Forgot your password?
typodupeerror
Bitcoin Encryption Privacy The Almighty Buck

Researcher Spots a Drug Buy In Bitcoin's Blockchain 78

Posted by timothy
from the press-one-if-you-have-used-our-system-before dept.
Sparrowvsrevolution writes "It should come as no surprise to Bitcoin users that despite the pseudonymity the cryptocurrency offers, its transactions can be tracked. But University of California at San Diego researcher Sarah Meiklejohn proved that privacy problem more clearly than ever by showing a reporter that she could detect a specific point in Bitcoin's blockchain record of transactions where he had spent Bitcoins in exchange for marijuana on the Silk Road, the most popular online Bitcoin-based black market for drugs. To simulate a law enforcement subpoena, the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses and match them with the one used in the .3 BTC drug buy. She admits that a user who took more efforts to obscure his or her Bitcoin address through a laundering service or other unidentified Bitcoin wallets would be harder to track."
This discussion has been archived. No new comments can be posted.

Researcher Spots a Drug Buy In Bitcoin's Blockchain

Comments Filter:
  • Hey Bud! (Score:5, Funny)

    by Sponge Bath (413667) on Monday September 09, 2013 @08:20AM (#44796151)

    All I need are some tasty waves, a cool buzz, anonymous currency and I'm fine. -- Jeff Spicoli

    • Re:Hey Bud! (Score:5, Funny)

      by Chrisq (894406) on Monday September 09, 2013 @08:24AM (#44796171)
      let me fix that for you

      All I need are some tasty waves, a cool buzz, anonymous currency and I'm fined. -- Jeff Spicoli

    • "All I need are some tasty waves, a cool buzz, anonymous currency and I'm fine. -- Jeff Spicoli"

      As the article admits, right at the beginning: an address does not necessarily point to an individual.

      This only shows that somebody using that address made that buy. It's evidence, but not very strong evidence.

      Example: I run an open guest network. Anybody within a square block or even more could have been using my access point to make those transactions.

      • by N3x)( (1722680)
        That's not what address means in a bitcoin context. An address is more like an account, and if random people are using your account then you probably lose your money. The problem lies in proving who has the keys to that specific account and to do that you probably need direct access to the keyowners computer. And the smart ones keep their keys encrypted on offline computers.
  • by stewsters (1406737) on Monday September 09, 2013 @08:23AM (#44796165)
    A cryptocurency where everyone has a record of every transaction can be used to find a transaction between twoknown addresses? Is anyone surprised?
    • but you're talking about people who also use tor to hide activity from the government

      (if you don't understand the irony, you don't know anything about tor's history and original purpose)

    • by DrYak (748999) on Monday September 09, 2013 @09:40AM (#44796679) Homepage

      Indeed, you're right: lots of idiots seem not to grasp the difference between "Pseudonymous" and "Anonymous".

      And don't understand the whole purpose of bitcoin (although it's usually clearly stated on all promotionnal material).

      Bitcoin isn't done to be hidden and secret. (Nobody could know about a transaction beyond the two transacting parties). In fact that's the exact opposite: bitcoin are broadcasted widely accross the whole network, so the whole network works as a trusted witness of the transaction and no single malevolent entity could fake or falsify transaction (unless they control at least 51% of the whole network, which is rather difficult due to the computing power deployed by all mining participant).

      Bitcoin simply doesn't dirrectly advertise actual full name and identifications for each transaction, bitcoin simply attaches a (still traceable - and thus most importantly for the whole service - still verifiable) public key to each transaction.

      Bitcoin is done to be *out-of-reach* / *out-of-control*. Yes, it's not impossible to track down the identities behind a transaction. BUT even if government got the names, it can't go and knock at some banks door with order to freeze accounts. There are no accounts, there are no banks. Nobody can't force anything nor falsify anything (at least not without the necessary 51% control mentionned above. Which is currently even out of reach of the NSA). There's no goverment who could suddenly start manipulating exchange rates/inflation/etc.

      Bitcoin has been designed so there's nothing that could be done beyond what the 2 participant of a transaction decide.

      Don't use Bitcoin to hide. Use bitcoin to be the only in charge with what happens with your money.

