Building a community interested in cryptocurrency mixers
Explore the project’s abstract, objectives and deliverables in this public outline.
PROJECT OVERVIEW
The successful BAZAR project targeted the issue of dark marketplaces, with a focus on those without internal wallets. Over the course of two years, we developed a prototype for web scraping of Monopoly Market website and subsequent analysis of the collected data. Using several methods, we were able to detect new purchases, correlate them with activity on the blockchain, collect evidence about sellers and their goods, and evaluate the entire marketplace with respect to product categories, sales predictions, and shopper demographics. The results of the project were also used by foreign entities, namely Europol and Zurich Kantonspolizei.
The subject of the project is the expansion and development of cooperation with national and international security forces in the field of forensic analysis of cryptocurrencies. For example, the security community involved in the project will provide expert workshops, lectures and meetings, where information on cryptocurrency mixing services and cryptocurrency hardware wallets will be shared. Cryptocurrency mixing services are often used to legitimize cryptocurrency funds encumbered by problematic transaction history (e.g. ransomware, fraudulent activities, proceeds from trading on dark marketplaces), thus complicating the tracing of cryptocurrency funds associated with illegal activities. Analysis of cryptocurrency transactions of hardware wallets will allow one to become familiar with the possibilities of identifying these devices within cryptocurrency networks.
PROJECT OBJECTIVES
We would like to build on this project and explore another problem area – cryptocurrency mixers and tumblers. That is, services where users deposit cryptocurrency funds encumbered by some problematic transaction history (e.g. ransomware, fraudulent behaviour, proceeds from trading on dark marketplaces) and receive similar value in return, but with a different transaction chain. Mixing, or its simpler variant, coin-joining, makes it more difficult to link certain cryptocurrency funds to illicit activity and generally complicates the process of tracing funds.
A possible solution to the obfuscation techniques of mixers is the correlation between input and output transactions in clusters. The correlation would attempt to match some output transactions of equal value (minus a fee to the mixer operator) to the corresponding input transactions. For the heuristic to be functional, it is necessary to identify the deposit and withdrawal clusters of each mixer and the links between them.
We would also like to investigate specifics in the behaviour of hardware and software cryptocurrency wallets. Our goal would be to describe ways how they calculate fees when emitting transactions. Each wallet uses a slightly different approach how to estimating fees. The wallet attaches the resulting fee to the newly generated transaction, which then guarantees its processing by miners into the block. We believe this would enable us to uniquely identify what type of wallet has generated a given transaction in the blockchain. Therefore, we would like to test popular wallets – like Trezor, Ledger, Wasabi or Electrum – and report on their specifics concerning the above-mentioned potential to associate the transaction with a wallet.
The main objectives of the project would be:
- to analyse the obfuscation process over the selected mixers using reverse engineering and verify deanonymisation heuristics exploiting the correlation between the activities of the mixer clusters;
- to test hardware and software wallets and how they generate new transactions in order to identify potential uniqueness in their behaviour;
- to disseminate information within the expert community among security practitioners interested in cryptocurrencies in the form of specialized webinars/conference presentations with international participation.
DELIVERABLE
| Code | Description |
|---|---|
| V – research report | Classified research report analysing transaction issuance methods of hardware wallets and evaluating methods and tools to deobfuscate mixers. |
| W – organization of an international workshop | For the purpose of communicating the most important lessons learned from the project and guidance on use of the implemented software, a comprehensive seminar will be created.̌ This seminar is in plan to present this seminar in the framework of an international conference dedicated to security forces. The next one will be held during the Intelligence Support Systems for Electronic Surveillance conference, where the principal investigator of the project regularly speaks as an expert on security and Cryptocurrencies, and where he has pledged the support of the organisers for the workshop. |
| W – organization of an international workshop | A dedicated international webinar will be organized for the security professional community to present the latest trends and current knowledge in the domain of forensic analysis of hardware wallets and software clients with embedded obfuscation techniques. The plan is to either use our own platform or join an existing series of thematic webinars (e.g. ISS World Webinar). |
| W – organization of a national workshop | In cooperation with the application guarantor, a workshop will be organised for relevant security forces from the CLR (and perhaps abroad, e.g. using a hybrid format) presenting the methods and related tools analysed. Possible scenarios for the use of of the collected data in the operational practice of the participants. |
OUR PARTNERS
