BitFury Launches Blockchain Investigation Tool to Fight Bitcoin Crime

Posted in: Archive
February 4, 2018 2:05 PM UTC

Bitfury, a well-known industry group which started in 2011 as a Bitcoin mining company and has since grown into a multinational blockchain research group, has moved into the law enforcement space with the release of its new tool Crystal.

The Crystal tool was designed with two main use cases in mind. The first of which is for law enforcement to track bitcoin transactions related to criminal activity. Bitcoin is commonly used in Ransomware attacks, which encrypt a user’s data and force the user to pay a certain amount of money to decrypt it. One such attack, the infamous WannaCry, made nearly $25 million in bitcoin over a period of two years.

The Crystal tool in action on the WannaCry ransomware attack

The creators of WannaCry, despite its vastness (about $4 billion in damages), mistakes (like the infamous killswitch, meant for testing whether or not the ransomware was sandboxed), and the sheer amount of money lost; no arrests have been made. The Crystal team claims that this attack could have been traced in a matter of 3 hours and could have easily allowed authorities to instruct exchanges to halt withdrawals from the suspected wallet addresses in real time.

The second use case for the tool is a compliance measure and risk management tool for financial institutions. As a case study, Crystal uses Bitcoin based venture capital firm aimed at the healthcare sector. The tools aim, in this case, is proving compliance with rules against violating national sanctions, funding terrorism, and money laundering. By producing transparent reports on the sources of funds and where they are going institutions can prove compliance with national laws. This prevents legal action against the venture capital fund and it’s principals. Crystal has also advertised its ability to audit mining operations in order to ensure they aren’t Ponzi schemes and counteract corruption of elected officials (when bribed through Bitcoin, of course).

Not a New Development

The Crystal tool is part of ongoing efforts by the BitFury Group to de-anonymize the blockchain. Earlier this year, the group announced that it had been making progress on a new method for “clustering” related wallets. They published a detailed white-paper on the subject explaining their findings and revealing a probabilistic model for determining the relatedness of transactions and then testing it with off-chain data to identify addresses associated with gambling, mining pools, and drug transactions. This first paper,  nearly a month old, was successful in de-anonymizing about 15% of the blockchain.

A table explaining clustering methods in the whitepaper “Automatic Bitcoin Address Clustering”.

The new tool’s marketing materials show that Crystal has been in real-world use for some time and likely has already had an impact on several high profile investigations. The most significant development seems to be Crystal’s risk scoring which are intended to be used in an automated fashion and could conceivably be implemented by major exchanges in the near future.

Toward Anonymity?

Bitfury’s developments toward de-anonymizing the Bitcoin blockchain have the potential to increase the appeal of security-focused cryptocurrencies. We’ve already seen that malware developers convert their currencies from Bitcoin to a less traceable form of currency upon moving the funds to an exchange (Perpetrators of Wannacry, for example, moved it’s funds over to Monero).

In order to prevent the real-time exchange level locking, it’s likely we’ll start to see more ransomware developers request payment in other forms of cryptocurrency and potentially even return to the dollar.

Featured image from Shutterstock.

Last modified: May 20, 2020 9:07 PM UTC

Show comments
Jake Sylvestre @jakesyl

Jake Sylvestre is the founder of PhishTrain, a board member on Projectile X (which manages YBC) & a cybersecurity expert who consults for Fortune 500 companies on topics like cybersecurity, blockchain, and marketing. Follow me on Twitter: @jakesyl Jake Sylvestre is also the host of The CCN Podcast