Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Measurements in Cryptocurrency Networks

99 views

Published on

Keynote talk at TMA Experts Summit about network analytics in cryptocurrencies

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Measurements in Cryptocurrency Networks

  1. 1. MEASUREMENTS IN CRYPTOCURRENCY NETWORKS Analytics Techniques, Applications, and Challenges Dr. Bernhard Haslhofer TMA Expert Summit, Vienna 2018-06-26
  2. 2. CRYPTOCURRENCIES @ TMA ?
  3. 3. • Bitcoin: A (very very) brief Introduction • Network Abstractions & Clustering Heuristics • GraphSense Cryptocurrency Analytics Platform • Application Example: Ransomware Study • Challenges & Future Research MY PLAN FOR TODAY 3
  4. 4. TRANSACTION PROCESSING Broadcast Transaction Blockchain 4 Bitcoin P2P Network
  5. 5. TRANSACTION PROCESSING Collect pending Transactions Blockchain 5 Bitcoin Miners Bitcoin P2P Network
  6. 6. TRANSACTION PROCESSING Find & Broadcast Block Bitcoin P2P Network Bitcoin Miners Blockchain 6
  7. 7. TRANSACTION PROCESSING Synchronize Blocks Blockchain 7 Bitcoin P2P Network
  8. 8. ANATOMY OF A BITCOIN TRANSACTION 8 txid: a6b06e... blockhash: 0000ba7.. txid: 7f252a …. vout: 1 scriptSig: Signature value: 0.00460479 n: 0 addresses: [1Archive…] value: 0.00566296 n: 1 addresses: [1MuSWq…] List of inputs List of outputs Bitcoin Addresses Reference to unspent output of previous transaction (UTXO)
  9. 9. • Bitcoin: A (very very) brief Introduction • Network Abstractions & Clustering Heuristics • GraphSense Cryptocurrency Analytics Platform • Application Example: Ransomware Study • Challenges & Future Research MY PLAN FOR TODAY 9
  10. 10. CRYPTOCURRENCY ANALYTICS | TAXONOMY 10 My focus today Cryptocurrency Analytics P2P Network Analytics Blockchain Analytics Network Abstractions Clustering Heuristics [Biryukov et al., 2014]
  11. 11. 11 BLOCKCHAIN ANALYTICS | OVERVIEW Blockchain Analytics Network Abstractions Clustering Heuristics Transaction Network Address Network
  12. 12. 12 TRANSACTION NETWORK t1 t3 t2 t4 [Reid and Harrigan 2012] {Value, Timestamp} directed acyclic temporal
  13. 13. 13 TRANSACTION NETWORK | CONSTRUCTION txid: a6b06e... blockhash: 0000ba7.. txid: 7f252a …. vout: 1 scriptSig: Signature vin value: 0.00460479 n: 0 addresses: [1Archive…] vout Target node id Source node id Timestamp (via referenced block) Value
  14. 14. 14 ADDRESS NETWORK a1 a2 a3 a5 a7 a8 a6 a9 a10 [Fleder et al. 2015, Filtz et al. 2017] (bi-)directed cyclic {No. Transactions, Estimated Value}
  15. 15. 15 ADDRESS NETWORK | CONSTRUCTION txid: a6b06e... blockhash: 0000ba7.. txid: 7f252a …. vout: 1 scriptSig: Signature vin value: 0.00460479 n: 0 addresses: [1Archive…] vout Source node id Target node id No Transactions = aggregated count of edges with same node ids
  16. 16. 16 ADDRESS NETWORK | ESTIMATED VALUE inputs and outputs as shown in Table I. Fig. 2. Bitcoin transaction value assignment Therefore, we estimate the flow of actual Bitcoins betw two addresses using the following formula: TABLE I. BITCOINFLOW Transaction Formula Estimated BTC A1 A3 3 * (2/7) 0.857 A2 A3 3 * (5/7) 2.143 A1 A3 4 * (2/7) 1.143 A2 A4 4 * (5/7) 2.857 IV. ANALYSIS a1 → a3 = 3 ∗ # $ a1 tx a2 a3 a4 2 3 45 [Filtz et al. 2017]
  17. 17. 17 BLOCKCHAIN ANALYTICS | OVERVIEW Blockchain Analytics Network Analysis Clustering Heuristics Multiple-Input Heuristics [Nakamoto, 2008] Change Heuristics [Meiklejohn, 2013] Temporal Behaviour [Ortega, 2013] Transaction Fingerprinting [Fleder et. al, 2015]
  18. 18. c1 c1 MULTIPLE INPUT HEURISTICS 18 a1 tx a2 c2 a2 ty a3 Same address [Nakamoto, 2008]
  19. 19. c1 MULTIPLE INPUT HEURISTICS 19 a1 tx a2 a2 ty a3 Tag Tag [Nakamoto, 2008]
  20. 20. 20 BLOCKCHAIN ANALYTICS Blockchain Analytics Network Abstractions Clustering Heuristics
  21. 21. c6c5 c4 c7 c3 c2 c1 21 CLUSTER NETWORK a1 a2 a3 a5 a7 a8 a6 a9 a10 Estimated Value No. Transactions directed cyclic
  22. 22. • Bitcoin: A (very very) brief Introduction • Network Abstractions & Clustering Heuristics • GraphSense Cryptocurrency Analytics Platform • Application Example: Ransomware Study • Challenges & Future Research MY PLAN FOR TODAY 22
