“So this might be a mining pool paying out rewards to the people who have contributed to finding some blocks.” He points to a curious cluster of shapes on the screen.

“Ah, this structure here is interesting,” says Knottenbelt. Several blue circles appear—more payouts to multiple accounts—but they are knitted together by a cross-hatch of yellow lines. It looks as if someone scribbled on the display with a Sharpie.

What Knottenbelt has just noticed could be the first evidence of a sophisticated criminal at work.

An industry has sprung up to help fight back. New forensic tools are allowing authorities to follow the money through cryptocurrency networks that are turning out to be far less private than their founders hoped. Just as closed-circuit cameras turned bank robbers from celebrated criminals into easily caught rubes, researchers hope that their advances can turn anonymous thieves into known prisoners, and make the cryptocurrency world safe for the average customer.

The opportunities in cryptocrime

If you’re up to no good, cryptocurrencies tick a lot of boxes. The only thing tying you to an account in Bitcoin or Ethereum or NEM or a thousand other cryptocurrency systems is an address, typically a random string of letters and numbers. You can have as many addresses as you like, and in principle, there is no obvious way to tie them together or identify their owners. What’s more, money in these accounts can be transferred without intermediaries and across international borders as easily as sending an e-mail.

“Instead of meeting you in a dark car park to hand over a suitcase of money, I can be sitting with a laptop on a balcony in Monaco,” says Jeffrey Robinson, an investigative journalist and author of 30 books on financial crime, including BitCon: The Naked Truth about Bitcoin.

William Knottenbelt, a researcher at Imperial College London, says, “I don’t think outlawing anything is going to help anyone.” Thomas Angus, Imperial College London

Clever criminals are embracing the new opportunities. A 2018 study by blockchain analysis startup Elliptic and the Center on Sanctions and Illicit Finance, a US think tank, found a fivefold increase in the number of large-scale illegal operations working on the Bitcoin blockchain between 2013 and 2016. By analyzing the history of more than 500,000 bitcoins, they identified 102 criminal entities—including dark-web marketplaces, Ponzi schemes, and ransomware attackers—and showed that many of the coins in their study could be linked back to them.

Ninety-five percent of all laundered coins tracked by the study came from just nine dark-web marketplaces, including Silk Road, Silk Road 2.0, Agora, and AlphaBay. These are notorious online bazaars where a person can buy banned goods like drugs and weapons and pay for services like prostitution or murder-for-hire. “On the dark web you can even buy legal advice,” says Robinson. “There are lawyers down there willing to take Bitcoin to tell you how to avoid getting caught with Bitcoin.”

Other types of organized crime are emerging as well. Hackers have embraced Bitcoin as their payment of choice for ransomware attacks. Such attacks spiked in 2016, with nearly 16 percent of tainted coins linked to outbreaks of malware like Locky. The trend continued in 2017 with WannaCry and NotPetya, which held hostage computer systems in hospitals and businesses across the world. In March of this year, municipal government systems in Atlanta were rendered useless by a ransomware attack whose perpetrators demanded about $51,000 in Bitcoin.

Cryptocrime is even infecting the offline world. The last few months have seen a flurry of real-world hold-ups in which victims were forced to hand over account details at knifepoint. “Suddenly, if you have a lot of crypto you’re in physical danger,” says Imperial College’s Knottenbelt.

Cryptocrime is even infecting the offline world. The last few months have seen a flurry of real-world hold-ups in which victims were forced to hand over account details at knifepoint.

And yet, since every Bitcoin transaction is recorded in a distributed public ledger, ill-gotten gains can be tracked. Anyone can download the entire transaction history of Bitcoin—which currently weighs in at around 160 gigabytes—and examine it, or use a website such as Blockchain.info or Block Explorer to check it out in a browser.

Such analysis helped unravel one major heist. In 2014, Mt. Gox, then the largest Bitcoin exchange in the world, was hacked by unknown thieves who stole 850,000 bitcoins, then worth more than $450 million.

As Mt. Gox spiraled into bankruptcy, its trustees enlisted a crack forensics team to help find the missing coins. What they found was a mess. “Mt. Gox didn’t understand how many bitcoins they owed people and how many bitcoins they actually had until they noticed they were gone,” says Jonathan Levin, who led the investigation. Levin and his team eventually tracked the funds to an exchange called BTC-e, where the trail went cold.

