Tracing cryptocurrency: Q&A with the PhD candidate and her adviser who proved it wasn't anonymous
For years now, dark web markets have flourished on the assumption that their currency of choice — crypto — was untraceable. But it turns out the blockchain, the giant digital ledger that keeps track of the world’s cryptocurrency transactions, had a secret: It contained all the clues anyone needed to connect underground purchases to people in the real world.
The first person to publish a paper saying as much was a PhD candidate at University of California, San Diego named Sarah Meiklejohn, in 2013. Her work changed the way law enforcement investigated crimes in cyberspace and helped private companies develop new tools to track and identify bad guys on the dark web.
Click Here spoke with Meiklejohn and her adviser, Stefan Savage, about how they came to track cryptocurrency transactions — and why so much of it depended on an unlikely thing: shopping.
We’ve edited our conversations with them for length and clarity.
Click Here: Sarah, how did you end up being so fascinated by bitcoin?
Sarah Meiklejohn: It was pretty random how I got into bitcoin. I had heard about it in the summer of 2011. It was starting to get a bit bigger then. The price of a bitcoin had kind of a brief spike in the summer of 2011. I heard about it as this way to buy drugs on the internet, because that was kind of when Silk Road was first emerging.
And then I didn't really think about it much to be honest, until one of the postdocs in our research group at UCSD. … We were out on a hike in the desert and he brought up bitcoin and was telling me all about the consensus protocol that bitcoin uses and how it's really fascinating and yeah, I mean he was really into it and it kind of got me interested as well. And I went home from that hike and kind of started looking at the white paper and pretty quickly we just started working on a project on it.
CH: The white paper is of course the one written by Satoshi Nakamoto … which laid out how a digital currency like bitcoin could work and how a digital ledger called the Blockchain could keep track of all the transactions.
SM: What I think made me more interested in bitcoin was this question of privacy. I think in the beginning, you know, we all just were kind of like, “whoa, bitcoin, like, what's anyone doing with it? You know, how's it being used?”
The research group that I ended up doing this work with and working quite closely with, had a huge amount of expertise in empirical analysis of kind of shady activities on the internet, for lack of a better way to put it. They had done all this work looking at botnets and looking at spam and looking at all these kinds of phenomena on the internet. So they had a really strong empirical way of doing things and I wanted to try that out. And I think that was more than anything the driving factor behind the project. Just curiosity and a desire to develop a new skill set.
CH: So how did the idea of just starting to buy things and trace the transactions come about?
Stefan Savage: We as a group had actually been involved in a lot of this kind of undercover purchasing activity for a while, just not about bitcoin.
We had cut a deal with a bank that allowed us to effectively issue credit cards and then track the flow of money, and so we bought like $50,000 worth of counterfeit drugs and then tracked the flow of money back to the banks they came from.
And so I think that notion of following the money by buying things and then seeing what happened was something that was pretty central to the research enterprise at the time.
CH: Was there like a conversation in which you said, “Hey, we were buying all these pharmaceuticals and following the money that way, should we do the same thing here?”
SS: Sarah came up with the idea that, look, you have this anonymous identifier that corresponds to either a person or an exchange or a retailer, and it is anonymous.
So long as no one uses it. There's these side effects when you touch the real world in some way.
SM: We had all these techniques that we were developing for saying that these multiple bitcoin addresses or pseudonyms belonged to the same entity, whether that entity was an individual user or a big company like an exchange or something like that.
And so that was kind of all well and good, you know, we could say, “oh wow, look at that entity. They control 300,000 bitcoin addresses. And this one has fewer. And look, that entity is sending bitcoins back and forth with that other one.”
But on their own, these aren't very insightful things to say, right? You're only really gonna understand what's going on if you actually know who these entities are, right? So it's like, “Oh wow, look at that exchange. It's sending a lot of money to Silk Road.” Then it becomes more interesting.
And so basically, without engaging in these kinds of transactions ourselves, we weren't going to know who Entity X was. Whereas if we could actually interact with some of these services, we might be able to say, oh yeah, Entity X is this big exchange.