  23. 23. GRAPHSENSE | APPROACH 23 A A A AA C T BlockchainAddress Graph Address Cluster Tags Enrichmentprocess Statistics (as of Sept. 2017) Transactions: 249,408,683 Addresses: 296,862,290 Clusters: 30,645,426 Address graph - nodes: 296,862,290 - edges: 1,567,227,841 All data points are pre-computed and stored in a de-normalized form
  24. 24. GRAPHSENSE | ARCHITECTURE Exchange Rates Attribution Tags Bitcoin Transactions Aggregated Raw Data Precomputed Views and Networks GraphSense Dashboard Advanced Analytics
  25. 25. GRAPHSENSE | OPEN SOURCE !!! 25
  26. 26. • Bitcoin: A (very very) brief Introduction • Network Abstractions & Clustering Heuristics • GraphSense Cryptocurrency Analytics Platform • Application Example: Ransomware Study • Challenges & Future Research MY PLAN FOR TODAY 26
  27. 27. • Ransomware has become dominant cybercrime threat • Over 500 families • Ransom payments almost exclusively in Bitcoin • More comprehensive, evidence-based picture still missing RANSOMWARE STUDY | MOTIVATION 27
  28. 28. 1. Collect seed addresses associated with ransomware family 2. Map seed addresses to address and cluster networks 3. Retrieve expanded addresses, relevant transactions, outgoing relationships, etc. 4. Plot, analyze, etc. RANSOMWARE STUDY | METHOD 28 address, family 1KQETJqKzUHUmCBXQgwzWt2cLcgwty5st1,AdamLocker 17T3wKnZByNR2uofqq5mdHY4bSUB2S4E3t,Alphabet 1NEcE8ffNZqAucBtp42a5YXMMUSLY7YfEP,AngleWare 2cX4MWcTFbmKgPQX1irMiDsU84dXB6LFBv,APT 377CY1m8W2qbQQX5HHjziimdh2faGjDeLv,APT 19zvMSm7qSQgFXCckXBjstdVdbT99ZuWBP,Badblock ….
  29. 29. RANSOMWARE STUDY | RESULTS 29 the overall direct nancial impact of the 35 families studied in this paper. The basis for our estimation was the time-ltered expanded ransomware dataset described in Section 3.3. In order to avoid double-counting of ransomware payments, we removed known collector addresses from that dataset. Table 4 presents the lower bound revenue of the Top 15 ran- somware family that made the highest amount of revenue in the dataset. It shows revenues in Bitcoin (BTC), rounded to two decimal places, and in U.S. dollars USD. Family Addresses BTC USD 1 Locky 6,827 15,399.01 7,834,737 2 CryptXXX 1,304 3,339.68 1,878,696 3 DMALockerv3 147 1,505.78 1,500,630 4 SamSam 41 632.01 599,687 5 CryptoLocker 944 1,511.71 519,991 6 GlobeImposter 1 96.94 116,014 7 WannaCry 6 55.34 102,703 8 CryptoTorLocker2015 94 246.32 67,221 9 APT 2 36.07 31,971 10 NoobCrypt 17 54.34 25,080 11 Globe 49 33.03 24,319 12 Globev3 18 14.34 16,008 13 EDA2 23 7.1 15,111 14 NotPetya 1 4.39 11,458 15 Razy 1 10.75 8,073 Table 4: Received payments per ransom family (Top 15). We nd that the top ransomware family in our dataset is Locky, with a lower bound revenue of USD 7,834,737 dollars. The second ransomware family is CryptXXX with a lower bound revenue of AP CryptXX CryptoLock CryptoTorLocker20 DMALocker ED Glo GlobeImpost Globe Loc NoobCry NotPet Figure 3: Mean payment per family with standa rors. revenue is observed: the ransomware occupying the 1 Razy, barely yielded USD 8,073 dollars in revenue. When comparing the above revenues with ndings other studies, we observe similarities and discrepancies for Locky and CryptXXX are consistent with the results Bursztein et al. [4]. They found that the Locky ransomw proximately USD 7,8 million dollars and the CryptXXX approximately USD 1.9 million dollars. However, there crepancies in the revenue results for CryptoLocker: Bu estimated the Cryptolocker revenue at USD 2 million 519,991 dollars in our study. Yet, Liao et al. [17] mea toLocker payments from September 2013 until January was the main activity period of that ransomware, an lower bound revenue of USD 310,472, which is much result. Another discrepancy lies in the result of the S somware: USD 1.9 million for the Bursztein et al. rese USD 583,498 dollars in this study. The dierences ma the dierent number of seed addresses used in the Bu research, which is not displayed in their presentation we identify high or moderate performing ransomware f as DMALockerv3, GlobeImposter, or NoobCrypt that did in their study. Lower Bound Direct Financial Impact
