How blockchain tracing has led to major crypto criminal busts
One of the most common misconceptions about cryptocurrency is that holdings and transactions are anonymous. In reality, the underlying blockchains or digital ledgers that allow for cryptocurrencies to function are also a tool that law enforcement or amateur sleuths can use to de-anonymize the alphanumeric addresses that form people’s cryptocurrency wallets.
Longtime technology journalist Andy Greenberg traces the development of these techniques — known as “blockchain analytics” or “blockchain surveillance” — in his new book, “Tracers in the Dark.” The subject is more relevant than ever. During the rapid collapse of crypto exchange FTX, which declared bankruptcy last week, keen on-chain observers watched as millions of dollars in cryptocurrency disappeared — either because the exchange was hacked — or, as some have speculated, an insider pulled off a heist. The transparency afforded by the blockchain is unlike anything else in finance, for better or worse.
Grid spoke with Greenberg about his new book, the basics of blockchain analytics, and its growing use by law enforcement and other practitioners. This interview has been edited for length and clarity.
Grid: What made you want to write this book?
Andy Greenberg: I was covering anonymity technologies and cryptography and the dark web even before I’d ever heard of cryptocurrency. I wrote a book about WikiLeaks, Tor and the cypherpunks — that whole movement of people seeking privacy and trying to use encryption to take power away from governments and corporations and give it to individuals — these kind of crypto-libertarians.
I first came upon Bitcoin in 2011. I actually first learned about it from a video of a talk that Gavin Andresen, a Bitcoin developer, gave, where he described it as a cyberpunk invention by this mysterious guy, Satoshi Nakamoto. From the very beginning, my interest in Bitcoin was about its potential anonymity and untraceability and the ways that it might monetize a whole new contraband market on the dark web. And of course, I misunderstood those privacy promises, but I don’t think I was alone in doing that.
I mean, in my defense, Satoshi Nakamoto — himself or herself — in that first email, introducing the Bitcoin White Paper to a cryptography mailing list, said in the bullet points describing the features of the system, that “participants can be anonymous.” That’s a big part of why it was immediately adopted by people like the Silk Road and seen as this like perfect digital cash that could be spent without revealing your identity.
G: Which at the beginning of crypto that made sense — these are just alphanumeric addresses, why would we assume we could figure out who the person behind that was?
AG: I agree. We all knew the blockchain existed — that was not a surprise that it recorded every transaction. But tying those to a person, it didn’t seem like there was any way to do that. And so, you know, if not anonymous, at least it seemed like Bitcoin was pseudonymous and that seemed close enough for a lot of us.
G: But over time, it became clear the situation wasn’t so simple.
AG: Jump forward to the 2010s, and there was more and more evidence, both in the research community and glimmers of it in the tech world, that actually people were tracing Bitcoins. But it was never clear how definitive that tracing was and how traceable Bitcoin truly was. And then it was only really in 2020 that I began to see, for example, Department of Justice announcements, of one major bust or takedown after another where they would thank Chainalysis, a company that I was only vaguely aware of. And so I began to look deeper.
I first thought this company Chainalysis clearly has its fingers in just so many of these fascinating cases, I thought maybe I would just write a piece about Chainalysis. But immediately when I started talking to the company’s co-founders, I saw that there was an opportunity to do something much bigger.
They truly have been instrumental in one major case after another, from the Mt. Gox hack [the largest cryptocurrency hack to that point in time] to the takedown of AlphaBay, the biggest dark web drug market in history, to the Welcome to Video child exploitation dark web site, in which hundreds of people were arrested [for possessing or creating child sexual abuse imagery]. I started to get more ambitious about trying to tell each of those stories, not just from Chainalysis’ point of view, but from the perspective of the detectives who were really doing those cases hands on and using Chainalysis. And cryptocurrency tracing more generally, as this kind of secret weapon, taking down one massive cybercriminal operation after another.
G: Chainalysis is a name people might not be familiar with, but they have a wide array of contracts with the U.S. government — who are they and how did they rise to prominence?
AG: I was kind of shocked to learn in one of my first conversations with them, that they had just taken a funding round that made them a billion-dollar company — like an actual unicorn. Which seemed like kind of improbable for this niche capability of tracing cryptocurrency. But in the process of reporting this book, not only did I begin to see how profitable they are, how many clients they have and how big an industry this is, but then Chainalysis just kept growing. Now it was an $8.6 billion company. Bitcoin [and other cryptocurrencies] has its ups and downs, but this industry of tracing cryptocurrency, in particular, is just exploding unabated.
G: What is the goal of this larger industry? How are companies differentiating themselves?
