Bitcoin and Anonymity: Not So Much

CoinLab’s Patent for methods for deanonymizing Bitcoin wallets and transactions was released March 28. We have held off on describing methodologies and impacts until the patent was published, but it seems past time to talk about what we can see using this technology, and possible impacts on Bitcoin businesses.

As always, CoinLab’s technology is available for license, and our analysts are available on contract basis to help with concerns related to Bitcoin transactions: contact us via e-mail.

The Motivation

It’s pretty simple – we sued Mt. Gox in 2013, claiming they breached contract – most particularly, that they failed to put all US and Canada Mt. Gox customer funds into safe hands (ours). This was not a popular decision, to put it lightly. We felt we had no alternative at the time, knew we were betting the business, and went ahead. We made some coded public comments that we were worried about the auditability and amount of funds Mt. Gox actually had, but left it at that.

Since then, Mark Karpeles has gone to jail, Mt. Gox has announced it ‘misplaced’ 500,000 Bitcoins, and we’ve all moved on while our funds are locked into a Japanese bankruptcy proceeding. I’ve learned there’s no karma benefit for being the first to sue a popular figure, even if he later turns out to be a complete asshat.

We were convinced Mark had hidden some coins for himself, and sat down to look for how and where he’d hid them. This (admittedly venal), but intense focus on digging through the Bitcoin blockchain for ‘bad’ money movements ended up yielding a large amount of know-how, much of which is encoded into our patent, and all of which is coded into our tool, Oden.

Oden has taught us a number of surprising things about Bitcoin: in particular, gambling and the Darknet have been the major drivers of transaction volume since 2011.

Tepid Industry Response

For whatever reason, demonstrations of CoinLab’s technology have received tepid response from the industry players who probably stand the most to lose from bad transactions – BSA compliant exchanges.

We assumed, naively, that exchanges would demand information of the quality Oden can provide about undesirable customers. In fact, it seems so far that industry participants prefer just barely enough information to fulfill their compliance checkboxes.

I believe this is because, at different times in the exchange lifecycle, the vast majority of trading funds come from Darknet markets. Over the next few blog posts, we’ll demonstrate this, and also look at what happens economically to exchanges that start closing off avenues for darknet participants to engage.

The Basic Method

Bitcoin wallets leak information through their unspent outputs (UTXOs). Over time, wallets combine these UTXOs up and respend them, providing a view into the likely owner of a set of addresses. In the default Bitcoin core client usage, addresses are used twice, once to receive and once to spend on, creating what was intended to be a vast directed graph of plausible deniability in terms of ownership.

Satoshi’s Plan For Payment Graphs

This plan failed. Human behavior is at fault – people tend to like to keep addresses published for more than one use. For example, in the early days of Bitcointalk.org, it became a common pattern for users to put a ‘tip’ address in their signature. This remains a common thing to do around the internet – for instance, this screenshot of The Pirate Bay’s homepage shows a “tip” address at the bottom.

As a teaser, here are the primary sources of funds for The Pirate Bay since 2015. You can see that they are not getting rich off their tips, and also that someone called “u:coinbase.com” is a top donor. More about this in another post.

Other reasons for repeated use addresses

Additionally, early and popular wallets like blockchain.info used a single address for simplicity sake. These wallets do not succesfully create this broadly distributed graph. So, product and technology dynamics pushed people away from single-use addresses to reusable addresses. They became so common that Bitcoin users often created ‘vanity’ addresses for dissemination. Arguably the most famous is Satoshidice; it used addresses starting with ‘1dice’, and for years was by far the most high volume transaction consumer on the Bitcoin blockchain.

Satoshi Dice Address 1dice6D.. Balance over the course of 352,000 Transactions

Addresses and Hot Wallets

Exchanges typically offer a single address to each user, the idea being that a user can ‘bookmark’ the deposit address and reuse it. For early exchanges, the number of users stressed existing bitcoin implementations as well; the Mt. Gox hot wallet had hundreds of thousands of addresses to track. The early Bitcoin Core client was not equal to the different tasks needed for management.

A payment flow for most exchanges works like the following graph: deposits go in to the hot wallet, some are recirculated out as withdrawals, and some are sent to cold storage.

What Can We Learn?

Crucially, in that payment graph, we learned that the same company or person controls Deposit 0, 1 and 2 addresses. We call this technique grouping; the industry also terms it clustering. An interesting question is “which payment patterns group up well?” It varies, but in general exchanges group very tightly; because of this, they are at the core of any grouping based analysis.

Next Up

We’ll look at some typical exchange patterns, and talk about Gregory Maxwell and CoinJoining.