In May 2017, the world was faced with a massive cyber attack. The Wannacry ransomware affected nearly 2,30,000 computers in 150 countries. Organizations such as the NHS in the UK, and in India, computers at Andhra Pradesh’s police department were hacked. The malware encrypted files on the computers and asked users to pay a ransom of $300 in Bitcoin. But why Bitcoin? That is an intriguing question.

Bitcoin and Crime

Unlike bank account numbers, Bitcoin uses addresses, which are sometimes misunderstood to be similar to the former. Unique addresses can be generated by users for each transaction and they provide pseudonymity to users of cryptocurrencies. This makes Bitcoin and other cryptocurrencies highly suitable for transactions which criminals don’t want law enforcement to know about. This seems to be one reason why crackers of computers ask for ransom to be sent as cryptocurrencies.

However, it is not all rosy as it seems. Bitcoin does allow a certain degree of privacy to users, but that doesn’t mean that transactions are entirely untraceable. Before I continue, let me explain the difference between anonymity and privacy in the context of Bitcoin. Anonymity in the Bitcoin ecosystem implies that the entities involved in transactions are not identified by their real names. Privacy implies that transactions using Bitcoin do not leak information about the transaction amount or the goods bought with the money. Here are some threats to privacy and anonymity on the Bitcoin network.

Address reuse

In Bitcoin, addresses must never be reused. This means that a new address must be generated for every new transaction being performed. When users reuse addresses, it allows others to easily determine that the address being used is yours, thus destroying your privacy. Bitcoin transactions are publicly visible on the distributed ledger hence anyone can see how much money was sent and by which address. Addresses may also be used to de-anonymise users by cross-referencing with addresses posted on Bitcoin-related forums. Transactions also cause linkage between addresses. This linkage is called a transaction graph, and a variety of methods may be used to guess imformation about users.

Traffic Analysis

This involves analysing network packets sent over the peer-to-peer network used by Bitcoin. Attackers such as governments and ISPs can see the size of the data packet, even if the packet is encrypted. When a block is mined, it results in a synchronized burst of network activity among nodes on the Bitcoin P2P network. Since this activity produces identically-sized traffic, your adversary can see that Bitcoin is being used.

Eavesdropping

An adversary may eavesdrop on any communication which happens between you and someone else. For example, if Alice wants to send Bitcoin to Bob, she will ask Bob for his Bitcoin address. If an adversary, say Eve is listening to communications between you and Bob, then she may also obtain Bob’s address. Afterwards, she could observe the money trail by seeing the public blockchain transactions. Additionally, she could also perform transaction graph analysis to find out Alice’s other addresses.

Transactions

Bitcoin exchanges always require their customers to go through anti money laundering (AML) or know-your-customer (KYC) checks. For this, users are required to submit identification documentation which exposes their real name and address. This allows any adversary to obtain this information either during cyberattacks on the exchange, or by a legal warrant. Another way to blow your cover is by revealing your physical address while purchasing an online good. Online merchants and stores which accept Bitcoin may have a higher risk to users, since advertising cookies store a lot of information which can be correlated to link transactions.

Countermeasures

Here are some ways to improve your privacy on the Bitcoin network.

1. Never reuse addresses. It not only harms your privacy, but also of the people you transact with.
2. Do not share your real world information, such as your home address while transacting using Bitcoin.
3. Preferably run a full-node wallet for greater privacy.
4. Use the Tor network for transactions.
5. Avoid creating change addresses for transactions when possible.
6. Use CoinJoin and other privacy enhancing features of Bitcoin.
7. Use the Lightning network if possible for off-chain transactions.

Enfin

These are only some of the ways in which you can stay safe while transacting using Bitcoin. For other cryptocurrencies such as Ethereum, ‘mixers’ can be used. Other coins such as ZCash and Monero do have better features to preserve privacy and anonymity. Now back to the Wannacry ransomware. Why did the creators of Wannacry ask Bitcoin as ransom? One reason is that code can be written to automatically know when a ransom has been received, and this makes the process of seeking ransom very easy for attackers. The Wannacry ransomware contained code which asked affected users to send Bitcoins to one of three addresses. Although the ransom money transferred to these addresses, the real world owners of the crypto wallets associated with these addresses are unknown, and a few months after the attack, some of the money was transferred from these addresses. Always remember to follow local tax laws and other regulation while using Bitcoin. Stay tuned for more !

Further Reading

• Privacy (Bitcoin Wiki)
• Bitcoin Transaction Graph Analysis
• Wannacry ransom withdrawn
• Profiling and De-anonymising Ethereum Users

---