On Mixers, Tumblers and Bitcoin Pseudonymity
This is a guest post by Ofir Beigel @ 99Bitcoins.com
Almost a year ago the Israeli police apprehended a 20 year old computer technician in suspicion of fraud. Of course this story wouldn't have made it to the headlines if it didn't involve the controversial currency Bitcoin.
Here's how the story evolved:
A naive Bitcoin merchant was looking to sell his coins through one of the many Bitcoin trading groups on Facebook. The suspect contacted the merchant and offered to buy his coins from him for a total of $5,000. The merchant agreed and requested that the suspect wire the money to him.
Shortly after, the merchant received a screenshot with the wire confirmation and transferred the coins to the suspect's public address. Having felt that this was "just too easy" the merchant inspected the screenshot in greater detail only to find out that it was fake and didn't actually belong to the suspect's bank account.
Having no information about the suspect and given Bitcoin's pseudonymous nature the merchant decided to start following the coins he had sent throughout the Blockchain. The Blockchain is publicly visible and can be easily explored by any block explorer. Knowing this, the merchant documented all of the addresses that had even a small portion of the stolen coins sent to them.
The merchant also figured that the suspect will probably try to cash out on the stolen Bitcoins so he turned to one of the largest Israeli Bitcoin exchanges with a simple request: "Let me know if one of these addresses are associated with an actual person or entity".
Of course the exchange keeps their client details private and couldn't disclose any personal information. However, sympathising with the merchant's story the exchange was able to say that they may have a lead but require a warrant in order to hand over private information. The warrant was granted, the suspect's identity revealed and he was apprehended.
Even if the suspect indeed steal those Bitcoins (which hasn't been proven yet) there were still several factors that came in the merchant's favour:
- He contacted the right Israeli exchanges which the coins were finally sent to. The coins could have easily been sent to international exchanges like Bitstamp or Kraken.
- Following the previous point, he was able to get a warrant to disclose the suspect's identity due to the fact that it fell under the jurisdiction of the Israeli law. If this case was required a warrant from a foreign country it would have probably been more time consuming to get the required warrant.
- It seems that in this case the suspect did not try to split or mix the coins with "untainted" coins in order to make it harder to track him down.
Cases like the one described above happen all the time and they are one of the reasons many studies and initiatives revolve around the supposed anonymity of Bitcoin. Some notable websites are Bitlaunder and Sharedcoin (owned by Blockchain.info).
You can divide these services into Mixers and Tumblers.
"Mixers combine your coins with the coins of others. Everyone sends coins to a central address. The mixer sends a transaction back to each user from the key controlling the central address. When stolen coins mix with 'clean' coins, they become difficult to track.
Coin Tumblers swap coins between users. A Tumbler will mix coins, send transactions with various amounts to keys it controls; attempting to simulate other network transactions. Sending a tumbler 1BTC may result in you receiving multiple, smaller, transactions in return over a short time. The bitcoins returned to you will have been combined, split and transacted many, many times."
If you ever find yourself trying to figure out if several Bitcoin addresses are related to one another you can always use Taint. Taint is a measure of how likely it is that two addresses are related (aka, owned by the same person). Blockchain.info allows you to discover an address's taint by using this URL: https://blockchain.info/taint/[a specific public address]
Here's an example: https://blockchain.info/taint/1dice6GV5Rz2iaifPvX7RMjfhaNPC8SXH
Also studies have been made on techniques that can be used to track Bitcoin transactions and also enhance their anonymity by providing overlays such as Coinjoin or Coinshuffle.
Last but not least, other altcoins have evolved providing full anonymity such as Bytecoin and Dash (formerly known as Darkcoin).
In conclusion, it's important to remember that while most people believe Bitcoin is anonymous, that's not quite the case. Exchanges don't like dealing with anonymous people since they are a source for fraud. So they will usually require some sort of identification process to buy and sell coins. Moreover, Bitcoin is still in its early adoption stages, this means that most scammers will eventually look for a way to convert it to Fiat currency.
Combining the transparent nature of the Blockchain, the exchanges verification process and the need to exchange Bitcoin for Fiat is the Achilles Heal from which we can track those who wish to exploit Bitcoin's nature for the worst.