Analytical Tools for Blockchain: Review, Taxonomy

and Open Challenges

Anastasios Balaskas Virginia N. L. Franqueira
University of Derby, Cyber Security Research Group University of Derby, Cyber Security Research Group
College of Engineering & Technology College of Engineering & Technology
DE22 1GB, Derby, United Kingdom DE22 1GB, Derby, United Kingdom
a.balaskas1@unimail.derby.ac.uk v.franqueira@derby.ac.uk

Abstract—Bitcoin has introduced a new concept that could the economic indicators and market trends, blockchain analysis
feasibly revolutionise the entire Internet as it exists, and positively can involve further parameters like the embedded metadata and
impact on many types of industries including, but not limited to, their connection with smart contracts, which transfer the
banking, public sector and supply chain. This innovation is landscape to a wider field of applications apart from normal
grounded on pseudo-anonymity and strives on its innovative cryptocurrency [7].
decentralised architecture based on the blockchain technology. In this paper, blockchain analytic tools are examined in terms
Blockchain is pushing forward a race of transaction-based of their applications within the research and developers’
applications with trust establishment without the need for a community, and their effectiveness in cybercrime investigation
centralised authority, promoting accountability and transparency
and analysis. Through study of related work, a thematic
within the business process. However, a blockchain ledger (e.g.,
taxonomy is presented for the categorisation of blockchain
Bitcoin) tend to become very complex and specialised tools,
collectively called “Blockchain Analytics”, are required to allow
analytic tools according to their applications. Specific tools are
individuals, law enforcement agencies and service providers to examined based on their features, efficiency and components,
search, explore and visualise it. Over the last years, several providing, this way, evaluation criteria for the selection of an
analytical tools have been developed with capabilities that allow, appropriate solution in order to cover a set of investigation
e.g., to map relationships, examine flow of transactions and filter requirements. Furthermore, open challenges and practices are
crime instances as a way to enhance forensic investigations. This discussed as well as future areas of research and development.
paper discusses the current state of blockchain analytical tools and The paper is organised as follows. Section II provides
presents a thematic taxonomy model based on their applications. background information on the technical aspects of blockchain
It also examines open challenges for future development and and bitcoin. Section III presents a thematic taxonomy of the
research. blockchain analytic tools and examines available tools and how
they fit within the above-mentioned taxonomy scheme. Section
Keywords— blockchain; cryptocurrency; bitcoin; tools; IV explores open challenges in this field, while Section V draws
blockchain analytics; digital forensics; cybercrime investigation. conclusions and elaborates on recommendations for future work.
I. INTRODUCTION II. BACKGROUND
Blockchain analysis is an entirely new field of research and Information that is available in a blockchain is considered as
development, which started to emerge in 2014 as a trend within extremely valuable for both data analysis and crime
the cryptocurrency ecosystem. This trend was mainly pushed by investigation. This section presents the backbone concept of
its transparent and decentralised nature. blockchain and how it applies to bitcoin transactions.
Blockchain Analytics provide a useful tool for individuals to
inspect the network of transactions in terms of, e.g., flaw A. What is Blockchain
analysis and transaction relationships [1]. Also, as Blockchain is a distributed technology built under peer-to-
cryptocurrencies thrive and grow as mainstream payment peer network principles and cryptographic primitives, such as
method, insights into how people are spending them become asymmetric encryption and digital signature. It allows trust-less
increasingly relevant. Not just in terms of which products or users to exchange information and record transactions without
services are bought with them, but also knowledge of how long external interference and coordination. Therefore, the
people are keeping cryptocurrency in their wallets, in a way to blockchain infrastructure allows a secure and append-only
stimulate the worldwide adoption of cryptocurrency [2][3]. For database to be built that relies on a consensus protocol for
law enforcement, identifying these type of activities is important deciding which of the valid information will be added in the
in order to prevent money laundering and terrorism financing. distribution and propagated through the network of participants.
Through the analysis of transactions, investigators try to match As this technology can provide every member with a trusted and
connections and interactions between addresses. Some tools decentralised proof of work [8], the application part of it – like
have already started to index sets of transactions as a way to cryptocurrencies – can utilise what is usually referred to as
cluster them into specific groups [4][5]. public ledger. This means that all users have equal ledgers,
The positive sides to blockchain analysis are not hard to find. ensuring, this way, transparency within the network.
Detailed analytics can answer questions like how the Different applications use the blockchain technology as a
cryptocurrency is being spent, where are the new wallets coming way to store value exchanges through transactions. Every
from and how can we trace the money [6]. Nevertheless, beside transaction generated by a node is digitally signed with the
previous transaction’s hash and the destination node’s public combines them until a unique hash is obtained and added to a
key; this scheme ensures that transactions are tamper-proof. new block as the Merkle Root of transactions in the block. Also
Specific nodes in the blockchain network will validate a block added to the new block is the hash of the previous block; both
containing transactions – which nodes depend on the type of hashes and the replication of the ledger (among participants of
consensus adopted by the network; this process is called mining the network) make the blockchain technology tamper-proof
[9, pp. 105-106]. For example, bitcoin adopts the proof-of-work [14]. In case two miners broadcast a new block and one block is
consensus scheme where each node is presented with an subset of the other, the block that has more transactions is kept
intensive computational problem. Nodes which succeed in [15].
solving the problem will be able to incorporate the valid block
Similar to cash change in physical transactions, bitcoin
into their version of the public ledger before it is broadcasted
generates coin change, which is directed to a new (wallet)
across the network. As it was shown in the original bitcoin
address rather than the original address. The main reason behind
induction [10], such a ledger will remain secure as long as more
it is privacy. Maintaining privacy in blockchain depends on a
than the 50% of the computational power is controlled by honest
strict separation between addresses and personal identities, a
users.
