By Andy Greenberg
The crypto-currency Bitcoin has become the preferred payment method for much of the online underground, hailed by none other than the administrator of the booming Silk Road black market as the key to making his illicit business possible. But spending Bitcoins to anonymously score drugs online isn’t as simple as it’s often made out to be.
We at Forbes should know: We tried, and we got caught.
To be clear, we weren’t caught by law enforcement–so far at least, our experiment last month in ordering small amounts of marijuana from three different Bitcoin-based online black markets hasn’t resulted in anyone getting arrested. But a few weeks after those purchases, I asked Sarah Meiklejohn, a Bitcoin-focused computer science researcher at the University of California at San Diego, to put the privacy of our black market transactions to the test by tracing the digital breadcrumbs that Bitcoin leaves behind. The result of her analysis: On Silk Road, and possibly on smaller competitor markets, our online drug buys were visible to practically anyone who took the time to look. “There are ways of using Bitcoin privately,” says Meiklejohn. “But if you’re a casual Bitcoin user, you’re probably not hiding your activity very well.”
Bitcoin’s privacy properties are a kind of paradox: Every Bitcoin transaction that occurs in the entire payment network is recorded in the “blockchain,” Bitcoin’s decentralized mechanism for tracking who has what coins when, and preventing fraud and counterfeiting. But the transactions are recorded only as addresses, which aren’t necessarily tied to anyone’s identity–hence Bitcoin’s use for anonymous and often illegal applications.
But Meiklejohn and her colleagues at UCSD and George Mason University have found that a little snooping in the blockchain can often uncover who owns which of those Bitcoin addresses. In a paper they’re presenting at the Internet Measurement Conference in Barcelona next month, they showed that they could use “clustering” methods taking advantage of clues in how bitcoins are typically aggregated or split up to identify thousands of addresses based on just a few test transactions they performed. With the data from just 344 of their own transactions, they were able to label the owners of more than a million Bitcoin addresses. And by making just four deposits and seven withdrawals into accounts held on Silk Road, Meiklejohn says the researchers identified 295,435 addresses as belonging to that drug market.
When I asked Meiklejohn to try to trace Forbes’ transactions, I started by giving her the Bitcoin addresses associated with our account on the popular Bitcoin wallet service Coinbase–information that could in theory be obtained by any investigating law enforcement agency that sends Coinbase a subpoena. With just that list of my public addresses, she was able to identify every transaction we had made, including deposits to the Silk Road, to competitor sites Atlantis and Black Market Reloaded, and even a transfer to the personal account of Forbes reporter Kashmir Hill.
Read the rest here.