Article

Toward De-Anonymizing Bitcoin by Mapping Users Location

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

The Bitcoin system (https://bitcoin.org) is a pseudo- anony- mous currency that can dissociate a user from any real-world identity. In that context, a successful breach of the virtual and physical divide represents a significant flaw in the Bit-coin system [1]. In this project we demonstrate how to glean information about the real-world users behind Bitcoin trans- actions. We analyze publicly available data about the cryp- tocurrency. In particular, we focus on determining informa- tion about a Bitcoin user's physical location by examining that user's spending habits.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... Next, there are cases where authors need to submit their work without identifying themselves such as William Sealy Gosset having to publish his famous t- distribution under the pseudonym Student. While permanent identifiers such as ORCID make this increasingly difficult, distributed ledger technologies have a potential to do both [5]: either make anonymity almost impossible by linking all scientific activities to profiles/addresses, or enable strong anonymity -a feature promoted by some crypto-currency ecosystems. The discussion whether we want pseudonymous contributions needs to be a social question before it is a technological one. ...
... Without going into technical details, we assume that the coin will be a so-called ERC20 token 4 that utilizes the existing Ethereum (ETH) blockchain and ecosystem. 5 There are many advantages and disadvantages to doing so, most of which play no role in this early design phase. We will discuss some of them below to give the reader an impression of the details (and their surprising consequences) that would have to be worked out before any serious coin ecosystem for science could go into production mode. ...
... https://github.com/ethereum/EIPs/blob/master/EIPS/eip-20.md5 Other ecosystems such as NEM (https://nem.io/) ...
Article
Distributed ledger technologies such as blockchains and smart contracts have the potential to transform many sectors ranging from the handling of health records to real estate. Here we discuss the value proposition of these technologies and crypto-currencies for science in general and academic publishing in specific. We outline concrete use cases, provide an informal model of how the Semantic Web journal's peer-review workflow could benefit from distributed ledger technologies, and also point out challenges in implementing such a setup.
... Moore and Rid [27] studied how hidden services are used in practice, and noted that Bitcoin was the dominant choice for accepting payments for these services. Although multiple studies [15,16,25] demonstrated that Bitcoin transactions are not as anonymous as previously thought, Bitcoin remains the most popular digital currency on the Dark Web [8], and many users still choose to use it despite its false sense of anonymity. Biryukov et al. [3] showed that even if users use Bitcoin over an anonymity network such as Tor, they are still vulnerable to deanonymization and man-in-the-middle attacks at the network level. ...
... We also observed that many services did not expose their Bitcoin addresses on their landing pages, and would require users to attempt purchasing items before a Bitcoin address is shown to the user. 15 In addition, we included two known ransomware addresses that are published on the Web and the Blockchain. 16 Ransomware is a malware category that limits the access of users to their files by encrypting them [19]. ...
... Public Bitcoin addresses exposed online could potentially put these users at the risk of transactions history tracing and linkage. Not only do users reveal their public Bitcoin addresses, but they also reveal personal information representing their online identities, 15 Services we manually visited offered variety of different content ranging from dark markets (e.g. drug, stolen card, and arms) to services such as WikiLeaks. ...
Article
With the rapid increase of threats on the Internet, people are continuously seeking privacy and anonymity. Services such as Bitcoin and Tor were introduced to provide anonymity for online transactions and Web browsing. Due to its pseudonymity model, Bitcoin lacks retroactive operational security, which means historical pieces of information could be used to identify a certain user. We investigate the feasibility of deanonymizing users of Tor hidden services who rely on Bitcoin as a payment method by exploiting public information leaked from online social networks, the Blockchain, and onion websites. This, for example, allows an adversary to link a user with @alice Twitter address to a Tor hidden service with private.onion address by finding at least one past transaction in the Blockchain that involves their publicly declared Bitcoin addresses. To demonstrate the feasibility of this deanonymization attack, we carried out a real-world experiment simulating a passive, limited adversary. We crawled 1.5K hidden services and collected 88 unique Bitcoin addresses. We then crawled 5B tweets and 1M BitcoinTalk forum pages and collected 4.2K and 41K unique Bitcoin addresses, respectively. Each user address was associated with an online identity along with its public profile information. By analyzing the transactions in the Blockchain, we were able to link 125 unique users to 20 Tor hidden services, including sensitive ones, such as The Pirate Bay and Silk Road. We also analyzed two case studies in detail to demonstrate the implications of the resulting information leakage on user anonymity. In particular, we confirm that Bitcoin addresses should always be considered exploitable, as they can be used to deanonymize users retroactively. This is especially important for Tor hidden service users who actively seek and expect privacy and anonymity.
... Because of their increasing popularity, cryptocurrencies like Bitcoin have been the subject of much research into their technological and economic implications [9,10,11,12,13]. It is imperative to conduct study on the potential illicit use of Bitcoin on the dark web. ...