model referred to as pseudonymity [16]. For example, a bitcoin
Having the blockchain acting like a public ledger facilitates
payment transfers coins from address #1 to #2 (from Bob to
the ability for any blockchain analytic tool to query for
Alice), but directs change to address #3. Therefore, at first
transactions associated with a particular address, e.g., search for
glance, it would be assumed that addresses #1 and #3 are
wallet addresses and check for related transactions.
associated with separate identities. The reality is, however, that
B. Overview of Bitcoin addresses #1 and #3 might refer to the same identity, as
Bitcoin is a network protocol based on blockchain, illustrated in Fig. 2. These pseudonymous scheme makes the
introduced by Nakamoto [11] which allows payments and coin bitcoin graph very complex and ambiguous, therefore, extra
transfers to be made among participating entities. No trusted information is needed to link wallet addresses to identities and
bank is needed to maintain balances, coordinate money perform different types of analysis – motivating the surge of
transactions or issue new currency. blockchain analytic tools.
The bitcoin network maintains a global distributed ledger of
transactions which is public. In this case, each transaction
represents a payment from one node to another. The payment
address is generated after a set of irreversible cryptographic
hashing functions of the sender’s public key; every new valid
block is broadcasted to all network nodes. Bitcoin currently uses
SHA-256 for those hashing operations [12].

Fig. 2. Bitcoin: payment & change scheme.

III. BLOCKCHAIN ANALYTIC TOOLS
This section presents a taxonomy model by examining tools
and practices within the area of blockchain analytic tools in
detail. The taxonomy model presented in Fig. 3 leads to
discussion regarding open challenges in the area of blockchain
analytics, elaborated in Section IV.
A. Thematic Taxonomy of Blockchain Analytic Tools
Investigations of cybercrime, in general, and of ransomware
in particular, are increasingly relying on blockchain analytic
tools since many attacks typically use cryptocurrency for
harvesting ransom. For example, CryptoLocker campaigns have
been under examination using blockchain information [17] [18].
Fig. 1. Block construction of Bitcoin using Merkle Tree Researchers have been able to identify embedded digital
(TXn are application-specific transactions). footprints that could reveal relevant information about identities
behind them [19].
The transactions listed in a new block have been verified by As cryptocurrencies rely on cryptographic protection and a
miners who also check that no coins are spent twice. decentralised peer-to-peer system, money ownership is
Transactions of a new block are processed into a single hash implicitly pseudonymous, while its flow is publicly available
value which is the root of a Merkle Tree [13]. Such binary tree and visible. Blockchain analysis provides information about
structure only contains transactions in the leaves. The hashing movements of cryptocurrencies. Several researchers have
scheme, illustrated in Fig. 1, propagates transactions’ hashes and approached this topic with the help of blockchain analytic tools
in order to de-anonymise users [20] [21]. Reid and Harrigan [21] the stored transactions, enabling the identification of patterns of
outlined the difficulty of the combined anonymity and user coin flow. BitIodine [4] is another tool to analyse blockchain; it
behaviour while tools which emerged later, like Blockchain parses information and provides a front-end which gives insights
Inspector [22], use artificial intelligence in order to profile into a variety of information. Such information can be basic, like
blockchain users and track their behaviours. However, using address account (i.e., wallet) balance and total number of
blockchain analytics has two main drawbacks, namely the big transactions, up to more advanced information, like address
data volume [23] and dealing with users with multiple wallet clustering and address labelling using public information
addresses, as a result of the coin change scheme (Section II-B). collected from the Internet. Both tools have been tested with
Economic studies have been another area of interest which success using different set of experimental work and scenarios,
takes advantage of blockchain analysis. Moser and Bohme [24] demonstrating to be an effective way to analyse and detect
focused on bitcoin transaction fees and tried to determine the patterns within the blockchain and providing a way to improve
agents’ behaviour via analysis of their transaction fees using the security or privacy issues.
publicly available blockchain records on bitcoin and exchange Blockchain.info [31] is among the most popular and
rates from Coindesk [25]. Lischke and Fabian [26] and Ron and frequently used blockchain analytic tool, having firstly appeared
Shamir [27] conducted market analysis using blockchain, on the market back in 2011. This tool provides some fast and
combining network data and geo-locations to get insights into easy-to-use capabilities for tracing individual transactions, while
the cryptocurrency business distribution over time. Both studies also provides plenty of information, including charts and
used blockexplorer.com [28] – an open source web tool that statistics, about the whole bitcoin network. Ortega [22] used the
allows visualisation of information regarding blocks and publicly information from blockchain.info within a certain
blockchain transactions as their main source of data. period in order to de-anonymise addresses from Tor services and
Other areas of blockchain analysis include the study of the proxies. Blockchain.info also delivers information in a
scripting language used by cryptocurrency protocols. Bartoletti convenient way and allows the analyst to tag each transaction
and Pompianu [29] used blockchain analytics and developed a with an associated name. Applying clustering heuristics to data
tool named OpReturnTool to investigate metadata related to the provided by blockchain.info and information available on a
OP_RETURN instruction, a command that is included in bitcoin public bitcoin forum [33], Meiklejohn et al. [34] were able to
and provides a way to embed additional data into the blockchain classify a number of transactions in a user network and perform
[9, p. 193]. It is set to allow up to 80 bytes of data and, when a a traffic analysis on money movement.
transaction that contains an OP_RETURN field is confirmed by Kinkeldey, Fekete and Isenberg [35] developed a system that
mining, this content will be added into a block and will, can be used to recognise a bitcoin network entity based on its
therefore, remain within the blockchain forever. public address, regardless if that entity is an individual or an
organisation. The tool is called BitConduite and utilises the
network topology (with its billions of transactions) in order to
provide an estimation of an address that could match an entity.
