Analiza śledcza kryptowalut – co i w jaki sposób można odnaleźć w blockchainie?

Hello everyone, it's a pleasure to be here. My name is Mariusz Litwin and I work in the risk management department at EY. Today I'm here purely privately, you shouldn't associate me with a company. I have to say such things and it's true. I'm here purely as a hobbyist, as someone who is interested in this topic. It's not something we do every day. Why am I a hobbyist? Apart from doing investigative informatics every day, starting with hard drives, through phones, networks and ending with incident response, I love everything related to security. I would even say that I love everything related to technology, to the extent that I am interested in what colors look like on the drives. I'm a bit fixed on that. It

limits my day a bit. For example, today I'm a bit sleepy, but it's fine. If anyone would like to contact me, you can write down the details. They will also be at the very end. I highly appreciate the invitation to Keybase. But what I would like to say today. I should ask this question at the very beginning, because the gross of my presentation is about how we should understand the operation of Bitcoin mechanisms. How does blockchain work, etc. Is there anyone here who is an expert on Bitcoin? Okay, so I won't go into too much detail. Does everyone know more or less how Bitcoin works, how transactions are connected, etc.? Okay, considering that it was

just noise, I hope that my presentation will be valuable to you. Of course, I won't underestimate anyone, it's very nice to talk about this kind of things. So, despite the fact that we don't understand the more complex mechanisms behind Bitcoin, everyone has probably met it. In the worst case, when he had to pay for ransomware. But in the best case, when he wanted to pay for something himself, and he had the pleasure of using a currency that is completely decentralized, independent of any bank, relatively safe until someone takes over half of the network's computing power. I'll come back to that in a moment. And, excuse me, damn expensive. Which makes it a bit difficult to exchange bitcoins, not satoshi, which are

cents for bitcoin. What does it change? Well, it's a project that has really worked. Someone came up with an idea: we can exchange bitcoins for currencies. And well, it worked. But what is the digital currency all about? When I first heard about Bitcoin, I started to wonder: OK, let's say I write a text file in which it will be written: "This is one Bitcoin" and I will send it to someone. In fact, the question is pointless, because no one would accept such currency, I think. So the mechanism we see here is more or less responsible for something like that. I have a file that says I am currency. I send it to someone and say I paid you for DDoS. Yes, somewhat. But we

are talking about case when everything is decentralized. So we don't have this verification up there. But I will go through it too. It is a fact. However, there is an obvious problem with such currency. This means that we can replicate the same file, send it, because it is no longer in Excel. There are no signatures there. Or at least signatures that we could trust, of course. So we can easily replicate such currency. Oh, I forgot one thing. An important thing I didn't mention is that I spent three semesters at the Military Technical Academy studying cryptology. And I found out one very important thing. Well, there is an online police that monitors all presentations about cryptography.

And you can't use other names than Alice and Bob. So be careful if you ever do that. Bruce Schneier may get very angry if you use other names. Regardless of this, Alice is in a very good position here, because this file can be copied many times, sent to anyone, and if we limit ourselves to such a protocol, then everyone must trust it. We don't want it to look like this, so we have to come up with another, more interesting idea. So let's add a trusted third party. I'm sorry for the nastiness, I admire Adam very much, but in this context, I think that those Illumiati up there are We are going to decentralize it. The point is that our bank has a database

of information about who has which bitcoins. In this case, we can call them anycoins, infocoins, whatever the name is. The point is the mechanism. The bank has this knowledge, so we can send a request to it to transfer this bitcoin to someone else's account. And it will work. And basically, this is how most of our financial system works now, when it comes to the internet banking. The problem arises in the context of the fact that if we have not verified in any way who is our transaction website, then Kevin, and this is a sin when it comes to talking about cryptography, can send a message to the bank and say: "Hi, I'm Alicja, so please,

transfer all the bitcoins I'm going to add a scenario to Bob's case, where Kevin transfers to himself, while he's watching over Alice. Asymmetric cryptography helps a little. I'm sure everyone has heard of the RSA. Everyone uses Facebook for HTTPS, so it's more or less the same mechanism. Most of the codes we know are based on having one super secret value and using it to encrypt and decrypt messages. And it seems quite natural. However, it creates some problems. This key must be replaced in a safe way. That is, we cannot send it to the public channel because in this way we impose our secret channel on the shvank, the one we encrypt. I think the first one was Diffie-Hellman, who came up with the idea

