Lecture 8 - Cryptocurrency Crime And Investigation

Question 1

How does a BitCoin Transaction work?

Answer 1

Say person A wants to send 2BTC to person B. Person A has 3 inputs of 0.6BTC, 0.5BTC, and 1.25BTC (total 2.35BTC). All the inputs are taken, with 2BTC being sent to person B, and 0.35BTC being sent to person A (or even another person) as Unspent Transaction Output (UTxO)

Question 2

What are CoinJoins, and how do they work?

Answer 2

Multi-Signature Transactions. They allow users to come together in a single transaction to send/receive Bitcoin across multiple parties.

They break heuristics deployed to track users.

Question 3

What are mixers? Give an example of one.

Answer 3

They take bitcoin from many users, then mixes them using multiple transactions to add layers, before sening them back to users.

Chipmixer is a popular example where users receive chips in exchange for Bitcoin (1 chip = 0.01BTC). Once bitcoin is mixed, users spend the chips to get different Bitcoins back, likely into a new wallet

Question 4

Explain bridges

Answer 4

Very difficult to trace on blockchain networks.

Monero is commonly used to obfuscate origin/desintation of bitcoin. A Bitcoin/Monero bridge uses a smart contract to allow users to convert crypto without an exchange. The bridge uses unqiue deposit address for the sender, and upon receipt the bridge sends Monero to an address provided to the user

Question 5

Why do criminals use mixers, coinjoins, and bridges?

Answer 5

To try and break heuristics tracking transactions and coins, and to attempt to outsmart machine-learning algorithms trying to find similarities between illicit transactions

Question 6

How can we analyse blockchains?

Answer 6

Blockchains are public, allowing you to navigate and cluster transactions, however there are several products available to assist.

Question 7

List some Blockchain Analysis companies

Answer 7

Chainanalysis - cryptocurrency tracking, transaciton monitoring, address screening

Ciphertrace (Mastercard) - risk control, VASP risk scoring, financial investigations, AML

Elliptic

TRM Labs

Crystal Lite

Question 8

What can we use transactions for when investigating the blockchain?

Answer 8

There can be the assumption that the smallest output of a transaction belongs to the original sender

Cluster transactions from the same user

Link mixed transactions by watching spending

Question 9

What happened in the BitFinex hack?

Answer 9

$72mn (119,756BTC) stolen. The hackers waited a while to move it, before sending it to Alpha bay, converting to Monero, then back to BTC. They used false IDs and different email addresses, but the IPs were linked back to the same person