Bitcoin has no reason to be attacked? At the same time of mainstreaming, "black market transactions" will become more and more difficult

Recently, American security technology service company Armor released the "Black Market Research Report of 2019".

“In 2019 alone, Armor’s TRU team had confirmed 161 publicly reported ransomware attacks in the United States, including all types of entities, from municipal and school systems to medical facilities and radio stations.” The attack was not exposed. In fact, everyone on the Internet is under threat of security attacks .

In the black market, copying someone else's credit card, bank card, Paypal account and bank credit certificate, etc., has a clear price tag. The report also mentions that cryptocurrency has become a regular means of money laundering. What is the embarrassing behavior of such money laundering? Today we will take a look at the money laundering methods used by the black market to use blockchains and the existing detection techniques .

01  

Black market uses blockchain to launder money

One of the most shocking trends seen by the TRU team is that cybercriminals have begun to cash in on sale this year , with prices of $1 in cash ranging from 10 cents to 12 cents. Financial scammers are giving buyers in the black market the opportunity to buy various cash amounts, such as $10,000, $5,000 and $2,500, etc. Buyers only need to pay 10%-12% of the money to the criminals in bitcoin.

For example, a buyer can pay a bitcoin worth $800 to the seller, and the other party will transfer $10,000 to the account of their choice.

The service is more concise for criminals, who no longer need to purchase stolen online bank account credentials, set up a "money" account to receive funds, and log in to stolen accounts. Armor calls it a “seamless one-stop money laundering service” .

Of course, black market sellers offer such low prices for a reason.

Sellers provide such services because they do not need to actually pay for the funds, cash is transferred directly to the seller, and at the same time, most of the risks are transferred.

According to the report, Bitcoin remains the most popular cryptocurrency, using Bitcoin “almost completely” in dark online transactions . Sometimes some people also use passwords with more privacy features.

For example, Monero, Dash and Zcash, but this often requires more expertise in encryption technology.

In fact, long ago, users of cryptocurrencies knew that the blockchain was not anonymous. Law enforcement officers could track transactions in cryptocurrencies and even determine who is trading.

Some users believe that investigators can only track transactions within the blockchain, so they can remain anonymous by moving from one blockchain to another.

Remember WannaCry? In 2017, ransomware around the world attacked thousands of computers around the world, making computers inaccessible and requiring their owners to pay ransoms in Bitcoin to regain access. Then, the perpetrator finally tried to make some services convert it to Monero, to whiten the bitcoin worth about $143,000.

Extremely similar to an automated system service, users can convert one cryptocurrency directly into another cryptocurrency in a matter of minutes, and the service provider does not need to keep the token.

The user only needs to tell the service provider what currency to exchange for: for example, to change the bitcoin to the dog currency, then display the exchange rate and provide the user with a bitcoin address. The user sends the bitcoin to the address and gets the equivalent of the dog currency. The criminals who use this strategy, the idea is that as long as Token leaves the original blockchain, investigators will no longer be able to track transactions. 02

New technology can detect blockchain money laundering

The past assumption is that criminals using Bitcoin will eventually try to use the trading platform to convert into legal tender. In 2013, Sarah Meiklejohn, an associate professor of cryptography and security at the University College London, helped develop a blockchain tracking approach that relied on the theory.

It creates a network map based on the Token transfer between addresses, using numeric and alphanumeric strings to identify each bitcoin account on the blockchain . Often "clusters" that send Token addresses between each other can be bound to a specific person (using multiple recipients is a common practice) or organization, law enforcement officers now use a similar method to track cryptocurrencies because they are at the address Transfer between and eventually transfer to the trading platform.

But since 2013, the cryptocurrency scene has changed dramatically, with few other tokens except Bitcoin. There are now approximately 2,500 cryptocurrencies, and as of this writing, 14 of these cryptocurrencies have been valued at more than $1 billion . According to Meiklejohn, this makes people more creative when they keep their anonymity, and his team has released a new research paper on how to track users in the blockchain.

As more and more cryptographic users realize that Bitcoin is not so private, some people switch to other currencies that offer anonymity, the most representative of which are Zcash, Monero and Dash . These three cryptocurrency networks use different privacy enhancement techniques, but in certain cases, researchers can de-anonymize users.

And according to this latest research, the previous solution to achieve anonymity using ShapeShift has also been broken.

Using ShapeShift's Application Programming Interface (API), the researchers collected detailed information on user transactions in the nearly 13 months from the end of 2017 to the end of 2018, spanning eight different blockchains. They combined this information with previously established technology to identify many “cross” chain “transactions. This means they have mastered all of the transaction data for these blockchains .

There is a transaction in which money is transferred from the user to ShapeShift, and the second transaction is recorded on a different blockchain, where ShapeShift sends the second token to the user. This transaction process is now under the eyes of law enforcement officials.

Researchers have further cataloged different patterns related to specific addresses that may be an act of seeking anonymity. In addition to the simple "conversion" into different tokens, many users perform another operation, which the researchers call "U-turns" , shifting the Token and then immediately switching back to the original Token, which is another more complex combination. . The researchers found that these behaviors may reflect the trader's exchange of arbitrage between different Tokens.

We don't know who the users of ShapeShift are, but it's obviously a lot less than it was before October 2018. Last October, ShapeShift made a major policy change: users who are unable to provide personal information will not be able to trade on ShapeShift in order to comply with AML regulations. The company's chief executive, Erik Voorhees, recently said that the change "essentially stifled" its customer base.

However, many of ShapeShift's imitation products do not need to upload personal information for the time being, but even if users switch to these products, the latest research by the Meiklejohn team shows that it is stupid if they still think they can be anonymous.

Original, compiled: listen to the wind