When asking the general public about Bitcoin, the digital currency’s alleged use for criminal activities often comes up. In fact, Bitcoin has a poor reputation, with people perceiving it as a tool for criminals buying and selling drugs on the dark web, cybercriminal ransom requests, and tax avoidance.
Whilst it is true that in the early days, Bitcoin’s biggest adoption use case was trading on the infamous Silk Road website, this negative reputation is unjust. In fact, as many original Silk Road users and other criminals have found out, Bitcoin is far from traceable and its perceived anonymity is an illusion.
In this article, we argue that in some ways, Bitcoin and similar cryptocurrencies, provide less privacy than traditional banking.
The Bitcoin Transaction Model
Bitcoin’s transaction model depends on outputs from transactions being used as inputs to new transactions. If, for example, Alice wants to pay 0.8 BTC to Bob, her wallet software will look for unspent transaction outputs received by Alice earlier, meaning transactions outputs made out to an address for which Alice holds the key. Let’s image Alice has previously received 1 BTC in a transaction. Alice’s wallet now creates a new transaction using this 1 BTC output as a transaction input. The new transaction will have two outputs, 0.8 BTC to Bob and 0.2 BTC to Alice. This is the way Bitcoin deals with change. Unspent transaction outputs always have to be used up entirely as inputs in new transactions. In reality, the second output directed to Alice herself would be slightly less, to allow for transaction fees, but we will ignore this detail for now.
In the above example, you can clearly see how all transactions are linked together. These links are the limiting factor in the Bitcoin privacy and anonymity assumptions.
Let’s consider another example. Assume that I owe some beer money to my friend Jeff. Jeff is a modern guy, so I make a Bitcoin transfer to him to clear my debt. My employer is also very modern and pays me in Bitcoin. My wallet software has taken this large salary transaction output as an input to Jeff’s transaction. Because Jeff is very nosy he follows this link back and sees a large payment at the beginning of the months. Jeff immediately realizes that this is my salary. He now knows exactly what I earn. As he knows where I work he has matched an anonymous Bitcoin address to a real-world identity, my employer. My nosy friend can also follow the link and discover payments made to my company.
Jeff’s example shows the obvious privacy issue. My friend Jeff is no expert, but with little effort, he has found out a lot of private details. Imagine what an expert employed by a law enforcement agency with the help of modern big data analysis software may find out. This type of link following is exactly what has brought down many illicit activities. In fact, in many ways, Bitcoin is easier to track than traditional banking across different jurisdictions.
This has led to the emergence of privacy coins, such as Monero and Zcash. These cryptocurrencies have been designed with privacy in mind, obfuscating the sender and recipient of transactions and the transaction amount.
As might be expected, law enforcement agencies around the world are starting to take an interest in these privacy coins and regulation may be likely in the future.