      • by Anonymous Coward

        There is the rub: FinCEN knows who is using the currency at all times by the way things are broadcast. Right now, not many people are having doors kicked down, but in theory, it is good enough proof to start arrests, or at the minimum start investigations.

        So far, other than the "ooo, cool" aspect, I've not seen anything that makes BitCoin better than just using PayPal. BitCoins have major swings in value [1], there is no anonymity involved, and using BitCoins is like firing a signal flare to any LEO down

      • Pseudonyms are easy to create.

        Anonymous is hard to maintain.

        They are not equivalent, nor are they related. However, people believe that because Pseudonyms are easy to create that it permits a certain level of Anonymity. However anyone confusing the two needs to be educated.

        For BitCoins to be useful, anonymously, one would have to use one time wallets, with random disposable public IP addresses, with coins that have been washed in a public coin laundry. All of this is neither easy nor convenient, but it is p

        • it is possible to remain "anonymous".

          Not if you buy anything meaningful. If both parties in a trade are fully anonymous, and there is no intermediary, trust cannot exist. Either the buyer can avoid paying for the goods, or the seller can avoid actually delivering them.

          (If I recall correctly, there may be some extremely few information goods which can be securely sold in this manner, namely proofs of hard mathematical statements. Then you can mess around with blind signatures and zero-knowledge proofs. But t

    • A cryptocurency where everyone has a record of every transaction can be used to find a transaction between twoknown addresses? Is anyone surprised?

      As always, there's a difference between something being theoretically possible - and proving that it is in fact possible.

    • A cryptocurency where everyone has a record of every transaction can be used to find a transaction between twoknown addresses? Is anyone surprised?

      " the reporter for Forbes began by giving Meiklejohn a Bitcoin address associated with Forbes' account. But with just that information, Meiklejohn was able to draw on a "clustering" analysis she had performed to identify Silk Road addresses"

      They had only the buyer's bitcoin address. The rest was extrapolated.

      This eliminates privacy for any transactions made from a bitcoin account funded via a normal (ie government monitored) bank account, which is one of the main reasons to use bitcoins to start with.

      • Still, they only proved that Forbes had bought something at Silk Road. There are legal things being sold on silkroad too, and anyway the law is not indifferent to whether you bought cocaine or contraband.

        The point at which Forbes would get in trouble, was when law enforcement matched a known purchase on silk road to a shipment to a known address. Bear in mind, they could be on watch for a mysterious package in the mail to Forbes, based on nothing more than what the researched uncovered in this case.

  • huh? (Score:3, Insightful)

    by Anonymous Coward on Monday September 09, 2013 @08:33AM (#44796217)

    He knew the exact time he made the transaction. He knew the amount. He knew other details.

    So, really, wtf?

    I am not going to read the article. This is some sort of fear mongering.

    • Re:huh? (Score:4, Interesting)

      by Trax3001BBS (2368736) on Monday September 09, 2013 @09:05AM (#44796431) Homepage Journal

      He knew the exact time he made the transaction. He knew the amount. He knew other details.

      So, really, wtf?

      I am not going to read the article. This is some sort of fear mongering.

      Ya stupid article (I didn't read it either). They purchase something safe like marijuana then have the balls to say they purchased drugs.
      Buy some Adderall I've seen lots of that for sale on the silk road.

    • Re:huh? (Score:4, Informative)

      by plover (150551) on Monday September 09, 2013 @09:19AM (#44796531) Homepage Journal

      RTFS. The researcher didn't know any of those details. She was given only a Btc address, and she discovered the rest. The reporter who made the buy was able to confirm that she correctly identified those facts. ( I assume it was a test buy, and the materials turned over to the proper authorities.)

      I don't know if her methods would stand up in a courtroom. They would, however, be enough to put John Law on someone's trail, and possibly enough to seek a warrant.

