How do surveillance companies like Chainalysis link bitcoins to separate entities? And how to trick using Coinjoin ?
Big Block Brother
The most well-known transaction monitoring company is Chainalysis. But there are others:
Elliptic, Neutrino (acquired by coinbase in 2019), Coinfirm, Blockchain Intelligence Group, Ciphertrace (acquired by Mastercard), Comply Advantage, Idology, Elementus, DmgBlockchain, ScoreChain, Crystal, Coinvalidation.
Their business model is usually to sell the data to governments for criminal, tax, etc. cases. Their services are also used by exchanges to detect funds coming from addresses affiliated with criminal activities.
Chainalysis and its acolytes use many techniques which, coupled with data from exchanges and Internet Service Providers (ISPs), make it possible to link identities to Bitcoin addresses.
Indeed, most exchanges require their customers to provide their identity. BTCs that can be traced with certainty to an exchange address can therefore be linked to identities.
If justice requires it, the exchanges must reveal the identities of the people who used such and such an address to deposit or withdraw bitcoins.
Same thing for ISPs since Chainalysis also links BTC addresses to IP addresses. Hence the interest of always connecting to your wallet using Tor.
To understand monitoring techniques, one must first explain how Bitcoin (UTXO) transactions work.
Bitcoin or UTXO?
UTXOs (Unspent transaction output) contain all existing bitcoins.
Each transaction corresponds to the destruction and creation of one or more UTXOs. The latter takes the form of a script (a small piece of code) linking an address to a quantity of bitcoin.
[Une adresse est un encodage de clé publique]
The principle is that only the private key corresponding to the public key can unlock a UTXO in order to link the BTCs to another address (perform a transaction).
Rather than “unlocking” a UTXO, we say that we “sign a transaction” with its private key.
To sum up, wallets do not contain BTC per se. They only host the private keys and the corresponding public keys (displayed as addresses). The private keys allow to spend the UTXOs which are kept in memory by the nodes.
All bitcoins currently exist in the form of a hundred million UTXO of various sizes.
Some UTXOs are tied to thousands of BTC, others to just a few satoshis. During a transaction, one or more UTXOs are consumed to produce one or more UTXOs linked to new addresses.
We say ” several “as there may not be enough UTXO in your wallet to cover the transaction amount.
In addition, it is very rare to find a combination of UTXO exactly matching the amount of the transaction. It is therefore necessary to return the currency via the simultaneous creation of an additional UTXO.
In short, a transaction generally includes several input UTXOs and several output UTXOs, including the change given.
This UTXO (change given) is the one that most interests surveillance firms.
An important thing to realize is that this change is not necessarily a small sum. Let’s say you want to make a transaction of 0.1 BTC and you only have a UTXO of 1 BTC in your wallet. It will necessarily be necessary to spend this UTXO and give change in the form of a UTXO of 0.9 BTC.
THE bitcoin tracking technique
In theory, it is not obvious which UTXOs belong to whom at transaction exit. Which corresponds to the transaction and which to the change returned??
However, comparing the type of address used for each UTXO often provides the answer. If only one of the two output UTXOs has the same type of address as the input UTXO, it is change given.
This flaw comes from the fact that different address formats are emerging as the Bitcoin protocol is developed. And the thing is, wallets don’t always use the same address format. Moreover, old UTXOs are necessarily linked to old address formats.
Taproot and P2WPKH (Pay-to-Witness-Public-key-address) are the most commonly used address types today. Taproot addresses begin with “bc1”. There are other address encodings like P2PKH (Pay-to-public-key-hash) which starts with “1”. Or P2SH (Pay-to-script-hash) which starts with “3”.
In short, one of the main objectives of monitoring companies is to identify which UTXO corresponds to the change given. This is vital information to identify a group of UTXOs as belonging to a single entity.
Chainalysis uses several heuristics as well as guesses (the accuracy of which is never certain) to relate UTXOs to different entities.
Of the documents leaked on the dark web show that Chainalysis uses a block explorer to gather information about IP addresses. All those who entered BTC addresses belonging to them on this explorer (walletexplorer.com) saw their IP address harvested by Chainalysis.
Remember that a wallet only has keys. On startup, it must therefore connect to a node (which holds the list of all UTXOs) to update itself. More precisely, it will check if one or more of its public keys have been linked to BTC (if the wallet has received a transaction).
According to the document, Chainalysis also collects data by managing nodes that allow them to obtain the user’s IP address and the set of wallet addresses (used and unused…).
Hence the interest, once again, of always connecting your wallet to the Bitcoin network via the Tor network.
Reuse of BTC addresses
The reuse of addresses also greatly facilitates the work of surveillance firms. When several UTXOs are linked to the same address, they belong to the same private key and therefore the same person.
Therefore, if a transaction is made to a reused address, it is very likely that it is the main transaction and not the change given.
The BIP 125 introduced RBF (Replace-by-fee). Some wallets like Electrum have adopted it. Others don’t, like Wasabi.
When a transaction propagates to nodes, transaction fees may turn out to be too low. Miners give priority to transactions with the highest fees.
In order to speed up the confirmation of a transaction, a user can use RBF to increase transaction fees (a tiny UTXO going to miners). Nodes that have adopted BIP 125 will accept the new transaction and delete the old one from their mempool.
Spying on the mempool makes it possible to identify the UTXO of the change given since it is very likely that it will be planed to increase the UTXO corresponding to the fees paid to the miner.
Making transactions with round amounts is also a serious mistake. If there are only two UTXOs out, the one not including a round number of BTC will necessarily be the change given.
The Coinjoin Solution
Since Bitcoin transactions are public in the name of decentralization, it is possible to trace the entire chain of addresses from a UTXO to the coinbase reward. Blockchain explorers do this very well.
The recipient of a transaction (of a UTXO) can view the entire transaction history of the issuer. Likewise, the sender can see the recipient’s future expenses.
All privacy is not lost, however. All you have to do is mix your UTXOs using a Coinjoin. It is simply a very large transaction involving many people (and therefore many UTXOs) at the same time.
Everyone must provide UTXOs and blank addresses in order to build this transaction which will reshuffle the cards thanks to many UTXOs of the same amount output.
It is easy to understand the interest of such a transaction to cover the tracks. Imagine a helicopter chasing 10 cars of all colors suddenly passing through a tunnel. And that 15 cars of the same color come out on the other side of the tunnel. Which belong to whom?
The Trezor model T wallet, in tandem with the Wasabi wallet, offers this Coinjoin option to cut all ties with your exchange. Or your IP if you ever accidentally connected to a Chainalysis node without using a VPN (Tor).
Receive a digest of news in the world of cryptocurrencies by subscribing to our new service ofdaily and weekly so you don’t miss any of the essential Tremplin.io!