Saturday, September 7, 2013

Follow The Bitcoins: How We Got Busted Buying Drugs On Silk Road's Black Market

By Andy Greenberg

The crypto-currency Bitcoin has become the preferred payment method for much of the online underground, hailed by none other than the administrator of the booming Silk Road black market as the key to making his illicit business possible. But spending Bitcoins to anonymously score drugs online isn’t as simple as it’s often made out to be.

We at Forbes should know: We tried, and we got caught.

To be clear, we weren’t caught by law enforcement–so far at least, our experiment last month in ordering small amounts of marijuana from three different Bitcoin-based online black markets hasn’t resulted in anyone getting arrested. But a few weeks after those purchases, I asked Sarah Meiklejohn, a Bitcoin-focused computer science researcher at the University of California at San Diego, to put the privacy of our black market transactions to the test by tracing the digital breadcrumbs that Bitcoin leaves behind. The result of her analysis: On Silk Road, and possibly on smaller competitor markets, our online drug buys were visible to practically anyone who took the time to look. “There are ways of using Bitcoin privately,” says Meiklejohn. “But if you’re a casual Bitcoin user, you’re probably not hiding your activity very well.”

Bitcoin’s privacy properties are a kind of paradox: Every Bitcoin transaction that occurs in the entire payment network is recorded in the “blockchain,” Bitcoin’s decentralized mechanism for tracking who has what coins when, and preventing fraud and counterfeiting. But the transactions are recorded only as addresses, which aren’t necessarily tied to anyone’s identity–hence Bitcoin’s use for anonymous and often illegal applications.

But Meiklejohn and her colleagues at UCSD and George Mason University have found that a little snooping in the blockchain can often uncover who owns which of those Bitcoin addresses. In a paper they’re presenting at the Internet Measurement Conference in Barcelona next month, they showed that they could use “clustering” methods taking advantage of clues in how bitcoins are typically aggregated or split up to identify thousands of addresses based on just a few test transactions they performed. With the data from just 344 of their own transactions, they were able to label the owners of more than a million Bitcoin addresses. And by making just four deposits and seven withdrawals into accounts held on Silk Road, Meiklejohn says the researchers identified 295,435 addresses as belonging to that drug market.

When I asked Meiklejohn to try to trace Forbes’ transactions, I started by giving her the Bitcoin addresses associated with our account on the popular Bitcoin wallet service Coinbase–information that could in theory be obtained by any investigating law enforcement agency that sends Coinbase a subpoena. With just that list of my public addresses, she was able to identify every transaction we had made, including deposits to the Silk Road, to competitor sites Atlantis and Black Market Reloaded, and even a transfer to the personal account of Forbes reporter Kashmir Hill.

Read the rest here.

2 comments:

  1. > I started by giving her the Bitcoin addresses associated with our account on the popular Bitcoin wallet service Coinbase

    Either the participants involved in this article don't quite understand Bitcoin or they're being purposefully obtuse. Hard to tell.

    Aside from giving your ersatz "detective" a vital clue to begin with, bitcoins received from Coinbase are the WORST way to stay anon with Bitcoin for one reason: Coinbase has your bank account and personal info. They won't let you open an account with them otherwise. Every bitcoin received from Coinbase has your info attached to your bitcoin addresses.

    People using Coinbase are just wasting a perfectly good decentralized, pseudonymous currency on "security". The way most people use Coinbase results in the simple fact that they don't actually have any bitcoins because Coinbase holds them all. Coinbase is running the old goldsmith scam and is hoping that their entire customer base doesn't learn how to create their own keypairs and move their bitcoins out of Coinbase and into actual secure cold storage using a paper wallet that only they control.

    There are ways to get bitcoins, such as mining them or trading for them, without risking your personal info in the transaction. But it also requires putting some sweat equity into learning how to use the tech, much as traders have to do in order to be able to interface with the market.

    BTW, I'm long PMs and Bitcoin, short on the Fed. Thanks for kicking out the info like you do, Mr. Wenzel.

    ReplyDelete
  2. Mr. Wenzel-

    I'm the fellow that wrote the only comment on this thread. I have a question you might be able to answer.

    What do you know of Fred Ehrsam of Coinbase? He'd been a Goldman Sachs employee before Coinbase. It's my assumption that he's GS's point man for Bitcoin but I could be wrong. Any info you could suss out would be appreciated.

    ReplyDelete