Tracking Bitcoin transactions and identifying people on the blockchain is no easy task, leaving law enforcement agencies worried about criminals using it to do their dodgy business in private.
That was the topic of discussion from the founder of Bitcoin data and analytics company Coinometrics, Jonathan Levin, at the recent Cryptocon event in Sydney.
“I hear a lot of people say ‘it’s a public blockchain, all the transactions are public’,” Levin said. “But having looked at it, it’s not so simple. It’s take a lot of extra data, a lot of metadata, to actually pin down the types of transactions and really make cases about what happened."
Bitcoin mixing or ‘tumbling’ — where users mix their funds with others, making it hard to trace the original source — and using multiple Bitcoin addresses makes it difficult to easily identify criminals who use Bitcoin to carry out their activities, Levin said.
“If someone is tracking me and they know my address, and know what I’m doing on the Bitcoin network, I might enter into some sort of chain of transactions to try and obscure my identity. It’s not going to be that easy when someone’s looking at the blockchain to know exactly what the purpose of every transaction is. And IP location is not foolproof.
“In order to actually analyse — based on users, on real world identities — you are going to need to have an ability to cluster these different pseudonyms [addresses] into individual identities.”
Levin said there are academic institutions and researchers looking into how the blockchain can be analysed to tack down a person, with Coinometrics also looking into this.
“One of the things that’s really important in this space is actually realising the connections between transactions. And for that we need visualisation techniques to try and look up flows of money or sources of funds, or anything like that,” Levin said.
“These things can expand at a very dramatic rate. A transaction could have 1000 outputs, each one of those transactions could be [sending] 1000 different transactions and then you’ve got a million transactions. So you have to have ways to cut that tree down, focusing in on particular types of transactions.”
Not being able to timestamp every transaction on the blockchain is another is problem area, Levin said.
“Bitcoin is structured into blocks. Valid transactions are put into blocks which go out to the network roughly every 10 minutes. But from the point of the transaction actually being broadcast on the network to inclusion in the block can take an hour, two hours, could take a minute — we are not really sure.”
He said Coinometrics is working on timestamps to help filter large volumes of bitcoin transactions.
“If someone said to you ‘we know this person made a transaction midday on the 13th of March’, if you go back into the blockchain now you might have to look at maybe a six or seven hour window and you might get confused with lots of false positives.”
Levin said there has been a lot of operational failures with Bitcoin, citing a study by computer scientists Tyler Moore and Nicolas Christin from 2013 that showed about 45 per cent of 40 Bitcoin exchanges failed.
“If you can find vulnerabilities in Bitcoin exchanges, you could make tons of money. And it’s not that difficult, compared to, say, finding bugs in Google’s source code.”
Levin stressed that he did not want to divert people from the opportunities a decentralised currency like Bitcoin could offer businesses and individual consumers, but said that “it would be quite bad for us to suddenly wake up one day and ask ‘how could this technology be harnessed for criminal activity?’”
“Because Bitcoin mining is software to be run on computers, there’s been a great incentive to invent malware that essentially hijacks computers in order to perform an activity,” Levin said.
Follow Rebecca Merrett on Twitter: @Rebecca_Merrett
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.