Cryptocurrency addresses can feel like an investigative dead end due to the belief of anonymity. As with most things in research and investigations, it’s not that simple or easy: cryptocurrency addresses and transactional details can be attributed to a person’s name, physical location, IP address, email address and other identifying information.

Any new technology eventually finds its way into crime creating new crimes and new ways to commit old crimes. To adapt to this, researchers and investigators must first understand the technology and learn how to apply existing tools and techniques. They then need to learn how to integrate new tools and techniques into their research and investigations. This starts by demystifying the new technology and understanding the technical truths and fallacies.

Cryptocurrency has introduced a new way to exchange value between individuals and is being used to facilitate traditional crimes ranging from murder to financial fraud to human and drug trafficking. The nature of the crimes and the exchange of value has not changed, but a new technology has introduced a new method of facilitating existing crimes with the belief that criminals can hide behind this technology. As with most things in life, it’s not that simple: people can hide behind cryptocurrency, but they can also be found.

What is a cryptocurrency address?

To understand how cryptocurrency relates to anonymity it is first important to understand blockchain addresses. Although commonly referred to as a “cryptocurrency address,” it is actually a “blockchain address” because at its most basic level an address points to a specific destination on a blockchain. In a cryptocurrency transaction, blockchain addresses represent the sender and receiver. These addresses are similar to a physical mailing address and email addresses.

Each blockchain protocol handles addresses differently, but the basics are the same. Each blockchain protocol (e.g. Bitcoin, Ethereum) uses a cryptographic protocol to generate a series of seemingly random characters that become an address.

In the case of Bitcoin, addresses are between 26 and 35 alphanumeric characters and always start with “1”, “3” or “bc1”. These first few characters determine the type of bitcoin address.

Unlike Bitcoin, the Ethereum protocol uses hexadecimal to represent addresses. This means that Ethereum addresses always start with “0x” to indicate the use of hexadecimal and only utilizes the characters 0 through 9 and A through F. Similar to Bitcoin addresses, the next 40 characters (for a total of 42 characters) of an Ethereum address are random and generated according to the cryptographic protocol used by Ethereum. These addresses are also known as ERC-20 addresses, ERC-20 being the technical standard used by Ethereum.

With the Monero blockchain, addresses are a string of 95 characters starting with “4”. Similar to Bitcoin, Monero uses the full suite of alphanumeric characters: 0 through 9 and a through z.

Examples of these three types of addresses:

  • Bitcoin

bc1qtt04zfgjxg7lpqhk9vk8hnmnwf88ucwww5arsd

  • Ethereum

0x532Fb5D00f40ced99B16d1E295C77Cda2Eb1BB4F

  • Monero

4AcQxuMBUfJM7uAWpZP1Vs1BzQLC1QR6zZL3sMYdBuayWmpZHmaVYo7EQ3cSneyHYf2LRKJnRtrGz5ogZzjmmGygAyusEcJ

Blockchain addresses are often confused with cryptocurrency wallets. The “wallet” analogy is a bit of a misnomer because cryptocurrency wallets do not actually hold cryptocurrency. A better analogy would be a “keychain” as cryptocurrency wallets hold the cryptographic private keys that control or unlock a public blockchain address and allow access to the associated cryptocurrency balance or other stored digital assets.

What fuels the belief that blockchain addresses and cryptocurrency wallets are anonymous is that there is no direct association between the addresses and personal identifiable information (PII), such as names, social security numbers, mailing addresses, etc. With U.S. regulated cryptocurrency exchanges, such as Coinbase and Gemini, a user’s blockchain addresses are directly linked to PII in the same manner as U.S. regulated bank accounts. But with wallets and addresses handled outside of regulated exchanges, there is no technical requirement in blockchain protocols to require additional information about the owner of a digital asset to be included with the address. This provides the perception of anonymity in cryptocurrency transactions.

Cryptocurrency and crime

Any new technology breeds new crimes and new ways of executing or facilitating existing crimes. This can be seen with the advent of automobiles through the invention of the Internet. Cryptocurrency, or any digital asset, is no different. One of the signs that a technology is normalizing within society is its use in committing crimes, specifically unsophisticated crimes, such as traditional violent crimes and trafficking of people and drugs. A new technology becomes another tool to facilitate old crimes.

For example, a custody battle between divorcing parents resulted in one parent turning to the dark web to find a murder-for-hire site. This individual used a dark web site to pay $4,000 in bitcoin in an attempt to have their ex-spouse murdered. The website was actually used to defraud its customers and was discovered by BBC reporters who in turn notified the intended victim. The individual eventually plead guilty to “Use of Interstate Commerce Facilities in the Commission of Murder-for-Hire” in federal court.