Article
Full-text available
A Bitcoin transaction is a transfer of value between Bitcoin wallets. It involves the sender's digital signature, timestamp, transaction hash, recipient's address and the amount being transferred. These transactions are recorded on the blockchain, a decentralized and public ledger, ensuring transparency and security in the Bitcoin network. TOR exit node, on the other hand, is the final point in the TOR network (a decentralized network used for anonymous communication) through which encrypted traffic exits to reach its destination. As cryptocurrencies are being increasingly used facilitate illicit transactions, growing need monitor such transactions has risen. The use of the TOR exit node to monitor and investigate illicit Bitcoin users has been discussed in this paper.
... All transactions on the Bitcoin network are kept on the blockchain [20]. The blockchain stores information about every transaction, containing the addresses that belong to the person who sent it and the person receiving it, and the amount sent and the period of completion [21]. Bitcoin is recognised as the most significant cryptocurrency because of its decentralised structure and miners' validation of transactions that pass across the network [22]. ...
Article
Full-text available
The metaverse, a virtual multiuser environment, has garnered global attention for its potential to offer deeply immersive and participatory experiences. As this technology matures, it is evolving in tandem with emerging innovations such as Web 3.0, Blockchain, nonfungible tokens, and cryptocurrencies like Bitcoin, which play pivotal roles in the metaverse economy. Robust Bitcoin networks must be modelled for the metaverse environment in Industry 5.0 platforms to ensure the metaverse’s sustained growth and relevance. Industry 5.0 is poised to experience significant economic expansion, driven in large part by the transformative influence of metaverse technology. Researchers have actively explored diverse strategies and approaches to address the unique challenges and opportunities presented by current Bitcoin networks, highlighting the limitless potential for enhancing anonymity and privacy while navigating this exciting digital frontier. By addressing the diverse anonymity and privacy evaluation attributes, the lack of clarity regarding the prioritisation of these attributes and the variability in data, this modelling approach can be categorised as a form of multiple attribute decision-making (MADM). This review seeks to achieve three main objectives: firstly, to identify research gaps, obstacles, and problems within scholarly literature, which is crucial for assessing and modelling Bitcoin networks to succour the metaverse environment of Industry 5.0; secondly, to pinpoint theoretical gaps, proposed solutions, and benchmarking of Bitcoin networks; and thirdly, to offer an overview of the existing validation and evaluation methods employed in the literature. This review introduced a unique taxonomy by intersecting “Bitcoin networks based on blockchain aspects” with “anonymity and privacy development attributes aspect.” It emphasised the study’s significance and innovation. The results illustrate that employing MADM techniques is highly suitable for modelling Bitcoin networks to support the metaverse within the context of Industry 5.0. This thorough review is an invaluable resource for academics and decision-makers, offering perspectives regarding the improvements, applications, and potential directions for evaluating Bitcoin networks to bolster the metaverse environment of Industry 5.0.
... In bitcoin networks, the sender's and recipient's addresses, the amount sent and the transaction's time are stored in the blockchain (Dupont & Squicciarini, 2015;Koshy et al., 2014;Lischke & Fabian, 2016;Meiklejohn et al., 2013). Anonymity and privacy in bitcoin networks are considered highlight points, given that many academics have shown that bitcoin networks to support Industry 5.0's metaverse environment (hereafter simplified as "bitcoin networks") provide exciting new opportunities for future studies. ...
Article
Full-text available
Metaverse is a new technology expected to generate economic growth in Industry 5.0. Numerous studies have shown that current bitcoin networks offer remarkable prospects for future developments involving metaverse with anonymity and privacy. Hence, modelling effective Industry 5.0 platforms for the bitcoin network is crucial for the future metaverse environment. This modelling process can be classified as multiple-attribute decision-making given three issues: the existence of multiple anonymity and privacy attributes, the uncertainty related to the relative importance of these attributes and the variability of data. The present study endeavours to combine the fuzzy weighted with zero inconsistency method and Diophantine linear fuzzy sets with multiobjective optimisation based on ratio analysis plus the multiplicative form (MULTIMOORA) to determine the ideal approach for metaverse implementation in Industry 5.0. The decision matrix for the study is built by intersecting 22 bitcoin networks to support Industry 5.0's metaverse environment with 24 anonymity and privacy evaluation attributes. The proposed method is further developed to ascertain the importance level of the anonymity and privacy evaluation attributes. These data are used in MULTIMOORA. A sensitivity analysis, correlation coefficient test and comparative analysis are performed to assess the robustness of the proposed method.
... Actually, with some off-chain information (e.g. social network posts, public speak, location [65]), eavesdroppers can launch de-anonymization inference attacks to bridge virtual accounts with real-world individuals or uncover the true identities of traders by linking the transactions of an account together and matching relevant information [137]. ...