Whereas bitcoin can be utilised in various ways – ranging from
currency investment to illegal payments – BitConduite can
become useful in order to explore and identify the rationality
behind bitcoin usage. An analyst that works with BitConduite
can perform grouping and filtering based on various attributes
and visualise the results in a timeline.
The trade data from cryptocurrency platforms can give
interesting insights into money inflows and outflows. The
website bitcoincharts.com [36] provides financial and technical
information linked with bitcoin and has been utilised for analysis
of daily trading rates, trends and anomalies [26].
BlockSci [37] is an open-source tool for blockchain analysis
Fig. 3. Thematic taxonomy for applications of Blockchain which mainly differentiates itself in two-ways. Firstly, it does
Analytic Tools. not use a transactional database. Instead, it uses an analytical
built-in memory that promises faster processing. Secondly,
In a nutshell, such tools have been used for a variety of while most of the blockchain analytical tools focuses on bitcoin,
purposes. Figure 3 captures those applications and provides a BlockSci is more versatile and can support multiple blockchains
thematic taxonomy of blockchain analysis tools in terms of areas apart from bitcoin, such as Litecoin and ZCash.
of interest. The next section studies in more detail further tools Commercial software tools also exist in the market.
with the goal of mapping them against the proposed taxonomy. Chainalysis [38] was proposed as an assessment tool allowing
B. Additional Blockchain Analytic Tools assessment of risks associated with bitcoin transactions. It is
This section reviews a selection of additional blockchain currently being used by law enforcement in cybercrime
analytic tools, both open source and commercial tools, in order investigations involving bitcoin, as it is able to provide links
to identify relevant features. between (a known) source and its recipients [39]. Similarly,
BitConeView [30] is a tool that can facilitate the Elliptic [40] offers software that can connect bitcoin activity to
examination of bitcoin flaws using visualisation of the real world identity by utilising a proprietary database with
blockchain. The tool also allows tracking of spending based on millions of bitcoin addresses. Elliptic is often used by financial
institutions and law enforcement as it offers transactions order to extract blockchain information from, for example, the
monitoring capabilities and transparent documentary evidence API from another existing analytic tool, or from the web page
(including a proprietary database which links bitcoins addresses source code. Nevertheless, it seems that all these analytic tools
to web entities) [41]. have been consistently focusing on the same specifications and,
as a result, their implementation has shown a significant amount
C. Mapping Tools against the Proposed Thematic Taxonomy of repetition while, at the same time, leaving behind the option
A common theme of the reviewed blockchain analytic tools of creating a blockchain parsing tool with more abstract
is the provision of data to meet a range of analysis goals, objectives.
delivered via different features. Most of the time, a full analysis To summarise, despite the considerable development work
requires combining data from the blockchain with external data to explore and gain wide access to information encoded in a
obtained via blockchain analytics, wikis and/or discussion blockchain, the effort has focused too much on bitcoin and a
forums. Table I summarises all the tools covered against the small set of features. Possibly that work could be more effective
taxonomy presented in Fig. 3. and efficient through the use of generic-purpose, real-time
analytics tools, that would provide the required level of
TABLE I. ANALYSIS OF BLOCKCHAIN ANALYTIC TOOLS VS. THE abstraction in order to process a wider range of blockchain data.
PROPOSED THEMATIC TAXONOMY
IV. OPEN CHALLENGES OF BLOCKCHAIN ANALYTICS
Thematic Features Tools
Taxonomy This section discusses challenges of blockchain analytics
• BitIodine that are relevant in performing different forms of investigation,
Transaction Graph Utilised such as cybercrime-oriented or (business) economics-oriented.
• Blockchain.info
Analysis of for Address Clustering
• BitConduite Taking as starting point the summary discussion of Section III-
Relationships
Wallet Explorer Proprietary • Chainalysis D, it further expands the discussion in different aspects.
Database • Elliptic
A. Big Data Analytics & Real Time Analysis
Analysis of
OP_RETURN • OpReturnTool Blockchain analytics could very well be combined with Big
Metadata
Transaction Graph Utilised • BitConduite Data. In fact, blockchain could not only benefit data analytics,
Analysis of for Address Clustering • BitConeView but also data management. Regarding data analytics,
Money Flows • Blockchain.info transactions encoded in blockchain could be used as a source for
Address Tagging
• Bitcointalk.org
of information. For example, user trading patterns might be
Analysis of Profile Rules • Blockchain Inspector
User
extracted with additional prediction of users’ potential trading
Behaviour Risk Assessment • Chainalysis behaviours within the analysis. As for data management,
• Blockchain.info
blockchain could be used to store important data as it is
• Coindesk.com distributed and secure. Data provenance is also something that
Transaction Graph blockchain could ensure. For instance, if blockchain is used to
Analysis of • BitConeView
Transaction • BlockSci store patients’ health information, the information could not be
Fees • Blockchain.info tampered, and it would be hard to steal that private information.
