Journal of Money Laundering Control

Tracking digital footprints: anonymity within the bitcoin system:

Perri Reynolds, Angela S.M. Irwin,
Article information:
To cite this document:
Perri Reynolds, Angela S.M. Irwin, (2017) "Tracking digital footprints: anonymity within the bitcoin
system: ", Journal of Money Laundering Control, Vol. 20 Issue: 2, pp.172-189, https://doi.org/10.1108/
JMLC-07-2016-0027
Permanent link to this document:
https://doi.org/10.1108/JMLC-07-2016-0027
Downloaded on: 03 July 2018, At: 18:58 (PT)
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

References: this document contains references to 41 other documents.

To copy this document: permissions@emeraldinsight.com
The fulltext of this document has been downloaded 2983 times since 2017*
Users who downloaded this article also downloaded:
(2016),"The use of crypto-currencies in funding violent jihad", Journal of Money Laundering Control,
Vol. 19 Iss 4 pp. 407-425
(2015),"Bitcoin and modern alchemy: in code we trust", Journal of Financial Crime, Vol. 22 Iss
2 pp. 156-169 <a href="https://doi.org/10.1108/JFC-11-2013-0067">https://doi.org/10.1108/
JFC-11-2013-0067</a>

Access to this document was granted through an Emerald subscription provided by All users group
For Authors
If you would like to write for this, or any other Emerald publication, then please use our Emerald
for Authors service information about how to choose which publication to write for and submission
guidelines are available for all. Please visit www.emeraldinsight.com/authors for more information.
About Emerald www.emeraldinsight.com
Emerald is a global publisher linking research and practice to the benefit of society. The company
manages a portfolio of more than 290 journals and over 2,350 books and book series volumes, as
well as providing an extensive range of online products and additional customer resources and
services.
Emerald is both COUNTER 4 and TRANSFER compliant. The organization is a partner of the
Committee on Publication Ethics (COPE) and also works with Portico and the LOCKSS initiative for
digital archive preservation.

*Related content and download information correct at time of download.

 The current issue and full text archive of this journal is available on Emerald Insight at:
www.emeraldinsight.com/1368-5201.htm

JMLC
20,2
Tracking digital footprints:
anonymity within the bitcoin
system
172 Perri Reynolds and Angela S.M. Irwin
Department of Security Studies and Criminology, Macquarie University,
Sydney, Australia

Abstract
Purpose – The purpose of this paper is to critically analyse research surrounding the anonymity of online
transactions using Bitcoin and report on the feasibility of law enforcement bodies tracing illicit transactions
back to a user’s real-life identity.
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

Design/methodology/approach – The design of this paper follows on from the approach taken by Reid
and Harrigan (2013) in determining whether identifying information may be collated with external sources of
data to identify individual users. In addition to conducting a detailed literature review surrounding the
anonymity of users, and the potential ability to track transactions through the blockchain, four Bitcoin
exchange services are examined to ascertain whether information provided at the sign-up stage is sufficiently
verified and reliable. By doing so, this research tests the ability for law enforcement to reasonably rely upon
this information when attempting to prosecute individuals. Additionally, by submitting fake information for
verification, the plausibility of these services accepting fraudulent or illegitimate information is also tested.
Findings – It may be possible to identify and prosecute bad actors through the analysis of transaction
histories by tracing them back to an interaction with a Bitcoin exchange. However, the compliance and
implementation of anti-money laundering legislation and customer identification security standards are
insufficiently used within some exchange services, resulting in more technologically adept, or well-funded,
criminals being able to circumvent identification controls and continue to transact without revealing their
identities. The introduction of and compliance with know-your customer and customer due diligence
legislation is required before law enforcement bodies may be able to accurately rely on information provided
to a Bitcoin exchange. This paper highlights the need for research to be undertaken to examine the ways in
which criminals are circumventing identity controls and, consequently, financing their illicit activities.
Originality/value – By ascertaining the types of information submitted by users when exchanging real
currency for virtual currency, and seeing whether this information may be accepted despite being fraudulent
in nature, this paper elucidates the reliability of information that law enforcement bodies may be able to access
when tracing transactions back to an individual actor.
Keywords Cybercrime, Bitcoin, Anonymity, Terrorism financing, Cryptocurrency, Digital currency
Paper type Research paper