  30. 30. RANSOMWARE STUDY | RESULTS 30 ments in the Bitcoin Ecosystem WWW’2018, April 2018, Lyon, France e ransomware families belonged to the Localbit- which is an exchange that allows individuals to ns to people who are geographically close. mation, the outgoing-relationship analysis also ies together. It illustrated that the Globe and ent money to the same collector address, which based on their shared naming features, but was h our methodology. Similarly, 10 key addresses om both the TowerWeb and Cryptohitman ad- y, we can assume that these two families might me real-world actors who may run two families ultaneously or may launder money on behalf of roups. ound Revenues nsomware money ows, we assessed the lower each ransomware family and thereby estimated nancial impact of the 35 families studied in this r our estimation was the time-ltered expanded et described in Section 3.3. In order to avoid f ransomware payments, we removed known from that dataset. s the lower bound revenue of the Top 15 ran- ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● 1031 593 480 36 4690 245 108 2698 534 1035 225 171 15 7713 278 $0 $2,500 $5,000 $7,500 APT CryptXXX CryptoLocker CryptoTorLocker2015 DMALockerv3 EDA2 Globe GlobeImposter Globev3 Locky NoobCrypt NotPetya Razy SamSam WannaCry
  31. 31. RANSOMWARE STUDY | RESULTS 31 ●● ● ● ● ●●●●●● ●●● ● ● ● ● ● ● ● ● ●●● ● ●● ● ● ● ● ●● ● ● ● ● ● ● ●● ● ● ● ●● ● ● ● ● ● ● ● ● ● ● ●● ●●●● ●●●●● ● ● ● ● ●● ●● ●● ●● ● ● ●● ● ● ● ● ● ● ●● WannaCry SamSam 05/2017 06/2017 07/2017 08/2017 09/2017 10/2017 01/2016 07/2016 01/2017 07/2017 $0 $200,000 $400,000 $600,000 $0 $25,000 $50,000 $75,000 $100,000 Figure 4: Longitudinal payment trend per family. ows of ransomware payments and identify destinations, such as Bitcoin exchanges or gambling services, when contextually related information (tags) was available. Our method is reproducible and could be repeated for additional families with an updated seed dataset. Plus, computation of address clusters over the most recent state of the Bitcoin blockchain, along with more identication of clusters belonging to specic groups, could greatly increase the knowledge on the dierent end routes of ransomware monetary ows. However, we are well aware that our approach has a number of limitations. First, our methodology relies on a set of seed ad- dresses manually collected and the eectiveness of the multiple- input heuristics for uncovering previously unknown addresses linked to this family. Thus, it misses other ransomware families as well as other addresses that might belong to the same family, but cannot be linked to the same cluster. Still, the more addresses from various families become available, the more accurate the picture of the overall market for ransom payments will become. We address this limitation by constraining our analysis to lower bound direct nancial impacts, to ensure we are not claiming to assess the total impacts of a ransomware family or of the entire market for ransom payments. Second, our approach is limited by the extent and quality of the attribution data (tags) available. Without this information, clusters remain anonymous and inferences about their real-world nature are impossible. Nevertheless, we believe that such data will increasingly ● ●●●●●●●●●●●●●● ● ●●●●●●●●●●●●●●●●●●●●●● ●●● ●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●● ●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●●● ● ● ●●●●●●●●●●●● ●● ●●● ● ●● ●● ●●●● ●● ●● ● ● ●● ● ● ● ●●●●●● ●●● ● ● ● ● ● ● ● ● ●●● ● ●● ● ● ● ● ●● ● ● ● ● ● ● ●● ● ● ● ●● ● ● ● ● ● ● ● ● ● ● ●● ●●●● ●●●●● ● ● ● ● ●● ●● ●● ●● ● ● ●● ● ● ● ● ● ● ●● WannaCry SamSam Locky 01/2016 07/2016 01/2017 07/2017 04/2016 07/2016 10/2016 01/2017 04/2017 $0 $2,000,000 $4,000,000 $6,000,000 $8,000,000 $0 $200,000 $400,000 $600,000 $25,000 $50,000 $75,000 $100,000 th 5 O to ad o w B in co da st cl k o d in li w ca va
