Bitcoin and other cryptocurrencies are well-known for their privacy properties that allow for the “anonymous” exchange of money. Bitcoin tracking with taint analysis remains challenging as it does not account for the change in Bitcoins' ownership or the usage of Privacy-Enhancing Technologies (PETs) to obscure Bitcoins' movement, and often produces unessential incidents with transactions unlikely to be related to the targeted activity. In this paper, we propose to improve the Bitcoin taint analysis tracking process that adapts to the context of address ownership and avoid following unrelated transactions. First, we introduce an approach in which we incorporate Bitcoin taint analysis with address profiling. Second, we propose two context-based taint analysis strategies. Third, we introduce a set of metrics using hypothesised behaviours related to illegal Bitcoins and recognisable patterns within the blockchain. We conducted an experiment using sample data from known Bitcoin theft cases to illustrate and evaluate the approach. The results on address profile integration reveal distinct transaction behaviours in tracking theft cases following all the metrics, such as address reuse, address size and transaction fee payment. One of the context-based tracking strategies, Dirty-First, shows positive potential for illustrating illegal Bitcoins’ spending and obscuring strategies. The majority of the six metrics we defined give distinct results in transaction behaviours between the theft cases and the control groups. Our context-based tracking methodology provides a solution for one of the shortcomings in the current Bitcoin tracking methodology and the next step for future cryptocurrency and cybercrime forensic research.
|Journal||Forensic Science International: Digital Investigation|
|Publication status||Published - 2 Nov 2022|
- Address Profiling
- Bitcoin Tracking
- Taint Analysis