Bitcoin, blockchain and cryptocurrency are words that most people have at least heard of since the industry exploded into the mainstream public consciousness in 2021.
Over the course of this series of articles, we’ll be delving into the basics of the industry, providing an introduction to crypto that will give you a solid grounding in the technology and a lexicon of its terminology — cryptographers should never be allowed to name anything the public will eventually need to know — in short, enough to understand what people are talking about and decide if you want to learn more.
See the series:
So, is Bitcoin really anonymous?
Short answer: No.
And with the help of blockchain intelligence firms, federal and other law enforcement agencies are getting better and better at tracking down criminals who thought Bitcoin could cover their tracks.
Just ask Jong Woo Son, the South Korean man convicted of running Welcome to Video, a dark web child pornography site that the FBI called the largest ever discovered. Son, who was convicted in 2019 in South Korea after authorities raided his home and found a server with 250,000 video files, also faces indictment in the U.S. if he ever steps foot here.
Son was tracked by following the money, in this case bitcoin, along its blockchain as the site had received funds from more than 1 million bitcoin addresses used to pay for the illicit material, the Justice Department said.
How? Well, the FBI made some buys, sending bitcoin payments to the website’s wallet. As every bitcoin transaction is visible on the Bitcoin blockchain by anyone using a website like Blockchain Explorer, authorities followed the bitcoin as it was moved to a different wallet connected to an account on the cryptocurrency exchange Coinbase — which had required Son to provide proof of identity in compliance with anti-money-laundering regulations.
That leads to the longer answer to our question about Bitcoin’s anonymity, which is a firm “sort of.”
Behind the Mask
The biggest advantage law enforcement has in tracking Bitcoin and almost every other cryptocurrency is that the coins are not anonymous but pseudonymous, which kind of sounds like something you’d hear only on a crossword puzzle.
Let’s unwrap that.
As we discussed in our earlier Blockchain Basics series article about crypto wallets, each bitcoin has two key codes, one public and the other private. The public one identifies it on the blockchain, and the private one is required to send it from one digital wallet to another.
The reason for this two-key system is at the heart of how blockchains work. Bitcoin was designed as a “peer-to-peer version of electronic cash [that] would allow online payments to be sent directly from one party to another without going through a financial institution.”
This means cutting the trusted third party out of the transaction while allowing the two parties to make and receive payment without trusting each other — a “trustless” transaction. This is done by cryptographically timestamping each transaction and writing it onto an unchangeable, or immutable, digital ledger called a blockchain. (See “What’s a Blockchain,” linked above.)
With that information publicly visible, double-spending is not possible. Which means that the transaction isn’t anonymous. Each bitcoin transaction can be tracked from the moment the token was created to its present owner.
The identity of that owner is not revealed, however. Proof of ownership comes in the form of that private key code, which is required to initiate a transaction and send the bitcoin to someone else. Once used, the code is burned, and a new one is created when it is received. So, neither party can identify the other, but the fact that it moved on the blockchain verifies that the payment was made.
The bitcoin’s owner is hidden behind a pseudonym — the public key code — with proof of possession provided by the private key code. You’ll note that possessing the private key code is not the same as legal ownership.
There are ways around this, notably privacy coins like monero that do not show transaction data publicly, and mixing services that try to break the transaction chain by putting bitcoins from a group of unconnected users and randomly trading them.
Look for the Offramp
Getting back to the criminal, Son was able to remain hidden behind his bitcoins’ pseudonymity until he wanted to turn those bitcoins into spendable fiat cash.
The most recent example of blockchain forensics leading to an arrest was the Feb. 8 indictment of Ilya Lichtenstein and his wife, Heather Morgan, who allegedly stole cryptocurrency now worth $4.5 billion from the Bitfinex exchange in 2016. The Justice Department said they were tracked through the purchase of a $500 Walmart card with crypto.
And that’s another advantage for law enforcement: While crypto grows in popularity, there are still relatively few ways to actually spend it in the real world without going through a trusted third party with a money transmission services license that requires the collection of know-your-customer (KYC) identity information from all customers.
There are, of course, unscrupulous service providers, but then you would be trusting a criminal with your ill-gotten gains.
It’s not always that simple, of course. In another case, an identity was traced when the alleged criminal used an email address linked to a digital wallet when posting a coding help request on a developers’ forum.
Additionally, blockchain forensics experts in law enforcement and private firms spend a lot of time looking for patterns in blockchain transfers — a lot of small transactions coming into a wallet, for example — that can get quite complex. They often spot hacks before the exchange or project developers do.