92 COMMUNICATIONS OF THE ACM | APRIL 2016 | VOL. 59 | NO. 4
followed using the methodology described above (i.e., at
each hop we continued along the chain by following the
change address, and considered the other output address
to be a meaningful recipient of the money). After following
100 hops along each chain, we observed peels to the services
listed in Table 2.
In this table, we see that, although a longitudinal look
at the balances of major services did not reveal where the
money went, following these chains revealed that bitcoins
were in fact sent to a variety of services. The overall balance
was not highly affected, however, as the amounts sent were
relatively small and spread out over a handful of transactions. Furthermore, while our analysis does not itself reveal
the owner of 1DkyBEKt, the flow of bitcoins from this
address to known services demonstrates the prevalence of
these services ( 54 out of 300 peels went to exchanges alone)
and provides the potential for further de-anonymization: the
evidence that the deposited bitcoins were the direct result of
either a Ponzi scheme or the sale of drugs might motivate
Mt. Gox or any exchange (e.g., in response to a subpoena)
to reveal the account owner corresponding to the deposit
address in the peel, and thus provide information to link the
address to a real-world user.
Tracking thefts. To ensure that our analysis could be applied more generally, we turned finally to a broader class of
criminal activity in the Bitcoin network: thefts. Thefts are
in fact quite common within Bitcoin: almost every major
service has been hacked and had bitcoins (or, in the case
of exchanges, other currencies) stolen, and some have shut
down as a result.
To begin, we used a list of major Bitcoin thefts found at
https://bitcointalk.org/index.php?topic=83794. Some of
the thefts did not have public transactions (i.e., ones we
could identify and study in the block chain), so we limited
our attention to the ones that did. For each theft, we first
found the specific set of transactions that represented the
theft; that is, the set of transactions in which the sender
was the service and the recipient was the thief. Starting
with these transactions, we did a preliminary manual
inspection of the transactions that followed to determine
their approximate type: we considered aggregations, in
which bitcoins were moved from several addresses into
a single one; folding, in which some of the aggregated
addresses were not clearly associated with the theft; splits,
in which a large amount of bitcoins was split among two
or more addresses; and finally peeling chains, in which
smaller amounts were peeled off from a succession of
one-time change addresses. Our results are summarized
in Table 3.
Briefly, the movement of the stolen money ranged from
quite sophisticated layering and mixing to simple and easy
to follow. Examining thefts therefore provides another
demonstration of the potential for anonymity provided by
Bitcoin, and the ways in which current usage falls short of
this potential. For the thieves who used the more complex
strategies, we saw little opportunity to track the flow of bitcoins (or at least do so with any confidence that ownership
was staying the same), but for the thieves that did not there
seemed to be ample opportunity to track the stolen money
directly to an exchange.
One of the easiest thefts to track was from Betcoin, an
early gambling site that was shut down after its server was
hacked on April 11, 2012 and 3171 BTC were stolen. The stolen bitcoins then sat in the thief’s address until March 15,
2013 (when the bitcoin exchange rate began soaring), when
they were aggregated with other small addresses into one
large address that then began a peeling chain. After 10 hops,
we saw a peel go to Bitcoin- 24, and in another 10 hops we saw
a peel go to Mt. Gox; in total, we saw 374.49 BTC go to known
exchanges, all directly off the main peeling chain, which
originated directly from the addresses known to belong to
the thief.
In contrast, some of the other thieves used more sophisticated strategies to attempt to hide the flow of money; for
example, for the Bitfloor theft, we observed that large peels
off several initial peeling chains were then aggregated,
Service
First Second Third
Peels BTC Peels BTC Peels BTC
Bitcoin- 24 1 2 3 124
Bitcoin Central 2 2
Bitcoin.de 1 4
Bitmarket 1 1
Bitstamp 5 97 1 1
BTC-e 1 250
CAVirtEx 1 3 1 10 3 22
Mercado Bitcoin 1 9
Mt.Gox 11 492 14 70 5 35
OKPay 2 151 1 125
Instawallet 7 39 5 135 2 43
WalletBit 1 1
Bitzino 2 1
Seals with Clubs 1 8
Coinabul 1 29
Medsforbitcoin 3 10
Silk Road 4 28 5 102
Along the first 100 hops of the first, second, and third peeling chains resulting from
the withdrawal of 158,336 B TC, we consider the number of peels seen to each service,
as well as the total number of bitcoins (rounded to the nearest integer value) sent
in these peels. The services are separated into the categories of exchanges, wallets,
gambling, and vendors.
Table 2. Tracking bitcoins from 1DkyBEKt.
Theft BTC Date Movement Exchanges?
MyBitcoin 4019 Jun 2011 A/P/S Yes
Linode 46,648 Mar 2012 A/P/F Yes
Betcoin 3171 Mar 2012 F/A/P Yes
Bitcoinica 18,547 May2012 P/A Yes
Bitcoinica 40,000 Jul 2012 P/A/S Yes
Bitfloor 24,078 Sep 2012 P/A/P Yes
Trojan 3257 Oct 2012 F/A No
For each theft, we list (approximately) how many bitcoins were stolen, when the theft
occurred, how the money moved after it was stolen, and whether we saw any bitcoins
sent to known exchanges. For the movement, we use A to mean aggregation, P to
mean a peeling chain, S to mean a split, and F to mean folding, and list the various
movements in the order they occurred.
Table 3. Tracking thefts.