How a 27-year-old busted the myth of Bitcoin’s anonymity

Sam Rodriguez

JUST OVER A DECADE AGO, Bitcoin appeared to many of its adherents to be the crypto-anarchist holy grail: truly private digital cash for the Internet.

Satoshi Nakamoto, the cryptocurrency’s mysterious and unidentifiable inventor, had stated in an email introducing Bitcoin that “participants can be anonymous.” And the Silk Road dark-web drug market seemed like living proof of that potential, enabling the sale of hundreds of millions of dollars in illegal drugs and other contraband for bitcoin while flaunting its impunity from law enforcement.

This is the story of the revelation in late 2013 that Bitcoin was, in fact, the opposite of untraceable—that its blockchain would actually allow researchers, tech companies, and law enforcement to trace and identify users with even more transparency than the existing financial system. That discovery would upend the world of cybercrime. Bitcoin tracing would, over the next few years, solve the mystery of the theft of a half-billion dollar stash of bitcoins from the world’s first crypto exchange, help enable the biggest dark-web drug market takedown in history, lead to the arrest of hundreds of pedophiles around the world in the bust of the dark web’s largest child sexual abuse video site, and result in the first-, second-, and third-biggest law enforcement monetary seizures in the history of the US Justice Department.

That 180-degree flip in the world’s understanding of cryptocurrency’s privacy properties, and the epic game of cat-and-mouse that followed, is the larger saga that unfolds in the book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, out this week in paperback.

All of it began with the work of a young, puzzle-loving mathematician named Sarah Meiklejohn, the first researcher to pull out traceable patterns in the apparent noise of Bitcoin’s blockchain. This excerpt from Tracers in the Dark reveals how Meiklejohn came to the discoveries that would launch that new era of crypto criminal justice.

IN EARLY 2013, the shelves of a windowless storage room in a building of the University of California, San Diego, began to fill up with strange, seemingly random objects. A Casio calculator. A pair of alpaca wool socks. A small stack of Magic: The Gathering cards. A Super Mario Bros. 3 cartridge for the original Nintendo. A plastic Guy Fawkes mask of the kind popularized by the hacker group Anonymous. An album by the classic rock band Boston on CD.

Periodically, the door would open, the light would turn on, and a petite, dark-haired graduate student named Sarah Meiklejohn would enter the room and add to the growing piles of miscellaneous artifacts. Then Meiklejohn would walk back out the door, down the hall, up the stairs, and into an office she shared with other graduate students at the UC San Diego computer science department. One wall of the room was almost entirely glass, and it looked out onto the sunbaked vista of Sorrento Valley and the rolling hills beyond. But Meiklejohn’s desk faced away from that expanse. She was wholly focused on the screen of her laptop, where she was quickly becoming one of the strangest, most hyperactive Bitcoin users in the world.

Meiklejohn had personally purchased every one of the dozens of items in the bizarre, growing collection in the UCSD closet using bitcoin, buying each one almost at random from a different vendor who accepted the cryptocurrency. And between those ecommerce orders and trips to the storage room, she was performing practically every other task that a person could carry out with bitcoin, all at once, like a kind of cryptocurrency fanatic having a manic episode.

She moved money into and out of 10 different bitcoin wallet services and converted dollars to bitcoins on more than two dozen exchanges such as Bitstamp, Mt. Gox, and Coinbase. She wagered those coins on 13 different online gambling services, with names like Satoshi Dice and Bitcoin Kamikaze. She contributed her computer’s mining power to 11 different mining “pools,” groups that collected users’ computing power for mining bitcoins and then paid them a share of the profits. And, again and again, she moved bitcoins into and then out of accounts on the Silk Road, the first-ever dark-web drug market, without ever actually buying any drugs.

Buy this book at <a href=
Enlarge / Buy this book at Amazon, Bookshop.org, Books-A-Million, Walmart, or Apple Books. If you buy something using links in our stories, we may earn a commission. This helps support our journalism. Learn more.

Penguin Random House

In all, Meiklejohn carried out 344 cryptocurrency transactions over the course of a few weeks. With each one, she carefully noted on a spreadsheet the amount, the Bitcoin address she had used for it, and then, after digging up the transaction on the Bitcoin blockchain and examining the public record of the payment, the address of the recipient or sender.

Meiklejohn’s hundreds of purchases, bets, and seemingly meaningless movements of money were not, in fact, signs of a psychotic break. Each was a tiny experiment, adding up to a study of a kind that had never been attempted before. After years of claims about Bitcoin’s anonymity—or lack thereof—made by its users, its developers, and even its creator, Meiklejohn was finally putting its privacy properties to the test.

All of her meticulous, manual transactions were time-consuming and tedious. But Meiklejohn had time to kill: As she was carrying them out and recording the results, her computer was simultaneously running queries on a massive database stored on a server that she and her fellow UCSD researchers had set up, algorithms that sometimes took as long as 12 hours to spit out results. The database represented the entire Bitcoin blockchain, the roughly 16 million transactions that had occurred across the entire Bitcoin economy since its creation four years earlier. For weeks on end, Meiklejohn combed through those transactions while simultaneously tagging the vendors, services, markets, and other recipients on the other end of her hundreds of test transactions.

When she had started that process of probing the Bitcoin ecosystem, Meiklejohn had seen her work almost as anthropology: What were people doing with bitcoin? How many of them were saving the cryptocurrency versus spending it? But as her initial findings began to unfold, she had started to develop a much more specific goal, one that ran exactly counter to crypto-anarchists’ idealized notion of bitcoin as the ultimate privacy-preserving currency of the dark web: She aimed to prove, beyond any doubt, that bitcoin transactions could very often be traced. Even when the people involved thought they were anonymous.

A collage from Meiklejohn’s research paper showing every object she bought with Bitcoin in her tracing experiments.
Enlarge / A collage from Meiklejohn’s research paper showing every object she bought with Bitcoin in her tracing experiments.

Sarah Meiklejohn

Source link