De-Anonymizing Bitcoin One Transaction at a Time

Presented at The Eleventh HOPE (2016), July 22, 2016, 2 p.m. (60 minutes)

Bitcoin is an established virtual currency well known for enabling affordable and efficient transfers of money between individuals and entities. With its market cap of over $7 billion and hundreds of thousands per day, the Bitcoin currency has become popular enough for offenders to be able to hide among its users when they purchase illicit goods and services online or need to receive extortion payments. The aims of this presentation are twofold. The first is to present an open-source tool developed by the panelists that analyzes all of the Bitcoin transactions and regroups Bitcoin addresses based on their incoming and outgoing transactions. This allows for a more accurate mapping of individuals' online activities no matter how many Bitcoin addresses they are using. The tool, as well as a database of all nodes identified by the tool, will be released on the day of the conference. The second aim of this presentation is to provide real world use cases for the tool to better understand online illicit activities. To do so, David and Mathieu will present two case studies that will follow the evolution through time of the revenues generated by online illicit groups and the strategies they used to manage the incoming bitcoins. This talk will be of interest to attendees looking to better understand how the Bitcoin currency works and the attacks that can be used to de-anonymize Bitcoin users. A live demonstration will explain how the open-source tool works and the strategies that could be used to preserve one's anonymity in the Bitcoin network.

Presenters:

• David Décary-Hétu
  David Décary-Hétu earned his PhD in criminology from the University of Montreal in 2013. He has since worked and taught at the School of Criminal Sciences in Lausanne and the Polytechnique Engineering school of Montreal and is now an assistant professor at the School of Criminology of the University of Montreal. His main research interests are online illicit markets, especially those hosted on the darknet. The results of his research, funded by both the provincial and federal governments in Canada, have been published in major journals, have been presented at numerous conferences, and have been disseminated to a wide audience in a number of interviews with the media.
• Mathieu Lavoie
  Mathieu Lavoie recently graduated from ETS and works as a pentester for a large financial institution. He previously worked as a malware researcher at ESET and as a computer security freelancer. During his free time, he is an avid participant to many CTFs in the infamous CISSP Groupies (now called DCI-ETS), where he developed a deep love-hate relationship with crypto challenges or Defcon's so-called "web" challenges. As such, he was multiple times a finalist at the CSAW competition, and can even be seen somewhere on their website (no points for this flag). He speak at some local conferences including the first NorthSec conference in Montreal.

Links:

• https://xi.hope.net/schedule.html#-de-anonymizing-bitcoin-one-transaction-at-a-time- (Conference Schedule)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) De-Anonymizing Bitcoin One Transaction at a Time.srt (subtitles)
• https://infocon.org/cons/2600/The Eleventh HOPE (2016)/The Eleventh HOPE (2016) De-Anonymizing Bitcoin One Transaction at a Time.mp4
• https://www.youtube.com/watch?v=jBE7o1K6ctU

Similar Presentations:

• Kiwicon V: It Goes b00m (2011) / Follow the money: bling-bling real compton city g bitcoin forensic accounting
• ToorCamp 2014 / There Will Be Coins: A Security Analysis of the Bitcoin Network
• Hackfest 2016 / De-anonymizing Bitcoin one transaction at a time