Exchange Rate • Coindesk.com Additionally, blockchain can provide better transparency in
• BlockSci
data analysis. The difference here is that blockchain will reject
Analysis of Transaction Graph • Blockexplorer.com
Market /
an input which is not verifiable and seems to be suspicious. As
Wallets Trade Data • Bitcoincharts.com a consequence, a data analyst will only be dealing with
information that is fully transparent. Simply put, a customers’
behaviour pattern identified within the blockchain will probably
D. Discussion about Blockchain Analytic Tools be more accurate compared to those currently being collected in
Despite availability of several blockchain analytic tools as typical databases.
reviewed in Sections III-A and III-B, an analysis operation One of the challenges that financial institutions often face is
requires aggregation and correlation of different sources of the difficulty to detect fraud transactions, especially on a real
information. Current tools provide very limited support for this time basis [45]. Considering that the blockchain records every
and, therefore, analysts are usually required to implement transaction and that all remain within the ledger, it could
additional tools to achieve their analysis goals. Additionally, to possibly provide a way for real time pattern check. In fact, some
the best of our knowledge, there is a lack of generically-oriented of the blockchain analytic tools, such as Chainalysis [38], utilise
analytic tools for blockchain. Even frameworks claiming to be this real time intelligence for decision making regarding
“generic”, such as [42], mainly focus on bitcoin analysis, leaving anonymous information. From a privacy perspective, however,
other cryptocurrencies and purpose-built blockchains outside of questions may arise since it mainly conflicts with the primary
their scope. motivation for the popularity of cryptocurrencies – anonymity.
The majority of the reviewed tools retrieves their underlying B. The Inviolability Challenge & Hidden Suprises
blockchain information with the use of BitcoinCore [43].
In the archival world, a record could be considered as a
Thereafter, the data is encapsulated as Java object using Bitcoin
trusted one, and provide provisional evidence, when the storage
J library APIs [44] before processing. However, neither Bitcoin
process results from: (1) a consequent routing work of record
Core nor Bitcoin J is a native tool to offer blockchain analysis.
keeping, with regulations regarding altering or tampering, and
Therefore, a plethora of tools have been under development in
(2) the existence of valuable metadata to outline the context and
relevant modification since its creation. However, a challenge every transaction involved in a given cryptocurrency, including
exists to keep the records inviolable. In other words, how to full address history starting from the very first transaction [52].
protect a record from tampering or unauthorised access, deletion In that way, law enforcement could have all the needed records
or alteration. Different practices have applied to achieve this in order to trace transferred money, something that would not
over the years, from file content listing to user credentials for necessarily be feasible within the traditional economy.
access control. However, sooner or later all methods would Notwithstanding the achieved anonymity that a cryptocurrency
appear to have open threats for bypassing the rules. can offer, the address of a user’s wallet is still a number that will
On the other hand, blockchain as a ledger and distributed follow the user, so if that can be connected with a particular
database can maintain a constantly increasing set of data records individual, then the transactions could be identifiable and
that is protected from alteration. What has been noticed though, traceable using that address. However, the challenge of
is that while blockchain in mostly associated with the identifying a user is becoming increasingly complex, as a new
publication of application-specific transactions – e.g., financial generation of privacy-oriented cryptocurrencies, like Monero or
data for bitcoin applications – it can also be used to publish other Zcash [53], is now being used for illegal payments.
sort of information as well [46]. As a publishing platform, Data retention, achieved via blockchain, represents a benefit
blockchain is inherently resistant to censorship; once to law enforcement since it potentially allows a publicly
information is published, it is nearly impossible to remove it. available recording of transactions [54]. It is a continuous
Bitcoin users can take advantage of this feature by encoding data challenge for law enforcement the fact that phone and broadband
into bitcoin transactions, which are then permanently added to providers apply diverse policies regarding customers’ and their
the blockchain [47]. Since its very inception, the bitcoin related transactions data. In the world of cybercrime, it typically
blockchain has had a tradition of political, artistic, or even takes a significant amount of time to observe and track someone
religious expression. A few examples listed by Shirriff [48] after an illegal activity, as this might involve record retrieval
include a speech published in the very first bitcoin block of data, from different providers, or event data from a range of
presumably from Satoshi Nakamoto as a political statement residencies and jurisdictions. It may happen that the investigator
regarding it as a response to the weaknesses of centralised identifies specific records that will match a criminal activity with
financial institutions [49]. The bitcoin mining pool Eligius [50] the suspect, just to realise that their relevance would no longer
has also published religious prayer in the blockchain, while the exist. Such situation would not hold within the blockchain
security researcher Dan Kaminsky added an ASCII memorial infrastructure, as the records remain in place and unchanged due
for cryptographer and privacy advocate Len Sassaman to the to blockchain’s append-only characteristic.
blockchain after his death [51]. A challenge that will probably become more and more
Possibly these examples can be read as an early stage of a relevant for law enforcement, however, is the use of different
future expansion of use of the blockchain. A way to work out the cryptocurrencies for a criminal activity as an intended way to
retrieval of those hidden messages and keep the blockchain add another layer of complexity for tracking. This means that
independent of record keeping is a promising direction for data transactions would be logged in different blockchains. In this
analysts to explore. case, a universal collection of data from different blockchains
would need to be incorporated to today’s landscape of features
C. Blockchain for Law Enforcement provided by blockchain analytic tools.
At the moment, law enforcement attention has mainly been
focused on cryptocurrencies, as the other possibilities of D. Anonymity vs. Pseudonymity
application development (e.g., hidden data with criminal It seems that the public in general misunderstands the
content; Section IV-B) do not seem to have reached the real concept of anonymity within virtual currencies. In other words,
world yet. The main question is how to identify criminal activity cryptocurrencies are mainly regarded as anonymous services.
by overcoming the anonymity challenge. Indeed, the problem of Nevertheless, considering the public and transparent nature of
attribution of identity is possibly the hardest challenge for those blockchain (such as bitcoin), it would be more accurate to
investigating cybercrimes and other types of crimes related with describe such services as pseudonymous rather than anonymous.