CH: It seems to me even that little step that you started with, the idea that you could cluster these transactions together … even that is new, right? Didn't people think that the blockchain was utterly anonymous?
SM: People probably did think that bitcoin was anonymous in the early days. I will say though, the ability to cluster together different types of addresses was already acknowledged in [Satoshi Nakamoto’s] white paper. You know, it's like there's one sentence. that basically says that the most common way that we cluster things is we say all the inputs in a bitcoin transaction belong to the same user.
So I would say it was new in the kind of scale and how far we pushed it. But the actual idea of clustering together, at least based on that kind of approach is actually not new. It was already out there to begin with.
SS: There was an assumption that because there were no names in bitcoin, there was no addresses, there was no number that was linked back to an individual where they had filed some paperwork, that it was really anonymous. And, um, that's not the same as being anonymous. Just because the wallet ID or the cryptographic ID in bitcoin does not have your name on it does not mean that you're anonymous.
CH: So then how do you get to purchasing physical objects?
SM: So yeah, we got to this point in the research where we just realized, OK, we're not gonna get any further until we know who these entities are. So basically what we started doing is just interacting with literally any entity in the bitcoin ecosystem who was willing to interact with us.
So that primarily meant opening a lot of accounts with exchanges, for example, or other so-called wallet services, and then interacting with those services, right? So basically creating an account, saying “I would like to deposit some money into my account,” getting them to give you a bitcoin address. Then you can confidently say that that bitcoin address is controlled by that entity.
And then you can also go and withdraw your money from that service. And again, go look at the blockchain, see these addresses that were used for that withdrawal, and again, say with a hundred percent confidence, “I know that these addresses belong to that entity.”
So, the main way that we did this was by interacting with exchanges, because those were the main entities who were willing to interact with us. But the other entities who were willing to interact with us were vendors. People or services, shops wanting to sell things to people who were willing to pay in bitcoin. So that's basically how we ended up buying physical objects.
I don't remember the literal first object we bought, it might have been, just for fun, the Guy Fawkes mask or something like that.
SS: We gave [Sarah] a bunch of money. Two, $3,000 or something like that. And there were crazy things she would buy.
Like a Boston CD and socks, and so forth. Everything from … I think we got like scones or something one time, to … I have a coffee cup here that she bought. She was ordering dozens of things a day at the peak.
It wasn't utilitarian. It was, I need to get a purchase from some wallet in this cluster that my algorithm has identified. Let me go and see things that are likely to get me there. She made sure to get all of the big online payment platforms. Mt. Gox, obviously … she identified all of the things from Mt. Gox. We did do some legal purchases on Silk Road so that we could identify all of the Silk Road wallets.
CH: And was Silk Road one of the entities that you were tracking?
SM: Absolutely. We identified over 200,000 addresses controlled by Silk Road. And one of the case studies we did in our paper revolved around a big address that was associated with Silk Road at the time.
CH: So, in the white paper, Satoshi basically says that bitcoin transactions have these multiple inputs that lead to linking. Can you walk us through how you solve that puzzle of how the money gets moved?
SM: Well, so if multiple addresses have been used as input of the same transaction, then they belong to the same entity. This is something that we call the multi input heuristic. So that heuristic is really useful for collapsing things down into like semantically meaningful entities, right?
So that you can say with a lot of confidence, “this exchange controls these 300,000 addresses.” Even though you didn't see that exchange use every single one of those 300,000 addresses yourself, by the way that those addresses got used in transactions you can be reasonably confident in this conclusion.
So the insight we had was that if I interact with this exchange, let's say, then that's a transaction. They will use the address that they gave to me for my deposit… They'll use it in some other transaction or in some way. And the idea is that if the way that they transact with it involves using it as input with other addresses, then there's a chance that I could identify this address as landing within one of these larger clusters.
So we could see money was flowing from one exchange to another, or from one service to another. And I think that coupling this ability with this idea of being able to kind of follow and track bitcoins as they went around the network, the idea is that we could see users interact with services like individual users.