Journal of Money Laundering
Control
Vol. 20 No. 2, 2017
pp. 172-189
© Emerald Publishing Limited
1368-5201
DOI 10.1108/JMLC-07-2016-0027
1. Introduction
In response to a new technological shift, criminals and consumers alike are increasingly
finding new ways to evolve. To keep up with a rapidly expanding global environment, and
with the gap between the “global” and the “local” becoming smaller, criminals are adopting
new forms of currency, such as cryptocurrency, to increase the level of anonymity afforded
to their illicit activities. This may, as a consequence, result in the development of an
underground criminal economy (Masciandaro, 1999) allowing the proceeds of crime to evade
regulation surrounding online financial environments (Schneider and Windischbauer, 2008).
The ability of cryptocurrencies to enable anonymous transactions allows users to trade
virtual currency regardless of their geographic location, without revealing either the
real-world source of their income or their own identity. However, the exact degree of
anonymity afforded by cryptocurrencies is subject to much debate (Gross and Acquisti,
 2005; Androulaki et al., 2013; Meiklejohn, 2013; Reid and Harrigan, 2013). Cryptocurrencies, Tracking
such as Bitcoin, rely on a de-centralised system based on peer-to-peer public key addresses, digital
rather than having a central regulating body, such as a financial institution or bank, which
reviews and monitors transactions. This allows potential criminal transactions to be
footprints
processed through cryptocurrencies, as the process of moving money is quicker and more
efficient due to the bypassing of the regulatory controls that third-party institutions, such as
banks, are legally bound to perform.
173
2. Structure
This paper will survey and critically analyse the literature surrounding the anonymity of
cryptocurrencies. The paper is divided into two sections. The first section conducts a
thorough literature review surrounding the current discourse and research in the field of
cyber security and cryptocurrencies, and aims to highlight their high potential for misuse by
criminal actors. This section aims to acknowledge past attempts at de-anonymising
transactions made using cryptocurrencies and expand upon their results through verifying
their practicability. The second section involves an experimental research element which
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

aims to elucidate whether the implementation level of anti-money laundering and

counter-terrorism financing processes within cryptocurrency systems are proficient in their
practical application or whether the processes in place are fundamentally inadequate,
allowing higher levels of anonymity to be afforded to potentially illicit transactions.
Focusing specifically on the Bitcoin system, as it is the largest and the most widely
adopted cryptocurrency to date, this paper reports on the conclusions and findings of
whether online financial providers such as Bitcoin exchanges have sufficient forms of
anti-money laundering/counter terrorism financing securities and regulatory barriers to
confirm user identities. To date, there is currently no universal regulation specifying that any
Bitcoin exchange must comply with anti-money laundering and counter terrorism financing
regulations. As a consequence, Bitcoin exchange services may be misused for illicit purposes
due to the ability to create accounts using falsified information. Although legislation and
regulation is currently under consideration to avoid illicit use of cryptocurrencies and
enforce taxation compliance, the global nature of these forms of currency makes adherence to
this legislation difficult without universal adoption of these measures.
In addition, the current legislative and law enforcement landscape of cryptocurrencies
will be examined and contrasted against the current literature surrounding the feasibility of
using cryptocurrencies for the funding of illicit activities. Finally, this paper will ascertain
whether the information provided to online financial providers is sufficient for effective
tracking of illicit transactions and terrorist financing activities by law enforcement bodies.

