Tracing Transactions Across Ledgers Haaroon Yousaf, Georgios Kappos and Sarah Meiklejohn Value Cross-currency trading

§ Obtain new/clean coins § Expand your asset holdings

§ ‘Mixer’ coins § Mixing & tumbling services § Known attacks ShapeShift & Changelly

§ ShapeShift (August 2014), Changelly (2013) § Major coin swappers § Allow users to interchange multiple coins/tokens § Scraped market rates and transactions § We derived new methods to trace (ShapeShift) transactions across multiple block chains How does it work?

Select the coin to trade (curIn/Input) Send ShapeShift the recipient Select the coin to receive (curOut/Output) address (curOut/Output)

Receive output coins to the Send inputs coins to the given recipient address (phase 2) ShapeShift address (phase 1) How to cross-trade? You You

I want for BTC

ShapeShift ShapeShift Example transaction

BTC ETH Users SS Zcash Transaction Transaction Data Collection

§ Scraped ShapeShifts public API ~13 months § 2.8 million transactions (focused on top 8) § 95.7% of all ShapeShift transactions if at least one of curIn and/or curOut is one of the eight § 8 worth of data from full nodes

Identifying transactions

§ Input: curIn that sent original coins Search for transactions with a similar timestamp and matching value on the input (curIn) (where the user sends coins) § Send address to ShapeShift API to confirm § Output: curOut responsible for delivering coins § Queried found addresses into API which returns corresponding output Tracking activity : Pass-through

§ Original ShapeShift transactions § Across eight currencies we followed the path of 1,383,666 transactions § In the worst case, Bitcoin, we identified 76% of total transactions Tracking activity : U-turns

§ User sends money from curIn to curOut, then immediately does another transaction back to their original curIn § Linking two transactions which happen within 30 minutes of each other and carry 0.5% value of the first § With the same UTXOs or account-based address as before Tracking activity : U-turns

§ 107,267 basic U-turns (similar value)

§ 10,566 U-turns (re-used addresses)

§ 1,120 U-turns (UTXO-based) § and Zcash used primarily as mixer coins U-turns § Zcash, users do not gain anonymity as for 54.24 % of cases in did not change their address

§ Dash 2091 U-turns re-used the same address address, but only 184 used the same coin Tracking activity : Round-trip

§ Two ShapeShift transactions, combination of Uturn and Passthrough § User attempts to shift from an input currency into another, then shifts again back to the original input currency § Costs two miner fees and two sets of rates Tracking activity : Round-trip

§ 95,547 according to our regular heuristic

§ 10,490 out of these where the input and output addresses were the same § Bitcoin 1.2% of round-trip used same address § Dash (72%), Classic (56%), and (40%) used the same input and output address Clustering: Common relationship heuristic

Connected, B L know same output E

Z Connected, know same input B L

If two or more addresses send coins to the same address in the curOut blockchain, or if two or more addresess receive coins from the same address in the curIn blockchain, then these addresses have a some common social relationship

§ Largest in-degree cluster had 12,868 addresses centred on Bitcoin CoinPayments.net address § Three others from top 8 associated with CoinPayments.net § Largest out-degree cluster had 2314 addresses centred on Litecoin § Second largest Ethereum cluster Case study: StarScape Capital

§ Investment firm promised 50% return in Crypto arbitrage fund § Raised 2000 ETH in Jan 18 (2.2M USD) § Disappeared - No website, No coins § 192 transactions – 109 to ShapeShift (465ETH) § Two Monero addresses that received all the shifted coins

SCAM SCAPE Case study : EtherScamDB

§ EtherScamDB – list of Eth addresses involved in scam

§ 194/1973 addresses involved in 688 successful ShapeShifts

§ 1797 ETH was shifted to other currencies (74% to Bitcoin, 19% to Monero)

§ MyEtherWallet (typo squatting) scams shifted 207 ETH~BTC and 151 ETH~XMR § Trust-trading scams converted 691 ETH to BTC § One scam did 34 distinct round-trips (sending to a different address then returning) Case study: Trading bots

§ Searched for 15 or more transactions that transaction a similar amount of USD with 1% error rate within a 5 minute span § *13 clusters that exchanged BTC for SALT § *514 different Bitcoin addresses § Applying our pass-through heuristic shows there were only two distinct SALT addresses used to receive the output Case study: Anonymity coins (Zcash) § 1) User shifts into a transparent address then sends into the pool § 29,003 ShapeShifts sent ZEC to a t-address § 1309 where the next transaction sent coins to the pool § 8.2% of all values sent (12,534 ZEC) in our Phase 2 transactions § 2) User sends money from the pool straight to ShapeShift § 111,041 transactions that had sent money to ShapeShift § 3808 came directly from the pool § 12,490 ZEC (14%) of the value in Phase 1 transactions) § How would ShapeShift verify validity of coins from the pool? Case study: Anonymity coins (Dash)

§ CoinJoin: transaction with at least three inputs, outputs consist of values from coinjoin denominations and all outputs values are the same § 1) Users sent CoinJoin funds to ShapeShift § 2,068 (2%) transactions § 11,929 DASH § 6.5% of the total value across Dash Phase 1 transactions § 2) Users performed a CoinJoin after receiving funds § 33 (0.06%) transactions § 187 DASH § 0.1% of the total value across Dash Phase 2 transactions Acknowledgements

Authors are supported by the EU H2020 TITANIUM project under grant agreement number 740558.