1. bookVolume 2022 (2022): Issue 1 (January 2022)
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
access type Open Access

If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews

Published Online: 20 Nov 2021
Page range: 440 - 459
Received: 31 May 2021
Accepted: 16 Sep 2021
Journal Details
License
Format
Journal
First Published
16 Apr 2015
Publication timeframe
4 times per year
Languages
English
Abstract

Bitcoin and similar cryptocurrencies are becoming increasingly popular as a payment method in both legitimate and illegitimate online markets. Such markets usually deploy a review system that allows users to rate their purchases and help others to determine reliable vendors. Consequently, vendors are interested into accumulating as many positive reviews (likes) as possible and to make these public. However, we present an attack that exploits these publicly available information to identify cryptocurrency addresses potentially belonging to vendors. In its basic variant, it focuses on vendors that reuse their addresses. We also show an extended variant that copes with the case that addresses are used only once. We demonstrate the applicability of the attack by modeling Bitcoin transactions based on vendor reviews of two separate darknet markets and retrieve matching transactions from the blockchain. By doing so, we can identify Bitcoin addresses likely belonging to darknet market vendors.

Keywords

[1] A. Antonopoulos. Mastering Bitcoin: unlocking digital cryptocurrencies. O’Reilly, Sebastopol, CA, 2017. Search in Google Scholar

[2] Cannazon Market. General information. http://57iwpifn5xr7bim3lm4lywjuz45za4cbwusyerh362jiqnora ijzh2id.onion. Search in Google Scholar

[3] X. Chen, M. A. Hasan, X. Wu, P. Skums, M. J. Feizollahi, M. Ouellet, E. L. Sevigny, D. Maimon, and Y. Wu. Characteristics of bitcoin transactions on cryptomarkets. In G. Wang, J. Feng, M. Z. A. Bhuiyan, and R. Lu, editors, Security, Privacy, and Anonymity in Computation, Communication, and Storage, pages 261–276, Cham, 2019. Springer International Publishing. Search in Google Scholar

[4] Cryptonia Market. Frequently asked questions. http://jsm5ecfs2xdjivvtizedkiuj4tgcnpewvys3qxxekvucgx2dvqxhy4qd.onion. Search in Google Scholar

[5] Cryptonia Market. What are direct deposits? http://jsm5ecfs2xdjivvtizedkiuj4tgcnpewvys3qxxekvucgx2dvqxhy4qd.onion. Search in Google Scholar

[6] D. Dittrich and E. Kenneally. The menlo report: Ethical principles guiding information and communication technology research. Technical report, U.S. Department of Home-land Security, 2012-08. Search in Google Scholar

[7] Y. Fanusie and T. Robinson. Bitcoin laundering: an analysis of illicit flows into digital currency services. Elliptic.co Report, 2018. Search in Google Scholar

[8] S. Goldfeder, J. Bonneau, R. Gennaro, and A. Narayanan. Escrow protocols for cryptocurrencies: How to buy physical goods using bitcoin. In A. Kiayias, editor, Financial Cryptography and Data Security, pages 321–339, Cham, 2017. Springer International Publishing. Search in Google Scholar

[9] S. Goldfeder, H. A. Kalodner, D. Reisman, and A. Narayanan. When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies. Proceedings on Privacy Enhancing Technologies, 2018:179 – 199, 2017. Search in Google Scholar

[10] H. Jawaheri, M. Sabah, Y. Boshmaf, and A. Erbad. Deanonymizing tor hidden service users through bitcoin transactions analysis. Computers & Security, 89:101684, 12 2019. Search in Google Scholar

[11] M. Jourdan, S. Blandin, L. Wynter, and P. Deshpande. Characterizing entities in the bitcoin blockchain. In Data Mining Workshop (ICDMW), 2018 IEEE International Conference on, pages –. IEEE, 2018. Search in Google Scholar

[12] N. Kshetri. Cryptocurrencies: Transparency versus privacy [cybertrust]. Computer, 51(11):99–111, 2018. Search in Google Scholar

[13] M. Levandowsky. Distance between Sets. Nature, 234(5323):34–35, Nov. 1971. Search in Google Scholar

[14] D. McGinn, D. McIlwraith, and Y. Guo. Toward open data blockchain analytics: A bitcoin perspective. Royal Society Open Science, 5, 02 2018. Search in Google Scholar

[15] S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bit-coins: Characterizing payments among men with no names. In Proceedings of the 2013 Conference on Internet Measurement Conference, IMC ’13, pages 127–140, New York, NY, USA, 2013. ACM. Search in Google Scholar

[16] F. Sabry, W. Labda, A. Erbad, H. Al Jawaheri, and Q. Malluhi. Anonymity and privacy in bitcoin escrow trades. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, pages 211–220, 2019. Search in Google Scholar

[17] D. Sommer. Processing bitcoin blockchain data using a big data-specific framework. Bachelor’s Thesis, University of Zurich. https://www.merlin.uzh.ch/contributionDocument/download/11801, 05 2019. Search in Google Scholar

[18] The Bitcoin Wiki contributors. Privacy, section 9.10. http://archive.today/qY7of, 06 2019. Search in Google Scholar

[19] P. Wuille. Bitcoin improvement protocol 32, 02 2012. Search in Google Scholar

[20] E. Zaghloul, T. Li, M. W. Mutka, and J. Ren. Bitcoin and blockchain: Security and privacy. IEEE Internet of Things Journal, 7(10):10288–10313, 2020. Search in Google Scholar

Recommended articles from Trend MD

Plan your remote conference with Sciendo