Maybe you bought it some illegal narcotics on the Silk Road about ten years ago, when the digital black market of every imaginable smuggling was still online and lively. You may already regret this decision, for any number of reasons. After all, the four bitcoins you spent on that lot of hallucinogenic mushrooms were now worth as much as an 'Alfa Romeo'. But a group of researchers wants to remind you of another reason to make up for this transaction: if you were not particularly careful in the way you spent your cryptocurrency, the evidence of that deal could still be pending in full view. of the forces of order, even years after the Silk Road had been torn from the dark net.
Researchers at Qatar University and Hamad Bin Khalifa University, at the beginning of last week, have published some results that demonstrate how easy it is to gather evidence of bitcoin transactions a year old, when spenders have not accurately recycled their payments . In well over 100 cases, they could link someone's bitcoin payment on an obscure website to that person's public account. In more than 20 cases, they say, they could easily link these public accounts to specific transactions on the Silk Road, also identifying specific names and places of some buyers.
"Bitcoin's retroactive operational security is low," says Husam Al Jawaheri, a researcher at Qatar University. "When things are recorded in the blockchain, you can go back in history and reveal this information, to break the anonymity of the users."
Bitcoin's privacy paradox has long been understood by its more experienced users: since cryptocurrency is not controlled by any bank or government, it can be very difficult to link real-world identities to anyone with their bitcoin stash. But the bitcoin public transaction register known as blockchain also acts as a register of every bitcoin transaction from one address to another. Find someone's address and find out who is sending money or receiving it becomes trivial, unless the spender undertakes to route those transactions through intermediate addresses or recycling services that obscure the origin and destination of the payment .
"Bitcoin's retroactive operational security is low."
Husam Al Jawaheri, University of Qatar
But few if none of the researchers actually documented their work to exploit those bitcoin properties and count identifiable obscure web transactions. To do so, Qatar researchers first collected dozens of bitcoin addresses used for donations and dealmaking from websites protected by the Tor anonymity software, run by everyone, from WikiLeaks to the now defunct Silk Road. Then they scraped thousands of bitcoin addresses more visible from public user accounts on Twitter and from Bitcoin Talk's popular bitcoin forum.
By simply looking for direct links between these two sets of addresses in the blockchain, they found more than 125 transactions made on the accounts of those obscure sites – most likely with the intention of preserving the anonymity of senders – who could easily connect to the public accounts. Among these, 46 were donations to Wikileaks. More disturbingly, 22 were payments to the Silk Road. Although they do not reveal many personal details of those 22 individuals, the researchers say that some have publicly revealed their positions, age, gender, e-mail addresses or even full names. (A user who identified himself completely was just a teenager at the time of the transactions). And the 18 people whose transactions on Silk Road were linked to Bitcoin Talk could be particularly vulnerable, since that forum had previously responded to subpoeanas by asking to unmask a registration details of the user or private messages. "You have irrefutable evidence that they map this profile to this hidden service," says Yazan Boshmaf, another of the study's authors.
The researchers point out that they only used easily identifiable addresses and simple matching techniques. For example, they have not used methods that other researchers have proposed to make less obvious connections between bitcoin addresses that identify "clusters" of addresses associated with dark black web markets. Nor could they use the means available to the forces of order to force online services such as the popular bitcoin wallet company Coinbase to seize secret bitcoin addresses. "Our analysis shows a lower limit of what can be found," says Boshmaf. More resourceful and motivated hunters could potentially track even more potential anonymous bitcoin dealers, even years later.
"If you're vulnerable now, you're vulnerable in the future."
Yazan Boshmaf, Qatar Computing Research Institute
The forces of order have shown that they are willing to dig into the blockchain to gather evidence of past criminal transactions. In the case of Silk Road's founder, Ross Ulbricht, for example, an FBI contractor demonstrated to a jury that $ 13.4 million bitcoins were passed from the Silk Road servers to Ulbricht's laptop at some point. And even the old dark web transactions of years are not safe from the accusation. A German Silk Road customer was fined € 3,000 by the German authorities after stopping a marijuana dealer who had kept a record of his previous sales, years after they occurred.
Events such as those have helped make cryptocurrency users increasingly wary of Bitcoin's privacy threats. Earlier this month, Chainalysis, a cryptocurrency research firm, noted that obscure web transactions account for only one percent of bitcoin transactions, down from 30 percent in 2012. Meter sales Like other illegal cryptocurrency applications including ransomware, they have largely switched to new digital currencies like Monero and Zcash, both of which promise far greater privacy by default.
However, as the work of Qatar researchers shows, even the improvement of privacy practices can not always erase the old proofs of years from the internet, particularly when such evidence is captured in the unalterable record of the blockchain. Even deleting profile information that includes bitcoin addresses may not be sufficient if a post has been cached or captured by services such as the Internet Archive, they underline. "If you're vulnerable now, you're vulnerable in the future," says Boshmaf. Your stealth of stardom today, in other words, might not save you from the ghosts of past opsec bitcoin failures.