7 research outputs found
Behind the chain of obscurity : methodologies for cryptocurrency forensic analysis
Bitcoin and alternative cryptocurrencies are decentralised digital currencies that
allow users to anonymously exchange money without requiring the presence of a
trusted third party. The privacy components of cryptocurrency can facilitate illegal
activities and present new challenges for cybercrime forensic analysis. Tackling such
challenges motivates new research interest in cryptocurrency tracking. This thesis
explores and proposes novel methodologies and improvements to existing cryptocurrency tracking and analysis methodologies.
Our first contribution explores the most commonly used cryptocurrency tracking methodology named Taint Analysis and investigates a potential improvement to
the methodology’s tracking precision with the implementation of address profiling.
We also introduce two context-based taint analysis strategies and hypothesise behaviours related to the tracked Bitcoins context to create a set of evaluation metrics.
We conducted an experiment using sample data from known illegal Bitcoin cases to
illustrate and evaluate the methodology, and the results reveal distinct transaction
behaviours in tracking between the results with and without address profiling for all
of the metrics. Our second contribution proposes a cryptocurrency tracking methodology named Address Taint Analysis that is capable of tracking zero-taint coins created by Privacy-Enhancing Technologies (PETs) called centralised mixer services,
which are untrackable with taint analysis tracking. Our results indicate that our proposed address taint analysis can trace the zero-taint Bitcoins from nine well-known
mixer services back to the original Bitcoins. Our third contribution investigates and
proposes a detection method for Wasabi Wallet’s CoinJoin transactions, which is one
of the most recent well-known PET services. Our fourth contribution introduces an
open-source library for cryptocurrency tracking and analysis named, TaintedTX ,
that we utilised to perform our research experiments. The library supports a variety of taint analysis strategies that users can select to track targeted transactions
or addresses. The library also includes a compilation of utility functions for address
clustering, website scraping, transaction and address classifications
Tracking Mixed Bitcoins
Mixer services purportedly remove all connections between the input
(deposited) Bitcoins and the output (withdrawn) mixed Bitcoins, seemingly
rendering taint analysis tracking ineffectual. In this paper, we introduce and
explore a novel tracking strategy, called \emph{Address Taint Analysis}, that
adapts from existing transaction-based taint analysis techniques for tracking
Bitcoins that have passed through a mixer service. We also investigate the
potential of combining address taint analysis with address clustering and
backward tainting. We further introduce a set of filtering criteria that reduce
the number of false-positive results based on the characteristics of withdrawn
transactions and evaluate our solution with verifiable mixing transactions of
nine mixer services from previous reverse-engineering studies. Our finding
shows that it is possible to track the mixed Bitcoins from the deposited
Bitcoins using address taint analysis and the number of potential transaction
outputs can be significantly reduced with the filtering criteria.Comment: 17 pages, 3 figures, CBT 202