Visualizing Diffusion of Stolen Bitcoins

In previous work we have shown how stolen bitcoins can be traced if we simply apply existing law. If bitcoins are “mixed”, that is to say if multiple actors pool together their coins in one transaction to obfuscate which coins belong to whom, then the precedent in Clayton’s Case says that FIFO ordering must be used to track which fragments of coin are tainted. If the first input satoshi (atomic unit of Bitcoin) was stolen then the first output satoshi should be marked stolen, and so on.

This led us to design Taintchain, a system for tracing stolen coins through the Bitcoin network. However, we quickly discovered a problem: while it was now possible to trace coins, it was harder to spot patterns. A decent way of visualizing the data is important to make sense of the patterns of splits and joins that are used to obfuscate bitcoin transactions. We therefore designed a visualization tool that interactively expands the taint graph based on user input. We first came up with a way to represent transactions and their associated taints in a temporal graph. After realizing the sheer number of hops that some satoshis go through and the high outdegree of some transactions, we came up with a way to do graph generation on-the-fly while assuming some restrictions on maximum hop length and outdegree.

Using this tool, we were able to spot many of the common tricks used by bitcoin launderers. A summary of our findings can be found in the short paper here.

4 thoughts on “Visualizing Diffusion of Stolen Bitcoins

  1. Hi,

    regarding the “Making Bitcoin legal” paper, two questions
    1) I assume the assumption that btc transactions are FIFO is hypothetical? That is, could be enforced but isn’t currently
    2) Wasn’t there a public “Taintchain”? I remember you could you could check an address on blockchain.org and see how many % was taint from the given address, but I can’t find that functionality now (of course it’s not FIFO).

  2. While the FIFO rule has the blessing of the law, and has the apparent benefit of avoiding dilution and diffusion, it does not appear to be any more correct than any other 1:1 mapping of inputs to subsequent outputs. One can easily imagine scenarios where the FIFO rule ignores conspirators, who took their cut immediately after the fraud, while tainting innocent bystanders doing legitimate business with an entity that might have been unknowingly exploited by the perpetrators.

  3. We successfully, along with some legal intervention successfully identified a group who had been ‘loosing funds in what they expected to be a noun traceable manner using something similar. Extremely satisfying results and like all of these techniques needs to be part of a coordinated set of investigations.

    It is amazing (imho) how many individuals still believe that bitcoin are truly anonymous.

Leave a Reply

Your email address will not be published. Required fields are marked *