Article
Full-text available
As an integral part of the decentralized finance (DeFi) ecosystem, decentralized exchanges (DEXs) with automated market maker (AMM) protocols have gained massive traction with the recently revived interest in blockchain and distributed ledger technology (DLT) in general. Instead of matching the buy and sell sides, automated market makers (AMMs) employ a peer-to-pool method and determine asset price algorithmically through a so-called conservation function. To facilitate the improvement and development of automated market maker (AMM)-based decentralized exchanges (DEXs), we create the first systematization of knowledge in this area. We first establish a general automated market maker (AMM) framework describing the economics and formalizing the system’s state-space representation. We then employ our framework to systematically compare the top automated market maker (AMM) protocols’ mechanics, illustrating their conservation functions, as well as slippage and divergence loss functions. We further discuss security and privacy concerns, how they are enabled by automated market maker (AMM)-based decentralized exchanges (DEXs)’ inherent properties, and explore mitigating solutions. Finally, we conduct a comprehensive literature review on related work covering both decentralized finance (DeFi) and conventional market microstructure.
...  Elliptic Curve Digital Signature Algorithm (ECDSA): It used as a digital signature algorithm for signing transactions in bitcoin. ECDSA proves strong enough to forgery in the presence of collision-resistant hash functions and generic group based chosen-message attacks [10]. ...
... While these users are capable of creating as many addresses as they would like, they are not required to do so. In turn, researchers have used clustering, transaction analysis, taint analysis, and behavior analysis to track patterns and build relationships between public keys [9,13,14,17,18]. The official Bitcoin website highlights potential threats to user anonymity and clearly states that the currency is not anonymous [1]. ...
Chapter
Full-text available
The lack of fungibility in Bitcoin has forced its userbase to seek out tools that can heighten their anonymity. Third-party Bitcoin mixers use obfuscation techniques to protect participants from blockchain transaction analysis. In recent years, various centralized and decentralized Bitcoin mixing methods were proposed in academic literature (e.g., CoinJoin, CoinShuffle). Although these methods strive to create a threat-free environment for users to preserve their anonymity, public Bitcoin mixers continue to be associated with theft and poor implementation. This paper explores the public Bitcoin mixer ecosystem to identify if today’s mixing services have adopted academia’s proposed solutions. We perform real-world interactions with publicly available mixers to analyze both implementation and resistance to common threats in the mixing landscape. We present data from 21 publicly available mixing services on the deep web and clearnet. Our results highlight a clear gap between public and proposed Bitcoin mixers in both implementation and security. We find that the majority of key security features proposed by academia are not deployed in any public Bitcoin mixers that are trusted most by Bitcoin users. Today’s mixing services focus on presenting users with a false sense of control to gain their trust rather than employing secure mixing techniques.
... Although these methods guarantee that the raw data cannot be directly accessed, personal privacy leakage arises from analyzing the on-chain transaction data. Some research revealed that the real identity of accounts in the blockchain can be inferred by analyzing transaction relationships among different accounts and off-chain auxiliary information [40][41][42]. Once an account in historical transaction records is linked to the real world, all transaction information related to the account will be revealed. ...
Article
Full-text available
Three-dimensional (3D) data are easily collected in an unconscious way and are sensitive to lead biological characteristics exposure. Privacy and ownership have become important disputed issues for the 3D data application field. In this paper, we design a privacy-preserving computation system (SPPCS) for sensitive data protection, based on distributed storage, trusted execution environment (TEE) and blockchain technology. The SPPCS separates a storage and analysis calculation from consensus to build a hierarchical computation architecture. Based on a similarity computation of graph structures, the SPPCS finds data requirement matching lists to avoid invalid transactions. With TEE technology, the SPPCS implements a dual hybrid isolation model to restrict access to raw data and obscure the connections among transaction parties. To validate confidential performance, we implement a prototype of SPPCS with Ethereum and Intel Software Guard Extensions (SGX). The evaluation results derived from test datasets show that (1) the enhanced security and increased time consumption (490 ms in this paper) of multiple SGX nodes need to be balanced; (2) for a single SGX node to enhance data security and preserve privacy, an increased time consumption of about 260 ms is acceptable; (3) the transaction relationship cannot be inferred from records on-chain. The proposed SPPCS implements data privacy and security protection with high performance.
... In conclusion, data protection work over recent decades has shown the threats of privacy leakage as a consequence of several inference attacks that link confidential transaction data and / or a pseudonym to the real identity of actual users, given the use of the same pseudonym (Dupont, 2015). A loss of privacy may contribute to a violation of payment information's confidentiality. ...
Chapter
Blockchain-based technology is becoming increasingly popular and is now used to solve a wide range of tasks. And it's not all about cryptocurrencies. Even though it's based on secure technology, a blockchain needs protection as well. The risks of exploits, targeted attacks, or unauthorized access can be mitigated by the instant incident response and system recovery. Blockchain technology relies on a ledger to keep track of all financial transactions. Ordinarily, this kind of master ledger would be a glaring point of vulnerability. Another tenet of security is the chain itself. Configuration flaws, as well as insecure data storage and transfers, may cause leaks of sensitive information. This is even more dangerous when there are centralized components within the platform. In this chapter, the authors will demonstrate where the disadvantages of security and privacy in blockchain are currently and discuss how blockchain technology can improve these disadvantages and outlines the requirements for future solution.