3. A brief introduction to cryptocurrencies

Virtual currency refers to a form of digital representation of value that can be traded through
digital means (Department of the Treasury Financial Crimes Enforcement Network, 2013). In
comparison to the traditional definition of currency, comprising exchanging units or tokens
as a means of value within a country, typically represented by physical coins or paper which
circulates as legal tender within a particular jurisdiction, virtual currency moves between
multiple jurisdictions through the aid of Internet platforms. The traditional conception of
currency, that of tactile units or tokens of exchange, is termed as “real” currency, and
includes the aspect of being supported and legitimized by each jurisdiction’s respective
government, and is, thus, intrinsically tied to the restriction and introduction of supply by
governments that affect its overall value within the market.
In contrast, virtual currencies have no such dependency, instead having their value tied to
the acceptance of individuals. A virtual currency is neither issued by any one jurisdiction nor
 JMLC is it guaranteed, and “functions only by agreement within the community of users of the
20,2 virtual currency itself” (Financial Action Task Force, 2014, p. 4). Thus, while some virtual
currencies such as the Linden dollar and Avination Care Coins may be converted to and from
real currency, this may not always be the case, with many being termed “closed” currencies
that can only be converted one-way and may not be exchanged for real-world currencies
(Financial Action Task Force, 2014).
174 The term cryptocurrency, by comparison, refers to math-based, decentralized, convertible
(or “open”) virtual currency, the processes of which are protected by cryptography and
exhibit an equivalent value in real currency (Financial Action Task Force, 2014). The concept
of cryptocurrencies was first introduced in 1983 by Chaum’s proposed introduction of a
bank-issued cash system configured of blindly signed coins, thus creating “untraceable
payments” (Chaum, 1982, p. 200). These blind signatures prevented financial institutions
from linking transactions to users, hence providing a form of unlinkability (Bonneau et al.,
2015). Since the birth of this concept, multiple variations have been developed, establishing
systems that allow for increased anonymity and efficiency during the transaction process
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

(Camenisch et al., 2005).

As a consequence, there is a concern that cryptocurrencies are increasingly becoming
attractive to criminal organisations (Meiklejohn, 2013). The ability of cryptocurrencies to
avert currency controls and regulations through their non-reliance on financial institutions,
when making transactions, creates an appealing method of transferring funds anonymously.
Proceeds of crime, funding of illicit activities, purchase of illicit materials and the increased
possibility of fraud have all been a confirmed side effect to the circumvention of regulatory
controls (Middlebrook and Hughes, 2014). Thus, cryptocurrencies expose “users to risks that
regulatory regimes are intended to mitigate, and impede efforts of authorities and banks that
are tasked with combatting fraud, money laundering, and tax evasion” (Pflaum and Hateley,
2014, p. 1,194).
Mainstream attention to the misuse of cryptocurrencies to complement illicit transactions
has recently been highlighted following the information gathered surrounding the seizure of
the assets of the alleged founder of the “Silk Road”, Ross William Ulbricht. The FBI
confirmed that the equivalent value of approximately US$33.6m was stored on a Bitcoin
wallet affiliated with the illicit website (Federal Bureau of Investigation, 2013). Despite the
website allegedly maintained by Ulbericht having been shut down following the
investigation, similar websites such as “Alpha Bay” still operate across the Internet,
providing online marketplaces where illegal materials such as drugs, hacking software,
murder-for-hire contracts and pornography are advertised for sale and distributed across
multiple jurisdictions directly from the seller to a recipient address provided by the buyer
(Martin, 2014). These forms of marketplaces are increasingly attractive to criminals,
especially those seeking a less risky environment, as adopting this process reduces the
street-level risk of “violent exchanges between buyer/seller relations” (Martin, 2014, p. 353)
and further diminishes the destabilizing effect that law enforcement operations have on illicit
market distribution (Bouchard, 2007). As Bouchard (2007) observed, the impact of an
external shock to an illicit marketplace, such as exposing a dealer on the Silk Road, is
minimal, due to the negligible roles that actors play in comparison to the size of the market.
The appeal of these websites is further escalated by their ability to increase efficiency,
immediacy and cost-effectiveness across a global criminal market (Serious Organised Crime
Agency, 2006), and, through adopting cryptocurrencies to disguise their identities, further
avoid conventional restrictions faced by offenders on a national level (Serious Organised
Crime Agency, 2006). As such, by adopting cryptocurrencies within these illicit websites,
 transactions of illicit material carry less risk to the purchaser than traditional transactions Tracking
through third party financial institutions. digital
footprints
4. Bitcoin basics: what are they?
While there are an increasing number of cryptocurrencies operating within virtual
environments, the most prominent form of currency being used throughout these online
platforms is Bitcoin. Introduced by Satoshi Nakamoto (a presumed pseudonym) in 2009, the 175
first “open” virtual cryptocurrency entitled “Bitcoin” is not regulated by a central
authoritative body (Nakamoto, 2008) and is, instead, based on an algorithm which features a
decentralized peer-to-peer transaction system; its processes are designed, among other
ideals, to reduce transaction costs that are created through third parties validating
transactions (Dion, 2013, p. 166). Indeed, Bayern (2013) argues that users of Bitcoin need not
even be human and, instead, may be independently autonomous computer-generated
programs designed to transfer monetary funds.
Differing from previous digital currency models, Bitcoin does not allocate digital
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

