1 BitIodine: extracting intelligence from the Bitcoin network Michele Spagnuolo
2 Bitcoin BitIodine
3 About Bitcoin Decentralized, global digital currency A global peer-to-peer network, across which transactions are broadcast Can support strong anonymity - implementations not strongly anonymous Recent clarification to US regulations - to be considered as foreign currency and not legal tender
4 Open money Open money trust-no-one currency/commodity that isn t subject to manipulation by central banks or corporations designed for security, founded on distributed cryptography crypto-currency Quanta sit vis in numeris... T. Struve, De Numeris, 1421
5 History Digital currency based in cryptography , Bitcoin whitepaper , by "Satoshi Nakamoto" (pseudonym) First client in January 2009 Open Source No single point of failure
6 Who uses Bitcoin? A lot of legitimate uses of Bitcoin
7 Why use Bitcoin? Speed and price No central authority No setup Better privacy No counterfeit, no chargebacks No account freezing Algorithmically known inflation
8 Trading goods for Bitcoin
9 Also accepting Bitcoin...
10 Who also uses Bitcoin? Top 20 categories $1.2M rev/month 220 categories, ranging from digital goods to various kinds of narcotics or prescription medicines
11 Some stats about Bitcoin As of June 1: 1 BTC is traded for USD (max: 266 USD on April 11, min: 50 USD on April 16) $1.5B market capitalization 30,000 BTC / 3.8M$ sent per hour Approximately 60,000 transactions per day
13 Address and Wallet An address is a string like 1MikiSPbrhCFk7S4wzZP7gQqhwWH866DCb generated by a Bitcoin client together with the private key needed to spend and redeem the coins sent to it. It is public, and can be posted everywhere in order to receive payments. A wallet is a file which stores addresses and the private keys needed to use them.
14 Transaction A record of coins moving from one or more addresses to one recipient address. It is saved in a block.
15 How spending works Several cryptographic technologies public key cryptography - ECDSA hashing algorithms - SHA-1, SHA-256,... Future proof - designed to be upgraded in a forward compatible way
16 A block is a list of transactions. Block Each block embeds new transactions that took place before it was created. A new block is generated, on average, every 10 minutes. The first generated block is called genesis block. Transactions are placed in blocks, which are linked by SHA-256 hashes.
17 Blockchain The blockchain is the linked list of all the blocks that have been generated since day one. A full copy of the blockchain contains every transaction ever executed, and is distributed on every client. For any block on the chain, there is only one path to the genesis block. Coming from the genesis block, however, there can be forks.
18 Mining / Generation Users on the Bitcoin network compete to generate a new valid block that satisfies a difficult requirement (block hash with N leading zero bytes) - this is done by brute force. The lucky solver is then rewarded a fixed number of bitcoins for cryptographically validating transactions on the network. The parameter N is automatically adjusted by the protocol (difficulty), making it scale with the number of miners and making sure that, statistically, one block is generated every 10 minutes.
19 Mining hardware Nowadays mining with GPUs is no longer profitable - FPGAs or ASICs.
20 Distributed consensus problem New blocks are linked to older blocks, forming a block chain that is constantly being extended. Miners may generate blocks at the same time or too close together. A participant choosing to extend an existing path in the block chain indicates a vote towards consensus on that path. The longer the path, the more computation was expended building it. Longest path = accepted chain Bitcoin offers a unique solution to the consensus problem in distributed systems since voting power is directly proportional to computing power.
22 Is Bitcoin anonymous? Yes Users don't need to set up accounts No ID required Cash-like Tor / VPN help No Every transaction is stored in the blockchain Analysis of the blockchain can correlate addresses
23 BitIodine a tool for analyzing and profiling the Bitcoin network
24 Transaction graph
25 User graph
26 Techniques for creating the User Graph Two main techniques: Multi-input transactions grouping Shadow address guessing (change)
27 Multi-input transactions When a transaction has multiple input addresses, we can safely assume that those addresses belong to the same wallet, thus to the same user. Assumption: owners don't share private keys. Caveat: web wallets - pools that would be "mistakenly" grouped as a single user.
28 Shadow addresses the entire value of an unspent output of a prior transaction must be spent and used as input for a new transaction input is destroyed, and change should be sent back to the user to improve anonymity, a "shadow" address is automatically created and used to collect back the "change"
29 Shadow addresses When a Bitcoin transaction has exactly two output addresses, O 1 and O 2, such that O 2 is a new address (i.e., an address that has never appeared before), and O 1 corresponds to an old address (an address that has appeared previously), we can assume that O 2 constitutes a shadow address for one of the input addresses of that transaction.