... Previous research on de-anonymization explored the affiliation of Bitcoin addresses by using out-of-network information such as IP addresses [12] [13], geo-locations [14], inner network information using graph analysis [15], and Bitcoin address classification techniques [16] [17]. We take an alternative approach and leverage the coding style of Ethereum smart contracts to attribute the deployed contracts' code to their developers' account addresses. ...
Conference Paper
Full-text available
Blockchain users are identified by addresses (public keys), which cannot be easily linked back to them without out-of-network information. This provides pseudo-anonymity, which is amplified when the user generates a new address for each transaction. Since all transaction history is visible to all users in public blockchains, finding affiliation between related addresses can hurt pseudo-anonymity. Such affiliation information can be used to discriminate against addresses that were found to be related to a specific group, or can even lead to the de-anonymization of all addresses in the associated group, if out-of-network information is available on a few addresses in that group. In this work we propose to leverage a stylometry approach on Ethereum's deployed smart contracts' bytecode and high level source code, which is publicly available by third party platforms. We explore the extent to which a deployed smart contract's source code can contribute to the affiliation of addresses. To address this, we prepare a dataset of real-world Ethereum smart contracts data, which we make publicly available; design and implement feature selection, extraction techniques, data refinement heuristics, and examine their effect on attribution accuracy. We further use these techniques to test the classification of real-world scammers data.
... Baur, Bühler, Bick, and Bonorden (2015) found that most stakeholders perceived Bitcoin's ease of use as relatively low. Literature reviewed identified anonymity, security, costs, speculative opportunities and transaction irreversibility as the perceived benefits of adopting Bitcoin (Beer & Weber, 2015;Dupont & Squicciarini, 2015;Gao, Clark, & Lindqvist, 2016;Gentilal, Martins, & Sousa, 2017;Glaser, Zimmermann, Haferkorn, Weber, & Siering, 2014;Hur, Jeon, & Yoo, 2015;Ly, 2013). Bitcoin's pseudo-anonymous and decentralized nature can result in trust issues amongst users, in terms of illicit use and cyber-attacks (Bohr & Bashir, 2014;Sas & Khairuddin, 2017). ...
Article
Full-text available
Aim/Purpose: This paper explored the factors (enablers and barriers) that affect Bitcoin adoption in South Africa, a Sub-Saharan country with the high potential for Bitcoin adoption. Background: In recent years, Bitcoin has seen a rapid growth as a virtual cryptocurrency throughout the world. Bitcoin is a protocol which allows value to be exchanged over the internet without a central bank or intermediary. Cryptocurrencies such as Bitcoin are technological tools that arguably can contribute to reducing transactions costs. This paper explored the factors that affect Bitcoin adoption in South Africa, a Sub-Saharan country with the high potential for Bitcoin adoption, as little is known about the factors that affect Bitcoin adoption and the barriers to adoption. Methodology: A quantitative questionnaire was distributed to South African virtual communities where Bitcoin is a topic of interest, and 237 quantitative responses were received, along with 212 open-ended comments. Contribution: This research contributes to the body of knowledge in information systems by providing insights into factors that affect Bitcoin adoption in South Africa. It raises awareness of incentives and barriers to Bitcoin adoption at a time when financial literacy is a crucial issue both in South Africa and worldwide. Findings: The results indicate that perceived benefit, attitude towards Bitcoin, subjective norm, and perceived behavioral control directly affected the participants’ intentions to use Bitcoin. Perceived benefit, usefulness, ease of use, and trust-related risk were found to indirectly affect intention to use Bitcoin. Further, it emerges that the barriers to Bitcoin adoption in South Africa consist of the complex nature of Bitcoin and its high degree of volatility. Recommendations for Practitioners: Bitcoin can contribute to reducing transactions costs, but factors that affect adoption and the barriers to adoption should be taken into consideration. These findings can inform systems and software developers to develop applications that make managing Bitcoin keys and transacting using Bitcoin less complex and more intuitive for end users. Recommendation for Researchers: Bitcoin adoption in South Africa is a topic that has not been previously researched. Researchers could research similarities or differences in the various constructs that were used in this research model. Impact on Society: South African Bitcoin users consider it as a universal currency that makes cross-border payments cheaper. A large number of refugees and workers in South Africa make regular payments across borders. Bitcoin could reduce the costs of these transfers. Future Research: Future research could explore Bitcoin (and other cryptocurrencies) adoption in other developing countries. Researchers could look at factors that influence cryptocurrency adoption in general. The factors affecting adoption of other cryptocurrencies can be compared to the results of this study, and similarities and differences can thus be identified.
... Since transactions are permanently recorded on the blockchain, which may cause an issue: once a historical transaction discloses the real identity of a user, the information of this user in all relevant transaction records will be revealed. Moreover, attackers can also use off-chain auxiliary information to infer the identity of accounts in the blockchain [11]. ...
