1. bookVolume 2022 (2022): Edition 1 (January 2022)
Détails du magazine
License
Format
Magazine
eISSN
2299-0984
Première parution
16 Apr 2015
Périodicité
4 fois par an
Langues
Anglais
access type Accès libre

If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews

Publié en ligne: 20 Nov 2021
Volume & Edition: Volume 2022 (2022) - Edition 1 (January 2022)
Pages: 440 - 459
Reçu: 31 May 2021
Accepté: 16 Sep 2021
Détails du magazine
License
Format
Magazine
eISSN
2299-0984
Première parution
16 Apr 2015
Périodicité
4 fois par an
Langues
Anglais
Abstract

Bitcoin and similar cryptocurrencies are becoming increasingly popular as a payment method in both legitimate and illegitimate online markets. Such markets usually deploy a review system that allows users to rate their purchases and help others to determine reliable vendors. Consequently, vendors are interested into accumulating as many positive reviews (likes) as possible and to make these public. However, we present an attack that exploits these publicly available information to identify cryptocurrency addresses potentially belonging to vendors. In its basic variant, it focuses on vendors that reuse their addresses. We also show an extended variant that copes with the case that addresses are used only once. We demonstrate the applicability of the attack by modeling Bitcoin transactions based on vendor reviews of two separate darknet markets and retrieve matching transactions from the blockchain. By doing so, we can identify Bitcoin addresses likely belonging to darknet market vendors.

Keywords

[1] A. Antonopoulos. Mastering Bitcoin: unlocking digital cryptocurrencies. O’Reilly, Sebastopol, CA, 2017. Search in Google Scholar

[2] Cannazon Market. General information. http://57iwpifn5xr7bim3lm4lywjuz45za4cbwusyerh362jiqnora ijzh2id.onion. Search in Google Scholar

[3] X. Chen, M. A. Hasan, X. Wu, P. Skums, M. J. Feizollahi, M. Ouellet, E. L. Sevigny, D. Maimon, and Y. Wu. Characteristics of bitcoin transactions on cryptomarkets. In G. Wang, J. Feng, M. Z. A. Bhuiyan, and R. Lu, editors, Security, Privacy, and Anonymity in Computation, Communication, and Storage, pages 261–276, Cham, 2019. Springer International Publishing.10.1007/978-3-030-24907-6_20 Search in Google Scholar

[4] Cryptonia Market. Frequently asked questions. http://jsm5ecfs2xdjivvtizedkiuj4tgcnpewvys3qxxekvucgx2dvqxhy4qd.onion. Search in Google Scholar

[5] Cryptonia Market. What are direct deposits? http://jsm5ecfs2xdjivvtizedkiuj4tgcnpewvys3qxxekvucgx2dvqxhy4qd.onion. Search in Google Scholar

[6] D. Dittrich and E. Kenneally. The menlo report: Ethical principles guiding information and communication technology research. Technical report, U.S. Department of Home-land Security, 2012-08.10.2139/ssrn.2445102 Search in Google Scholar

[7] Y. Fanusie and T. Robinson. Bitcoin laundering: an analysis of illicit flows into digital currency services. Elliptic.co Report, 2018. Search in Google Scholar

[8] S. Goldfeder, J. Bonneau, R. Gennaro, and A. Narayanan. Escrow protocols for cryptocurrencies: How to buy physical goods using bitcoin. In A. Kiayias, editor, Financial Cryptography and Data Security, pages 321–339, Cham, 2017. Springer International Publishing.10.1007/978-3-319-70972-7_18 Search in Google Scholar

[9] S. Goldfeder, H. A. Kalodner, D. Reisman, and A. Narayanan. When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies. Proceedings on Privacy Enhancing Technologies, 2018:179 – 199, 2017. Search in Google Scholar

[10] H. Jawaheri, M. Sabah, Y. Boshmaf, and A. Erbad. Deanonymizing tor hidden service users through bitcoin transactions analysis. Computers & Security, 89:101684, 12 2019.10.1016/j.cose.2019.101684 Search in Google Scholar

[11] M. Jourdan, S. Blandin, L. Wynter, and P. Deshpande. Characterizing entities in the bitcoin blockchain. In Data Mining Workshop (ICDMW), 2018 IEEE International Conference on, pages –. IEEE, 2018.10.1109/ICDMW.2018.00016 Search in Google Scholar

[12] N. Kshetri. Cryptocurrencies: Transparency versus privacy [cybertrust]. Computer, 51(11):99–111, 2018. Search in Google Scholar

[13] M. Levandowsky. Distance between Sets. Nature, 234(5323):34–35, Nov. 1971.10.1038/234034a0 Search in Google Scholar

[14] D. McGinn, D. McIlwraith, and Y. Guo. Toward open data blockchain analytics: A bitcoin perspective. Royal Society Open Science, 5, 02 2018.10.1098/rsos.180298612410330225017 Search in Google Scholar

[15] S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bit-coins: Characterizing payments among men with no names. In Proceedings of the 2013 Conference on Internet Measurement Conference, IMC ’13, pages 127–140, New York, NY, USA, 2013. ACM.10.1145/2504730.2504747 Search in Google Scholar

[16] F. Sabry, W. Labda, A. Erbad, H. Al Jawaheri, and Q. Malluhi. Anonymity and privacy in bitcoin escrow trades. In Proceedings of the 18th ACM Workshop on Privacy in the Electronic Society, pages 211–220, 2019.10.1145/3338498.3358639 Search in Google Scholar

[17] D. Sommer. Processing bitcoin blockchain data using a big data-specific framework. Bachelor’s Thesis, University of Zurich. https://www.merlin.uzh.ch/contributionDocument/download/11801, 05 2019. Search in Google Scholar

[18] The Bitcoin Wiki contributors. Privacy, section 9.10. http://archive.today/qY7of, 06 2019. Search in Google Scholar

[19] P. Wuille. Bitcoin improvement protocol 32, 02 2012. Search in Google Scholar

[20] E. Zaghloul, T. Li, M. W. Mutka, and J. Ren. Bitcoin and blockchain: Security and privacy. IEEE Internet of Things Journal, 7(10):10288–10313, 2020. Search in Google Scholar

Articles recommandés par Trend MD

Planifiez votre conférence à distance avec Sciendo