Inside the Bitcoin Bust of the Web's Biggest Child Abuse Site

Chainalysis is a software for tracing cryptocurrency, "to turn the digital underworld's preferred means of exchange into its Achilles' heel," writes Wired.

This week they describe what happened when that company's co-founder discovered that for two yeras, hundreds of users of a child pornography-trading site — and its administrators — "had done almost nothing to obscure their cryptocurrency trails..." and "seemed to be wholly unprepared for the modern state of financial forensics on the blockchain." Over the previous few years, [Internal Revenue Service criminal investigator Chris] Janczewski, his partner Tigran Gambaryan, and a small group of investigators at a growing roster of three-letter American agencies had used this newfound technique, tracing a cryptocurrency that once seemed untraceable, to crack one criminal case after another on an unprecedented, epic scale. But those methods had never led them to a case quite like this one, in which the fate of so many people, victims and perpetrators alike, seemed to hang on the findings of this novel form of forensics.... Janczewski thought again of the investigative method that had brought them there like a digital divining rod, revealing a hidden layer of illicit connections underlying the visible world....

When Bitcoin first appeared in 2008, one fundamental promise of the cryptocurrency was that it revealed only which coins reside at which Bitcoin addresses — long, unique strings of letters and numbers — without any identifying information about those coins' owners. This layer of obfuscation created the impression among many early adherents that Bitcoin might be the fully anonymous internet cash long awaited by libertarian cypherpunks and crypto-anarchists: a new financial netherworld where digital briefcases full of unmarked bills could change hands across the globe in an instant. Satoshi Nakamoto, the mysterious inventor of Bitcoin, had gone so far as to write that "participants can be anonymous" in an early email describing the cryptocurrency. And thousands of users of dark-web black markets like Silk Road had embraced Bitcoin as their central payment mechanism.

But the counterintuitive truth about Bitcoin, the one upon which Chainalysis had built its business, was this: Every Bitcoin payment is captured in its blockchain, a permanent, unchangeable, and entirely public record of every transaction in the Bitcoin network. The blockchain ensures that coins can't be forged or spent more than once. But it does so by making everyone in the Bitcoin economy a witness to every transaction. Every criminal payment is, in some sense, a smoking gun in broad daylight. Within a few years of Bitcoin's arrival, academic security researchers — and then companies like Chainalysis — began to tear gaping holes in the masks separating Bitcoin users' addresses and their real-world identities.
The article describes some investigative techniques — like pressuring exchanges for identities, tying a transaction to a known identity, or even performing an undercover transaction themselves. "Thanks to tricks like these, Bitcoin had turned out to be practically the opposite of untraceable: a kind of honeypot for crypto criminals that had, for years, dutifully and unerasably recorded evidence of their dirty deals.

"By 2017, agencies like the FBI, the Drug Enforcement Agency, and the IRS's Criminal Investigation division had traced Bitcoin transactions to carry out one investigative coup after another, very often with the help of Chainalysis.

"The cases had started small and then gained a furious momentum...."

Thanks to long-time Slashdot reader Z00L00K for sharing the article.

Re:

[Catvid-22]

Seriously, who wants to lose their job because some rich asshole was trading receipts for jpegs as securities?

Cryptocurrencies have their use cases (corrupt countries as in a recent Slashdot story I'm too lazy to dig up), and NFTs could still be sold and bought using more conventional online transaction methods. That is, the blockchain (online ledger) part could be divorced from the currency part, and "buyers" could pay using Paypal, etc.

Re:This is how you know crypto is on the way out

[tempo36]

Oh please. Crypto has plenty of it's own ridiculous problems that have nothing to do with Goldman Sachs. Nor is this article anything such as "think of the children". If anything it's pointing out just how good Bitcoin transactions have been for law enforcement by proving to be traceable. In a way, some Bitcoin & Crypto users should be pleased with this. If it becomes obvious that criminal activity using Bitcoin can be traced and prosecuted, perhaps it will slowly erode the perception by many in the public that Bitcoin is fuel for drugs, abuse, and trafficking...if that perception dies then that improves Bitcoin's standing, not worsens it.