Article
The disruptive blockchain technology is expected to have broad applications in many areas due to its advantages of transparency, fault tolerance, and decentralization, but the open nature of blockchain also introduces severe privacy issues. Since anyone can deduce private information about relevant accounts, different privacy-preserving techniques have been proposed for cryptocurrencies under the UTXO model, e.g., Zerocash and Monero. However, it is more challenging to protect privacy for account-model blockchains (e.g., Ethereum) since it is much easier to link accounts in the account-model blockchain. In this paper, we propose BlockMaze, an efficient privacy-preserving account-model blockchain based on zk-SNARKs. Along with dual-balance model, BlockMaze achieves strong privacy guaran- tees by hiding account balances, transaction amounts, and linkage between senders and recipients. Moreover, we provide formal security definitions and prove the security of BlockMaze. Finally, we implement a prototype of BlockMaze based on Libsnark and Go-Ethereum, and conduct extensive experiments to evaluate its performance. Our 300-node experiment results show that BlockMaze has high efficiency in computation and transaction throughput: one transaction verification takes about 14.2 ms, one transaction generation takes 6.1-18.6 seconds, and its throughput is around 20 TPS.
... Although local currencies provide supports, incentives and other benefits for its merchant users such as SMEs, because of security issues such as fraud and counterfeiting (Gentilal et al., 2017;Abraham et al., 2019;Glaser et al., 2014;Walton & Johnston, 2018), risk (Pianese et al., 2018;Beer & Weber, 2015;Dupont & Squicciarini, 2015;Gao et al., 2016;Hur et al., 2015;Ly, 2013), trust (Abraham et al., 2019;Shahzad et al., 2018), costs of exchange and membership (Pianese et al., 2018, Diniz et al., 2016Diniz et al., 2019), accountability (Blanc & Fare, 2013;Diniz et al., 2016;Diniz et al., 2019) and tax issues (Eisenstein, 2011;Seyfang, 2005), SMEs might become less interested in the usage of these currencies, and their adoption to the usage of these currencies might be reduced. In this regard, this paper also aims to indicate and explore major concerns of potential merchant users of local currency that might influence their adoption and usage. ...
Article
Full-text available
Local and community currencies have been used as a stimulating tool to increase trading activities and social interactions of geographically restricted regions. This paper aims to investigate the potential of innovative regional development of the structurally disadvantaged industrial region focused on the steel and mining industry by means of the local currency. Being the important players of local economies and regional development, SMEs have always been in the center of interest for practitioners of the local and community currencies. Therefore, our research team analyzed and explored major benefits and barriers that SMEs perceive to adopt and use local currency. In parallel with the specified aims, the researchers employed the structured questionnaire survey with open and dichotomous questions focused on SMEs with no practical experience with the acceptance and use od the local or community currencies in Cieszyn Silesia region. The results of our research show that SMEs are prone to be active members of local currency communities, and they positively perceive the support that major regional producers, service providers, and practitioners can provide for them through this instrument. Moreover, some SMEs also perceive local currencies as a marketing and promotion tool that increases product-service quality and mutual transactions of firms. According to the respondents, high participation fees and exchange rates, lack of usage by customers and coverage by national currencies, counterfeiting, and fraud, liquidity risk, taxability, accountability, legislative and technical issues, credibility and trustworthiness of practitioners have been main impediments in the adoption and usage of these currencies by SMEs. This research provides innovative solutions and suggestions for policymakers in case of the regional development of the structurally disadvantaged industrial regions to overcome the barriers of local currencies. Since local currencies can be created in digital formats, the increasing importance of local digital currencies in the Covid-19 pandemic has also been highlighted.
... In conclusion, data protection work over recent decades has shown the threats of privacy leakage as a consequence of several inference attacks that link confidential transaction data and / or a pseudonym to the real identity of actual users, given the use of the same pseudonym (Dupont, 2015). A loss of privacy may contribute to a violation of payment information's confidentiality. ...
Chapter
Blockchain-based technology is becoming increasingly popular and is now used to solve a wide range of tasks. And it's not all about cryptocurrencies. Even though it's based on secure technology, a blockchain needs protection as well. The risks of exploits, targeted attacks, or unauthorized access can be mitigated by the instant incident response and system recovery. Blockchain technology relies on a ledger to keep track of all financial transactions. Ordinarily, this kind of master ledger would be a glaring point of vulnerability. Another tenet of security is the chain itself. Configuration flaws, as well as insecure data storage and transfers, may cause leaks of sensitive information. This is even more dangerous when there are centralized components within the platform. In this chapter, the authors will demonstrate where the disadvantages of security and privacy in blockchain are currently and discuss how blockchain technology can improve these disadvantages and outlines the requirements for future solution.
... Similarly, Ron et al. [57] used behavioural analysis to link the Bitcoin addresses that are believed to be related to the Silk Road marketplace [6]. Also, Dupont et al. [28] analyzed user's spending habits to reveal Bitcoin users physical location by analyzing. In addition, they assessed their method by collecting 518 known charities' Bitcoin addresses and physical locations, and comparing this data against their informed guesses, where their initial results show an accuracy of up to 72%. ...