AG: This whole industry now is focused on just ferreting out any clues that can undo what once appeared to be the anonymity or untraceability of cryptocurrencies. They are all, I think, now competing for the best minds of the research worlds. Every blockchain is a permanent record of transactions that can be studied for years and years to find new clues to develop new techniques to identify people — sometimes going back years, to find patterns or to identify specific criminal acts. It is an endless playground for big data analysis and has lent itself to a really vibrant world of researchers in the academic world and in the private sector. While the academic world is publishing their findings, and sometimes as a kind of public service announcement — as did Sarah Meiklejohn, the lead author of the original paper that sort of broke the whole field of cryptocurrency tracing wide open — the private sector, meanwhile, is really holding these techniques very closely, and competing to develop new secret tools that can identify people and identify behavior. As for what really differentiates these companies, they all have a core set of techniques that are now pretty publicly known for tracing cryptocurrencies, but they also have their different unique capabilities and tricks, some of which they’ve never revealed publicly.
G: Can you describe some of the analysis techniques that these companies use?
AG: Sarah’s paper laid out what are still like some of the most fundamental crypto tracing techniques that people are still using today. The first is if you can follow the money to a cryptocurrency exchange, or another institution where people have to reveal their identity, then you can subpoena that exchange for an identity. That’s the basic way that this works. She and her co-authors laid out the techniques to make that possible. There are really two different parts of this. One is clustering. If you look at the blockchain, it can look just like, well, hundreds of millions of addresses by now, but Sara highlighted and invented some techniques to create clusters that can show dozens or even millions of addresses all belong to the same person or institution.
If you can show for instance, that in one transaction lots of Bitcoins from lots of different addresses are spent at the same time, then the same person must control all the keys for those spender addresses. In another instance she showed that many Bitcoin wallets have this change-making function where to send Bitcoins from an address, you have to spend all the coins at that address at once and then receive that change for the transaction. If you’re not spending all of them at the same time, you receive change at another address. Sarah Meiklejohn had this realization that if you can determine which is the change address, you can distinguish the change address from the recipient’s address — maybe because the change address has never received a payment before, whereas the recipient’s address has.
Then you can start to follow like one sort of wad of bills as it’s passed from address to address while always being possessed by the same person. That is what she calls a “peel chain” where you’re seeing a wad of bills moved from address to address — as one bill at a time is peeled off and given to someone else’s as it’s spent over time. Those peel chains can sometimes be followed all the way to an exchange and then somebody can be identified. So there’s the multi-input trick and the change-making trick are two pretty powerful techniques to start to create these clusters. That already took a ton of the mystery out of what seemed an endless sea of anonymous addresses.
Her other big innovation was to just start interacting with lots of Bitcoin services almost like an undercover operator. She just sent money into and out of dozens of exchanges and gambling services, and bought random objects for Bitcoin from tons of different e-commerce sites that accepted Bitcoin and even put money into the Silk Road and took it out again and again. All so she could identify some of the addresses of the services almost like a narcotics cop like doing a buy and bust, and then when she did identify those addresses, she sometimes would now be able to link them to entire clusters that she built with those other tricks.
In this paper in 2013, she took a huge bite out of any notion of Bitcoin’s anonymity or on traceability. But it would really take years for people to realize just how powerful those techniques are — and just how untraceable Bitcoin is not.
G: Do you think this industry will only continue to grow? What tension is it going to continue to create between the beliefs underpinning crypto and sort of the lived reality of it being observable and traceable to law enforcement?
AG: Cryptocurrency users are becoming aware of this world, and I imagine my book will make them a little more aware of the fact that if you use cryptocurrency, you’re probably vulnerable to being traced. In some ways it’s even more transparent, even more so available to surveillance, than the traditional world of finance. in the future, I see the use of these traceable currencies like Bitcoin and Ethereum, for instance, forking into people who don’t really mind that they’re being traced because they’re just using it for illicit purposes. And then there are people who know that even if they are traced, they can’t really be stopped — they’re not going to be arrested. These include people like North Korean hackers and Russian ransomware cybercriminals.
But I still think that there will be an element of surprise where a third group of people think that they’re doing something clever to remain untraceable, and then they get outsmarted. For better or for worse, in this world of blockchains, when you get outsmarted even years later, your mistakes are on the permanent record. In this cat-and-mouse game, the cats can go back in time to something they found on the blockchain years ago that you cannot erase and use that to identify or even prosecute you. So that’s a super interesting and almost chilling sort of dynamic in cryptocurrency that doesn’t exist in like other kinds of crime or other kinds of surveillance. We’re still just kind of starting to come to terms with what that will mean for people’s use of this technology.
Thanks to Alicia Benjamin for copy editing this article.