of using only one key. One key could be publicised, and the other one private. It would seem like a heresy, if it didn't work. I will try to avoid discussing how it works. It is quasi-complex mathematics. based on a discrete logarithm or... OK, never mind. Great. It sounds complicated, but if you read about it for a while, it becomes easier. But what we gain in this way is the fact that we have two completely separate keys. One of them doesn't sell us any information about the other. We can use these keys in such a way that I will choose one of you and give him my public key. I didn't prepare it, but I could do it.

It will encrypt a message that only I, as a private key holder, will be able to encrypt. It also works in such a way that I can use my private key to sign a message shortcut, I take information that I am sending Bitcoin, I calculate the hash from it. Excuse me, but if I start to delve into such a dictionary that will become enigmatic, then please ask the question right away, because I know that I can rush a little. So I calculate the hash from it, then I sign it with my private key. Then everyone who has my public key, which is by definition public, can verify that I sent this message. This makes the protocol easier, because this time if this evil Kevin

sends a message in the name of Alice, but he signs it with the only key he has, i.e. his own private key, or any other private key that is not Alice's key, then we just reject such a transaction. Okay, so we're one step further. But we still have this problem that someone is at the top, that these people are watching us and they have all our money. It's a troublesome matter, we wanted to avoid it, so how to get there? It is enough that the entire network will know about all transactions. Trivial matter, right? It is not so trivial when you look at how much the whole Bitcoin blockchain weighs now. Yesterday I checked something about 90 GB. 90 GB of

transactions every time we want to send any other transaction, we need to know about the previous ones. It's a troublesome matter. Of course, it's solved, but in fact, it's about everyone having this transaction log. So that everyone can verify whether a given transaction makes sense, whether it has coverage in Alice's account and whether we can perform it. Now imagine a situation where we have 50 users and everyone And Alicja wants to send to Bob our AnyCoin. Ok, 48 people say: "It's ok, everything looks ok". Because it is ok. But what if Alicja comes up with an idea: "But damn, I would like to add some more to it". So maybe I will add this network to another

60 participants. just by running the next instances of my super-evil script, which will say for all my questions: "Ok, ok, go ahead, go ahead, we're going, we're going, the transactions are going, we have to pay money." Well, in this case, our AnyCoin has stopped working. Because any person can create any number of fictional participants who will confirm their transactions and disrupt the network. So we are back to the scheme when we can double pay or make any other fraud. Hence the mechanism of Proof of Work. And this is probably the most popular topic when it comes to Bitcoin. For various reasons, it may be a little misunderstood. Here is perhaps the maximally simplified version of it. That

is, when we collect this transaction, Let's choose an identifier. Of course, it is debatable what this identifier is, whether it is a sequential number or anything else, but we choose an identifier. We add "nons" to this identifier. I have never met a good translation into Polish, so I will stick to the American nomenclature. We add "nons" as the next sequential number. From this value we can calculate some complicated function. Let it be hash. If I'm not mistaken, Bitcoin uses SHA-1, but if you are a big purist, you can use bcrypt and hash it for hours. The idea is that it was simply complicated, that it was impossible to run a lot of instances that will cheat. Now, after connecting ID and NONS, and after hashing

them, we must reach a certain consensus. That is, the network will agree to a given transaction if it is confirmed by a hash that starts with the correct amount of zeros. Simple thing. However, to get to that, it turns out that we have to calculate a lot of nonce values to get there. Of course, this means that someone must be willing to defuse their servers, only to make someone else pay for Bitcoin. Hence the mechanism of mining Bitcoins, because every person who confirms it gets some part in newly created Bitcoins. I will not go into it, because I do not need it to prove certain points. So what have we come to? Everyone is a bank, that is, everyone