... The work done in [3,4,8], belong to the category of "Utilizing Off-Network Information" and "Utilizing Network" by analyzing Bitcoin network traffic or using network infrastructure to design an attack to the network in order to gain information about Bitcoin transactions and map Bitcoin Addresses to IP addresses. Dupont et al [7], were able to reveal a Bitcoin user's physical location by analyzing user's spending habits and analyzing the times of day at which the user makes transactions to get an informed guess of the user time zone. Their work fall in the category of "Utilizing Off-Network information" and "Analyzing Blockchain Data" to map Bitcoin addresses to geo-Locations. ...
Conference Paper
As a decentralized cryptocurrency, Bitcoin has been in market for around a decade. Bitcoin transactions are thought to be pseudo-anonymous, however, there were many attempts to deanonymize these transactions making use of public data. Escrow services have been introduced as a good private and secure way to handle Bitcoin payments between untrusted parties, where the escrow service acts as the arbitrator in case of disputes. In our work, we examine the privacy and anonymity level of trades done through one of the Bitcoin trading websites offering such escrow services and how using the data they provide for open access through their APIs along with some public scraped data can compromise the privacy and anonymity of trades in some cases. In this paper, we suggest some heuristics and methods to deanonymize Bitcoin escrow trades done on LocalBitcoins.com, a well-known escrow service used especially by people seeking anonymity, and link them to suspect sets of Bitcoin transactions in the blockchain and suspect sets of users. Our research spots privacy weakness points of using escrow services that affects the privacy and anonymity of their users trades and identities. It also shows how tracking down criminals activities across escrow services is possible even without any authority on the escrow service making it less attractive for criminals to use cryptocurrencies and leading it to gain more trust.
... Furthermore, the observation of anomalous relaying behavior has been used to map bitcoin addresses to IP addresses [7]. It was also shown that the creation time of transactions can be used to infer the user's time zone [4]. Biryukov et al. [3] performed a man in the middle attack on clients using Tor by becoming the only possible Tor exit node by banning all other exit nodes in the bitcoin network. ...
Conference Paper
Full-text available
Address clustering tries to break the privacy of bitcoin users by linking all addresses created by an individual user, based on information available from the blockchain. As an alternative information source, observations of the underlying peer-to-peer network have also been used to attack the privacy of users. In this paper, we assess whether combining blockchain and network information may facilitate the clustering process. For this purpose, we apply all applicable clustering heuristics that are known to us to current blockchain information and associate the resulting clusters with IP address information extracted from observing the message flooding process of the bitcoin network. The results indicate that only a small share of clusters (less than 8%) were conspicuously associated with a single IP address. Also, only a small number of IP addresses showed a conspicuous association with a single cluster.
... Our system uses a global log of location reports in the system. This global log can be implemented similar to blockchain [2], which is a transaction database shared by all nodes participating in Bitcoin protocol [8]. Let us consider two devices i and j that provide a number of location reports over time. ...
... A central trait of bitcoin is anonymity (Reid & Harrigan, 2013), although first concepts are developed in order to de-anonymize bitcoin users (Dupont & Squicciarini, 2015). Nevertheless, there is research striving to identify the most important user groups of bitcoin (Bohr & Bashir, 2014). ...
Article
Full-text available
The obvious fierceness of the discussions about Bitcoin makes it necessary to carve out the facts in a more clearly and precisely manner. Therefore, it is important to clarify what influences the benefits of using Bitcoin by using empirical research. This paper addresses the following research question: What influences the benefit of using Bitcoin? Thereby, the benefit of using Bitcoin can be defined as the advantages of the utilization of a digital currency (Bitcoin) from a user`s point of view.
Chapter
Blockchain-Enabled Internet of Things Applications in Healthcare: Current Practices and Future Directions examines cutting-edge applications, from blockchain-powered IoT innovations in healthcare systems to intelligent health profile management, remote patient monitoring, and healthcare credential verification. Additionally, the book extends its insights into blockchain-enabled IoT applications in smart agriculture, highlighting AI-driven technologies for health management and sustainable practices. With expert analyses, case studies, and practical guidance, this book offers readers a roadmap for implementing these technologies to improve efficiency, security, and data management in healthcare. It is an invaluable resource for industry professionals, researchers, and students interested in the future of healthcare technology. Key Features: - Exploration of blockchain and IoT applications in healthcare and agriculture - In-depth case studies and expert analyses - Practical insights into technology challenges and benefits
Chapter
Cryptocurrency has the characteristics of decentralization and anonymization, which have emerged and attracted widespread attention from various parties. However, cryptocurrency anonymization breeds illegal activities such as money laundering, gambling, and phishing. Thus, it is essential to deanonymity on Cryptocurrency transactions. This paper proposes a cross-layer analysis method for Bitcoin transactions deanonymization. Through acquiring large-scale original transaction information and combining the characteristics of the network layer and the transaction layer, we propose a propagation pattern extraction model and associated address clustering model. We achieve the matching of the suspected transaction with the originator’s IP address for high precision and low overhead. Through experimental analysis in a real Bitcoin system, the cross-layer method can effectively match the original transaction with the target node, which reaches an accuracy of 81.3% and is 30% higher than the state-of-the-art method. By controlling several factors, such as different times and nodes, the characteristics of the extracted transaction propagation pattern can be proved reasonable and reliable. The practicality and effectiveness of the cross-layer analysis are higher than that of a single-level scheme.
