Identifying suspicious addresses in Bitcoin thefts

【Author】 Wu, Yan; Luo, Anthony; Xu, Dianxiang

【Source】DIGITAL INVESTIGATION

【影响因子】2.860

【Abstract】Bitcoin as a popular digital currency has been a target of theft and other illegal activities. Key to the forensic investigation is to identify bitcoin addresses involved in the bitcoin transfers. This paper presents a framework, FABT, for forensic analysis of bitcoin transactions by identifying suspicious bitcoin addresses. It formalizes the clues of a given case as transaction patterns defined over a comprehensive set of features. FABT converts the bitcoin transaction data into a formal model, called Bitcoin Transaction Net (BTN). The traverse of all bitcoin transactions in the order of their occurrences is captured by the firing sequence of all transitions in the BTN. When analyzing transaction flows, FABT exploits the notion of "bitcoin fluid" to track where the bitcoins passed through given addresses (called dyeing addresses) have flown and determine the extent to which each of the other addresses is related to the dyeing addresses. The splitting, merging, and dyeing operators are used to capture the distribution of coins throughout transaction flows. FABT also applies visualization techniques for further analysis of the suspicious addresses. We have applied FABT to identify suspicious addresses in the Mt.Gox case. A subgroup of the suspicious addresses has been found to share many characteristics about the received/transferred amount, number of transactions, and time intervals. (C) 2019 Elsevier Ltd. All rights reserved.

【Keywords】Blockchain; Bitcoin; Forensic analysis; Pattern matching

【发表时间】2019 DEC

【收录时间】2022-01-02

【文献类型】

【主题类别】

--