realize how powerful these techniques are – and how untraceable Bitcoin is.
G: Do you think this industry will only continue to grow? What tension is it going to continue to create between the beliefs that underpin crypto and some kind of lived reality that is observable and traceable to law enforcement?
AG: Cryptocurrency users are becoming aware of this world, and I imagine my book will make them a little more aware of the fact that if you use cryptocurrency, you are likely vulnerable to being tracked. In some ways it is even more transparent, even more accessible to monitoring, than the traditional world of finance. in the future, I see the use of these traceable currencies like Bitcoin and Ethereum, for example, going into people who don’t really mind being tracked because they’re just using it for illegal purposes. And then there are people who know that even if they’re tracked, they can’t really be stopped – they’re not going to be arrested. These include the likes of North Korean hackers and Russian cybercriminal ransomers.
But I still think that there will be an element of surprise there third group of people think they are doing something clever to remain untraceable and then they are outwitted. For better or worse, in this world of blockchains, when you are outsmarted even years later, your mistakes are on permanent record. In this cat and mouse game, the cats can go back in time to something they found on the blockchain years ago that you can’t delete and use it to identify or even prosecute you. So there’s a super interesting and almost scary kind of dynamic in cryptocurrency that doesn’t exist like other types of crime or other types of surveillance. We’re still kind of coming to terms with what that will mean for people’s use of this technology.
Thanks to Alicia Benjamin for copy editing this article.