Chapter
Bitcoin, the first successful application of Blockchain Technology, took the world by storm when it was launched in 2008. It promised a peer-to-peer financial system without involving a third party. Since then, security and privacy have been two of the most marketed features of Blockchain technology and cryptocurrencies. Despite anonymity being one of the core features, several methods have been designed to infer a user’s identity on the Blockchain network. This study discusses the privacy concerns on a Blockchain regarding the anonymity of users and analyzes the existing methods to prevent the de-anonymization of users. The work also presents an improved mechanism to protect user anonymity on Blockchain using a hash-based approach. The simulation results demonstrate how a user can make a transaction to their desired destination from addresses unrelated to their own while simultaneously maintaining their anonymity on the network.
Article
The Bitcoin system uses anonymous transactions to protect users’ privacy, but attackers can use this defect of bitcoin transactions to discover the association between bitcoin addresses. At present, address clustering methods can make use of these vulnerabilities to associate the address as an entity to a certain extent. However, these address clustering methods have problems such as an insufficient inference rate of change addresses, inability to identify mixing transactions, and low efficiency of algorithm implementation. We propose some solutions to these problems. 1) We improve the method of change address identification to identify and mark more of them. 2) We propose a heuristic address clustering method related to mixing transactions, which can identify their privacy vulnerabilities. 3) We propose an incremental address clustering method that can store the historical state and more quickly discover the anonymity defect of Bitcoin. We use real Bitcoin transaction data to demonstrate our method’s feasibility and reliability.
Chapter
Bitcoin is a digital currency payment system, which bases on the property of decentralization and anonymization of Blockchain. Researches on transaction deanonymization for the Bitcoin system may not associate anonymous transactions with the IP addresses (physical identity) of the originator accurately and may consume network resources excessively. In this paper, we propose an approach to obtain the originating transactions through analyzing the propagation information. We calculate a pattern matching score by combining the propagation pattern extraction and the node weight assignment. Through carrying out the experiments in the real Bitcoin system, we effectively match the originating transactions with the target node, which reaches a precision of 81.3% and is 30% higher than the state-of-the-art method.
Chapter
This paper studies bitcoin address usage, which is assumed to be hidden via address pseudonyms. Transaction anonymity is ensured by means of bitcoin addresses, leading to abuse for illegitimate purposes, e.g., payments of illegal drugs, ransom, fraud, and money laundering. Although all the transactions are available in the bitcoin system, it is not trivial to determine the usage of addresses. This work aims to estimate typical usages of bitcoin transactions based on transaction features. With the decision tree learning algorithm, the proposed algorithm classifies a set of unknown addresses into seven classes; provider addresses of three services for mining pool, Bitcoin ATM, and dark websites; and user addresses of four services for mining Bitcoin ATM, dark websites, exchange, and a bulletin board system. The experimental results reveal some useful characteristics of bitcoin traffic, including statistics of frequency, amount of value, and significant transaction features.
Article
Blockchain users are identified by addresses (public keys), which cannot be easily linked back to them without out‐of‐network information. This provides pseudo‐anonymity, which is amplified when the user generates a new address for each transaction. Since all transaction history is visible to all users in public blockchains, finding affiliation between related addresses undermines pseudo‐anonymity. Such affiliation information can be used to discriminate against addresses linked with undesired activities or can lead to de‐anonymization if out‐of‐network information becomes available. In this work, we propose an approach to undermine pseudo‐anonymity of blockchain transactions by linking together addresses that were used to deploy smart contracts, which were produced by the same authors. In our approach, we leverage stylometry techniques, widely used in the social science field for attribution of literary texts to their corresponding authors. The assumption underlying authorship attribution is the existence of a distinctive writing style, unique to an author and easily distinguishable from others. Drawing an analogy between literary text and smart contracts' source code, we explore the extent to which unique features of source code and byte code of Ethereum smart contracts can represent the coding style of smart contract developers. We show that even a small number of representative features leads to a sufficiently high accuracy in attributing smart contracts' code to its deployer's address. We further validate our approach on real‐world scammers' data and Ponzi scheme‐related contracts. Additionally, we provide an algorithm to extract distinctly contributing features per an entire dataset or per specific authors. We use this algorithm to extract and explore such features in our dataset and in the Ponzi scheme‐related dataset.