And you know, this was around the time when. When basically FinCEN was starting to impose, like know your customer requirements on exchanges, and so we actually knew, or could hypothesize that if we saw a user deposit money into an account or an exchange, that it would be possible with subpoena power or if you were that exchange to actually identify who that user was. Like their real identity, not just what addresses they controlled in bitcoin.
We used as case studies a number of big thefts that had happened in bitcoin and other potential criminal behavior. And a lot of the times we could really confidently track illicit money right to the doorstep of a big exchange.
This has serious impact on the anonymity not just of potential criminals, but really of anyone. That you could basically see how they moved their money around in the bitcoin blockchain itself. We could trace things quite easily ourselves just by accessing the blockchain.
CH: So you don't even really necessarily need the subpoena.
SM: I mean, you know, if you wanna know who a user actually is, like their name, then yeah, at some point you do need the subpoena. But I mean that's the kind of crazy thing ultimately about the bitcoin blockchain, I guess, right?
It's completely transparent. Anyone who wants can just download it and, and look at every transaction that's happening.
CH: And did you ever think that what you were doing was going to give rise to an entire industry?
SM: Uh, no. No, I did not.
CH: Why not?
SM: I mean, you know, I'm an academic. I kind of thought of it as a small academic experiment. I thought that scaling it up would be a lot of work. I mean, it was time consuming. I basically did nothing else for like a month straight. It was basically a very manual process. And so I was just like, oh, come on. Like, who's gonna do that at any kind of real scale, right?
**CH: How about you, Stefan? In your wildest dreams, did you ever think that Sarah's research would actually end up growing into an industry? **
SS: No, I think in part because, when we first conceived of Sarah's project, it was not to trace cryptocurrency. I mean, we did want to break through the anonymity, but it was not designed to be kind of an operational tool. We wrote this paper to try to say what is bitcoin being used for? Rather than come up with a tool.
We didn't know it was gonna take off and all of us thought that bitcoin was kind of crazy. So the notion that it would become big enough that there would be businesses focused on tracing it, was not on our radar at all.
CH: When your paper came out, what was the reaction?
**SM: **Oh, I got a lot of emails, I did talk to a lot of reporters and stuff like that. Also increasingly law enforcement, policymaker types. I also got a lot of personal emails though, from people who had lost their bitcoins or had them stolen and literally didn't know who else to ask. So they were emailing me. I did try to engage with a lot of them and, you know, was often fairly unsuccessful as you might expect.
SS: We ended up talking to everyone from the law enforcement side to folks in Treasury to Homeland Security. There were staffers who were calling us. It was all of a sudden a point of significant interest.
There was a decision going on in the U.S. government about what should we do here? Should we just shut the whole thing down? Should we have a light touch? And [the paper] provided some comfort to the people who were very concerned to say, well, it's not going to be untraceable. So maybe we don't need to have as hard-line a response.
CH: Are you still doing this sort of thing now? Stefan, did this project change what your research focus was?
SS: So, this all gets finished up at the same time as Sarah's looking for jobs. She goes off, becomes a faculty member. And I think none of us really thought this whole thing would take off the way it did. We continued to be skeptics.
We did some stuff with ransomware, and tracking ransomware using cryptocurrency. But it was kind of one-off projects. We have only recently started to get involved again, and mainly because the magnitude of the thefts are just phenomenal. That hundreds of millions of dollars of value is getting lost at a shot has made it interesting again.
I think tracing is kind of a done issue, but that world has now become much more complex. It's not just one currency, it's lots of them. And there are these bridges between them. And there are these things called smart contracts that allow transactions to have kind of arbitrary kinds of constraints on them. And that has allowed for very sophisticated fraud to take place. And so now we are starting to do some work in that space again.
Dina Temple-Raston is the host and executive producer of the Click Here podcast as well as a senior correspondent at Recorded Future News. She previously served on NPR’s Investigations team focusing on breaking news stories and national security, technology, and social justice and hosted and created the award-winning Audible Podcast “What Were You Thinking.”