By | Engku Azlan bin Engku Habib
Cryptocurrency and Bitcoin in particular is not considered 100% private. At some point, users may use Bitcoin to purchase products or services that require the buyer’s identification due to regulations (e.g. KYC – Know Your Client). They may have to provide the same information during exchanges, for generating Bitcoin wallets or to accept Bitcoin from someone else. Unless a user is very prudent from the start, it is possible to determine his/her identity.
Among the most basic and common ways Bitcoin users can expose their identity are:
-
Carelessness
The classic tell-tale source of exposure is own carelessness. Using and exposing Bitcoin addresses unnecessarily will permanently cast a transaction in the Blockchain where it is shared in thousands of Bitcoin blockchain nodes. Here, transactions are virtually impossible to delete.
-
Identifying IP Addresses
Contrary to popular belief, using TOR does not really obscure IP addresses; they are just harder to identify. Other methods should be used for extra anonymity.
When a Bitcoin user generates and sends a transaction from their computer, the transaction is sent for confirmation to other Bitcoin miners who take part in the Bitcoin protocol [3]. Every miner that receives a transaction also logs the IP it came from.
If an authority gets hold of enough logs of IPs from different miners, they can compare these to the timestamp of when a signal reached a given machine and use this to extrapolate the geographical location of a transaction sender. In a worst-case scenario it may be possible to narrow down the search area to a block or town, and even perhaps an exact house or apartment number.
Using exchanges that hold many hundreds of thousands of Bitcoin addresses at any given moment and that keep changing them regularly makes it harder to trace IP addresses. However, as most exchanges (depending on the country) necessitate keeping logs of IPs, past addresses and transactions as required by law, such information can again be subpoenaed and analysed.
-
Transaction Graph
The most advanced method, the transaction graph, encompasses tracking the blockchain itself in great detail.
At the very least, Bitcoin users should use a new address with every transaction to increase privacy. Thus, when sending amount X from address A to address B, it is recommended for the sender to also have an address C generated to which leftover funds from address A are sent.
The transaction graph takes this into account. If a transaction has more than one input address, it is logical to assume that those addresses belong to the same person or group. If a transaction has multiple outgoing addresses, it is assumed that the address that has never appeared in the blockchain before is the leftover address – the one to which you send whatever was left from the first address after sending to the originally intended one. If we then take into account the human tendency to use whole numbers, it is reasonable to conclude that if a transaction contains a whole amount of BTC to one address and a fractional amount to another (e.g. 2 BTC vs 1.5379824792878972 BTC), the latter is probably the leftover and the former is the recipient.
To exactly identify transactors, an investigator must remove the unknown from the equations of interest. This is done by replacing addresses in the graph with known entities.
As an example, various online shops accept Bitcoin only on one address that remains fixed over time. The same goes for various organizations accepting donations. Forum users sometimes have their Bitcoin address in their signature or e-mail signature.
Imagine user A purchased a limited edition T-shirt with Bitcoin from seller B. If someone else (user C) knows that only one shop sells this T-shirt and combines the purchase price of the T-shirt with the estimated time of purchase and the shop’s BTC address, C can easily find A’s address. Thus A’s identity can be forever detectable in the blockchain. Further along in the future, if anyone ever needs to find something out, they can use this method as a starting point and unravel A’s transactional history.
By combining these three methods, authorities have identified and caught the owner of Silkroad – a notorious black market of drugs, weapons and other contraband.
-
Dedicated Bitcoin Tracking Software/Service
It has been reported that the US Internal Revenue Service (IRS) has engaged the company Chainanalysis to trace the movement of money through Bitcoin economy.
“This is necessary to identify and obtain evidence on individuals using bitcoin to either launder money or conceal income as part of tax fraud or other Federal crimes." – IRS
The IRS is also very interested in obtaining and analysing information on cryptocurrency exchanges.
From the evidence above, it can be ascertained that Bitcoin is not private and is only partially anonymous. The most anonymous cryptocurrency right now is Monero, closely followed by Dash, ZCash, Verge, Vertcoin, and soon Ether.
Bitcoin transactions are easy to follow, but even if they are not, trying to ban cryptocurrency directly would not hinder the use of Bitcoin or other cryptocurrencies. It would be driven underground where all the people using them thus far would just continue to do so.
Steps taken by most governments that allow the usage of cryptocurrencies in their countries, such as KYC, registration of exchanges, tax reporting, etc. are greatly welcome. These are among the measures that can be beneficial for both governments and cryptocurrency users and need to be reviewed and updated regularly.