More broadly, a U.S. Government Accountability Office report on the use of “virtual currencies” in human and drug trafficking documents the increase of human and drug trafficking, the use of virtual currencies and the intersection of the two. The concern about the exchange of digital assets for criminal purposes is highlighted throughout the report and is another indicator that the use of cryptocurrency and other digital assets to facilitate criminal activity is being normalized.

A 2022 report released by Chainalysis, a firm assisting researchers and investigators in analyzing blockchain transactions, highlights that although the use of cryptocurrency in facilitating criminal activity is increasing, the legitimate use of cryptocurrency is growing at a faster rate. Specifically, cryptocurrency addresses believed to be used for illicit activity increased 79% to $14B from 2020 to 2021, while the total cryptocurrency transaction volume was up 567% to $15T over the same period.

These examples are evidence of the normalization of cryptocurrency as a technology and that its use in criminal activity will likely continue in correlation, thus showing the importance for researchers and investigators to understand that a cryptocurrency address is not anonymous nor is it a dead end in an investigation.

The (pseudo)anonymity of cryptocurrency

With cryptocurrencies, the new advantage is the ability to transfer value (i.e. money) with anyone on the Internet without the need or oversight of centralized banking (e.g. the U.S. Federal Reserve). This gives a perception of transactional anonymity and privacy that can be disproved by repurposing existing tools, as well as creating new tools to aid researchers and investigators.

Yes, creating and using blockchain addresses and wallets does not require personal identifiable information, but this does not make this technology anonymous. As documented in the original Bitcoin white paper, pseudonymity is built into the Bitcoin protocol. Sending and/or receiving bitcoin is similar to writing under a pseudonym. The original white paper recommends using new addresses for each transaction to help preserve this pseudonymity, but acknowledges that the linking of transactions could reveal the owner.

“As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.”

– Bitcoin: A Peer-to-Peer Electronic Cash System

Because of the pseudonymous nature of Bitcoin, alternate cryptocurrencies have been developed in an attempt to provide a true degree of anonymity or at least a degree of privacy in transactions. Note that “anonymity” and “privacy” are not the same. For example, your bank and credit card transactions are private because the bank doesn’t release your transaction data publicly. Bitcoin transactions are closer to anonymous, but are not private because transactions are broadcasted to the Bitcoin network and stored in the public blockchain ledger. Other cryptocurrencies have worked to provide true anonymity and/or privacy.

Dash is an alternative to Bitcoin (altcoin) that was developed with privacy in mind. Built-in privacy functions, known as PrivateSend, which functions as a built-in mixing service that exchanges user transactions to decouple sequential transactions. Monero is another alternative to Bitcoin that addresses privacy and traceability. Specifically, Monero obfuscates the origin/destination and transaction amounts for a degree of privacy and to reduce traceability. Zcash takes a hybrid approach by keeping transactions private, while allowing the transaction owners to share transaction details with third parties. This is done with the aim of providing privacy while allowing for compliance with audits.

The anonymity of blockchain technology is largely dependent on the blockchain protocol in question. While the Bitcoin protocol makes no claims to true anonymity, other blockchain protocols have been designed to preserve anonymity and/or privacy. But, as with cover identities and VPNs, improper tradecraft can expose information that erodes the intended anonymity of users. With strong open-source intelligence (OSINT) techniques and traditional forensic accounting practices, the anonymity of blockchain addresses can be peeled back and these addresses can be attributed to personal identifiable information that eventually leads to a specific individual.

Cryptocurrency is not an investigative dead end

Cryptocurrency as a technology is normalizing in society, as well as in criminal activity, especially on the dark web. Whether it’s being used for money laundering, fraud or human and drug trafficking, there is a strong belief that cryptocurrency is anonymous. But cryptocurrency is actually part way between the anonymity of traditional cash and the identification requirements of bank and credit card accounts. People behind cryptocurrency transactions can be found using OSINT techniques, traditional forensic accounting, and blockchain analysis tools. Cryptocurrency addresses are not a dead end to investigations, but another piece of lead information. Due to the persistence of a blockchain ledger, the information is always available.

With the right tools in the hands of researchers and investigators, a cryptocurrency address is not a dead end but an additional, valuable lead information. OSINT techniques, traditional forensics accounting and blockchain analysis tools can successfully identify the individuals involved in cryptocurrency transactions.

Tags
Cryptocurrency Dark web research OSINT research