30 Transactions with two outputs are the vast majority " Transac/on'count'per'number'of'outputs' Number'of'transac/ons' " " " " " " " Why? One payee, one shadow address for change back " " 0" 1" 2" 3" 4" 5" 6" 7" 8" 9" 10"11"12"13"14"15"16"17"18"19"20"21"22"23"24"25"26"27"28"29"30"31"32"33"34"35"36"37"38"39"40"41"42"43"44"45"46"47"48"49"50" Number'of'outputs' Transac7on(volume(per(number(of(outputs( Volumes((BTC)( 1,400,000,000" 1,200,000,000" 1,000,000,000" 800,000,000" 600,000,000" 400,000,000" 200,000,000" 0" 1" 2" 3" 4" 5" 6" 7" 8" 9" 10"11"12"13"14"15"16"17"18"19"20"21"22"23"24"25"26"27"28"29"30"31"32"33"34"35"36"37"38"39"40"41"42"43"44"45"46"47"48"49"50" Number(of(outputs(
31 Shadow addresses The official bitcoin client tries to randomize the position of the change output, but code is flawed: File: wallet.cpp // Insert change txn at random position: Number of payees vector<ctxout>::iterator position = wtxnew.vout.begin()+getrandint(wtxnew.vout.size()); wtxnew.vout.insert(position, CTxOut(nChange, scriptchange)); size()+1 If just two outputs (one payee), GetRandInt(1) always returns 0. The change ends up always in the first output. If multiple outputs, change is never the last output. Still not fixed! (Recently fixed!)
32 Shadow addresses Given the bug in the official client, BitIodine checks transactions with exactly two outputs, and also checks that the first address was new at the time of the transaction. If it is, chances are it's a shadow address. It is a heuristic.
36 Example: classifying address and owner Classify an address we found in IRC chat logs of channel #bitcoin-otc Borrowed money from other Bitcoin-OTC users
37 Zero-balance address, exhausted in 84 transactions, belonging to user xisalty on BitcoinTalk forum and user xisalty-otc on Bitcoin-OTC. The owner is a known scammer! Every address belonging to the user is empty, 4.5% are One- Time-Addresses, 2.3% are zombies.
38 A real-world case: investigating the Silk Road Identify the addresses owned by the Silk Road Investigate the activity of the addresses
39 A real-world case: investigating the Silk Road One of the bitcoin addresses that moved most funds on the network during 2012 is: 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM
40 A real-world case: investigating the Silk Road Using the Mt.Gox scraper, we find that: On July 17, 2012 this address had a balance of 517,825 BTC On the same day Bitcoin looked on the verge of breaking 10 USD/BTC At 02:00 AM, someone sold 10,000 BTC at 9 USD/ BTC, driving the price down At 02:29, two large withdrawals of respectively 20,000 BTC and 60,000 BTC were made from this address one after the other, and included in a block at 02:32.
41 A real-world case: investigating the Silk Road Using the Mt.Gox scraper, we find that: Mt.Gox, at the time, needed 6 confirmations in order to allow the user to spend deposited bitcoins. 6 confirmations matured with block at height , relayed at 02:47:24 AM At 02:52 and 02:53, someone sold approximately 15,000 BTC at market price in several batches, causing the price to drop below 7.5 USD/BTC.
42 A real-world case: investigating the Silk Road
43 A real-world case: investigating the Silk Road Sign up to the Silk Road Deposit BTC to a one-time deposit address The coins are mixed: the deposit address is provably in the same wallet as more than 25,000 other addresses
44 A real-world case: investigating the Silk Road Find a connection between the addresses in the mixer and the large 1Dky... address The mixer is a cluster active since June 18, more than 80,000 inputs/outputs Follow the flow of coins!
45 A real-world case: investigating the Silk Road Multi-hop connection found: the 1Dky... address belongs to the Silk Road.
