TY - JOUR
T1 - Context matters: Methods for Bitcoin tracking
AU - Tironsakkul, Tin
AU - Maarek, Manuel
AU - Eross, Andrea
AU - Just, Mike
N1 - Funding Information:
A transaction fee is an incentive provided by transaction initiator(s) to miners to prioritise confirming the transaction into the blockchain. A transaction fee is calculated from the difference between the total number of Bitcoins in transaction inputs and transaction outputs in a transaction (Nakamoto, 2009) (e.g., a transaction with 2 BTC input and 1 BTC output has a transaction fee value of 1 BTC). Typically, the recommended transaction fee rate that Bitcoin miners charge is calculated from the data size of the transaction and the number of transactions that are currently waiting for confirmation at the time.Meanwhile, the FIFO, LIFO, and TIHO strategies in the TCAP results show a substantial change in the transaction fee size ratio, compared to the Dirty-First strategy. The FIFOAP results generally show an increase in the transaction fee size ratio and exceed the daily average for many sample cases. Intriguingly, the LIFOAP and TIHOAP results are significantly different from the FIFOAP results, as they seem to exhibit a transaction fee size ratio remarkably close to the daily average and the CGAP results for most sample cases. These results may indicate that the results of the two strategies contain a large number of transactions performed by a similar type of entity, which we assume can be either unidentified services or PETs. The reasoning for this assumption is that services and mixers (as mentioned in Section 3.1.2) tend to combine their Bitcoins into transaction outputs with a large number of Bitcoins and transfer them to their users in a “peeling chain”. Hence, the TIHO strategy that prioritises distributing tainted Bitcoin to the output with the highest value would keep following change outputs that belong to the services. Change outputs are also often the last outputs in the transactions as many wallet clients create transactions by putting change outputs after spending outputs by default (Atlas, 2015).The transaction fee metric results do not support our H6 hypothesis that the transactions in Bitcoin theft cases would have a high transaction fee in this experiment. Nevertheless, the transaction fee metric results illustrate a clear change in transaction fee behaviour, especially between the Dirty-First and the FIFO, LIFO, and TIHO strategies. The changes in transaction fee behaviour after clean Bitcoins mixing are likely an indication that the transactions with clean Bitcoins are performed by different entities, which support our hypothesis of clean Bitcoin mixing.
Publisher Copyright:
© 2022 The Authors
PY - 2022/11/2
Y1 - 2022/11/2
N2 - Bitcoin and other cryptocurrencies are well-known for their privacy properties that allow for the “anonymous” exchange of money. Bitcoin tracking with taint analysis remains challenging as it does not account for the change in Bitcoins' ownership or the usage of Privacy-Enhancing Technologies (PETs) to obscure Bitcoins' movement, and often produces unessential incidents with transactions unlikely to be related to the targeted activity. In this paper, we propose to improve the Bitcoin taint analysis tracking process that adapts to the context of address ownership and avoid following unrelated transactions. First, we introduce an approach in which we incorporate Bitcoin taint analysis with address profiling. Second, we propose two context-based taint analysis strategies. Third, we introduce a set of metrics using hypothesised behaviours related to illegal Bitcoins and recognisable patterns within the blockchain. We conducted an experiment using sample data from known Bitcoin theft cases to illustrate and evaluate the approach. The results on address profile integration reveal distinct transaction behaviours in tracking theft cases following all the metrics, such as address reuse, address size and transaction fee payment. One of the context-based tracking strategies, Dirty-First, shows positive potential for illustrating illegal Bitcoins’ spending and obscuring strategies. The majority of the six metrics we defined give distinct results in transaction behaviours between the theft cases and the control groups. Our context-based tracking methodology provides a solution for one of the shortcomings in the current Bitcoin tracking methodology and the next step for future cryptocurrency and cybercrime forensic research.
AB - Bitcoin and other cryptocurrencies are well-known for their privacy properties that allow for the “anonymous” exchange of money. Bitcoin tracking with taint analysis remains challenging as it does not account for the change in Bitcoins' ownership or the usage of Privacy-Enhancing Technologies (PETs) to obscure Bitcoins' movement, and often produces unessential incidents with transactions unlikely to be related to the targeted activity. In this paper, we propose to improve the Bitcoin taint analysis tracking process that adapts to the context of address ownership and avoid following unrelated transactions. First, we introduce an approach in which we incorporate Bitcoin taint analysis with address profiling. Second, we propose two context-based taint analysis strategies. Third, we introduce a set of metrics using hypothesised behaviours related to illegal Bitcoins and recognisable patterns within the blockchain. We conducted an experiment using sample data from known Bitcoin theft cases to illustrate and evaluate the approach. The results on address profile integration reveal distinct transaction behaviours in tracking theft cases following all the metrics, such as address reuse, address size and transaction fee payment. One of the context-based tracking strategies, Dirty-First, shows positive potential for illustrating illegal Bitcoins’ spending and obscuring strategies. The majority of the six metrics we defined give distinct results in transaction behaviours between the theft cases and the control groups. Our context-based tracking methodology provides a solution for one of the shortcomings in the current Bitcoin tracking methodology and the next step for future cryptocurrency and cybercrime forensic research.
KW - Address Profiling
KW - Bitcoin Tracking
KW - Cryptocurrency
KW - Taint Analysis
UR - http://www.scopus.com/inward/record.url?scp=85140987304&partnerID=8YFLogxK
U2 - 10.1016/j.fsidi.2022.301475
DO - 10.1016/j.fsidi.2022.301475
M3 - Article
SN - 2666-2817
VL - 42-43
JO - Forensic Science International: Digital Investigation
JF - Forensic Science International: Digital Investigation
M1 - 301475
ER -