has information that allows him to validate each transaction. In order to prevent network from being flooded with false messages, each such transaction must be confirmed with an additional hash. In fact, transactions are collected in blocks. These blocks are signed to some extent. And, as I said, for each block dug out, some new bitcoins are given. However, there is a situation when we could make sure that at one point there would be two contradictions in the network. We cannot say that the arbiter decides which one is more important, because we assumed that we are talking about a decentralized network without equal and even ones. Hence, the first one to get information about the transaction will start working on it, which leads to the division

in the network. This division is on the spot in this protocol, because We are taking care of it to be as democratic as possible, but it is also troublesome because if this dissonance in the network lasted longer, then Alicja could be angry again, she could issue bitcoins that are no longer available. Hence, there is a simple mechanism that whoever is faster is better and the one who wins the race for which transactions are validated by the network. I will allow myself a small digression. I don't know if anyone is interested in the subject of Ethereum and DDAO. Ethereum is so different from Bitcoin that it allows for the encryption of certain actions in its blockchain. I agree with

someone that I will paint my room. But I don't trust this guy. On the other hand, he doesn't trust me either, because why would I pay him when I'm painting? So we agree that when there is a confirmation of painting the room, the money I transferred to the blockchain will be paid to my painter. Simple thing. As part of this, DDAO was created, i.e. Decentralized Autonomous Organization, which had, in principle, be an investment fund. That means everyone could join DDAO, pay their... Funny? No. Long live Windows 10. Too much green, maybe. Okay, but I can continue digression without a signal, so I won't wait. So it was an investment fund, where a person could pay their Ethereum

and vote what they will invest in in the collection. Great idea. The problem was that the scripts that were responsible for paying money or cryptocurrencies from the fund were so defective that it was possible to inject recurrence into the payment of the amount. Someone could say: "I pay 1 ETH, but before you update my account in DDAO, pay me 1 ETH more. But before you do that, you can pay me 1 more". This led to the fact that this person, I'm not sure how much it was his proof of concept, and how much it was actually a malicious action, paid all the funds collected by this investment fund. Why am I mentioning this? The solution to this problem was to

force the network gross through the actualization of the mining software itself to mine on the new block where the transaction never took place. This is called hard fork. In opposition to what happened on my slide, i.e. soft fork, i.e. a decision that took place autonomously within the network. Okay, I think I will need it slowly. So, using this moment, does anyone want to add something or have any questions? Yes, paying them Ethereum. As I mentioned, at some point people who were responsible for creating tools for mining Ethereum said: "It didn't happen. Our script will go in a completely different direction from now on." Of course, this led to a certain division, because people from cryptography do not like it when

someone gets into their protocols. At this point, there is Ethereum, which is run by the same people, and Ethereum Classic, where the transaction took place. But okay, what is important to me is how to exchange bitcoins. Because it would not be a very practical currency if you had to pay 2,500 PLN for everything. I don't remember when I paid 2,500 PLN for one transaction. I have a cheaper apartment. That's why there is a problem of how to divide the amount. It's simple and elegant because every transaction in Bitcoin or in most of these classic cryptocurrencies starts with another transaction. Let's go back to the time when dinosaurs were walking on the ground and Bitcoin was created. 10 years ago. And

then the so-called base block was created. This is a hard-coded block, already dug out, ready, etc. which is hard-coded in the codes of all applications using Bitcoin. And it is said there: there are 50 Bitcoins in this block. Now the first transaction can say: I take these 50 Bitcoins. I send one bitcoin to Bob as Alice, and 49 to myself. OK, practical thing. Now we have one bitcoin. Alice wants to pay Bob another 0.75 bitcoin. At this point she can say: I pay Bob 0.75 bitcoin and I pay myself 0.25 bitcoin. All this is anchored in transactions. That is, the transaction is always an entry and exit. Bitcoin cannot arise from the air. That's all

