Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency

by Andy Greenberg

Tor was the dark web’s active ingredient, providing a kind of double-blind anonymity. It was designed so that anyone could visit a dark web site who knew the site’s address—a long and random-seeming string of characters. But no visitor to that site could see where it was physically hosted, nor could the site identify the location of its visitors. Any third party snooping on their connection could learn nothing about the locations of the computers on either end.

There was a maxim in cryptography, often referred to as Schneier’s law after the cryptographer Bruce Schneier. It asserted that anyone can develop an encryption system clever enough that they can’t themselves think of a way to break it. Yet, like all the best conundrums and mysteries that had fascinated Meiklejohn since childhood, another person with a different way of approaching a cipher could look at that “unbreakable” system and immediately see a way to crack it and unspool a whole world of decrypted revelations.

With just a few hundred tags, she had put an identity to more than a million of Bitcoin’s once-pseudonymous addresses.

And based on just four deposits and seven withdrawals into wallets on the Silk Road, she was able to identify nearly 300,000 of the black market’s addresses.

As Meiklejohn had trawled cryptocurrency forums for discussions of interesting addresses worth scrutinizing, one mysterious mountain of money in particular stood out: This single address had, over the course of 2012, accumulated 613,326 bitcoins—5 percent of all the coins in circulation. It represented around $7.5 million at the time, a figure nowhere near the billions it would represent today, but a heady sum nonetheless. Rumors among Bitcoin users suggested that the hoard was possibly a Silk Road wallet, or perhaps the result of an unrelated, notorious Bitcoin Ponzi scheme carried out by a user known as pirate@40.

Large-scale cryptocurrency heists were, in early 2013, a growing epidemic. After all, Bitcoin was like cash or gold. Anyone who stole a Bitcoin address’s secret key could empty out that address like a digital safe. Unlike with credit cards or other digital payment systems, there was no overseer who could stop or reverse the money’s movement. That had made every Bitcoin business and its stash of crypto revenue a ripe target for hackers, especially if the holders of those funds made the mistake of storing their secret keys on internet-connected computers—the equivalent of carrying six- or seven-figure sums of cash in their pockets while strolling through a dangerous neighborhood.

“We demonstrate that an agency with subpoena power would be well placed to identify who is paying money to whom. Indeed, we argue that the increasing dominance of a small number of Bitcoin institutions (most notably services that perform currency exchange), coupled with the public nature of transactions and our ability to label monetary flows to major institutions, ultimately makes Bitcoin unattractive today for high-volume illicit use such as money laundering.”

But the day when the prosecution found the incontrovertible, public, and unerasable proof of Ulbricht’s Silk Road millions, argues Nick Weaver, remains a milestone in the history of cryptocurrency and crime. “That is the date,” Weaver says, “that you can state unequivocally that law enforcement learned that the blockchain is forever.”

a crucial feature of Bitcoin’s privacy properties had always been that the blockchain doesn’t store any information about internet protocol, or IP, addresses. After all, those computer identifiers, which allow internet data to be routed around the globe to the right machine, can reveal a user’s physical location, precisely the kind of personal data Bitcoin was meant to obscure.

A node that receives a Bitcoin transaction announcement can see the IP address of the computer that sent it. Even putting aside the blockchain analysis that was Chainalysis’s central focus, that meant Bitcoin nodes would possess a powerful, specific scrap of identifying information about whichever user had originated a money transfer.

So Møller and Gronager had the idea of setting up hundreds of their own nodes, ones that would sit on the Bitcoin network, receive transaction orders, and collect the IP addresses of the users who had sent them—a kind of vast, global sensor array.

Gambaryan checked, and it turned out the only layer of misdirection that had prevented curious observers from learning the location of BTC-e’s servers in the first place was a company called Cloudflare, a web infrastructure provider and security service that shielded the exchange’s IPs from prying eyes like Gambaryan’s.

One study a few years earlier by a researcher at the University of Portsmouth in England had found that while dark web drug markets represented the largest single category of dark web sites—about 24 percent of them—dark web traffic was dominated by visits to a far smaller number of child abuse outlets. Those CSAM sites accounted for around 2 percent of the dark web’s Tor-protected sites, yet patronage of those sites accounted for as much as 83 percent of the dark web’s visits.[*]

Helix and Bitcoin Fog both promised to blend together different users’ bitcoins and, after taking a commission, send them back with no forensic trail that could be tracked on the blockchain. In the end, IRS-CI busted both—using the very blockchain analysis techniques they were meant to defeat.

As bitcoin tracing had become a standard tool within law enforcement agencies, ransomware operators had by 2021 increasingly begun demanding that victims pay not in that decade-old cryptocurrency but in another digital coin called Monero. Designed by a pseudonymous cryptographer in 2013 and launched in 2014, Monero promised to integrate an arsenal of modern privacy and anonymity features that Bitcoin lacked. Using a collection of cryptographic tricks, Monero mixes every payment with a group of other transactions by default. It also hides the amount of every transaction from blockchain snoops and creates unique “stealth addresses” for every recipient—all of which makes it vastly more difficult to cluster addresses or identify the owner of a wallet.

The Italian presentation confirmed that Chainalysis can, in fact, identify the IP addresses of some wallets on the blockchain. It did so by running its own Bitcoin nodes, which quietly monitored transaction messages—the very practice that had led to the blowup on Bitcointalk in the company’s earliest days.

First, the slide explained, some wallets that use tools called Simple Payment Verification or Electrum—designed to avoid storing the entire blockchain—leak certain information with every transaction. Nodes that receive a transaction message from those wallets can see not only the user’s IP address but all of their blockchain addresses and even their wallet’s software version, a tidy bundle of identifying information. Chainalysis had code-named the tool they use to collect that wallet data Orlando.

It described a tool called Rumker, explaining that Chainalysis could use its surreptitious Bitcoin nodes for identifying IP addresses not only of individual users’ wallets but also those of unknown services—including dark web markets. “Although many illegal services run on the Tor network, suspects are often negligent and run their bitcoin node on...