Re:

[h33t l4x0r]

Meanwhile you never see a story about USD being tied to criminal activity is because that's the default. The perception won't go away until people stop being idiots.

Re:

[Anonymous Coward]

I see stories all the time about money laundering US dollars.

Re:

[Stolovaya]

I think the point is that you don't see the same "crypto should be banned" comments on USD that you see on crypto.

Re:

[account_deleted]

Comment removed based on user account deletion

no it won't

[aepervius]

As long as the main "market" for crypto is speculation, drug, murder for hire, and illegal money laundering, that perception will stays. What *may* change is the perception by crooks that crypto make it easy and safe to launder money.

You're missing the point

[rsilvergun]

Sachs is "Too Big To Fail". If they get into crypto they can pump and dump like crazy, doing things like creating tradable securities for the ultra wealthy to buy into.

Eventually that'll all come crashing down, and when it does two things happen. a) we bail them out (because if we don't civilization collapses) and b) half of us lose our jobs and homes and the other half work double unpaid overtime to make up for the half that was fired.

It'll be 2008 all over again. Only worse because at least then t

Re:

[spineboy]

If anything, it seems more traceable and trackable than regular old cash. Of course cash is harder to move around

Re:

[DrMrLordX]

LOL you can't be serious. ChainAnalysis is in the business of busting BTC scammers/mixers, and they published a report 1-2 years ago basically describing how few crypto transactions were used for illicit activities. The implication being that most crypto transactions are lawful. Chainanalysis is certainly not turning the public against blockchain.

Re:

[DontBeAMoran]

Everyone knows that two yeras is 730 dasy, or 17520 horus, or 1051200 minetus.

Re:

[war4peace]

Everyone knows that two yeras is 730 dasy, or 17520 horus, or 1051200 minetus.

The correct word is "minuets". Your typo is unforgivable.

Re:

[DontBeAMoran]

Ricker, is that you? Since when does Starfleet approves polygamy?

Re:

[war4peace]

I "c" what you did there.

Re:

[K. S. Kyosuke]

Approximately 2.068 yahren.

Re:

[fermion]

It is like 8760 arns.

Re:

[monicanatova]

https://vulkanvegas.company/ru... [vulkanvegas.company] .

What a joke

[DontBeAMoran]

Most crypto-currencies have a public ledger, i.e. the blockchain itself. That's not the weak part of the system, that's how it was designed.

The weak point is those idiots leaving trails between the blockchain and real-world bank accounts, just like dumb regular non-cyber* criminals.

* come on guys, let's bring back legacy buzzwords!

Re:

[Iamthecheese]

Yup. It really pisses me off when stupidly easy methods of tracking or hiding people -- methods which could be explained to the layman in one paragraph or less -- are built up and NOT explained in long articles. Articles that try to make these things look like wizardry.

Just tell the reader how a VPN works. Tell them that Bitcoin typically stores the bank accounts or at least email addresses of most users who have touched the coin. Tell them that it's not wise to install every app you come across and that f

Re:

[Anonymous Coward]

The Bitcoin blockchain does not store bank accounts nor email addresses.

Re: What a joke

[littlepeon]

But it does store ip address, so if they can tie you to that ip address, then they can say that it is your ledger and your illegal transactions. So you need to do your illegal activity on a different network (among other things, like don't use your home computer,etc).

Re:

[The Evil Atheist]

The weak point is those idiots leaving trails between the blockchain and real-world bank accounts

Almost as if the whole thing is worthless unless you can spend it on real world stuff, at which point, you need to convert it to printed money...

Question

[war4peace]

The article describes some investigative techniques — like pressuring exchanges for identities, tying a transaction to a known identity, or even performing an undercover transaction themselves.

