"Your Sloppy Bitcoin Drug Deals Will Haunt You for Years"

From Wired, January 26:

Perhaps you bought some illegal narcotics on the Silk Road half a decade ago, back when that digital black market for every contraband imaginable was still online and bustling. You might already regret that decision, for any number of reasons. After all, the four bitcoins you spent on that bag of hallucinogenic mushrooms would now be worth about as much as an Alfa Romeo. But one group of researchers wants to remind you of yet another reason to rue that transaction: If you weren't particularly careful in how you spent your cryptocurrency, the evidence of that drug deal may still be hanging around in plain view of law enforcement, even years after the Silk Road was torn off the dark web.

Researchers at Qatar University and the country's Hamad Bin Khalifa University earlier this week published findings that show just how easy it may be to dredge up evidence of years-old bitcoin transactions when spenders didn't carefully launder their payments. In well over 100 cases, they could connect someone's bitcoin payment on a dark web site to that person's public account. In more than 20 instances, they say, they could easily link those public accounts to transactions specifically on the Silk Road, finding even some purchasers' specific names and locations.

"The retroactive operational security of bitcoin is low," says Qatar University researcher Husam Al Jawaheri. "When things are recorded in the blockchain, you can go back in history and reveal this information, to break the anonymity of users."

Bitcoin's privacy paradox has long been understood by its savvier users: Because the cryptocurrency isn't controlled by any bank or government, it can be very difficult to link anyone's real-world identity with their bitcoin stash. But the public ledger of bitcoin transactions known as the blockchain also serves as a record of every bitcoin transaction from one address to another. Find out someone's address, and discovering who they're sending money to or receiving it from becomes trivial, unless the spender takes pains to route those transactions through intermediary addresses, or laundering services that obscure the payment's origin and destination.

But few if any researchers have actually documented their work to exploit those properties of bitcoin and count identifiable dark web transactions. To do so, the Qatari researchers first collected dozens of bitcoin addresses used for donations and dealmaking by websites protected by the anonymity software Tor, run by everyone from WikiLeaks to the now-defunct Silk Road. Then they scraped thousands of more widely visible bitcoin addresses from the public accounts of users on Twitter and the popular bitcoin forum Bitcoin Talk.

By merely searching for direct links between those two sets of addresses in the blockchain, they found more than 125 transactions made to those dark web sites' accounts—very likely with the intention of preserving the senders' anonymity—that they could easily link to public accounts. Among those, 46 were donations to WikiLeaks. More disturbingly, 22 were payments to the Silk Road. Though they don't reveal many personal details of those 22 individuals, the researchers say that some had publicly revealed their locations, ages, genders, email addresses, or even full names. (One user who fully identified himself was only a teenager at the time of the transactions.) And the 18 people whose Silk Road transactions were linked to Bitcoin Talk may be particularly vulnerable, since that forum has previously responded to subpoeanas demanding that it unmask a user's registration details or private messages. "You have irrefutable evidence mapping this profile to this hidden service," says Yazan Boshmaf, another of the study's authors....MORE