Chapter
Elicitative threat modeling approaches such as Microsoft STRIDE and LINDDUN for respectively security and privacy use Data Flow Diagrams (DFDs) to model the system under analysis. Distinguishing between external entities, processes, data stores and data flows, these system models are particularly suited for modeling centralized, traditional multi-tiered system architectures.
Article
Blockchain offers an innovative approach to storing information, executing transactions, performing functions, and establishing trust in an open environment. Many consider blockchain as a technology breakthrough for cryptography and cybersecurity, with use cases ranging from globally deployed cryptocurrency systems like Bitcoin, to smart contracts, smart grids over the Internet of Things, and so forth. Although blockchain has received growing interests in both academia and industry in the recent years, the security and privacy of blockchains continue to be at the center of the debate when deploying blockchain in different applications. This article presents a comprehensive overview of the security and privacy of blockchain. To facilitate the discussion, we first introduce the notion of blockchains and its utility in the context of Bitcoin-like online transactions. Then, we describe the basic security properties that are supported as the essential requirements and building blocks for Bitcoin-like cryptocurrency systems, followed by presenting the additional security and privacy properties that are desired in many blockchain applications. Finally, we review the security and privacy techniques for achieving these security properties in blockchain-based systems, including representative consensus algorithms, hash chained storage, mixing protocols, anonymous signatures, non-interactive zero-knowledge proof, and so forth. We conjecture that this survey can help readers to gain an in-depth understanding of the security and privacy of blockchain with respect to concept, attributes, techniques, and systems.
Chapter
Annotating blockchains with auxiliary data is useful for many applications. For example, criminal investigation of darknet marketplaces, such as Silk Road and Agora, typically involves linking Bitcoin addresses, from which money is sent or received, to user accounts and web activities. We present BlockTag, an open-source tagging system for blockchains that facilitates such tasks. We describe BlockTag’s design and demonstrate its capabilities through a real-world deployment of three applications in the context of privacy research and law enforcement.
Article
Bitcoin is the most widely known distributed, peer-to-peer (P2P) payment network without existence of a central authority. In Bitcoin, users do not use real names; instead, pseudonyms are used. Managing and verifying transactions and issuing of bitcoins are performed collectively by peers in the network. Since pseudonyms are used without providing any identity, it is perceived that Bitcoin provides anonymity. However, it is one of the most transparent payment networks since all transactions are publicly announced. Blockchain, which is the public ledger of Bitcoin, includes all transactions to prevent double-spending and to provide integrity. By using data in the blockchain, flow of bitcoins between transactions can be observed and activities of the users can be traced. When the implications obtained from the blockchain are combined with external data, identity and profile of a user can be revealed. This possibility has undesirable effects such as spending history of a user becomes accessible to other people, or cash flow of a merchant becomes exposed to competitors. There are several proposals as extensions or alternatives to Bitcoin, which improve anonymity and privacy. This survey presents an overview and detailed investigation of anonymity and privacy in Bitcoin-like digital cash systems. We examine the studies in the literature/web in two major categories: (i) analyses of anonymity and privacy in Bitcoin, and (ii) extensions and alternatives to Bitcoin, which improve anonymity and privacy. We list and describe methods and outcomes for both categories and group studies according to these methods and outcomes. We also present relationships between outcomes of analyses and the improvement methods. We compare performances of the methods and show relationships between the proposals. Moreover, we present guidelines for designing an anonymity/privacy improvement and discuss future research directions.
Conference Paper
Full-text available
Many cryptocurrencies have come into existence in recent years, with Bitcoin the most prominent among them. Although its short history has been volatile, the virtual currency maintains a core group of committed users. This paper presents an exploratory analysis of Bitcoin users. As a virtual currency and peer-to-peer payment system, Bitcoin may signal future challenges to state oversight and financial powers through its decentralized structure and offer of instantaneous transactions with relative anonymity. Very little is known about the users of Bitcoin, however. Utilizing publicly available survey data of Bitcoin users, this analysis explores the structure of the Bitcoin community in terms of wealth accumulation, optimism about the future of Bitcoin, and themes that attract users to the cryptocurrency. Results indicate that age, time of initial use, geographic location, mining status, engaging online discourse, and political orientation are all relevant factors that help explain various aspects of Bitcoin wealth, optimism, and attraction.
Conference Paper
Full-text available
Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on a combination of cryptographic protection and a peer-to-peer protocol for witnessing settlements. Consequently, Bitcoin has the unintuitive property that while the ownership of money is implicitly anonymous, its flow is globally visible. In this paper we explore this unique characteristic further, using heuristic clustering to group Bitcoin wallets based on evidence of shared authority, and then using re-identification attacks (i.e., empirical purchasing of goods and services) to classify the operators of those clusters. From this analysis, we characterize longitudinal changes in the Bitcoin market, the stresses these changes are placing on the system, and the challenges for those seeking to use Bitcoin for criminal or fraudulent purposes at scale.
Article
A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Online shopping habits survey
  • Pwc