So, how is any of the above specific to cryptocurrency? The same thing applies to cash, or blood diamonds, or dirty gold, or whatever else nefarious people use to avoid bank transactions.

Re:

[Anonymous Coward]

Not sure what you are saying. It is exactly the opposite to cash, diamonds etc, the transactions are recorded and part of the public ledger.

Re:

[war4peace]

I was talking about investigative techniques.
"pressuring exchanges for identities" = "pressuring Social Media providers for IPs"
"tying a transaction to a known identity" = "watermarking cash"
"performing an undercover transaction" - this is a technique as old as the world.

So what exactly is specific to cryptocurrencies?

Re:

[fuzzywig]

The difference in this case is that the blockchain is a public list of every transaction. If any other kind of currency was used, investigators would have to piece all that information together from different sources. With bitcoin, it's all right in front of them.
I guess it's not really a new investigative technique, it's more that they don't have to use any investigative techniques to get a lot of information.

Re:

[endoboy]

I don't remember signing a receipt the last time I took delivery of a suitcase of [illegal things]

Re: Question

[littlepeon]

But the Blockchain records your ip. Then all they need to do is to tie you to that ip somehow, and they have just proved that that illegal transaction was made by you. RIAA is the same way, they will tie a torrent site owner to an email address, then tie the email address to a person and thus "prove" that the person owns the torrent site.

Re:

[bloodhawk]

because if I give you cash in a back alley for blood diamonds you are pretty unlikely to permanently record the transaction in a publicly visible log for anyone to see for all time.

Re:

[war4peace]

Have you ignored the quoted text on purpose or accidentally? I was talking about investigative techniques. They are not specific to cryptocurrencies.

Re:

[bloodhawk]

They most definitely ARE specific to crypto currency. The nature of crypto currency leaves a permanent trail for investigators to follow that doesn't need to rely on questioning suspects or gathering witness reports and evidence. It is all their in 1's and 0's as a permanent record. The only additional piece they need is to find an intersect where the criminal used a wallet to purchase something physical or linked a name.

Re: Techniques

[gnasher719]

An undercover agent making a purchase is not entrapment. The seller would have sold to anyone. Leaving a car unlocked with keys in the ignition and waiting for thieves is also not entrapment, they would have stolen the car of some idiot driver as well. Itâ(TM)s entrapment if police talk someone into a crime who wouldnâ(TM)t have done it by themselves.

Re:

[cusco]

So pretty much every "terrorist" attack that the FBI and Fatherland Security has supposedly stopped?

Cryptocurrencies != money laundering

[SchroedingersCat]

Some people just don't understand that cryptocurrencies and money laundering are not the same thing.

clueless author

[bloodhawk]

When Bitcoin first appeared in 2008, one fundamental promise of the cryptocurrency was that it revealed only which coins reside at which Bitcoin addresses — long, unique strings of letters and numbers — without any identifying information about those coins' owners

completely clueless author, bitcoin never promised any such thing, in fact it promised the opposite, complete and totally transparent wallets and transactions where every transaction for all time can be traced to each and every wallet which of course means if you ever link your name or address through a purchase you are identifiable.

Re:

[PPH]

and every wallet which of course means if you ever link your name or address through a purchase you are identifiable.

The smart criminals will not use exchanges, will use dead drops for physical deliveries and will generate a new wallet for each transaction. Stupid criminals won't do these things. And they will make videos of themselves committing the crime.

Re:

[gweihir]

Ah, yes. Those that film themselves committing a crime and then post that video on social media. Some people seem to strive to be the dumbedst morons possible.

Re:

[Mal-2]

And then there's a whole other class that thinks what they're doing is not only legal, but morally obligatory, so they film their "light treason".

Re:

[PPH]

not only legal, but morally obligatory

Doubleplusstupid.

Re:

[Geoffrey.landis]

No it wasn't a lie. users can be anonymous as long as they never attach a physical address or name to a wallet through purchases.

