A notice to people using Bitcoin for illicit purposes: you can run, but it’s getting a lot harder to hide. Law enforcement officials are using Bitcoin’s public ledger, called the blockchain, to follow the digital money and track down suspected criminals using it.
As the most popular cryptocurrency, Bitcoin has helped fuel the rise of ransomware attacks—extortion schemes, like the recent WannaCry cyberattack, in which hackers hold the contents of a victim’s computer hostage until they get paid. Criminals can use Bitcoin to collect ransoms easily and without having to reveal their identities. The currency has also been associated with online drug sales, money laundering, and sex trafficking.
But while Bitcoin users can withhold their identities, they can’t avoid revealing other information that can be useful to investigators. Every Bitcoin transaction is recorded on its blockchain, a publicly accessible record of all transactions made using the currency. Blockchains “provide a really useful source of truth,” says Jonathan Levin, cofounder of Chainalysis, which develops software tools for analyzing blockchain data. Its products can help investigators draw inferences about how people are using the currency.
Chainalysis combines its analysis with other publicly available information to identify users through the unique strings of numbers they use on the blockchain, called addresses, and then map how they move funds around. This technique can be used to do things like identify the Bitcoin exchanges where the users of a gambling site are converting their bitcoins into dollars (see “Mapping the Bitcoin Economy Could Reveal Users’ Identities”).
Chainalysis’s tools are clearly valuable to criminal investigators. Since 2015, the company has supported investigations by the U.S. Internal Revenue Service, the Federal Bureau of Investigation, the Securities and Exchange Commission, the Drug Enforcement Administration, Immigration and Customs Enforcement, and Europol. In most cases, says Levin, investigators turn to Chainalysis when they already have some kind of lead, like a Bitcoin address they found among a suspect’s possessions. If they can determine that a suspect is using a particular exchange, they can use a court order get more information from that exchange.
The government is also interested tracking the flow of funds on the blockchain to determine whether merchants that accept Bitcoin are reporting it and paying proper taxes, says Danny Yang, founder of BlockSeer, which also develops Blockchain analytics tools and supports law enforcement investigations.
Cryptocurrency exchanges are becoming customers of analytics firms too. In many places it’s unclear the degree to which exchanges are required by law to know their customers and make sure they aren’t laundering money, as is required of traditional banks. But it’s difficult for exchanges to open bank accounts if they don’t understand who their customers are. And if the government is able to see that criminals are using certain exchanges, the exchanges want to be able to see that too, says Yang.
The news isn’t all good for law enforcement, though. There are ways to confuse investigators, such as using so-called mixing services, which take bitcoins from many users and mix them up before sending them back out to different addresses at different times. More important, some newer cryptocurrencies, prominently Zcash and Monero, are designed to conceal the information that Chainalysis, BlockSeer, and others use to follow the money.
Savvy criminals are already migrating to these untraceable systems. Last month, Chainalysis confirmed that WannaCry hackers were able to convert a portion of their ransom payouts from Bitcoin to Monero before the service they were using blacklisted their addresses.