monetary units to users. Instead, each Bitcoin address created has a unique fingerprint
(Eskandari et al., 2015) and a “signature” consisting of a unique public key that enables users
to transfer funds anonymously, without any identifying information being published.
Through the method of holding public user keys, instead of personalised accounts, users do
not hold units of currency per se, but, rather, have signing authority over accounts
(Eskandari et al., 2015, p. 2). Consequently, by creating peer-to-peer transactions based on
these public user keys, rather than account information of users, users are granted a higher
level of anonymity in comparison to traditional financial platforms.
When attempting to connect user identity information to their transaction histories, one
must first understand what sorts of information users volunteer when applying for a Bitcoin
account. To make a transaction, users are required to have in their possession the signature
of their account that contains their Bitcoin. These signatures – or public user keys – are held
within virtual wallets, a form of file on a user’s application directory that may be stored on a
device’s local storage or database. These public keys, once they have completed a
transaction, are published in a public ledger to be a record of “chains of custody” (Nakamoto,
2008, p. 2), a measure put in place to avoid the double spending of Bitcoins and fraud. The
ledger itself, commonly termed the “blockchain”, as it resembles a form of linked blocks of
code, is maintained by the system. Through providing incentives of being able to “mine” new
Bitcoins and collect transaction fees through the process of downloading, verifying and
updating the ledger, the ledger itself is maintained through this form of consensus
(Eskandari et al., 2015, p. 2). Further, by publicly publishing the records of transactions, this
relinquishes any need to privately search for prior transactions while simultaneously
avoiding the problem of double spending.
It is this feature that poses the greatest risk to the assumed anonymity of Bitcoin. Despite
public keys often being disguised or multiple in nature, user transaction history is publicly
available and, as a consequence, can potentially be monitored by law enforcement and other
interested parties, breaking down the anonymity provided by the system by surveying and
collecting transaction data. To demonstrate the process that allows law enforcement to
de-anonymise users if stricter identification controls are put in place within Bitcoin exchange
services, it is prudent to first demonstrate a typical transaction within the Bitcoin system
(Figure 1). User A typically sets up a Bitcoin account and, in doing so, supplies identifying
information to the exchange to enable the ability to transact with other users. Once a Bitcoin
exchange account has been set up, User A may exchange real currency for Bitcoin and
 JMLC
20,2

