Cybercriminal Minds: An investigative study of cryptocurrency abuses in the Dark Web

The Dark Web is notorious for being a major distribution channel of harmful content as well as unlawful goods. Perpetrators have also used cryptocurrencies to conduct illicit financial transactions while hiding their identities. The limited coverage and outdated data of the Dark Web in previous studies motivated us to conduct an in-depth investigative study to understand how perpetrators abuse cryptocurrencies in the Dark Web. We designed and implemented MFScope, a new framework which collects Dark Web data, extracts cryptocurrency information, and analyzes their usage characteristics on the Dark Web. Specifically, MFScope collected more than 27 million dark webpages and extracted around 10 million unique cryptocurrency addresses for Bitcoin, Ethereum, and Monero. It then classified their usages to identify trades of illicit goods and traced cryptocurrency money flows, to reveal black money operations on the Dark Web. In total, using MFScope we discovered that more than 80% of Bitcoin addresses on the Dark Web were used with malicious intent; their monetary volume was around 180 million USD, and they sent a large sum of their money to several popular cryptocurrency services (e.g., exchange services). Furthermore, we present two real-world unlawful services and demonstrate their Bitcoin transaction traces, which helps in understanding their marketing strategy as well as black money operations.

[1]  Yaman Akdeniz Anonymity, Democracy, and Cyberspace , 2015 .

[2]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[3]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[4]  He Liu,et al.  Click Trajectories: End-to-End Analysis of the Spam Value Chain , 2011, 2011 IEEE Symposium on Security and Privacy.

[5]  Ghassan O. Karame,et al.  Evaluating User Privacy in Bitcoin , 2013, Financial Cryptography.

[6]  Malte Möser,et al.  An inquiry into money laundering tools in the Bitcoin ecosystem , 2013, 2013 APWG eCrime Researchers Summit.

[7]  Sara B. Kiesler,et al.  Why do people seek anonymity on the internet?: informing policy and design , 2013, CHI.

[8]  Nicolas Christin,et al.  Traveling the silk road: a measurement analysis of a large anonymous online marketplace , 2012, WWW.

[9]  S A R A H M E I K L E J O H N,et al.  A Fistful of Bitcoins Characterizing Payments Among Men with No Names , 2013 .

[10]  Alex Biryukov,et al.  Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization , 2013, 2013 IEEE Symposium on Security and Privacy.

[11]  Malte Möser Anonymity of Bitcoin Transactions An Analysis of Mixing Services , 2013 .

[12]  M. Barratt,et al.  Use of Silk Road, the online drug marketplace, in the United Kingdom, Australia and the United States. , 2014, Addiction.

[13]  Pedro Moreno-Sanchez,et al.  CoinShuffle: Practical Decentralized Coin Mixing for Bitcoin , 2014, ESORICS.

[14]  Alex Biryukov,et al.  Content and Popularity Analysis of Tor Hidden Services , 2013, 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[15]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[16]  Nicolas Christin,et al.  Measuring the Longitudinal Evolution of the Online Anonymous Marketplace Ecosystem , 2015, USENIX Security Symposium.

[17]  Diana S. Dolliver Evaluating drug trafficking on the Tor Network: Silk Road 2, the sequel. , 2015, The International journal on drug policy.

[18]  Tyler Moore,et al.  There's No Free Lunch, Even Using Bitcoin: Tracking the Popularity and Profits of Virtual Currency Scams , 2015, Financial Cryptography.

[19]  Paul F. Syverson,et al.  Bake in .onion for Tear-Free and Stronger Website Authentication , 2016, IEEE Security & Privacy.

[20]  Maxim Panov,et al.  Automatic Bitcoin Address Clustering , 2017, 2017 16th IEEE International Conference on Machine Learning and Applications (ICMLA).

[21]  Martin Florian,et al.  Anonymous CoinJoin Transactions with Arbitrary Values , 2017, 2017 IEEE Trustcom/BigDataSE/ICESS.

[22]  Sadia Afroz,et al.  Backpage and Bitcoin: Uncovering Human Traffickers , 2017, KDD.

[23]  Julio Hernandez-Castro,et al.  An Analysis of Bitcoin Laundry Services , 2017, NordSec.

[24]  Damon McCoy,et al.  Tracking Ransomware End-to-end , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[25]  Tālis J. Putniņš,et al.  Sex, Drugs, and Bitcoin: How Much Illegal Activity Is Financed Through Cryptocurrencies? , 2018, The Review of Financial Studies.

[26]  Massimo Bartoletti,et al.  Data Mining for Detecting Bitcoin Ponzi Schemes , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[27]  Arvind Narayanan,et al.  When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies , 2017, Proc. Priv. Enhancing Technol..

[28]  Tyler Moore,et al.  Analyzing the Bitcoin Ponzi Scheme Ecosystem , 2018, Financial Cryptography Workshops.

[29]  Shou-Ching Hsiao,et al.  The dynamic analysis of WannaCry ransomware , 2018, 2018 20th International Conference on Advanced Communication Technology (ICACT).

[30]  Bernhard Haslhofer,et al.  Ransomware Payments in the Bitcoin Ecosystem , 2018, J. Cybersecur..

[31]  Aiman Erbad,et al.  When A Small Leak Sinks A Great Ship: Deanonymizing Tor Hidden Service Users Through Bitcoin Transactions Analysis , 2018, Comput. Secur..

[32]  Arvind Narayanan,et al.  BlockSci: Design and applications of a blockchain analysis platform , 2017, USENIX Security Symposium.