The crypto-currency Bitcoin has become the preferred payment method for much of the online underground, hailed by none other than the administrator of the booming Silk Road black market as the key to making his illicit business possible. But spending Bitcoins to anonymously score drugs online isn’t as simple as it’s often made out to be.
We at Forbes should know: We tried, and we got caught.
To be clear, we weren’t caught by law enforcement–so far at least, our experiment last month in ordering small amounts of marijuana from three different Bitcoin-based online black markets hasn’t resulted in anyone getting arrested. But a few weeks after those purchases, I asked Sarah Meiklejohn, a Bitcoin-focused computer science researcher at the University of California at San Diego, to put the privacy of our black market transactions to the test by tracing the digital breadcrumbs that Bitcoin leaves behind. The result of her analysis: On Silk Road, and possibly on smaller competitor markets, our online drug buys were visible to practically anyone who took the time to look. “There are ways of using Bitcoin privately,” says Meiklejohn. “But if you’re a casual Bitcoin user, you’re probably not hiding your activity very well.”
Bitcoin’s privacy properties are a kind of paradox: Every Bitcoin transaction that occurs in the entire payment network is recorded in the “blockchain,” Bitcoin’s decentralized mechanism for tracking who has what coins when, and preventing fraud and counterfeiting. But the transactions are recorded only as addresses, which aren’t necessarily tied to anyone’s identity–hence Bitcoin’s use for anonymous and often illegal applications.
But Meiklejohn and her colleagues at UCSD andGeorge Mason University have found that a little snooping in the blockchain can often uncover who owns which of those Bitcoin addresses. In a paper they’re presenting at the Internet Measurement Conference in Barcelona next month, they showed that they could use “clustering” methods involving on how bitcoins are typically aggregated or split up to identify thousands of addresses based on just a few test transactions they performed. With the data from just 344 of their own transactions, they were able to label the owners of more than a million Bitcoin addresses. And by making just four deposits and seven withdrawals into accounts held on Silk Road, Meiklejohn says the researchers identified 295,435 addresses as belonging to that drug market.
When I asked Meiklejohn to try to trace Forbes’ transactions, I started by giving her the Bitcoin addresses associated with our account on the popular Bitcoin wallet service Coinbase–information could in theory be obtained by any investigating law enforcement agency that sends Coinbase a subpoena. With just that list of my public addresses, she was able to identify every transaction we had made, including deposits to the Silk Road, to competitor sites Atlantis and Black Market Reloaded, and even a transfer to the personal account of Forbes reporter Kashmir Hill. (Hill had revealed her Bitcoin address during herearlier experiment of living for a week on nothing by Bitcoin.)
To be fair, Meiklejohn had seen my story on our three experimental drug buys, which obviously informed her guesses. But her ability to identify the Silk Road transaction didn’t involve any such cheating. To spend bitcoins on sites like Silk Road, users must first deposit them in their account on the site. Meiklejohn was able to trace Forbes’ deposit to our Silk Road account by tying the deposit address to around 200 other addresses, several of which she had identified as associated with the Silk Road in her clustering analysis. After we sent .3 bitcoins to that Silk Road deposit address, the blockchain showed that our bitcoins and small amounts of bitcoins from all of those other addresses–including the known Silk Road addresses–were aggregated together in a 40 bitcoin account. That proves, Meiklejohn explains, that whoever had control of the deposit address we used also must have had control of Silk Road addresses, which means our earlier transaction could be identified as a Silk Road deposit. (See the diagram below.)
How Meiklejohn traced our Silk Road deposit: When our .3 bitcoins were aggregated into a much larger 40 bitcoin account, she was able to connect the address of our suspected deposit with hundreds of other addresses also making transfers to that account. Matching those addresses with ones she had identified as belong to Silk Road in an earlier “clustering” analysis revealed that Forbes’ deposit address must have belonged to Silk Road, too. (Click to enlarge)
“Because we had such a big aggregation, we had hundreds of opportunities to have seen one of those addresses before,” says Meiklejohn. “If we could tag any of these addresses as belonging to Silk Road, your deposit address must have belonged to Silk Road as well…I had to do one query in the database to identify them as Silk Road.”
Meiklejohn’s identification of the Atlantis and Black Market Reloaded transactions, on the other hand, were based on more manual detective work and probably wouldn’t have been possible without some prior knowledge of what she was looking for. “If you hadn’t mentioned these services, just trying to guess would have been very difficult if not impossible,” she admits. But that’s only because Meiklejohn hadn’t had a chance to perform a prior analysis on Atlantis and Black Market Reloaded as she had from Silk Road, she says. “The manual inspection approach would not work in general, but if I’d had the ability to throw our whole analysis at this…who knows.”
Given how easily she traced the Silk Road transaction, I asked Meiklejohn a harder question: What if I hadn’t given her Forbes’ full list of Coinbase addresses? After all, some investigators might not be able to subpoena that data, as I assumed in our experiment. What if instead she only had the initial address Coinbase created for Forbes, an address that might be shared with anyone sending bitcoin payments to our account. Her answer: Even then, Meiklejohn would have been able to see that we’d transacted with the Silk Road, based on a withdrawal from a known Silk Road address to that single Coinbase address.
Despite what Meiklejohn was able to prove about Bitcoin’s traceability, the experiment also shows the limits of tracing those underground transactions. Once our bitcoins had been mixed up with other users’ bitcoins in the Silk Road’s 40 bitcoin account, it became impossible to track them further. So even though Meiklejohn could show that we had deposited bitcoins into a Silk Road account, she couldn’t see that those bitcoins were later paid to a drug dealer–in this case one who calls himself the “DOPE man” who mailed us a gram of marijuana.
That conclusion holds–at least in part–with the privacy claims of the Dread Pirate Roberts, the pseudonymous administrator of the Silk Road who I interviewed for a story published last month. “We employ an internal tumbler for when vendors withdraw their payments, and a more general mix for all deposits and withdrawals,” he told me when I asked about tracing Silk Road transactions in the blockchain. “This makes it impossible to link your deposits and withdrawals and makes it really hard to even tell that your withdrawals came from Silk Road.”
Though Meiklejohn may have offered evidence contradicting the last part of Roberts’ statement–she easily identified our withdrawal from the Silk Road–the site’s mixing of bitcoins may still offer some superficial protection to users. There may not be anything clearly illegal, after all, about merely storing bitcoins in a Silk Road account–The site does offer plenty of legal products as well as contraband. “Everything that happens internally on the Silk Road is completely opaque, and the coins you withdraw are fairly unrelated to the ones that come out,” she says.
And the final lesson of Meiklejohn’s experiment is that Bitcoin users seeking privacy should be careful about revealing their addresses in public or using a subpoenable Bitcoin service like Coinbase that might connect their Bitcoin addresses and real names. If we had taken the extra consideration of shuffling our bitcoin expenditures through other addresses created with desktop-based wallet software, or gone to the further effort of sending them through a bitcoin “laundry service” such as Bitlaundry, Bitmix or Bitcoinlaundry, tracing them would have become much harder or even impossible.
“There’s this tension between anonymity and usability with Bitcoin,” says Meiklejohn, pointing to desktop Bitcoin clients like MyWallet that are less convenient than Coinbase but offer greater privacy.”I you’re an amateur Bitcoin user and you don’t want to mess with complicated Bitcoin clients and just use an online service, your anonymity is quite a lot less than what you might imagine.”