      • Re:huh? (Score:5, Informative)

        by fastest fascist (1086001) on Monday September 09, 2013 @10:22AM (#44797111)
        All the researcher discovered was that the writer had sent funds to Silk Road. The article specifically points out they couldn't tell what, if anything, the bitcoins were used to buy. The headline is sensationalist, to say the least.
        • No, but if the researcher had been law enforcement rather than a mere graph-savvy computer scientist, they could find out. They would just monitor Forbes' mailbox (and maybe other likely delivery spots). Since they would know the Silk Road purchase happened as soon as it happened, they could be confident that something would drop into that mailbox.

          • That would be a guess. All LE, or anyone without inside access to Silk Road, could see is the funds going to the Silk Road wallet. Beyond that, there's no way to tell AFAIK. If the sender buys something, they could do it immediately, or not. They could wait months, with the coins there on their SR account. They might not even buy anything, they might just be using SR as a mixer service and withdraw to a different address to break the connection between themselves and their bitcoins.
      • by gl4ss (559668)

        ..was the bitcoin account used for anything else, really?

        there was direct transaction to a known drugs seller account on the chain and this is the news?

        it would be a bit more impressive if would work out who bought drugs from looking at the drug sellers bitcoin history(and somehow identifying who the wallets belong to and where the drugs were sent to..).

    • He knew the exact time he made the transaction. He knew the amount. He knew other details.

      Interesting, but what are you talking about? Of course he knew; he was the uncovered buyer, after all. The point was that someone else found out.

    • by magarity (164372)

      He knew the exact time he made the transaction. He knew the amount. He knew other details.

      Umm, no, this was a marijuana transaction. He knew kinda around when he bought it and sorta how much he paid and that's about it.

      Anyway, what's the bother with the Bitcoin and Silk Road hassle? Move to Colorado and you can just plunk down cash in a store.

  • Lobby your representatives to make them legal in your state.

    • by Thanshin (1188877) on Monday September 09, 2013 @08:37AM (#44796235)

      Lobby your representatives to make them legal in your state.

      If you have the money required to have a representative, you don't need to follow such small laws.

    • by dkleinsc (563838) on Monday September 09, 2013 @09:49AM (#44796765) Homepage

      Alternately, if allowed by your state, start organizing citizens to put together a ballot initiative. If the folks in Washington state can do it, so can you.

      In Washington, it actually led to an extremely high voter turnout (pun fully intended). Apparently that's the kind of thing that leads people to actually care about politics.

      • by plover (150551)

        In Washington, it actually led to an extremely high voter turnout (pun fully intended). Apparently that's the kind of thing that leads people to actually care about politics.

        It only means they cared about politics exactly once. Now that they've passed it ... uhh ... they, um, are going to ... dude, do you have any more of those Fritos? I mean they are sooo good.

        What do you mean we were supposed to vote yesterday?

  • New addresses (Score:5, Interesting)

    by vvaduva (859950) on Monday September 09, 2013 @08:47AM (#44796285)

    Just generate a new address whenever you buy illegal things if that's what you are into, or have several wallets that you rotate between to perform your transactions. If you reuse an address over and over again, of course you can be tracked. The safety factor is directly proportional with your ability to understand how this works and how you can be tracked

    • That sounds terrible... if this would become mainstream, that would mean that for 95% of the population using bitcoins safely would be too hard.
      If the system is so unsafe and easily to track if you use it normally, then i don't see where the anonymous claims of bitcoin come from.
      And if you have to create new wallets all the time to be really safe & not trackable, why the hell did they call it a wallet? a wallet is the thing you keep unchanged for years in real life, not something you throw away every da

      • by Anonymous Coward

        That sounds terrible... why the hell did they call it a wallet?

        then rename it to "receipt" (something you throw away regularly), automate the process of generating new ones, and forget about it. Silly attachments to antiquated concepts is the whole problem we're trying to solve here. Let's not get all, "they called it a wallet--it must behave exactly like a wallet!"

      • If the system is so unsafe and easily to track if you use it normally, then i don't see where the anonymous claims of bitcoin come from.

        Actual bitcoin proponent never claimed that it was ANONYMOUS (That would imply a hidden identity). They only mentioned that it is PSEUDONYMOUS. There are clear identities: they are not your actual name, but mainly your public keys. These keys are still traceable and thus - and that's the most important part for the whole service to work as intended - also still verifiable by anyone in the network. Anyone can verify any transaction because all public key and transaction are broadcasted on purpose to the whol

        • A malevolent agent would need to control at least than 51% to outvote and falsify transaction history ...

