Bitfury De-Anonymises Millions of Bitcoin Transactions and Addresses

One of bitcoin’s biggest mining farm has been working on blockchain analysis to link addresses with individuals by employing both blockchain data and other sources.

“Bitcoin address clustering is a process that exposes bitcoin users by determining which addresses belong to a single user through an analysis of Blockchain data. The act of clustering groups those addresses together, enabling investigators to link them to a single entity,” the miner says.

97 sources were used in the process, including Twitter, wallet explorers, bitcointalk, presumably Reddit, and so on, leading to identifying “slightly more than 1/6 of the whole Bitcoin blockchain,” according to the authors.

Some 95 million addresses were identified to belong to 14 million individuals or entities covering 45 million transactions out of 240 million total bitcoin transactions since the genesis block to March 2017.

“Currently, bitcoin users can have multiple addresses, making it easier to conceal identities and commit crimes on the Blockchain. The ability to link related addresses, called ‘clustering,’ is an important new tool that helps law enforcement agencies conduct criminal investigations,” said Valery Vavilov, CEO of The Bitfury Group.

It’s unclear whether that suggests they are working with law enforcement and if they are, which law enforcement that is. Two of the paper’s authors were funded by Bitfury while a third was funded by the Russian Science Foundation.

Such techniques, however, could go far beyond just law enforcement. Finding out spendings and habits could be quite useful for corporations, and much more worryingly, knowing who has how much could give criminals a gold mine.

So raising privacy concerns, especially in light of recent news about crypto kidnappings. Which is why some of the top blockchains, like ethereum, are working on implementing complex crypto to considerably increase on-chain privacy.

Public blockchains are public. Everyone can currently see what address is paying to whom, how much and when. The addresses, however, are just a string of numbers and letters, so you do not know to whom the address belongs unless the owner himself reveals it.

There are many ways the owner might do so. If they are a business, for example, they’ll need to provide the address for payment, while at an individual level, if they are using Coinbase, then the exchange knows exactly which of their customers is using what address.

Crude ways around it are obfuscation methods whereby one makes a number of transactions for the sole purpose of de-linking the original identity to a specific address.

In bitcoin, however, that is now very expensive, if at all possible, due to a very limited 1MB of data, which Bitfury campaigned to maintain perhaps in aid of their surveillance work.

But other projects are working on implementing robust privacy at the protocol level by incorporating zk-Snarks, ring signatures, or other methods, so that one can’t see the amount transacting or see what address exactly it is transacting with, while at the same time allowing you to reveal that information to whoever you wish.

Such work on privacy was demanded by businesses keen to protect competitively advantageous information. Google, for example, would certainly not want engineers at Facebook to know how much they are paying a senior software developer, or get any hints about acquisitions.

Which spurred work on privacy for ethereum, while for bitcoin there hasn’t really been much movement with the project feeling stale at the protocol level.