80

A bitcoin transaction has details of the incoming address as well as the outgoing address (where the bitcoins are being transferred), so my question is why that outgoing address has not done anything in tracking down ransomware attackers, like the WannaCry authors?

Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
Ashmika
  • 789
  • 1
  • 5
  • 4
  • 8
    As far as I know (last time I looked) no one has taken money out of the account yet. I suspect because it became so 'hot' they bottled taking the money out for now – ISMSDEV Jun 23 '17 at 08:35
  • 3
    We know the address but there's no way to know who owns the address. – the_lotus Jun 23 '17 at 13:54
  • 11
    Bitcoins are traceable but not in a way that you would expect. There are services which swap one of your bitcoins against a different bitcoin with a different transaction. More often than not in a different wallet, with different transaction sizes and time differences. Many of these bitcoin scramblers exists. Many of them don't keep a ttansaction log. It's nearly impossible to trace these down. The ability and availability to pull this is what makes bitcoin "anonymous" dven tho all transactions are publicliy visible. – BlueWizard Jun 23 '17 at 21:44
  • 1
    The real question is why the ransom hasn't been tainted. If these BitCoins had been put on a blacklist and thereby declared worthless, we might not catch the perpetrators this time, but it certainly would be a disincentive to future criminals. Compare it to the dye packs protecting ATM's; these types of criminals are most likely to perform a rational cost/benefit analysis, far more so than violent criminals. – MSalters Jun 24 '17 at 10:39
  • 11
    @MSalters - there is no central authority in bitcoin, who could declare a bitcoin address worthless/invalid. That's the whole point of bitcoin. It is decentralized. – Martin Vegter Jun 24 '17 at 13:49
  • @MartinVegter A decentral consent based (i.e. you can technically ignore it) blacklist could achieve this just as well. Countries could create their official blacklist, or lists of bitcoins they would like to confiscate. Clients could display information like "The bitcoins you just acquired are wanted by law enforcement in 35 countries, you should consider demanding to be paid in clean ones and reporting to law enforcement how someone tried paying you with them.". I suspect the reason this hasn't been done is lack of cooperation of lawmakers, lack of their understanding and lack of pressure. – Nobody Jun 25 '17 at 08:20
  • 5
    @Nobody what problem does it solve for the general public though? That would be the main reason nobody wants to do this. If I need bitcoin and I go buy some the last thing I want is to waste my time checking whether the coins are clean. It wouldn't solve Wannacry-type incidents either, if Bitcoin is not an option they'll switch to something else. – André Borie Jun 25 '17 at 16:10
  • @AndréBorie You don't want to, but if most users of crypto-currencies did (with some algorithmic help) then this would solve the problem of them being abused. And no, criminals can't just switch to something else/new, they need a currency also used for legit purposes (or even mostly for legit purposes), otherwise they can't wash the coins and unwashed coins are basically worthless (worse than unwashed paper money, say). Also they need legit currency traders for victims to use. – Nobody Jun 25 '17 at 16:34
  • @Nobody the same thing that makes bitcoin appealing for legitimate use also makes it appealing for criminal use - it's the same thing for Tor and other privacy/anonymity services. If you make bitcoin unusable for crime you also make it unusable for everything else and the next day another cryptocurrency with those flaws fixed would appear and quickly gain popularity. – André Borie Jun 26 '17 at 10:05
  • @AndréBorie Nope. Think about the consent based approach. The user base would likely assist in devaluing money from drugs/extortion/whatever they deem immoral. They would not assist in taking away their own legitimate freedoms. Something like this could also be done for something like Tor, with a protocol to ask nodes nicely if they wouldn't want to help deanonymize requests to site x which according to digitally available court document y has been convicted of whatever. – Nobody Jun 26 '17 at 10:27
  • 2
    @Nobody *digitally available court document* which court? And what if the court is corrupt? If we start allowing this we set a precedent and everything will go downhill from there. – André Borie Jun 26 '17 at 12:34
  • @Nobody Last time I checked, the Nigerian Princes were scamming hundreds of thousands of dollars (ie: "legit currency") a year, without ever having resorted to bitcoin. Tracking them down is next to impossible and also very expensive in itself. Determined black hats could use similar techniques, even if bitcoin became unsavoury to them. In fact, they'd probably do better business in the long run - you've got to figure there's a percentage of older people who get caught by WannaCry, can't figure out this newfangled bitcoin thing in time, and end up losing all their data as a result. – Steve-O Jun 26 '17 at 13:30
  • @AndréBorie I don't seem to make myself understandable. Whatever court you like or deem incorrupt. And if you don't like them, you ignore it. As in *consent based*. – Nobody Jun 26 '17 at 15:11
  • @Steve-O Of course they could, but it would change the cost/benefit ratio to their detriment. But really, it seems my initial statement was not suitable for a quick comment if the idea seems that complicated to you people. – Nobody Jun 26 '17 at 15:12
  • Is it possible is an attempt to increase the value of Bitcoins in general? – Billy Jun 29 '17 at 02:56
  • sorry for replying late, thankyou for your answers it really helped me a lot – Ashmika Jul 03 '17 at 11:21