Though they couldn’t get most of the missing coins back, “that investigation gave us the idea to develop a tool that other people could use,” Levin says. His company Chainalysis, born of that effort, builds tools for bitcoin businesses wanting to understand their customers better and for law enforcement agencies seeking criminals. Other companies, like Block Seer and Elliptic, offer similar tools and services.

According to Tom Robinson, cofounder and chief data officer of Elliptic, the majority of the world’s Bitcoin exchanges use the company’s software to screen transactions. It checks whether they can be connected to ransomware wallets, dark marketplaces, or theft, for example. Elliptic has helped provide evidence in several criminal cases, including one involving a man who bought parts for AR-15 automatic rifles on the dark web and a handful of drug busts.

Since the company was set up five years ago, Robinson estimates, a trillion dollars’ worth of Bitcoin transactions have been screened using its software—even though there have been only around 300 billion dollars’ worth of Bitcoin transactions ever. That’s because some transactions are screened multiple times; Elliptic recommends that its customers rerun analyses on older transactions because information about dodgy accounts is being updated all the time. “You need to keep checking,” Robinson says.

Robinson won’t name his clients, but a quick search on USAspending.gov reveals that they include the US Drug Enforcement Administration, the Internal Revenue Service, the FBI, and Immigration and Customs. Chainalysis works with those and more, including financial regulators like the SEC. Chainalysis also says that Europol and more than half the police forces in Europe are using its software.

The US Treasury’s interest in the blockchain reflects the fact that crypto-crime isn’t limited to coin heists and black markets. It’s also about fraud and tax evasion. “This is going to be an interesting tax year,” says Jeffrey Robinson. “It’s the first time in the US where they’re cracking down on Bitcoin exchanges for tax purposes.”

Sarah Meiklejohn and colleagues developed techniques in 2013 on which much of today’s cryptocurrency analysis is based. Andrew Testa

How to trace the untraceable

Much of what these companies do builds on techniques introduced by Sarah Meiklejohn, then at the University of California, San Diego, and her colleagues in 2013. The basic idea is simple. By examining blockchain activity closely, you can spot accounts that appear to belong to the same Bitcoin wallet and are thus controlled by the same entity. The process is known as clustering. Multiple addresses initiating the same transaction might begin to look like one person or organization consolidating smaller funds into one bigger pot, for example. Another telltale sign is when change from a Bitcoin transaction is routed back into an account different from the one where the funds started off. In time, the chaos resolves itself into regular patterns.

Once multiple accounts have been linked to the same owner, you can try to figure out who that owner is. Linking Bitcoin accounts to real-world identities is possible because information tends to leak out. Regulated cryptocurrency exchanges—generally those in the US or Europe—must follow know-your-customer and anti-money-laundering rules, which require people to hand over identification before using their services. Some people are even so careless as to post their supposedly private Bitcoin addresses in online forums. “What people forget is that the blockchain is just one half of the equation,” says Knottenbelt.

Chainalysis and Elliptic now use machine learning to help cluster addresses. Soon it might even be possible for an AI to police blockchains in real time.

The wall-size data visualization at Imperial College is a step toward that. The blue-and-yellow tangle that caught Knottenbelt’s eye was a coin tumbling network, a sequence of transactions deliberately designed to make it harder to track individual coins. It’s like dropping money into a jar, shaking it about, and then taking it out again: the amount doesn’t change, but it’s hard to tell which coin was which. The effect is much the same as if you move money through a bank in a place like the Cayman Islands, where there are strict secrecy laws around banking.

Staying one step ahead

However, tumblers aren’t necessarily a sign of criminal activity. “Some people just do it for privacy reasons,” says Knottenbelt. And in any case, there are better ways for criminals to cover their tracks. As the limits to Bitcoin’s privacy become more apparent, people are moving to new cryptocurrencies, like Zcash and Monero, that reveal almost nothing about the transactions recorded on their blockchains.

Zcash uses a so-called zero--knowledge proof to verify transactions. This is a mathematical way to confirm that a transaction took place without revealing any information about who was involved or how much was transferred. Zcash also lets you hand back coins and have fresh ones mined, the equivalent of trading your marked bills in for clean ones at the bank.