          Note that "falsify" in this context is still limited to blocking or reversing existing (valid) transactions. A person with 51% of the hashing power of the entire network could spend bitcoins from his own accounts multiple times, or allow someone else to do the same, or prevent someone (or everyone) else from spending their bitcoins. He still wouldn't be able to spend anyone else's bitcoins without their private key, no matter how much of the mining he controls. The winning miner chooses the transactions whi

          • Well actually you could do worse.
            If you had almost unlimited computing power, you could generate your own private keys and actually rewrite a "different" bitcoin transaction history. If you control enough hashing power AND bitcoin nodes, you could actually present your version of bitcoin history as the official one and the current one would like a fork attempt.

            In theory.
            In practice you would probably require a magic virus which turns the whole internet into a giant botnet to pull this stunt.

            • Looking back I see that I wasn't entirely clear. I did actually mean to include this possibility; a 51% attack can result in supposedly settled transactions being reversed, along with transactions which have not yet made it into a block.

              Any miner can choose which block to base their new block on; it doesn't have to be the latest one in the dominant blockchain. However, honest nodes will prefer the branch of the blockchain with the highest total difficulty, so by choosing an older block you're starting at a

      • by rmstar (114746)

        That sounds terrible... if this would become mainstream, that would mean that for 95% of the population using bitcoins safely would be too hard.

        We live in a world were for 99.9% of the population, using bitcoins at all is too much of a hassle compared to whatever benefit is supposed to come from it. Me, for example. I just don't have a use case for those things.

        Also, for 95.5% bitcoins are too difficult to use anyway.

    • Yeah and how would the money arrive in that separate address/wallet to be spent on drugs?

      Unless you only generate the bitcoins you spend purely by mining (in which case you must have very strong and thus expensive processing/hashing power) at some point bitcoin money needs to be transfered to this wallet before being spent on banned goods.

      By using a separate address/wallet (which is nonetheless a good *security* advice, only not an efficient advice to *hide identity*) you only add just on extra step of the

    • Just generate a new address whenever you buy illegal things if that's what you are into, or have several wallets that you rotate between to perform your transactions. If you reuse an address over and over again, of course you can be tracked. The safety factor is directly proportional with your ability to understand how this works and how you can be tracked

      The weakness isn't the bitcoin address as such - it's being able to link that bitcoin address to the buyer. You could have any number of bitcoin addresses but if they're all (or partly) tied back to you...via your bank accounts for example, then you're just as fucked.

      • by vvaduva (859950)

        You are mitigating risk, you are not eliminating it. You can go to the absurd extreme or do less, like running your wallet through TOR for example. The idea here is to minimize your exposure...but the very act of using Bitcoin is risky, so you have to make choices based on risk factors.

        • You are mitigating risk, you are not eliminating it. You can go to the absurd extreme or do less, like running your wallet through TOR for example. The idea here is to minimize your exposure...but the very act of using Bitcoin is risky, so you have to make choices based on risk factors.

          Obviously but...how does that contradict what I stated ?

  • by jrumney (197329) on Monday September 09, 2013 @09:14AM (#44796479) Homepage

    What would be more interesting is to take a big enough sample so that the proportion of bitcoins that can be traced to drug purchases can be determined. Is it higher or lower than the proportion of US dollar bills [cnn.com] with traces of cocaine on them?

  • Harder to track? (Score:2, Interesting)

    by dindi (78034)

    So, you use TOR (I know, NSA yada-yada, just use the latest source and compile yourself ) over a VPN you bought with bitcoins anonymously, with a freshly opened google/yahoo/riseup/whatever account for the store/market/service...

    You use your gaming machine to run for a few days to generate the 0.3 BTC/LTC/whatever coin. You run your miner over tor/vpn/i2p through a service that doesn't need a signup.

    You create a new wallet and you make one transaction.. over VPN (or VPNs and TOR and/or i2p)

    They will see t

On the Internet, nobody knows you're a dog. -- Cartoon caption

Working...