The decentralized and pseudonymous nature of cryptocurrencies like Bitcoin has made it easier for criminal entities to engage in illicit activities online compared to relying on traditional currency systems. Detecting these activities is vital to preventing and combating such abuse. We employ a data collection tool based on a Depth First Search algorithm to follow the largest receivers from 10 illicit starting addresses in each abuse type; Darknet, Blackmail, Tumbler, and Ransomware. The results from our two searches showed that money tends to be concentrated to one or two receivers and that all abuse types rely heavily on so-called Two-Transaction addresses. These addresses are only used once, likely as intermediaries to obfuscate money flow, potentially within the inner layer of Bitcoin Tumblers. The results also showed behaviors within the abuse types that were both consistent with and divergent from existing research. Furthermore, similarities and unique behaviors across the abuse types were identified. Expanding the dataset with deeper searches could yield clearer patterns in money flow behavior. Additionally, increasing the number of data collection points could enhance the analysis. Finally, the starting addresses significantly impacted the trustworthiness and reliability of our results. We hope our findings, lessons, and developed tools will aid future research and the development of strategies to combat online abuse.
Identifer | oai:union.ndltd.org:UPSALLA1/oai:DiVA.org:liu-205042 |
Date | January 2024 |
Creators | Olsson, Anton, Andersson, Daniel |
Publisher | Linköpings universitet, Institutionen för datavetenskap |
Source Sets | DiVA Archive at Upsalla University |
Language | English |
Detected Language | English |
Type | Student thesis, info:eu-repo/semantics/bachelorThesis, text |
Format | application/pdf |
Rights | info:eu-repo/semantics/openAccess |
Page generated in 0.0024 seconds