Cryptocurrency such as bitcoin has become the currency of choice for cybercriminals who believe that using it protects them from law enforcement because it is anonymous and untraceable.
It turns out they are only half right. Less than a month after Colonial paid DarkSide, the Department of Justice was able to recover almost half of the ransom. How can this happen with untraceable currency? Tech journalist Andy Greenberg explains in his new book that you can read, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency.”
An editor and reporter at Wired, Greenberg is known for his ability to explain complex technology in a way that anyone can understand, and he doesn’t disappoint when it comes to crypto. Among other things, he explained that the cryptocurrency’s public ledger, “an instant check of the blockchain, an unforgettable public record of who owns every bitcoin,” is not as secret as criminals imagine.
“In Bitcoin, good and bad, everyone is a witness to every payment… [which] offers a vast collection of data to analyze,” he wrote. “Who can say what patterns might present users who think they are smarter than the viewer?”
To tell his story, Greenberg gathered unusual characters, from IRS and DEA agents to mathematicians such as Sarah Meiklejohn at the University of California at San Diego, who first heard about bitcoin in 2011, while studying for her PhD. He has focused on privacy research, studying things like a system that will allow people to pay road tolls without revealing their personal movements or how thermal cameras can be used to track codes people punched into ATMs.
When he started digging into the blockchain, he saw a puzzle that could be solved. “Yes, the identity behind the payments were obscured by pseudonymous addresses, long strings between twenty-six and thirty-five characters,” Greenberg writes. “But for Mekeljohn, it looks like a dangerous fig leaf to hide. … Blockchain, like a massive undeciphered corpus of ancient languages, hides a wealth of secrets in plain sight.
What Mekeljohn discovered – and Greenberg put it well – is that there is a way to collapse multiple bitcoin addresses into a single identity. Sometimes bitcoin transactions come from several different addresses – as if, for a $10 transaction, you pull a $5 bill from your pocket and another fisherman from your wallet. Bitcoin software creates these transactions by listing two addresses as inputs, and whoever receives them as one output.
This is a pattern that can be seen in the blockchain – and this was Mekeljohn’s epiphany. “They scan their blockchain database for every multi-input transaction, linking all double, triple or even hundreds of inputs to a single identity,” Greenberg wrote. “The result immediately reduced the number of potential Bitcoin users from twelve million to about five million, slicing more than half the problem.”
Meiklejohn then started buying random things with bitcoin to see how the wallet worked, and he discovered a quirk. “Many Bitcoin wallets only allow spenders to pay the entire amount of coins sitting at a certain address,” Greenberg explained. “Each address is like a deposit that needs to be opened to spend coins in. Spend less than the deposit and the rest should be kept in the newly created deposit.
So if you pay someone “6 bitcoins from a 10-coin address … your change, 4 coins, is stored in a new address, which the wallet software creates for you,” Greenberg wrote. And the address to which your changes are sent can be used as an identifier. Meiklejohn realized that if he could “connect the address of the change to the address that had been separated, he could create his own signboard. He could follow the money even when it was on the road. The result was that Meiklejohn could now connect all chains previously canceled transactions.
If you understand the mechanics of bitcoin and blockchain, then the smoky world of crypto begins to open up. You can gather how law enforcement has managed to claw back ransoms (as in the case of Colonial Pipeline) and lift the curtain on how cybersecurity and threat intelligence companies have started tracing cryptocurrency transactions back to the source – not as manually as Meiklejohn has done, but with software that designed for that purpose.
“Tracers in the Dark” doesn’t stop there. With the basics explained, Greenberg takes readers around some of the most notorious dark web takedowns in recent memory: the 2½-year track and trace that identified Silk Road’s 29-year-old founder of the Texan marketplace. Ross Ulbricht; 25-year-old Quebecois businessman, Alexandre Cazes, who masterminded the drug market that took place, AlphaBay. The story is a thriller, complete with stakeouts and missed opportunities.
Greenberg specializes in taking complex and understandable technologies. The final book, “Sandworm: The New Era of Cyberwar and the Kremlin’s Deadliest Hacker Hunt,” is a prescient cautionary tale about the Russian hacker corps and its vicious cyberattacks against Ukraine. They have now done the same thing by demystifying cryptocurrency.
After reading “Tracers in the Dark,” I still consider myself a crypto skeptic, just a little more enlightened. Crypto still seems sketchy, not least because its main purpose at the moment seems to be allowing people to buy illegal things on the internet and allowing ransomware actors to get paid.
I am not alone in this. “The fact that cryptocurrency is difficult to explain should be a warning sign,” cryptographer Bruce Schneider told me once. “You’re going to get scammed, you’re going to get scammed, you’re going to lose money, if you don’t know.”
Think FTX. While the implosion appears to be more about fraud and surveillance and not about blockchain, it’s still a fairy tale. That’s why, as much as I love Greenberg’s book, I stick with cash.
Dina Temple-Raston is a longtime correspondent at NPR and is now the host and executive producer of “Click Here,” one of Apple’s top tech news podcasts about all things cyber and intelligence.
Global Hunt for Cryptocurrency Criminal Lords
the second day. 367 pp. $32.50
Note to readers
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means to earn fees by linking to Amazon.com and affiliate sites.