computer use and online activities. Decentralised payments, by A deeper understanding on the difference in this context would
definition, do not rely on any centralised point to facilitate law benefit policy-making.
enforcement work. For example, a police investigation may Bitcoin and other cryptocurrencies have introduced a new
result on the suspension of bank accounts, something that is not privacy perspective to financial transactions, compared to the
possible with decentralised payments. However, a company or traditional formats based on cash or cards. The key difference is
institution that offers a service for decentralised payments could that blockchain is public, although it makes use of
be under specific regulations, as a result of providing centralised pseudonymous identities. Something that creates the possibility
access point. An example could be a currency exchange of tracing and – theoretically - linking a transaction record with
company that represents an intermediate layer between normal an identity [55]. The potential of linking a transaction with the
currency (cash) and cryptocurrencies (e.g., bitcoins). Such public blockchain raises a challenge especially for the finance
company could be enforced to comply with specific regulations, sector as it provides the potential of masking an identity behind
like anti-money laundering legislation. In fact, this is a key point transactions.
regarding identity attribution. Besides the pseudonymity offered An interesting perspective regarding linking an entity to a
by cryptocurrencies, a physical identity is always involved in transaction arises from the banking regulations. In traditional
order to instantiate a wallet or for cashing crypto-coins out. banking, there is a specific set of privacy related regulations
Blockchain analytic tools can offer law enforcement concerning the sharing of information between banking groups
agencies considerable benefits. It provides the ability for tracing and individuals [56]. No similar regulations apply to
cryptocurrencies yet. However, as they continue to evolve and Internet in a decentralised trust-less system, law enforcement
adapt as an ordinary way of banking, there will be a time when agencies are seeking ways to aid their investigations, especially
crypto transactions will have to be registered [57], ending up by tracking and monitoring money and data movements that are
with the same compliance requirements as traditional centralised involved in cybercrime activities. The ability to use analytic
institutions. tools on cryptocurrency transactions using blockchain tools is a
Another challenge facing government regarding promising way forward to fight cybercrime.
cryptocurrencies is the use of anonymity in order to perform The goal of this study was to explore the state-of-the art and
money laundering [58]. Money laundering could be broadly practice of blockchain analytics. By exploring a variety of tools
described as a part of financial-related activities manipulated to and techniques available, a thematic taxonomy was proposed
hide the source of the money. It is worth noticing that novel and matched against the tools as a way to provide a better
cryptocurrencies are focusing on true anonymity – rather than understanding of their purpose, and capabilities. It is interesting
pseudonymity (such as bitcoin). For example, Zerocoin [59] to observe how a single tool can be utilised for different
adopts an anonymous structure, thus presenting a realistic application purposes, and what kind of information can be
money laundering threat. As a result, the recorded transactions revealed using a combination of tools.
could not be traced like they can for bitcoin, so an investigator The paper has also explored challenges related to blockchain
will not be able to retrieve currency information regarding a analytics from different perspectives. One of them is the
wallet. If research and development of such novel anonymous handling of high speed and huge volume of data which becomes
cryptocurrencies keep evolving, that might trigger the increasingly demanding for blockchain analytic tools. Taking
development of regulations regarding bitcoin and other virtual advantage of a predictive modelling as a result of big data
currencies. capabilities, such tools can progress towards being more (pro)
active instead of predictive. A merge between the topics of
E. Mixers and Money Laundry Services blockchain analytics and big data can layer into a reactive and
In order to preserve privacy, cryptocurrency users tend to use predictive restructuring which is gradually undertaken in
services called mixers. In a typical process, a mixing address business intelligence science and allows automatic operations of
receives coins from several different clients and forwards them wide areas of background tasks using smart contracts and
in a random way to a fresh address for each client [60]. In other financial data. In fact, the prognostic analysis from big data can
words, a cryptocurrency user is allowed to send coins from a promisingly fit together with the automated execution of smart
certain address towards a mixing service and receive back from contracts.
the service the same amount of money from a different address It was uncovered in this study that blockchain transactions
or addresses. In a nutshell, such services make the link with the can possibly be used to conceal hidden messages which are
original owner of the money even harder, acting as a “reset persistent in the sense that they cannot be deleted or modified.
button” for wallets and bank accounts. Different approaches are Traditionally, such messages have been used, e.g., to avoid
adopted by different mixers. censorship or to make a public statement. However, Matzutt et
CoinJoin [61] is a mixing service example where two al. [65] have recently published a study which revealed that
transactions are joined together to establish a single transaction illegal material, including links to sites hosting indecent images
while input and output will remain unchanged. The concept of children (IIOC) in the dark web, are being published and
behind that service is to build a shared transaction, signed from distributed via the bitcoin public ledger. This development
all the participating nodes. confirms warnings by Interpol [66] in 2015 that harmful content
Other mixing services are available like Coinmux [62], but (such as IIOC and malware) could be permanently posted using
it should be noted that if the service is built on a centralised the blockchain technology. It raises a number of questions since
model, then it might be possible to track and trace an exchange the ledger is downloaded to be processed by miners and then
as the system will hold information from all inputs and outputs. broadcasted for the entire network representing an efficient
A decentralised model is followed by CoinShuffle [63] which distribution channel but also a risk for innocent people not
does not require a trusted third party. knowledgeable of what is happening. Therefore, the
An extensive study on mixing services was published by implementation of software tools that will be able to efficiently
Balthasar and Hernandez-Castro [64]. They interestingly and scalably identify and soundly extract those illegal material
identified cases – like the Bitlaunder or Coinmixer – where as evidence will be an important asset for cybercrime
security can by compromised, reducing the privacy expectations investigation and a powerful forensics tool.
