A tool capable of tracking financial transactions with cybercrimes in Bitcoin

IMDEA Software researchers Gibran Gómez, Pedro Moreno-Sánchez and Juan Caballero have created an open-source automated tool to trace the financial relationships of malicious entities abusing Bitcoin technology, tested on 30 malware families.

The study “Watch Your Back: Identifying Cybercrime Financial Relationships in Bitcoin through Back-and-Forth Exploration”, in which they present their research and the tool, was published as part of Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security in addition to being presented at the conference.

Cybercrime is the scourge of the digital environment. Fraud, phishing, identity theft, identity theft, phishing or computer fraud are just a few examples of illegal activities on the network. Blockchain technology and cryptocurrencies, such as Bitcoin, have consistently attracted the attention of cybercriminals, who have often used them as a means of payment and even as a means of storing data for illegal purposes.

Gibran, Pedro and Juan are aware of this problem and have analyzed more than 7,500 Bitcoin addresses belonging to 30 malware families, including ransomware families, clippers, sextorsion, crypto-jackers or info-stealers.

The main advantage of the back-and-forth exploration method, used in the study, is that it allows the tracking of all transactions produced by a Bitcoin address recursively. This means that if a Bitcoin address receives cryptocurrencies from another address, and this in turn sends them to a third address, the entire path of the cryptocurrencies can be traced from the first address, or from the last.

As Gibran Gómez points out, “one of the main advantages of the tool is that the user can replicate the entire process in a transparent way, which allows the results to be verified.”

The tool, in addition to serving Bitcoin users themselves, could be particularly useful for law enforcement agencies, as it would allow them to identify paths between malicious addresses and deposit addresses used by operators of illegal activities belonging to financial entities regulated by KYC guidelines, such as such as exchanges (cryptocurrency exchanges).

This means that the National Police can, for example, use such routes as evidence to obtain a court order to demand from a stock exchange personal information relating to the addresses involved, and to find out who the final recipients of the illegal money are.

In addition, Gómez advises users to take certain precautions before carrying out transactions to avoid becoming the target of cybercrime: “It is important to be careful when including the destination address in a transaction. It is necessary to check several times that the destination address is correct for to avoid clippers.”

To prevent malware, he suggests always using antivirus software and running frequent computer scans and finally performing constant backups to avoid losing important data that could result from a ransomware attack.

Provided by IMDEA Software Institute