5 Answers5

86

There is a chance that once the bitcoins have been converted into ‘real money’ or ‘real assets’ the ledger could leak information on the owners of those bit coins. But even then tracking and attribution can be very complex, but in answer to your question the reason in this case is probably that the attacker(s) haven’t ‘cashed’ them in yet.

Depending on who carried out the attack they may never do anything with the bitcoin they have as their attack may not have been financially motivated.

There are ways to launder bitcoins using services such as Bitlaundry, Bitmix or Bitcoinlaundry.

These laundry services work as follows: (credit to the description below)

  1. Imagine that Alice wishes to send bitcoins to Bob.
  2. Bob, sadly, is not well liked. Alice would rather not have anyone know that she sent Bob bitcoins.
  3. So, Alice puts Bob's address in the form at BitLaundry.
  4. Alice gets a one-time-use address from BitLaundry.
  5. Alice sends the money to that address.
  6. BitLaundry sends money out to recipients every 30 minutes.
  7. (But, it doesn't send out Alice's money immediately, that might be suspicious..)
  8. So, a random number of 30 minute segments later, BitLaundry sends the money out to Bob.
  9. BitLaundry then deletes the database link between the one-time-use address and Bob.
  10. Alice has sent money to BitLaundry, but people do this all the time. She's one of many.
  11. BitLaundry has sent money to Bob, but BitLaundry has sent money out to a whole bunch of other people as well.
  12. Alice and Bob are much less linked than they would have been otherwise.
Peter Mortensen
  • 877
  • 5
  • 10
TheJulyPlot
  • 7,669
  • 6
  • 30
  • 44
  • 5
    Then if Bob wanted to covert from bitcoin to hard cash without people knowing. He does the same, but ends up paying another bitcoin wallet no one knows he owns. He then extracts from that to hard cash. – ISMSDEV Jun 23 '17 at 08:42
  • 8
    There is also a form of laundry that take coins from all kinds of different places, and arranges them in a mesh network. Say I send 10 bitcoins to "laundermycoins.onion": Those coins go into a network of other addresses, and the person I am supposed to pay receives coins from completely different addresses than any linked to the ones my coins went into. 2 from here, 4 from there and 4 from another. Each from previous transactions on the site. Mine will do the same when someone else wants to pay and my coins are in no way linked to that transaction. – Nalaurien Jun 23 '17 at 11:31
  • 2
    They could also do trade between currencies.. – the_lotus Jun 23 '17 at 13:55
  • 12
    Alternatively Alice could hate Bob because Bob just encrypted Alice's entire network ... Alice could send Bob a bitcoin ... and then Bob could send Bob's secondary wallet the bitcoin via BitLaundry – CaffeineAddiction Jun 23 '17 at 16:04
  • 2
    @CaffeineAddiction Iterate 10 times and good luck trying to get back to the Bob's original wallet :) – Ant Jun 23 '17 at 16:21
  • 6
    Note that this technique would work with any kind of money. Doing this with physical bills requires lots of infrastructure. Doing this with electronic money (US dollars, say in a bank account) leads to you being criminally liable for the laundring, and banks stop doing business with you (freezing your accounts and payments in/out). – Yakk Jun 23 '17 at 18:04
  • @Yakk Bitcoin banking is a little more distributed than cash banking, though. At least for now. – Please stop being evil Jun 23 '17 at 20:05
  • 2
    Some details must be missing from your explanation. If it was done exactly as you describe, the transactions could be matched up due to the amounts involved in each transaction being different. – kasperd Jun 25 '17 at 13:35
  • 1
    Laundries are well more effective when the laundry send an amount of coins from Alice's payout by taking them from both Charlie's and Darren's transactions. Laundries recycle money internally (e.g. to addresses that no one can track down to the laundry itself) – usr-local-ΕΨΗΕΛΩΝ Jun 26 '17 at 09:51
  • Somewhat related: Authorities arrested a Russian operator of the [BTC-e](https://btc-e.com/) bitcoin exchange in Chalkidiki, Greece, earlier today, suspected of having helped launder up to $4 billion USD through bitcoin transactions. For example this news article [here](http://www.channelnewsasia.com/news/world/greece-arrests-russian-suspected-of-running-us-4-bln-bitcoin-laundering-ring-9066766) about the case mentions that authorities get help from security firms like [Elliptic](https://www.elliptic.co/) which provides information to law enforcement. – coderworks Jul 26 '17 at 22:39
17

Bitcoins carry with them a complete log of their entire transaction history.