I wanted to say about Bitcoin. If anyone has any additional questions, I'm happy to answer them. It is worth mentioning about bitcoins that are not included in what is sent back to us and to the person we want to send it to. And that they are handed over to the bookkeepers, i.e. the diggers. Yes, exactly. Ideally, this payment is not mandatory, but of course it can be abolished until the The last bitcoins, which are supposed to be, and I'm sorry, but I didn't check this, almost 22 million, these amounts appear anyway. I mean, mining is paid anyway. But at some point, when the currency reaches its upper level of bitcoins that can be on the market, mining will be paid only if someone

pays for verifying their transaction. Sorry. Returning to the merit, what I wanted to say, what is important to me when I think about something related to bitcoins, sorry, because believe it or not, I have never paid with bitcoin. I just like to look at it and what is important to me is that the whole history of the transaction is completely public. So if someone tells you that bitcoins are anonymous, You can easily nod your head and end the conversation. I mean, I haven't met anyone yet who I managed to explain that they are not. Now, of course, there is a chance that I will go home now and generate 100 wallets and start paying for them. Is this

anonymity? Yes, until someone finds out what my wallet is. What's more, until someone correlates my wallets as one source. So, for me, it's not anonymity. So, well, keeping some rules of operational security, of course, you can pay with Bitcoin and be safe. But ultimately, it is only a network of connections, that is, a network of transactions between next addresses. This means that the participants of these transactions can be tracked as much as possible. I'm not saying that to a specific name. But we can say that the address that maybe I associate with a person or I want to describe it volumetrically is the address that I am interested in. So maybe we should argue about what in the

Polish dictionary means anonymity, but for me it is not anonymity. Now, here I have to make a small digression. I started flying recently, but I don't pay for my tickets myself. So again, I never spent 2,500 PLN. I've always been sure that the guests at these airports are very nice. And they are. The problem is that I saw for the first time how they treat my registered luggage when I flew a plane for the first time. It was a tragedy. It was breaking apart like a wild boar. Regardless of that, lately I had no other way to put my laptop in the registered luggage. So my demands went down. I sincerely hope that I will be able to recreate them, But all the information I had

is a bit spoiled on my old magnetic disk. It's so cool for me that I'm doing investigative informatics, maybe I'll get something. On the other hand, I'm sorry, but some of my DNA will be terribly naive because of it. Maybe all of it. Regardless of that, there are many tools that we can use to look at Bitcoin as a network of connections. Of course, I can say that we can look at the blockchain as a file and analyze it. Is it practical? Probably yes, if we have to prove some bitcoin operation as, perhaps, in court. We have to have proof that it has been done. In such cases, we rarely believe on the Internet that it is providing the correct data. I

personally believe, but whether the judge will believe - it is debatable. Regardless of that, I, as a hobbyist, deal with Bitcoin only to look at something, so I use these windows. The first one, probably historically, is BlockExplorer. I appreciate it for the fact that at the bottom we see very nicely broken transactions. That is, we have in, out, as I mentioned earlier on the slide. When we look at my second favorite tool, i.e. BlockchainInfo, these transactions look a bit worse. However, they have one advantage that is not visible on this slide. Namely, the community, or maybe even the owners of the addresses, can tag me. Which means that if we jump to my pulpit for a

moment... Sorry, I didn't have another way out of Windows 10. Aha, I won't have the Internet. Okay. Continuing, if I look at... No, because there is a space here, and there is no space on my computer. And if someone spoofs? I know you. What is my login to the bank? I forgot it recently. But okay, no more stupid jokes, sorry. If we take the most interesting for me collection of addresses, then wow, everything is in place. What's more, I don't know if everyone remembers, but not so long ago there was a leak of tools from NSA. I won't say if they were NSA tools, if they were stolen from their network, or maybe someone from an attacked server who was so intelligent that he copied them when

they were already attacked. The discussion can be drawn. But what I think is super important is the fact that they said: "Whoever pays the largest amount of bitcoins to our wallet will get the rest of the tools, because only part of it was publicly available." Wow, cool. As I said, I never paid with Bitcoin, so I didn't participate in the bidding. But I can tell you who participated. Not by name and surname, but I know who. As a portfolio. What's more, among them appeared one or two addresses that were from this pool. Secured as Silk Road. And now, for a moment I will allow myself to go down to earth. It was probably a tag error. But it's an interesting information, I

