Bitcoin's blockchain provides inalterable evidence, stored on thousands of computers, of every Bitcoin transaction that's ever taken place. Many of the transactions recorded on that distributed ledger are crimes: Billions of dollars in stolen funds, contraband deals, and paid ransoms sitting in plain sight, yet obscured by unidentifiable Bitcoin addresses and, in many cases, tangles of money laundering.

But a group of Cambridge cybersecurity researchers now argues that one can still distinguish those contraband coins from the legitimate ones that surround them, not with any new technical or forensic technique, but simply by looking at the blockchain differently—specifically, looking at it more like an early 19th century English judge.

In a paper published last week, the Cambridge team argues for a new way of tracing “tainted” coins in the blockchain, particularly ones that have been stolen or extorted from victims and then sent through a series of transactions to hide their ill-gotten origin. Rather than try to offer any new detective tricks to identify the source of a Bitcoin transaction hiding behind a pseudonymous address, their idea instead redefines what constitutes a dirty bitcoin. Based on a legal precedent from an 1816 British court decision, they posit that the first coin that leaves a Bitcoin address should be considered the same coin as the first one that went into it, carrying with it all of that coin's criminal history. And if that coin was once stolen from someone, he or she may be allowed to claim it back even after it has passed through multiple addresses.

'One unlucky person is going to end up holding the stolen bitcoin.' Ross Anderson, Cambridge University

The Cambridge researchers have gone so far as to code a proof-of-concept software tool, which they plan to release later this year, that can scan the blockchain and, starting from known instances of Bitcoin theft, theoretically identify the same tainted coins, even if they’ve hopped around the blockchain for years.

“The software we’re going to publish will let you know whether your favorite bitcoin was ever owned by Ross Ulbricht or Mt. Gox,” says Ross Anderson, the Cambridge computer science professor who leads the research group, referring to the convicted administrator of the Silk Road Bitcoin drug market and the first major Bitcoin exchange Mt. Gox, which went bankrupt in 2014 after being robbed of 850,000 bitcoins. “What we’re providing is software that’s very much better than anything that went before at tracing stolen property that happens to be a cryptocurrency, or if you wish, drug money or the proceeds of money laundering.”

Defining Dirty Money

Tracing bitcoins has long been easy in theory: The blockchain's public record allows anyone to follow the trail of coins from one address to another as they're spent or stolen, though not always to identify who controls those address. But that tracing becomes far dicier when Bitcoin users put their coins through a "mix" or "laundry" service—sometimes in the form of an unregulated exchange—that jumbles up many people's coins at a single address, and then returns them to confuse anyone trying to trace their path. In other cases, users bundle together their transactions through a process called Coinjoin that gives each spender and recipient deniability about where their money came from or ended up.

For companies like Chainanalyis, Coinfirm, and Ciphertrace that offer to trace stolen or "tainted" coins—and who generally don't make their methodology public— that leaves limited options. They can either treat any coin that comes out of a mix that includes tainted coins as fully "dirty," or more reasonably, average out the dirt among all the resulting coins; put one stolen coin into a mix address with nine legit ones, and they're all 10 percent tainted. Some academics have called this the "haircut" method.

But Anderson argues that haircut tracing quickly leads to enormous parts of the blockchain being a little bit tainted, with no clear answers about how to treat an infinitesimally unclean coin. Often the fraction can be so small it has to be rounded up, leading to artificial increases in the total "taint" recorded.