of those services. However, there were other services, like The development of intelligent real-time fraud transaction
Alphabay or Helix, which showed a considerable level of analytics, as a specialisation of blockchain analytic tools, could
deficiency. It seems that providing a secure mixing service is a also be beneficial for financial institutions and law enforcement.
challenging task and that might be evaluated as a positive fact Users of a blockchain-based systems would also benefit with the
from a law enforcement perspective. On the other hand, there ability to inspect transactions in real-time with minimal cost.
are also legitimate users that are using those services and, in that Besides that, an additional challenge will be to make a universal
case, the risk of exposing their anonymity can be quite high. tool that is able to aggregate and correlate different sources of
information and different custom-built blockchains.
V. CONCLUSION & FUTURE DIRECTIONS Blockchain represents a revolution with vast potential for
Bitcoin and other cryptocurrencies are adapting the applications to different domains. Law enforcement agencies
blockchain protocol as peer-to-peer distributed electronic cash can adopt two main streams to follow for the investigation of
systems. Due to the way payment transactions operate over the cybercrimes involving this technology. Firstly, a “follow the
money” investigative approach [67], where supporting services [21] F. Reid and M. Harrigan. “Analysis of anonymity in the Bitcoin System.
such as mixers and currency exchange third-parties represent the Security and Privacy Social Networks” New York: Springer, 2013, pp.
197-223.
centralised weak points. Secondly, as a repository and
[22] Blockchain Inspector. “What is Blockchain Inspector.” [Online].
distribution platform for illegal and harmful material. In both Available: http://www.blockchaininspector.com [Assessed: 28-11-2017].
situations, the attribution of identity remains a big challenge, [23] Ben-Ari, A. “Outstanding Challenges in Blockchain Technology in
although not impossible to overcome. 2017”. [Online]. Available: https://appliedblockchain.com/outstanding-
challenges-in-blockchain-2017/ [Accessed: 1-Feb-2018].
REFERENCES [24] M. Moser and R. Bohme. “Trends, Tips, Tolls:A Longitudinal Study of
[1] C. Dannen. “Introducing Ethereum and Solidity: Foundations of Bitcoin transaction Fees” in International Conference on Financial
Cryptocurrency and Blockchain Programming for Beginners.” New York: Cryptography and Data Security, 2015 Jan 30. Springer, Berlin,
Apress, 2017, p. 47. Heidelberg.
[2] A. Heston. “Bitcoin Investing: An Introduction to Cryptocurrency and [25] Coindesk. “About.” [Online]. Available:
How to Invest in Bitcoin”. PublishDrive, 2018. https://www.coindesk.com/about [Assessed: 28-11-2017].
[3] G. Hileman, M. Rauchs. “Global Cryptocurrency Benchmarking Study”. [26] M. Lischke and B. Fabian. “Analysing the Bitcoin Network:The First
[Online]. Available: Four Year”. Future Internet, 2016, vol. 8, no. 1.
https://www.jbs.cam.ac.uk/fileadmin/user_upload/research/centres/altern [27] D. Ron, A. Shamir. “Quantitative analysis of the bitcoin transaction
ative-finance/downloads/2017-global-cryptocurrency-benchmarking- graph.” International Conference on Financial Cryptography and Data
study.pdf [Assessed: 24-1-2018]. Security. Springer, Berlin, Heidelberg, 2013. [Online]. Available:
[4] M. Spanguolo, F. Maggi, S. Zanero. “BitIodine: Extracting Intelligence https://link.springer.com/chapter/10.1007%2F978-3-642-39884-1_2
from the Bitcoin Network” in Christin N., Safavi-Naini R. (eds) Financial [Assessed: 04-04-2018].
Cryptography and Data Security, FC 2014, Lecture notes in Computer [28] Blockexplorer.com. “About block explorer.” [Online]. Available:
Science, vol. 84347, Berlin: Springer. https://blockexplorer.com [Assessed: 28-11-2017].
[5] A. Doll, S. Chagani, M. Kranch, V. Murti. “Btctrackr: finding and [29] M. Bartoletti, and L. Pompianu. “An Analysis of Bitcoin OP_RETURN
displaying clusters in bitcoin”. Princeton University, USA. 2014. Metadata”. arXiv preprint arXiv:1702.01024. 2017.
[6] J. Sammons. “Digital Forensics: Threatscape and Best Practices”. [30] G. Battista, V. Donato, M. Patrignani, M. Pizzonia, V. Roselli and R.
Waltham: Sygress, 2015, pp. 12-13. Tamassia. “Bitconeview: Visualisation of Flows in the Bitcoin
[7] IBM Corporation. “Forward Together: Three ways blockchain explorers Transaction Graph” in 2015 IEEE Symposium on Visualization for Cyber
chart a new direction”. [Online]. Available: https://www- Security, VizSec. IEEE Computer Society, 2015, pp. 1-8.
935.ibm.com/services/studies/csuite/pdf/GBE03835USEN-00.pdf [31] Blockchain. “About.” [Online]. Available:
[Assessed: 24-01-2018]. https://www.blockchain.com/about/index.html [Assessed: 28-11-2017].
[8] R. Merkle. “A digital signature based on a conventional encryption [32] M. Ortega. “The Bitcoin Transaction Graph Anonymity.” Master Thesis,
function” in Advances in Cryptology, CRYPTO 87, Santa Barbara, Universitat Oberta de Catalunya. [Online].
