Blockchain analysis leads to darknet takedown
Bitcoin has often been condemned for its role in criminal activity, however, its transparent blockchain is proving increasingly useful for tracking down bad actors.
In the most recent instance, blockchain forensic firm Chainalysis cooperated with authorities in America and South Korea to take down down the server of the largest child porn website on the darknet — Welcome to Video (WTV).
The site, which US attorney Jessie Liu described as "one of the worst forms of evil imaginable,"
had over a million bitcoin addresses, as each new user would get a unique address when they opened an account.
Relying on bitcoin for payments is thought to have helped fuel the site’s user growth, but also proved to be its undoing.
By following the digital trail of bitcoin transactions, US federal prosecutors were led to a server in the bedroom of 23-year-old South Korean Jong Woo Son, who is already serving an 18-month prison sentence for similar offenses.
Once the data found on the site was shared with law enforcement agencies around the world,
hundreds of arrests were made in several different countries, and eight terabytes of sexual assault videos were taken down. 45 percent of which was identified by the National Center for Missing and Exploited Children as content not "previously known to exist."
Follow the money
Finding the perpetrators behind WTV was as simple as following the money said officials at a press conference in Washington.
By sending small amounts of Bitcoin to wallets that Welcome to Video had listed for payments, enforcement agents were able to follow a trail of digital crumbs on the blockchain.
This process was assisted by Chainalysis Reactor software, which analyses the flow of bitcoin transactions even as they pass through laundering services like mixers.
The flow of funds identified by Chainalysis
At the end of the breadcrumb trail was a wallet, that with the help of a subpoena to the exchange was identified as registered to Son through his personal phone number and email address.
“Through the sophisticated tracing of bitcoin transactions, IRS-CI special agents were able to determine the location of the Darknet server, identify the administrator of the website and ultimately track down the website server’s physical location in South Korea,” said IRS-CI Chief Don Fort at the press conference.
Bitcoin’s digital breadcrumb trail
The challenge of investigations like this one staff attorney at the Electronic Frontier Foundation Andrew Crocker told Wired, is "identifying operators and users of a site" which are often operating as Tor hidden services, run by anonymous identities deep in the dark web.
By opening a window into user transaction activity, Bitcoin can help to uncover what would otherwise be encrypted, allowing authorities to connect the dots and de-anonymize users.
As Dave Jevans from blockchain detective firm CipherTrace told Brave New Coin, this makes bitcoin and cryptocurrencies "helpful assets" for law enforcement, provided the correct forensic tools are available –
"Bitcoin and other cryptocurrencies are superior to cash for giving law enforcement the tools they need to track down global crime," said Jevans.
Over the past couple of years, Bitcoin’s digital breadcrumb trail has allowed authorities to trace stolen funds and apprehend criminals several times.
Academics at the NYU Tandon School of Engineering traced the path of Bitcoin ransomware payments in 2018 to reveal that most operators used Russian bitcoin exchange BTC-E to convert Bitcoin to fiat. Since then, BTC-E has been seized by authorities and the route has been closed.
A similar story was set in motion when funds were stolen from Japanese exchange Zaif. After the heist, blockchain detectives sprung into action and eventually traced the funds to a handful of IP addresses in France and Germany.
In perhaps the most controversial case, Bitcoin transactions that were allegedly used to fund cyberattacks against Democratic party officials and Hillary Clinton’s campaign in 2016 were traced back to Russia. The transactions, which were reportedly made in a bid to influence the outcome of the election, were sent via an elaborate network and cloaked with a VPN to avoid detection.
As forensic blockchain companies grow and develop closer links with governments and law enforcement agencies, even transactions on more obscure cryptocurrencies are likely to become traceable.
In a recent press release, CipherTrace revealed that it is now tracking 700 cryptocurrencies, providing “visibility into 87% of the global trading volume.”
Brave New Coin reaches 500,000+ engaged crypto enthusiasts a month through our website, podcast, newsletters, and YouTube. Get your brand in front of key decision-makers and early adopters. Don’t wait – Secure your spot and drive real impact in Q4. Find out more today!