  32. 32. RANSOMWARE STUDY | RESULTS 32 Ransomware Payments in the Bitcoin Ecosystem Masarah Paquet-Clouston GoSecure Research Montreal, Canada mcpc@gosecure.ca Bernhard Haslhofer Austrian Institute of Technology Vienna, Austria bernhard.haslhofer@ait.ac.at Benoit Dupont Université de Montréal Montreal, Canada benoit.dupont@umontreal.ca ABSTRACT Ransomware can prevent a user from accessing a device and its les until a ransom is paid to the attacker, most frequently in Bit- coin. With over 500 known ransomware families, it has become one of the dominant cybercrime threats for law enforcement, secu- rity professionals and the public. However, a more comprehensive, evidence-based picture on the global direct nancial impact of ransomware attacks is still missing. In this paper, we present a data-driven method for identifying and gathering information on Bitcoin transactions related to illicit activity based on footprints left on the public Bitcoin blockchain. We implement this method on-top-of the GraphSense open-source platform and apply it to empirically analyze transactions related to 35 ransomware families. We estimate the lower bound direct nancial impact of each ran- somware family and nd that, from 2013 to mid-2017, the market for ransomware payments has a minimum worth of USD 12,768,536 (22,967.54 BTC). We also nd that the market is highly skewed with only a few number of players responsible for the majority of the payments. Based on these research ndings, policy-makers and law enforcement agencies can use the statistics provided to understand the time of writing, there are 5051 known ransomware families detected and almost all of them demand payments in Bitcoin [27], which is the most prominent cryptocurrency. Yet, global and reliable statistics on the impact of cybercrime in general, and ransomware in particular, are missing, causing a large misunderstanding regarding the severity of the threat and the extent to which it fuels a large illicit business. Most of the statistics available on cybercrime and ransomware are produced by private corporations (cf. [29, 38, 39]) that do not disclose their underlying methodologies and have incentives to over- or under- report them since they sell cybersecurity products and services that are supposed to protect their users against such threats [23]. Also, both cybercrime and ransomware attacks take place in many regions of the world and reporting the prevalence of the threat on a global level is dicult, especially when it involves a blend of fairly sophisticated technologies that may not be familiar to a large num- ber of law enforcement organizations [23, 37]. This is unfortunate because the lack of reliable statistics prevents policy-makers and practitioners from understanding the true scope of the problem, the size of the illicit market it fuels and prevents them from being Preprint available at: https://arxiv.org/abs/1804.04080
  33. 33. • Bitcoin: A (very very) brief Introduction • Network Abstractions Clustering Heuristics • GraphSense Cryptocurrency Analytics Platform • Application Example: Ransomware Study • Challenges Future Research MY PLAN FOR TODAY 33
  34. 34. • Network Dimensions • 300M nodes, 1.5B edges • Degree distribution • Highly skewed (super-clusters) • Requirement: quick results CHALLENGES | EFFICIENT PATH COMPUTATION 34 Ecosystem Exit Point (e.g., Exchange) Focus address or cluster
  35. 35. CHALLENGES | POST-BITCOIN CURRENCIES 35 Stealth addresses Ring signatures Ring CTs Shielded transactions Smart Contracts
  36. 36. QUESTIONS? IDEAS? bernhard.haslhofer@gmail.com http://graphsense.info/ 36
  37. 37. • [Nakamoto, 2008]: Bitcoin: A peer-to-peer electronic cash system • [Reid and Harrigan 2012]: An Analysis of Anonymity in the Bitcoin System • [Meiklejohn, 2013]: A fistful of bitcoins: characterizing payments among men with no names • [Ortega, 2013]: The bitcoin transaction graph—anonymity • [Biryukov et al., 2014]: Deanonymisation of clients in Bitcoin P2P network • [Fleder et. al, 2015]: Bitcoin Transaction Graph Analysis • [Haslhofer et. al, 2016]: O Bitcoin Where Art Thou? Insight into Large-Scale Transaction Graphs. • [Möser and Böhme, 2016]: Join Me on a Market for Anonymity • [Harrigan and Fretter, 2016]: The Unreasonable Effectiveness of Address Clustering • [Filtz et al, 2017]: Evolution of the Bitcoin Address Graph • [Miller et al, 2017]: An Empirical Analysis of Linkability in the Monero Blockchain • [Kumer et al, 2017]: A Traceability Analysis of Monero's Blockchain • [Quesnelle 2017]: On the Linkability of ZCash transactions REFERENCES 37

×