California, USA, August 16-20, 1987, pp. 369-378. Available: http://openaccess.uoc.edu/webapps/o2/bitstream/10609/2356
[9] P. Franco. “Understanding Bitcoin: Cryptography, Engineering and 2/9/msantamariaoTFM0613memoria.pdf [Accessed: 28-11-2017].
Economics” Chichester: John Wiley & Sons, 2014. [33] Bitcointalk. “Bitcoin Forum.” [Online]. Available:
[10] S. Nakamoto. “Bitcoin:A Peer-to-peer Electronic Cash System.” [Online]. https://bitcointalk.org/index.php [Assessed: 28-11-2017].
Available: https://bitcoin.org/bitcoin.pdf [Assessed: 14-Oct-2017]. [34] S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G.M.
[11] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system” [Online]. Voelker, S. Savage. “A Fistful of Bitcoins: Characterizing Payments
Available: http://bitcoin.org/bitcoin.pdf [Accessed: 1-Feb-2018]. Among Men with No Names” in Proceedings of the 2013 Internet
[12] A. Antonopoulos. “Mastering Bitcoin: Unlocking Digital Measurement Conference. ACM: New York, NY, USA, 2013, pp. 127–
Cryptocurrencies”. Sebstopol: O’ Reilly Media, 2014, p. 191. 140.
[13] R. C. Merkle, “A digital signature based on a conventional encryption [35] C. Kinkeldey, J. Fekete and P. Isenberg. “BitConduite: Visualising and
function,” in Advances in Cryptology — CRYPTO ’87: Proceedings. Analysing Activity on the Bitcoin Network” Eurographics Conference on
Springer Berlin Heidelberg, 1988, pp. 369–378. Visualization (EuroVis), Posters Track (2017), 2017, pp. 1–3.
[14] D. Gerard. “Attack of the 50 Foot Blockchain: Bitcoin, Blockchain, [36] Bitcoincharts. “About”. [Online]. Available:
Ethereum & Smart Contracts”. David Gerard. 2017, p. 13. https://bitcoincharts.com/about [Assessed: 28-11-2017].
[15] J. Wang, Z. Kissel. “Introduction to Network Security: Theory and [37] H. Kalodner, S. Goldfeder, A. Chator, M. Moser, A. Narayana.
Practice”. Chichester: John Wiley & Sons, 2015, p. 158. “BlockSci: Design and Applications of a BlockChain Analysis Platform”.
arXiv preprint arXiv:1709.02489. 2017.
[16] Castells, M. “Another Economy is Possible: Culture and Economy in a
Time of Crisis”. Chichester: John Wiley & Sons. [38] Chainalysis. “About.” [Online]. Available:
https://www.chainalysis.com/#about [Assessed: 02-Dec-2017].
[17] H. Kuzuno and C. Karam, "Blockchain explorer: An analytical process
and investigation environment for bitcoin," 2017 APWG Symposium on [39] E. Cheng. “Dark web finds bitcoin increasingly more of a problem than a
Electronic Crime Research (eCrime), Scottsdale, AZ, 2017, pp. 9-16. help, tries other digital currencies.” [Online]. Available:
https://www.cnbc.com/2017/08/29/dark-web-finds-bitcoin-increasingly-
[18] K. Liao, Z. Zhao, A. Doupe and G. Ahn. “Behind Closed
more-of-a-problem-than-a-help-tries-other-digital-currencies.html
Doors:Measurement and Analysis of CryptoLocker Ransom in Bitcoin.” [Assessed: 02-Dec-2017].
in Electronic Crime Research, 2016 APWG Symposium on 2016 Jun 1,
Toronto, ON. IEEE. [40] Elliptic. “Law Enforcemnet.” [Online]. Available:
https://www.elliptic.co/law-enforcement [Assessed: 02-Dec-2017].
[19] G. Ahn, A. Doupe, Z. Zhao and K. Liao. “Ransomware and
Cryptocurrency: Partners in Crime” in T. Holt (ed.) Cybercrime Through [41] D. Samburaj. “Bitcoin Blockchain Surveillance Firm Elliptic Raises $5M
an Interdisciplinary Lens. New York: Taylor & Francis, 2017, pp. 105- in Series A Funding”. [Online]. Available: https://www.ccn.com/bitcoin-
126. blockchain-surveillance-firm-elliptic-raises-5m-series-funding/
[Assessed: 24-1-2018].
[20] M. Ober, S. Katzenbeisser and K. Hamacher. “Structure and Anonymity
of the Bitcoin Transaction Graph”. Future Internet, vol. 5, no. 2, 2013, pp. [42] M. Bartoletti, A. Bracciali, S. Lande, and L. Pompianu. “A General
237-250. Framework for Bitcoin Analytics”. arXiv preprint arXiv:1707.01021.
2017.
[43] BitcoinCore. “BitcoinCore: Helping you keep Bitcoin decentralised.” http://zoo.cs.yale.edu/classes/cs457/backup/cache/www.ftc.gov/bcp/conl
[Online]. Available: https://bitcoin.org/en/bitcoin-core/ [Assessed: 28-11- ine/pubs/buspubs/glbshort.htm [Assessed: 28-11-2017].
2017]. [57] Financial Crimes Enforcement Netowrk. “Guidance FIN-2013-G001:
[44] BitcoinJ. “Introduciton.” [Online]. Available: https://bitcoinj.github.io Application of FinCen’s Regulations to Persons Administering,
[Assessed: 28-11-2017]. Exchanging, or Using Virtual Currencies.” [Online]. Available
[45] Information Resources Management Association. “Artificial Intelligence: https://www.fincen.gov/sites/default/files/shared/FIN-2013-G001.pdf
Concepts, Methodologies, Tools, and Applications” IGI Global, 2016, p. [Assessed: 28-11-2017].