176

Figure 1.
Example of a typical
Bitcoin transaction
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

transact with other users. However, as each transaction is recorded on the public blockchain,
the information of which User A transacts with is recorded as a result.
However, the main issue that presents at this stage is that, often, there is no legal
obligation on a Bitcoin exchange to take measures to block users from transacting with other
parties when they have provided incorrect or fraudulent identifying information. This is due
to legislation having not yet been universally introduced specifying that a Bitcoin exchange
is required to conform to any one particular jurisdiction’s standard of identification controls.
Consequently, as shown below (Figure 2), the ability of a user to provide fake or fraudulent
information to a Bitcoin exchange allows the user to be anonymous in their trading if they
desire to keep their transaction information hidden. However, if this ability was removed,
and users must provide legitimate information to a Bitcoin exchange, law enforcement may
be able to break down user anonymity status by tracing transactions back through the

Figure 2.
De-anonymisation of
users through tracing
transactions through
the blockchain
 blockchain and ascertaining user identification through subpoenaing user information from Tracking
Bitcoin exchanges within their relevant jurisdictions (Figure 2). digital
footprints
5. Anonymity within the Bitcoin system
One of the biggest obstacles remaining for law enforcement bodies is that, although users’
public keys can be traced through transaction history, they still remain anonymous unless
accompanied by other requirements of confirming identity data, such as the registering of an 177
email address associated with an account (Dion, 2013, p. 166). This limits detection if an
account user submits fraudulent information or does not submit any personally identifiable
information at all. Further, by allowing users to create multiple public keys when making
transactions, this creates a multitude of different public keys associated with any one user
and, as a consequence, strengthens the anonymity of accounts. Furthermore, this creates the
ability for users to disguise their transactions by maintaining multiple public keys and
moving their supply of Bitcoins across accounts. This, in theory, decreases the likelihood of
detection by authorities. However, this process, while aiding the ability of users to remain
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

anonymous in their transactions, may actually be indirectly beneficial for law enforcement
bodies. If law enforcement were able to identify one public key address attributed to one
individual offender, upon the discovery of a connection between one public key address and
another address with similar transactions and connections, then they could effectively
determine that those keys were owned by the same user and thus be able to prosecute
accordingly.
However, there is currently no process or mechanism to reverse a transaction once
completed and processed throughout the system (Pflaum and Hateley, 2014). This provides
a large barrier to law enforcement once physically seizing a suspect’s public key addresses,
as there is a high likelihood that a person would not store all of their funds on the one account.
This would lead to criminals being able to empty their accounts with ease before law
enforcement could submit the funds as evidence. Eskandari et al. (2015) note, however, that
these forms of storage may be vulnerable to security issues, arguing that while some Bitcoin
consumers may be able to encrypt their public keys, this does not necessarily protect them
against digital theft, but rather provides some level of security for physical theft, trading
“recoverability and usability for the mitigation of physical theft” (Eskandari et al., 2015, p. 3).
Thus, to ascertain whether transactions using cryptocurrencies, such as Bitcoins, are
truly afforded anonymity from identifying features, which may incriminate users, the
methodologies and requirements of the Bitcoin system must be scrutinised to test what
forms of information are required for the buying and selling of virtual currency. Due to
commonplace practice within the Bitcoin system to acquire multiple addresses and wallets
for transactions, resulting in increased anonymity, law enforcement agencies are faced with
evidentiary complications when apprehending offenders, causing difficulties in efficiently
and effectively investigating money laundering and counter terrorism financing violations
and other criminal activity (Ajello, 2013, p. 3). In comparison to traditional financial
transactions, where increased levels of identity confirmation are required in the event of the
physical presence of the customer being absent, Bitcoin requires no such intrinsic
requirement (Stokes, 2013, p. 3). However, previous studies have shown that despite the level
of anonymity afforded by these systems, they remain vulnerable to privacy attacks
(Backstrom et al., 2007; Narayanan and Shmatikov, 2009) as the public availability of
geographic network data and transaction history allows for the inferring of social ties
between users (Crandall et al., 2010). In addition to this, due to the public availability of
records within the blockchain, it is argued that determined parties may be able to
de-anonymise users by searching the transaction history of a particular account, and thus be
 JMLC able to link user information to their transaction histories (Taylor, 2013). Certainly, it can be
20,2 argued that it is common business practice within Bitcoin for users to voluntarily publish
their public key addresses to gain trust of other parties and advertise that their business is
legitimate, thereby, reassuring stakeholders that they will receive payment (Taylor, 2013).
Voluntary disclosure of public keys by individuals or organisations, either publicly
declaring their relationship as a form of trust bargaining (Taylor, 2013) or accidental
178 disclosure through online forums such as the Bitcoin forum (Reid and Harrigan, 2013), is a
circumstance that may further erode user anonymity. Security researcher Kaminsky (2011)
executed an analysis of the Bitcoin system investigating the rate of identity information
being linked in regards to IP addresses of users. He concluded that, through using a Sybil
method of attack[1], involving opening connections to nodes in accordance to each specific
timing sequence of the transactions to determine which transactions came from which client,
he could essentially map IP addresses to the public keys of users (ShenTu and JianPing,
2015a, 2015b). Kaminsky (2011) operated under the premise that the IP address of a new
transaction was owned by the original sender and, thus, could potentially ascertain their
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