So the bitcoins used to pay that ransom can forever be found. Whomever has them in their possession can be tracked down, at least elecronically. Transfering those bitcoins into other currency or goods could be used to track down the person who benefited from the bitcoin.

To avoid this, electronic criminals can use the same techniques that real criminals do; they launder their money.

Find someone who is willing to accept bitcoins sight unseen, and then give you some other asset (maybe more bitcoins, maybe cash) and forget that transaction occurred.

Doing this with "real money" is known as money laundering, and is a crime. Financial institutions that do this are shut down and their assets siezed.

As yet, bitcoin laundering facilities have not been shut down. Those who hold bitcoins that have been laundered are not held criminally responsible for the earlier transaction where it was used to pay a ransom. Either one of these actions would probably spoil the use of bitcoins as ransom funding.

In comparison to traditional currencies, bitcoin offers certain advantages in laundering.

If you want to launder using physical money, it requires moving that money around. And large cash transactions are tracked. So doing so on a large scale requires either wide spread physical, on the ground infrastructure, or a way to make large cash transactions look not like money laundering. Both of these are expensive and leave you vulnerable to police action.

You could instead launder using electronic money. But electronic US dollars ends up connecting you to the US banking system, and there are laws against the US banking system working with people doing money laundering or looking the other way. If you or they are caught, your electronic assets will be siezed, and you may be personally caught and prosecuted.

In comparison, bitcoins have no central bank beholden to a country that is trying to stop money laundering that states "the bits in this account are real bitcoins, and those bits over there are not". So you can set up financial insitutions that launder bitcoins for you.

Yakk
  • 499
  • 2
  • 7
  • 6
    Cue to all the ads with *"Work from home a few hours a day and make more money you ever did!"* which turn out to be something like *"All you have to do is cash in the online money transfers we send to you and send the cash to us, getting a percentage of the money as a reward!"* – vsz Jun 23 '17 at 20:45
  • 1
    @vsz that could be money laundering in theory, but it is easier to not even use real stolen/criminal money to do that. Just take advantage of bank clearing delays. – Yakk Jun 23 '17 at 22:05
  • @vsz Yeah, those are just bank scams that dupe the person working from home by sending them checks that bounce. That's *technically* legal, or at least much harder to prove as a crime. – Shadur Jun 24 '17 at 20:22
  • @Shadur : indeed, but such schemes could just as easily be used to obfuscate the source of money gotten through ransomware, or from phishing. – vsz Jun 24 '17 at 23:38
6

Bitcoin can combine several transactions' outputs as a new transaction's input, and it can also split a single transaction's output among many recipients. This is because only balances are transferred in transactions, not individual units of bitcoin.

"Mixing" services do this to obscure where bitcoin is going. After inspecting one of these transactions, the best you can say is, for example, "10% of the bitcoin sent from address A ended up in address B, another 10% ended up in address C, ..." and so on.

After a few rounds of these mixing service transactions and regular transactions, tiny fractions of the ransom bitcoin is now distributed among many many addresses, including addresses controlled by all sorts of people just buying bitcoin on exchanges, receiving bitcoin for selling products, etc.

More in-depth and complex blockchain analysis is possible, and combined with other real-world data from exchanges and banks it may or may not be possible to eventually track down the owners of the original ransom addresses.

not22
  • 181
  • 4
4

The main purpose of Bitcoin was to create an electronic equivalent of coins: exchangeable, verifiable, and fungible. If it were easy to defeat the pseudo-anonymity, then why bother using Bitcoin instead of existing financial systems? The same algorithms that protect privacy advocates and political dissidents from the snooping eyes of oppressive authorities (or just authorities in general, who are assumed to be oppressive) also protect "real" criminals from those same entities. You can't have one without the other.

Foo Bar
  • 367
  • 2
  • 11
  • 26
    Bitcoins are highly traceable. Every transaction a particular bitcoin has been involved in is visible forever. Explaining how you go from a highly traceable protocol, to pseudo-anonymity, is what this question is asking. – Yakk Jun 23 '17 at 18:03
-2

They could also be cashing in the ransom by simply exchanging the wallet for a percentage of another colder wallet.

TheJulyPlot
  • 7,669
  • 6
  • 30
  • 44
blit
  • 101