think you'll agree with me. Returning to the tool, Blockchain.info provides a very interesting mechanism called Taint. In my opinion, it should be called a little less aggressively, but name is what it is. The idea is that using the magic of graphs, which I will not pretend to understand, which I will not pretend to understand well, so I'm not even trying to force myself to explain it well, we are able to say what addresses are connected to each other. In the sense that there is a certain connection of transactions between them. Such that allows us to judge that they have common features. Going back to my example of 100 addresses that I could set up at home today. What is

perhaps important in Taint is the fact that cyber criminals, if we have to fight them, are not so stupid to be able to track directly. Okay, I agree, they happen, but maybe some cyber criminals are sitting here and they will take revenge. I lost the topic, sorry. I'm back. They are not so stupid to be able to track the whole network, basically transaction by transaction. That's why the services of the so-called Bitcoin mixers were created. That is, I and half of this room pay their money to make various transactions for one address. This address is trusted. in such a way that it will be known that it will be a proxy for these transactions and will pass them on. Of course, this is

a super simplified model, because there can be 10,000 such addresses. Regardless of this, there is a certain input that is relatively unified and an output that is relatively unified. How to track the connections? Taint. If someone has implemented their mixer wrong, these connections will come out. Of course, as we can see here on the slide, We only have a certain percentage of certainty that this connection exists. Of course, we would have to refer to the algorithm to understand it well. So I was talking about the first position on the screenshot I shared. Regardless of this, we are able to track such connections. But such tools are not very convenient. If I work, if I deal with these things, I think I will no longer need them,

but thank you. When I do such things at home, I use Maltego. Maltego is a great visual tool, mainly because it's Fire and Forget. I mean, I don't think about what I click, I click, click, click until Java breaks my memory. The problem arises when I want to use it in my work, because Maltego has a relatively expensive license, from my perspective, I'm going back to the example of 2500, which In the free version, it does not allow me to use it in my work. Of course, professional or any other income. Hence, I suggest that you also look at other tools. And I even wanted to show you a demo, where I use this other tool. But guess

what? The whole source code. So what I would like to show you is Malte. And I have a question from above, because I have some address prepared, but it is not interesting, because I already showed it on the slides. I'm more curious if anyone recently had to pay for ransomware? Maybe we could look at this address? Ok, so next time. Ok, when my laptop doesn't have network power... Oh, it's better. So let's go back to the example I'm not sure if this is the right address, because I haven't written it down in a while. I've used the mirror of information that NSA was hacked on GitHub. So it's questionable if I found the same wallet. If I did it myself,

I would have changed it. Regardless, with one click of a button I can check all the entries to this wallet, all the payments that were sent to it, it will take a while. Regardless of this, I am additionally using the "teint" mechanism. This means that if I will have only a small probability, I mean, maybe not a small, but a certain probability that these are linked addresses, then they will pop up here. Funny.

Are you blocking the Malta transformation? You can see my address on the screen now. In the meantime, I will be more persistent. I probably didn't click on the transformation because I chose the one where the address was the entrance. Because it was a wallet that was only supposed to serve this auction, it probably wasn't the best idea, so maybe we'll use this option. Let's say we want to be more than 50% sure.

OK, we have some addresses. Of course, as I mentioned, anonymity vs anonymity. Do I know anything about these addresses? At this stage, no. But I have a tool that will blow my mind until I find out something. What's more, I'll let myself go back to the presentation. Both these web tools I was talking about, they share API software. Is there anything better than this? In my opinion, no. Especially since I recently discovered Jupyter. A brilliant tool, but my source code went... Regardless of that, I can correlate this information with other databases, if I have only such databases. I can visualize them in any way. I can study how much Bitcoin has been invested in a given address, how much has been spent on it, how much

has been paid to the miners. All possible analyses, very quickly and in a very simple way, as long as someone already knows Python. Or Node, or Rabi, or Elma, Lisp, any hipster tool that can now be used in Jupyter. I would like to end here, because I don't have any last questions. I am very happy to answer any questions, whether it is now or if someone will contact me via e-mail or in another way. As I said, I appreciate your invitation to Keybase. I am curious if anyone has any questions or suggestions, which I could improve in my understanding. I think I've finished before time. I think I'll be filming for a little longer. I want to hear some more presentations that I find very interesting. Thank

you very much for now.