Research: Using BlockTag to monitor sales on darknet marketplaces
Anonymity networks and various forms of darknets, especially those accessible via Tor, along with cryptocurrencies, especially Bitcoin, Ethereum, and Monero, have provided a highly safe and secure ecosystem for trading recreational drugs. Even though this represents a serious challenge when it comes to tracking and monitoring, researchers have proven that these ecosystems are not totally hidden, but rather anonymized or obfuscated.
A recently published paper has presented a monitoring approach that utilizes bitcoin addresses and transaction data, along with product offerings in various darknet marketplaces, to detect the flow of money through the most important parts of the deep web; darknet marketplaces. BlockTag is an open source tagging algorithm designed specifically for blockchains to facilitate linking of bitcoin addresses, to user accounts, and product listings on various darknet marketplaces, in order to estimate the volume of trading taking place over various darknet marketplaces.
BlockTag is a blockchain tagging system that utilizes vertical crawlers to annotate blockchain transaction information with tags, mappings between block, transaction hashes, or address identifiers, and extra information that describe identifiers of tags. For instance, BlockTag’s system can tag a bitcoin address with its owner’s Twitter account, BitcoinTalk forum account, reddit account, and others. It provides an innovative blockchain query interface that boasts advanced features including clustering, searching, and linking, which are essential for law enforcement and privacy research. BlockTag utilizes BlockSci as its blockchain analysis tool, as it is much faster than similar tools.
BlockTag deploys four vertical crawlers that are configured to annotate BTC addresses with three forms of tags: user tags corresponding to Twitter and BitcoinTalk user accounts, service tags corresponding to service providers and darknet marketplaces which are indexed by Ahmia search engine, and text tags corresponding to user generated text submitted to Blockchain.info (Now moved to Blockchain.com).
Money flow through darknet marketplaces and other services:
Even though the total number of service tags detected by BlockTag was small, the matching service providers have been found to be involved in a considerably large number of transactions. Most of the bitcoin transactions linked to tags related to Tor hidden services associated with bitcoin mixers. More than 22,000 bitcoin transactions were linked to bitcoin mixers. One logical explanation for this high rate is that Tor users are aware of the possibility of tracing, and thus, trying to use mixing services to render it hard for law enforcement to track them and boost their anonymity levels.
In July 2017, darknet markets were sabotaged by Operation Bayonet. Bitcoin blockchain transaction analysis estimated that around 90% of all trading activities across the darknet stopped due to seizures of Hansa Market, AlphaBay, and RAMP. In 2018, darknet markets entered into a recovery phase following 2017’s disaster.
By June 2018, Dream Market had around 100,000 product listings, which explains why BlockTag found around 850 transactions linked to tags associated with Dream Market. This is far away from AlphaBay’s size and popularity, which had around 369,000 product listings shortly before it was shut down in 2017. Dream Market was established in November 2013. It is quite rare for a darknet marketplace to exist for such a long time, as most shut down or exit scam a year or two after its establishment.
BlockTag links around 543 bitcoin transactions to product listings on another darknet marketplace known as Tochka. The detected tags were mostly related to tweets, reddit threads, and blog posts on Deepdotweb. Less than 200 bitcoin transactions could be linked to product listings on less popular darknet marketplaces including Wall Street Market, Rapture Market, and others.
BlockTag could also find tags that link bitcoin transactions to other services including Feennet Project, VEscudero Escrow Service, Internet Archives, Snowden Defense Fund, Proton Mail, Dark Wallet, The Pirate Bay, Ahmia Search Engine, and some infamous bitcoin Ponzi Schemes.
Blockchain analysis has become one of the most essential tools among law enforcement agencies and academic researchers for analyzing the economics of the deep web, especially darknet marketplaces. BlockTag represents a useful open source tagging blockchain system than can be used to closely monitor the flow of money through darknet marketplaces. Moreover, it can be utilized to help pinpoint bitcoin addresses that are linked to scams, especially Ponzi schemes, which are preferred means for modern online fraudsters.