In other words, you can be anonymous as long as you never use your bitcoins for anything.

Re:

[djinn6]

you can be anonymous as long as you never use your bitcoins for anything.

Only if by "anything" you mean tying it to your real identity.

Anyone can run a node through a VPN or Tor, create a wallet, earn Bitcoins anonymously e.g. by building a website or creating digital art, then send those to a child-porn site in exchange for digital downloads (again through a VPN, Tor or Freenet).

No, you can't buy a pizza with it directly, as the pizza shop needs to know where to deliver the pizza and they're most likely in the same legal jurisdiction as you and is subject to subpoenas. You can

Re:

[keithdowsett]

You can remain anonymous until you actually cash them out in a country where the exchanges are required to ID their customers.

If I was a crook I'd be taking holidays in countries where you can cash out bitcoins anonymously, then convert the cash into something tangible that I can take home in my hand luggage.

just use a third world laundry [Re:clueless author

[Geoffrey.landis]

You can remain anonymous until you actually cash them out in a country where the exchanges are required to ID their customers.

There are few countries left that have financial systems allowing foreigners to come in and launder money anonymously. I'd say that a "currency" that requires you to fly to a third world country to spend your money is not terribly useful.

and you don't think that when the FBI tracing the bitcoins sees a big withdrawal in a third-world bank, they might not check flight records to see who flew there and then flew back the next day?

If I was a crook I'd be taking holidays in countries where you can cash out bitcoins anonymously, then convert the cash into something tangible that I can take home in my hand luggage.

If you have a suggestion for a instrument of value that can be easily smuggled a

Re:

[gweihir]

Completely clueless author, completely clueless users. BC is 99% hype, 1% substance and most people already struggle to understand simple things.

Re:

[thegarbz]

I think you may have reading comprehension difficulties since you repeated exactly what the author did. Bitcoin (by your own admission) tracks only the movement of money between wallets. Those wallets are not intrinsically linked to *any* personally identifiable information.

You said it yourself, it's up to you to dox the wallet by linking yourself to a purchase. The article compared it to cash. This is very much like using cash, it's up to you to then requesting a personally addressed invoice from your prov

The Web's biggest child abuse site

[DontBeAMoran]

reddit?

Re:

[Anonymous Coward]

Nah, definitely christianity.com

Its almost like

[hdyoung]

A system based on a permanent, immutable transaction record maybe, just maybe isnt the smartest system for criminals to use. No possibility that could bite you in the ass years later, amirite? Whowouldathunk that criminals might not be the brightest bulbs in the room.

Fascinating implications

[az-saguaro]

Early Slashdot posts in response to this article include some comments like:

> "Most crypto-currencies have a public ledger, i.e. the blockchain itself. That's not the weak part of the system, that's how it was designed. The weak point is those idiots leaving trails between the blockchain and real-world bank accounts, just like dumb regular non-cyber criminals." ... and ...

> "So, how is any of the above specific to cryptocurrency? The same thing applies to cash, or blood diamonds, or dirty gold, or whatever else nefarious people use to avoid bank transactions."

But, the original article is an interesting read:
https://www.wired.com/story/tr... [wired.com]

Key points are several, including that a massive child pornography site could be brought down not by usual criminal investigation, but by financial "follow the money" investigation. This case was solved by the IRS, not the FBI. "Follow the money" was possible because of weaknesses in the block chain ledger, the metadata if you will, that was not part of the blockchain design but benefits forensic investigation.

There was some of "idiots leaving trails", such as:
> " every thumbnail image on the [porno] site seemed to display, within the site’s HTML, the IP address of the server where it was physically hosted ... Welcome to Video’s administrator seemed to have made a rookie mistake. The site itself was hosted on Tor, but the thumbnail images it assembled on its home-page appeared to be pulled from the same computer without routing the connection through Tor, perhaps in a misguided attempt to make the page load faster."

