Wednesday, February 4, 2015

How to Launder Stolen Bitcoins

Bitcoin’s main problem is that every transaction is public. Such a feature makes it difficult to launder stolen bitcoins. Take this $5m thief as the example. The person controlling 19,000 of Bitstamp’s coins has a problem. Anyone can follow the coins as they move between addresses. Lucky for them (or not as we’ll see), there exist tools to assist in hiding, disguising, and making it difficult to prove where your bitcoins originate.
Mixers combine your coins with the coins of others. Everyone sends coins to a central address. The mixer sends a transaction back to each user from the key controlling the central address. When stolen coins mix with ‘clean’ coins, they become difficult to track.
Coin Tumblers swap coins between users.  A Tumbler will mix coins, send transactions with various amounts to keys it controls; attempting to simulate other network transactions.  Sending a tumbler 1BTC may result in you receiving multiple, smaller, transactions in return over a short time. The bitcoins returned to you will have been combined, split and transacted many, many times. Taint is the probability of tracing coins back to any given address after mixing and tumbling.
CCN
A Google search will turn up half a dozen of these coin washing services. Many are a combination of the preceding concepts. The majority offer themselves to consumers as anonymizers protecting privacy. Whether they are tools for crime or a defense against tyrants remains in the hand of the user. As Cody Wilson, co-founder of the anonymous Bitcoin wallet ‘Dark Wallet’, has said “Liberty is a dangerous thing.”
Also read: Cody Wilson: I Will Wrestle the Bitcoin Foundation to its Suicide
Regardless of their deployment, these methods are not without weaknesses. Further, still, there are other ways to launder stolen bitcoins that may not require any extra services at all. Bitcoin mixes coins in transactions all the time. You’ve probably already done it dozens of times and never noticed.

How Tumblers Launder Stolen Bitcoins

Heap of moneyA Bitcoin Transaction contains inputs and outputs. Inputs reference previous payments made to you. Outputs spend the coins by transferring ownership to a new address. A tumbler can launder stolen bitcoins by mixing and distributing them to other people and back to you.
Alice has previously received three payments.
1 BTC she bought on Coinbase,
2 BTC from her online store, and
3 BTC for selling weaponized wormhole technology to North Korea.
Alice controls 6 BTC with the keys in her wallet. If Alice sent all 6BTC in one transaction it’s not only reasonable, it’s likely, that someone analyzing the block chain will assume the same individual controls those keys. The transaction would join the Coinbase BTC and North Korea BTC in the same transaction with her online store proceeds as the inputs. Worse, still, if they are a government organization or Coinbase, they will be able to trace back the 1 BTC from Coinbase included in Alice’s transaction. Effectively, Alice is no longer anonymous, and her last transaction ties her to arms dealing with North Korea. Poor Alice.
Even if Alice were not laundering stolen bitcoins (or her North Korean coins), sending her coins through a tumbling service as she received them, she could have a higher chance of maintaining her anonymity.
launder stolen bitcoins tumblers
The expertly made graphic demonstrates. Multiple users send their coins to the tumbler. The coins will be mixed, then split to many addresses, mixed to small groups, mixed to large groups, sent out again, etc. Over time, Alice will receive a number of payments totaling close to her original amount (minus the tumbler fees). Then, Alice could check blockchain.info’s taint analysis for her addresses and see the chances of being connected to her pre-tumbled coins.

Coin Mixing to Launder Stolen Bitcoins

If you’re planning to steal from an exchange and planning to launder stolen bitcoins through mixing here is how that works. In the section on tumbling stolen coins, Alice could potentially dox herself anytime she mixes coins she purchased from an exchange with other coins she controls.
Bitcoin Core developer Gregory Maxwell first described a new style of transaction, CoinJoin, that uses the same principle that connected Alice’s bitcoin keys. It was not developed to launder stolen bitcoins but protect privacy. The concept takes things many steps further. Transaction inputs are completely independent of each other. If a transaction contains one input from Alice and one input from Bob, they both must sign the transaction for it to be valid. Instead of a transaction containing only Alice’s inputs and outputs, a CoinJoin transaction contains inputs and outputs from many groups of people.
A group using CoinJoin agrees on a transaction ahead of time. Until everyone in the group signs the transaction, it is invalid. Including multiple people in a transaction makes it much more difficult to link other keys together based on the transaction alone. If Alice includes Bob in a CoinJoin transaction, it becomes more difficult to chip away at the walls of anonymity.

More Ways to Launder Stolen Bitcoins

These two principles to launder stolen bitcoins rely on the fact that bitcoins do not exist. The balance of bitcoins anyone controls are just numbers recorded in the block chain. When combined with a transaction, it is akin to adding “2 + 2″ and breaking apart the resulting “4” into “1;1;1;1″ There is no way of proving “Each ‘1’ is an equal quarter of each ‘2’ added to get ‘4’” or any other denomination.
The current Alpha release of Dark Wallet supports Stealth Addresses, in addition to CoinJoin and Multisig. A Stealth Address is another privacy-related feature in the works for Bitcoin. They don’t launder funds, so much as break the usual chain of custody the block chain provides for tracking bitcoins. Also, exchanges that implement hot/cold wallets can function as tumblers and mixers if users deposit and withdrawal from the same hot wallet
It’s important to end with the weaknesses. Both of these systems relies on a foundation of “legitimate” users to effectively launder stolen bitcoins. If the hacker, who stole BitStamp’s coins, were to offload all 18,000 bitcoins on the same tumbler or mixer at the same time, their volume would overwhelm the obfuscation they hope to attain. Similarly, including 18,000 stolen bitcoins in a CoinJoin with 100 other bitcoins would just give everyone highly tainted coins. It would take some time and effort to launder so many.
Disclaimer: If your goal is to launder stolen bitcoins and you rely on this article as your sole source you will fail.
Images from the author and Shutterstock
https://www.cryptocoinsnews.com/launder-stolen-bitcoins/

No comments:

Man in the Rain