real-world identity through the acquirement of this information (Kaminsky, 2011).

However, this method of tracking users through relying on their IP addresses may be
limited in scope, considering that the technologically adept criminal could simply adopt the
use of cloaking software such as a TOR browser. Indeed, Koshy et al. (2014) acknowledge
that while Kaminsky’s (2011) theory held considerable promise, an underlying flaw
remained that the tracking of each IP address could be circumvented through using software
such as a TOR. This being the case, while implementing the use of a TOR browser, when
making transactions, makes it more difficult for law enforcement to track transactions, it is
not impossible to track this information, and thus this is not a substantial barrier to tracing
transactions (Hansen, 2013). A second weakness of this method is that multiple clients could
be overlooked through this process, as they could not be connected directly to the original
sender. This would allow for considerable gaps in data (Koshy et al., 2014). Third, users often
have multiple sessions with different IP addresses and networks, and, therefore, this
increases the difficulty of collecting data.
Despite this, researchers Biryukov et al. (2014) suggest that it is possible to evade
restrictions placed on law enforcement when confronted with a user using a TOR browser,
demonstrating that through exploiting the in-built DoS system within Bitcoin, they were able
to temporarily disconnect users from TOR, and thus leave the user vulnerable to the potential
identification of their IP addresses (Biryukov et al., 2014). However, this is also limited in its
application, as a user would simply reconnect once they discover that they have been
disconnected. Consequently, the method of relying on infiltration through using a Sybil
attack method is severely limited. However, it shows that this process may be effective
against non-human users, such as automated systems that conduct transactions.
Considering these observations, it is clear that the anonymity provided by the Bitcoin
system may slowly be eroded when relying on the method of scrutinising transaction data
contained within the public blockchain, and the ascertainment of user IP addresses.
However, an argument raised by Reid and Harrigan (2013) acknowledges that these forms of
observations by law enforcement bodies are passive in nature and, consequently, restricted
in scope, suggesting that to more efficiently link users to external identifying information, a
more active approach is necessary. One example they discuss is introducing “marked”
Bitcoins and collaborating with other users within the Bitcoin system. By publishing the
public key signatures of “dirty” or suspected illicit transactions on forums, this would allow
both consumers and law enforcement to monitor the exchange of Bitcoins moving between
parties. This would provide a clearer picture of whether the number of Bitcoins has been
 legitimately sourced than can currently be gleaned through passive modes of surveillance Tracking
(Reid and Harrigan, 2013). digital
Consequently, this practice could be used to break down user anonymity status. By footprints
publishing “dirty” signatures on forums, this would aid law enforcement in being able to
subpoena records in regards to organisations falling within their jurisdiction. Unfortunately,
the likelihood of criminal organisations voluntarily publishing their relationship with
particular public key addresses is highly unlikely, particularly in circumstances where 179
organisations are accustomed to hiding illicit practices through measures such as money
laundering. This limits the extent to which law enforcement agencies may rely on this
method to apprehend offenders.
However, this does not automatically discount these forms of data collection as viable
methods of obtaining information for the purposes of law enforcement. Within a localised
simulation, performed by Androulaki et al. (2013, p. 35), it was discovered that the profiles of
approximately 40 per cent of users of Bitcoin could be identified even when users
implemented privacy measures that are recommended by Bitcoin to hide identity
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