664. [58] D. Bryans. “Bitcoin and money laundering: mining for an effective
[46] Cox, T. “Blockchain and Potential Implication for International Book solution”. India Law Journal, 2014, vol. 89, iss. 1, article 13.
Publishing”. [Online]. Available: [59] I. Mayers, C. Garman, M. Green and A. Rubin. “Zerocoin: Anonymous
https://publishingperspectives.com/2017/10/frankfurt-blockchain- Distributed E-Cash from Bitcoin” in 2013 IEEE Symposium on Security
potential-implications-publishing [Accessed: 1-Feb-2018]. and Privacy, Berkeley, CA, pp. 397-411. IEEE.
[47] C. DeRose. “Why Blockchain Immutability is a Perpetual Motion Claim.” [60] C. Tanas. S. Delgado-Segura, J. Herrera-Joancomartí. “An Integrated
[Online]. Available: https://www.coindesk.com/immutability- Reward and Reputation Mechanism for MCS Preserving Users’ Privacy”
extraordinary-goals-blockchain-industry [Assessed: 28-11-2017]. in J. Garcia-Alfaro, G. Navarro-Arribas, A. Aldini, F. Martinelli, N. Suri
[48] K. Shirriff. “Hidden surprises in the Bitcoin blockchain and how they are (eds) Data Privacy Management, and Security Assurance. DPM 2015,
stored: Nelson Mandela, Wikileaks, photos, and Python software” QASA 2015. Lecture Notes in Computer Science, vol 9481, 2016,
[Online]. Available: http://www.righto.com/2014/02/ascii-bernanke- Springer, Cham.
wikileaks-photographs.html [Assessed: 30-Oct-2017]. [61] A. Van Wirdum. “CoinJoin: Combining Bitcoin Transactions to
[49] Bitcoinwiki. “Genesis Block.” [Online]. Available: Obfuscate Trails and Increase Privacy” [Online]. Available:
https://en.bitcoin.it/wiki/Genesis_block [Assessed: 6-Nov-2017]. https://bitcoinmagazine.com/articles/coinjoin-combining-bitcoin-
transactions-to-obfuscate-trails-and-increase-privacy-1465235087
[50] Bitcoinwiki. “Eligius”. [Online]. Available: [Assessed: 02-Dec-2017].
https://en.bitcoin.it/wiki/Eligius [Accessed: 1-Feb-2018].
[62] Coinmux. “Coinmux.” [Online]. Available: http://coinmux.com
[51] M. Hoffman. “The Proposed Virtual Currency Regulatory Framework” [Assessed: 02-Dec-2017].
in: Comments to the New York State Department of Financial Services
on BitLicense. [Online]. Available [63] T. Ruffing, P. Moreno-Sanchez, A. Kate. “CoinShuffle: Practical
https://www.eff.org/files/2014/10/21/bitlicense-comments-eff-ia-reddit- Decentralized Coin Mixing for Bitcoin” in Kutyłowski M. Vaidya J. (eds)
hofmann-cover.pdf [Assessed: 28-11-2017]. Computer Security - ESORICS 2014. ESORICS 2014. Lecture Notes in
Computer Science, vol 8713. Springer, Cham.
[52] K. Bheemaiah. “The Blockchain Alternative: Rethinking Macroeconomic
Policy and Economic Theory”. New York: Apress, 2017, p. 63. [64] T. Balthasar and J. Hernandez-Castro. “An Analysis of Bitcoin Laundry
Services” in H. Lipmaa, A. Mitrokotsa, R. Matulevičius (eds) Secure IT
[53] O. Kharif. “Bitcoin is being dropped by criminals in favour of privacy
Systems. NordSec 2017. Lecture Notes in Computer Science, vol 10674.
coins like monero”. [Online]. Available: Springer, Cham. 2017.
http://www.independent.co.uk/news/business/analysis-and-
features/bitcoin-latest-updates-price-privacy-coins-cryptocurrency- [65] R. Matzutt, J. Hiller, M. Henze, J.H. Ziegeldorf, D. Mullmann, O.
monero-digital-currency-price-a8137901.html [Accessed: 24-1-2018]. Hohlfeld, K. Wehre. “A Quantitative Analysis of the Impact of Arbitrary
Blockchain Content on Bitcoin” in Proceedings of the 22nd International
[54] D. Balaban. “How Law Enforcement Can Investigate Bitcoin Related
Conference on Financial Cryptograpghy and Data Security (FC).
Crimes and Why That’s Good”. [Online]. Available: Springer. 2018.
https://cointelegraph.com/news/how-law-enforcement-can-investigate-
bitcoin-related-crimes-and-why-thats-good [Assessed: 28-11-2017]. [66] Interpol. “INTERPOL cyber research identifies malware threat to virtual
currencies”. [Online]. Available: https://www.interpol.int/News-and-
[55] S. Gomzin. “Bitcoin for Nonmathematicians: Exploring the foundations media/News/2015/N2015-033 [Assessed: 06-04-2018].
of crypto payments.” Boca Raton: Universal-Publishers, 2016, p. 60.
[67] J. MacRae and V. N. L. Franqueira. “On Locky Ransomware, Al Capone
[56] Bureau of Consumer Protection. “In brief: The financial privacy and Brexit” in Proceedings of the 9th EAI International Conference on
requirements of the Gramm-Leach-Bliley Act.” [Online]. Available: Digital Forensics and Cyber Crime, LNICST 216, pp. 33-45. Springer,
2017.