46 Conclusions We present BitIodine We test it on real-world use cases we are able to get valuable information we get insights on the Silk Road Plans for the future add user-friendly front-end to the framework
Bitcoin: A Peer-to-Peer Electronic Cash System Satoshi Nakamoto email@example.com www.bitcoin.org Abstract. A purely peer-to-peer version of electronic cash would allow online payments to be sent directly
A Fistful of Bitcoins: Characterizing Payments Among Men with No Names Sarah Meiklejohn Marjori Pomarole Grant Jordan Kirill Levchenko Damon McCoy Geoffrey M. Voelker Stefan Savage University of California,
What is Bitcoin? Björn Segendorf* Björn Segendorf holds a Ph.D. in economics and works at the Riksbank s Financial Stability Department. Bitcoin is a so-called virtual currency that has been devised for
Majority is not Enough: Bitcoin Mining is Vulnerable Ittay Eyal and Emin Gün Sirer Department of Computer Science, Cornell University firstname.lastname@example.org, email@example.com Abstract. The Bitcoin
Issues and Risks Associated with Cryptocurrencies such as Bitcoin Félix Brezo and Pablo G. Bringas Avenida de las Universidades 24, 48007 DeustoTech Computing (S3lab), Universidad de Deusto Bilbao (Bizkaia),
Big Data, Smart Energy, and Predictive Analytics Time Series Prediction of Smart Energy Data Rosaria Silipo Phil Winters Rosaria.Silipo@knime.com Phil.Winters@knime.com Copyright 2013 by KNIME.com AG all
Intelligence Assessment Federal Bureau of Investigation Intelligence Assessment (U) Bitcoin Virtual Currency: Unique Features Present Distinct Challenges for Deterring Illicit Activity 24 April 2012 UNCLASSIFIED
Enabling Blockchain Innovations with Pegged Sidechains Adam Back, Matt Corallo, Luke Dashjr, Mark Friedenbach, Gregory Maxwell, Andrew Miller, Andrew Poelstra, Jorge Timón, and Pieter Wuille 2014-10-22
Customer Relationship Management and how you can use CRM technology to manage and grow your business. What is Customer Relationship Management? Customer Relationship Management (CRM) is undoubtedly one
MyState Business Internet Banking User Guide 1 Welcome to MyState Business Internet Banking The following links and information will help you make the most of your MyState Business Internet Banking. Contents
March 2012 The Virtual Office Running your Business from a Distance Contents 1 Introduction... 4 2 Online Banking... 4 2.1 Banking Services... 6 2.2 First Nations Bank Small business accounts... 7 2.2.1
Case Management Implementation Guide Salesforce, Summer 15 @salesforcedocs Last updated: June 30, 2015 Copyright 2000 2015 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark
Why Johnny Can t Encrypt: A Usability Evaluation of PGP 5.0 Alma Whitten School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 firstname.lastname@example.org J. D. Tygar 1 EECS and SIMS University
The KMyMoney Handbook for KMyMoney version 1.0 Michael T. Edwardes Thomas Baumgart Ace Jones Tony Bloomfield Robert Wadley Darin Strait Roger Lum Revision 1.00.00 (2009-08-10) Copyright 2000, 2001, 2003,
Oracle Fusion Applications Order Fulfillment, Receivables, Payments, Cash, and Collections Guide 11g Release 1 (11.1.3) Part Number E22896-03 November 2011 Oracle Fusion Applications Order Fulfillment,
SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION September 2010 (reviewed September 2014) ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK NETWORK SECURITY
Institute of Parallel and Distributed Systems University of Stuttgart Universitätsstraße 38 D 70569 Stuttgart Diplomarbeit Nr. 3242 Data security in multi-tenant environments in the cloud Tim Waizenegger
Technical report, IDE1108, March 2011 Mobile One Time Passwords and RC4 Encryption for Cloud Computing Master s Thesis in Computer Network Engineering Markus Johnsson & A.S.M Faruque Azam School of Information
Evaluation of different Open Source Identity management Systems Ghasan Bhatti, Syed Yasir Imtiaz Linkoping s universitetet, Sweden [ghabh683, syeim642]@student.liu.se 1. Abstract Identity management systems
REPORT ON THE 'MINI' REVIEW OF THE MONTHLY SURVEY TO INTERNET SERVICE PROVIDERS SEPTEMBER 2005 A publication of the Government Statistical Service 1 CONTENTS Page EXECUTIVE SUMMARY...3 KEY FACTS...4 1.
Follow the Green: Growth and Dynamics in Twitter Follower Markets Gianluca Stringhini, Gang Wang, Manuel Egele, Christopher Kruegel, Giovanni Vigna, Haitao Zheng, Ben Y. Zhao Department of Computer Science,
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
Monitoring and Diagnosing Applications with 4.0 Mark W. Johnson IBM Corporation The (Application Response Measurement) standard provides a way to manage business transactions. By embedding simple calls
Please cite this paper as: Blundell-Wignall, A. (2014), The Bitcoin Question: Currency versus Trust-less Transfer Technology, OECD Working Papers on Finance, Insurance and Private Pensions, No. 37, OECD
SMART MARKETING: UNLOCKING THE POWER OF AUTOMATION A Q&A Session with WhatCounts TABLE OF CONTENTS Introduction 4 Welcome to the Email Automation Q&A 5 What is Smart Marketing? 5 What is email automation?
Institut für Technische Informatik und Kommunikationsnetze Kirila Adamova Anomaly Detection with Virtual Service Migration in Cloud Infrastructures Master Thesis 263-8-L October 22 to March 23 Tutor: Dr.