A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services.
It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them.
“We crawled 1.5K hidden service pages and created a dataset of 88 Bitcoin addresses operated by those hidden services, including two ransomware addresses. We also crawled online social networks for public Bitcoin addresses, namely, Twitter and the BitcoinTalk forum. Out of 5B tweets and 1M forum pages, we created two datasets of 4.1K and 41K Bitcoin addresses, respectively. Each address in these user datasets is associated with an online identity and its corresponding public profile information,” the researchers explained.
“By analyzing the transactions in the Blockchain, we were able to link 125 unique users to 20 Tor hidden services, including sensitive ones, such as The Pirate Bay and Silk Road.”
Whether law enforcement and intelligence agencies will bother to replicate and widen the research remains to be seen, but there is no doubt that the permanence of the Bitcoin blockchain can be exploited for similar endeavours.
The researchers noted that the online identities to which they tied the transactions might and might not point directly to individuals, as it’s possible that these are fake online identities. Still, well resourced adversaries can perform online surveillance to track down the users and uncover their true identities.
They also pointed out that this approach can be used to deanonymize only a small number of users.
But for those users who can be linked, the researchers advised that the best course of action is to clean their social network footprint, focusing on removing PII that is publicly shared or deleting their linked online identities altogether – and hope that the information hasn’t been cached or preserved by digital archive services like the Internet Archive.
And, in the future, for similar transactions, it might be best to switch to using alternative coins that provide additional anonymity for transactions on the blockchain (e.g., Monero, Zcash).