But, the article explains various ways that blockchain transactions could be correlated in time, address clusters, cash out exchanges, and a variety of event tracking information that could be correlated using forensic tools that the average user would not have.

The follow-the-money-approach had its limitations, as in:
> "Those 337 arrests still represented only a small fraction of Welcome to Video’s total registered users ... the server data ... had found thousands of accounts on the site. But the vast majority of them had never paid any bitcoins into the site’s wallets. With no money to follow, the investigators’ trail usually went cold."
But, the law was still able to find the site's operator and its most egregious content creators.

This situation also has ramifications for other parts of the legal system and for cryptocurrency, as in:
> "He’d pleaded guilty to possession of child sexual abuse materials, but he also appealed his conviction ... because IRS agents had identified him by tracking his Bitcoin payments—without a warrant—which he claimed violated his Fourth Amendment right to privacy and represented an unconstitutional “search". A panel of appellate judges rejected it, in a nine-page opinion setting down a precedent that spelled out in glaring terms exactly how far from private they determined Bitcoin’s transactions to be.
> "Every Bitcoin user has access to the public Bitcoin blockchain and can see every Bitcoin address and its respective transfers. Due to this publicity, it is possible to determine the identities of Bitcoin address owners by analyzing the blockchain,” the ruling read. “There is no intrusion into a constitutionally protected area because there is no constitutional privacy interest in the information on the blockchain.”
> "A search only requires a warrant, the American judicial system has long held, if that search enters into a domain where the defendant has a “reasonable expectation of privacy.” The judges’ ruling argued that no such expectation should have existed here: The defendant wasn’t caught in the Welcome to Video dragnet becaus

Re:

[Petr Blazek]

THANKS!

Re:

[Xylantiel]

Yeah, bitcoin is actually a public-ledger bank account, not "digital cash" as some appear to mistakenly believe. I agree with the sentiment that in some sense these are interesting side effects of courts just stating the obvious - that no search warrant is needed for a public ledger so it can easily be used as evidence with built-in authentication.

There are many ways in which bitcoin falls short, but one is that anybody with a brain would soon realize that there are a lot of down sides to a public ledger

What an excellent article

[thebeastofbaystreet]

No clickbait, relevant details, good structure. Well worth 15 minutes of your time to read.

Re:

[keithdowsett]

Yep, I spent fifteen minutes learning about the screwups that led to these lowlifes being caught. One of the best articles I've read through Slashdot.

But, from TFA it sounds like some scumbags could have built up credit on the site by uploading their own videos, then downloaded other videos without ever owning a bitcoin. I hope that the child protection people will be able to find their victims from the videos, arrest the abusers the old fashioned way (with heavy use of a night stick), then lock them away

Re:

[ET3D]

Agreed, and thanks for posting this. I might not have gone and read it if not for your comment. It was truly interesting, regardless of the Bitcoin connection. Of course, that was interesting as well.

"Counter-intuitive"?

[gweihir]

What is counter-intuitive about a complete public record of all transactions ever being public and complete and showing all transactions ever? I mean you just need to read a somewhat accurate description of BC to immediately see that yes, it can be anonymous, but one transaction can already be enough to identify the owner of a wallet.

People are fucking stupid and ignore facts that stare them in the face.

Re:

[cusco]

People are fucking stupid and ignore facts that stare them in the face.

This is rarely more blatant than at election time, in any country.

Re:

[account_deleted]

Comment removed based on user account deletion

"participants can be anonymous"

[ayesnymous]

Sounds like "Satoshi Nakamoto" is someone at the FBI

Great

[toutankh]

Now that we've established that bitcoin transactions can be traced, please take care of ransomware too.

Re:

[keithdowsett]

Not going to happen in the current political situation. I doubt anyone in the western world will get co-operation from the Russian authorities to shut them down any time soon.

If you have nothing criminal to hide however....

[Kwirl]

then bitcoin really is a great idea, right?