One of the first things that any crypto noob learns about Bitcoin is that it isn’t anonymous. The takedown of dark web marketplace Silk Road is one of cryptocurrencies most-referenced case studies illustrating this fact. It tells how law enforcement bodies can use blockchain forensics to trace the movements of digital money. In this way, they can also uncover the owners of wallet addresses.
But the unmasking of Silk Road’s Ross Ulbricht is only one story. Criminals are continuing to use and abuse cryptocurrencies, including Bitcoin, for all kinds of nefarious endeavors. Therefore, blockchain forensics provides a few other fascinating tales of attempts to foil the crooks.
Blockchain Forensics in Exchange Hacks
Like Silk Road, the Mt. Gox exchange hack also has its place in the Cryptocurrency Book of Fables (sadly, not a real thing at the time of writing). The story of Mt. Gox has more twists and turns than a corkscrew, and the saga continues to this day. It makes for a fascinating study in blockchain forensics, featuring one hardcore crypto vigilante who spent more than two years of his life trying to uncover who was behind it.
Back in 2014, Swedish software engineer Kim Nilsson was living in Tokyo when the Mt. Gox exchange shut down, and all his Bitcoins suddenly vanished. Later, it would emerge that hackers had been siphoning off funds from the exchange since 2011.
However, in response to the theft of his funds, Nilsson developed a program that could index the Bitcoin blockchain and started investigating Mt. Gox. By searching through each transaction, he identified some patterns. Although by itself this didn’t provide information about who was behind the trades, Nilsson also managed to get ahold of some leaked information about the Mt. Gox database, including a report put together by another developer.
Following the Money
In a painstaking effort that he undertook in addition to his full-time job, Nilsson assembled some two million Bitcoin wallet addresses associated with Mt. Gox. Using a kind of manual brute-force blockchain forensics, he followed the flow of Bitcoins out of these Mt. Gox addresses. He noticed that some Bitcoins stolen from Mt. Gox ended up in wallets that also held Bitcoins stolen from other exchange attacks. By cross-referencing transactions, he found a note attached to a trade that referred to someone called WME.