Blockchain surveillance is slowly becoming the norm as cryptocurrencies become a more popularized technology. These days there are many startups and private investigators dedicated to helping global law enforcement and private businesses track bitcoin transactions.
Bitcoin.com recently chatted with Richard Amores, a blockchain surveillance expert and the founder and CTO of Osforensics.us. Amores has designed tools that help him track bitcoin transactions to physical locations where he can visualize an IP address, GEO-location coordinates, the ISP and the host name of the full node. The blockchain forensics investigator claims the tools can analyze wallets with thousands of transactions in minutes in contrast to the weeks and months it would take law enforcement. Amores gives our readers an inside look at how he started and how his tools help him track cryptocurrency transactions.
Tracking Bitcoin Transactions to Physical Locations
Bitcoin.com (BC): When did you first get introduced to bitcoin?
Richard Amores (RA): November 2013 was when I first got my first blockchain.info wallet. That means about 2012 is when I started playing with bitcoin and tried mining. I still have some hardware mining rigs in the basement. My first book was on Tor the dark web; I wrote my second book about Bitcoin because it was about the Tor-Dark Web financial system. Bitcoin was all the rage in the dark web and still is, but it was never anonymous. Freedomnet, I2p, and Tor — The intelligence and encryption of the peer-to-peer network was the fascinating thing for me, I’m more a network guy. Then you get the Genesis coin within the public ledger, and everything flows forward in time and transactions.
As a security geek, I was hooked on this technology and the math more than the value of the Bitcoin.
BC: When did you decide to create the bitcoin tracking forensics tool?
RA: About a year ago a customer asked me if finding the physical location of a wallet was possible. As I explored the edge-routers of the peer-to-peer networks that Tor and Bitcoin and many other networks use, the answer became obvious. Investigators sometimes see a bitcoin wallet as a physical dead end. Many tools focus on tracking the wallet and the ping-pong game that people do to hide their wallets address. We focus on the transactions, this is when the network and the public ledger meet. I wish I could say that we can identify all wallets’ physical locations, but we cannot at this time. The older and the more transactions, the better to track down physical wallets. Our Tool tracks forward in time and backward in transactions as I mentioned before. So if you messed up in the past or future, we got you.
BC: Have you helped any law enforcement (LE) agencies track Bitcoin transactions?
RA: Yes, on many occasions I have worked with LE and others all over the world. I have a Tor crawler and search engine that helps us find wallets and other ID’s on the dark web. As with many investigators, I use Blockseer and blockchain.info and my own blockchain to track wallets. The truth of the matter is LE doesn’t pay if they can get away with it. One time I got paid in Kroger’s money orders, guess out of petty cash. This one was not your usual LE type but the real money guys are the IRS.
Yes, they are big into Bitcoin. They are the ones that told me that mixing services are legal and yes anyone can set up a mixing service — if you’re trying to hide your coins. Who really owns these mixing services and who wants to know how much money you have. Nuff said.
BC: If a bitcoin user hops between multiple public blockchains, does it affect your analysis?
RA: It doesn’t matter, our tool can help to identify wallets from the same owner, but its not designed for tracking and following wallets which are two different things. Our tool is for analyzing transactions and looking at the network and see what data we can get. If you look at the (two images below), Node Types identify the Bitcoin protocol on the four different things it does, Wallet — Miner — Full — Blockchain — Network. Now the Bitcoin Network Image is the one where we can see that the main part of the Full-blockchain — The Network is on the edge routers. This where the transactions (TX) happen and for a network geek it’s the most fun to analyze. So multiple blockchains that operate on a similar network to execute a TX makes no difference, without the network and how it works, you can’t transmit a TX without it and the protocol that it works on peer-to-peer on top of TCP/IP.
BC: How useful is your tool or Blockchain surveillance if a bitcoin user utilizes a tumbler or mixing platform?
RA: We’ve seen all kinds of tricks to displace wallets and transactions into ‘Neverland’, from different currencies to mixing services to hide wallets. We see wallets that offer a new wallet address for every transaction so they can keep the master wallet secret. At the end of the day, you are going to cash out or move your funds. The wallet software will now take all the coins you own and add them up to send out a TX, and those hidden wallets that you created will show up as INPUTS. Now we see your collection of wallets that you believed were secret.
BC: What about other cryptocurrencies that claim to offer better anonymity like Monero for instance, are these digital assets harder to track?
RA: We are looking at any coin that has a peer-to-peer network, and a blockchain and most do. Litecoin and others that have very similar codebase will be easier. Others will be a challenge but the protocol they use has to ride on the internet, and the network protocol rules apply.
BC: Since the inception of the Silk Road, how big have Dark Net markets grown?
RA: Since 2013-14 we saw about 400 odd hidden service websites, when I ran my last crawl in Jan-2017, I started with over 4,000, so it has grown leaps and bound. I would run a crawl in 3-6 hours, now it’s a day and a half and babysitting it all. Just look at the Grams site – the pharma market is the biggest selling with pills all over the place. We do have a pill epidemic not just in America but worldwide. Plastic credit cards is another big deal in the Tor landscape. Then you have people that believe that a Bitcoin transaction in the dark web is secret. Tor works on Port 9001 and Bitcoin works on port 8333 same wire different ports, the only thing you give out in a Bitcoin — Tor TX is the IP address of the hidden service website that they are trying to hide. Bittorrent in Tor exposes the true IP of the client and the server. FYI be careful not all things in the dark web are true.
BC: In your opinion what are the safest bitcoin wallet types?
RA: I would go with a full-node CLI running bitcoinD. But what is safe if I am trying to hide my coins? I built a BIP-32 Deterministic wallet a few years back. One master wallet – and one back-up that can control millions of sub-wallets. So I would go with a BIP-32 Deterministic wallet with a CLI.
I would ask what the safest transactions are? What breadcrumb can they leave behind to track me. Tracking transactions through space and time are the main ways to find wallets; the math does not cheat. Inputs must equal outputs, and you must own before you can spend coins.
BC: Do you believe bitcoin has a chance of gaining mass adoption in white markets?
I mentioned the BIP-32 wallet I created, well, that was for Wall Street – not mentioning names but they stole my code. Think of the Bond market, yeah, I know boring, but there are about two Bond companies worldwide. When you cash out a bond, it’s a bunch of middle managers approving this and that verifying this and that. Well, the blockchain would be a good way to eliminate all these jobs worldwide and automate it pretty easy in the contract side of the blockchain. So yeah, even private blockchains that only the central banks could join and then control things more with smart contracts, that’s what Ethereum is all about that’s why the value went from 22 bucks a few months back to now over 150 or so. The white market is just as bad as the black market, and they will hide their wallets the same way that big shell companies hide things.
So I can imagine my tool looking at all the White Market players wallets to find all their physical locations. Now add up the amounts, and you can tell who is investing in what for any corporate espionage it would be a cool tool. Time and space, since we can track bitcoins forwards and backwards in time, the physical locations are already written all we need is my tool to read them, and yes that would be fun but time-consuming.
What do you think about Osforensics? Do you believe in the company’s ability to track bitcoin transactions with their tools? Let us know in the comments below.
Images via Shutterstock, OSforensics, and Linkedin.
At News.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.
Purchase Bitcoin without visiting a cryptocurrency exchange. Buy BTC and BCH here.