information. Through conducting a controlled, localised study within a university

environment, Androulaki et al. (2013) discovered that by implementing behaviour-based
clustering techniques, such as identifying corresponding geographical locations of user
transactions with the geographical locations of registered businesses such as shops, user
transactions were pinpointed with 80 per cent accuracy due to their habitual behaviour
(Androulaki et al., 2013). This method was further tested through having subjects adopt
Bitcoin recommended forms of ensuring privacy, such as manual transferal of funds
amongst multiple addresses. They also achieved similar results to their first study. As such,
Androulaki et al. (2013) argues that a knowledgeable adversary – or indeed, by extension,
law enforcement – may be able to derive similar conclusions if given enough information
surrounding geographical locations of businesses operating under published public keys.
This study operates under the assumption that such geographical information may first
be easily ascertained and, second, is reliable. Crandall et al. (2010) highlights this within their
study comparing the use of online environments and the corresponding repeated
geographical similarities, resulting in the conclusion of social ties between users. Crandall
et al. (2010) argues that the probability of users having some form of social tie with one
another, when tagged within a specific geographical location, may be ascertained through
relying on these forms of information (Crandall et al., 2010, p. 22,440). As such, user privacy
and anonymity is weakened through these forms of data being attained. However, the
reliability of this information is strongly discussed as merely suggesting a probability of
sharing social ties, based on coincidental forms of data, and thus increasing the probability,
but not the certainty, of a user being associated with another through geographical location.
The fact that these forms of conclusions are based on probability rather than factual evidence
may damage law enforcement’s ability to investigate into matters that require a high
standard of proof to be met in regards to criminal activities.
The study conducted by Androulaki et al. (2013), which determined that such
geographical location coincidences could be linked to user identity, was conducted within a
localised university setting with fixed geographical points of data, which may not be easily
transferrable to a global system such as Bitcoin. Consequently, the success of the findings
may be altered once taken outside a localised environment where geographical conclusions
may not be easily interpreted. This creates further obstacles for law enforcement when
analysing transaction information contained within a system such as Bitcoin and limits this
method’s effectiveness in its practical application of apprehending offenders.
 JMLC However, scholarly research has commented on the potential ability for agencies to
20,2 combine multiple sources of identity data to secure user information, despite such
information having not originated from the direct source of the alleged offence (Gross and
Acquisti, 2005). Through collecting identity information, such as locating common
pseudonyms across various social networking sites and cross-examining said information
with identity data, such as a registered email address for a social media account, this would
180 secure user information without having to collect that information from the source of the
alleged illicit transaction made from an account. Indeed, Reid and Harrigan (2013) outline
that, although there is no published user directory for the Bitcoin system, a partial system
may be built if combined with off-network information (2013, p. 15).
Various complications arise from this method of attaining user identifying information.
First, this process relies on identifying information being reliable and correct. However,
many technologically knowledgeable criminals may be able to circumvent identity controls
through careful selection of providers that do not require such identifying information in the
first place or, indeed, may be easily satisfied with fraudulent information. This limits the
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

successful application of this detection method to those that are less technologically
knowledgeable. While this may still be successful in identifying users, it is limited in scope
and effectiveness against large criminal organisations that may be more adept at evading
detection. Second, the mere fact that the information collected has the potential to be
fraudulent or unreliable may prove to yield little evidentiary traction, casting doubt upon its
legitimacy within court processes when arguing that a specific individual has a link to an
illicit transaction.
Further, forms of information such as data collected from alternate sources may prove to
be a challenge for law enforcement agencies to accurately rely upon (Gross and Acquisti,
2005). While Gross and Acquisti (2005) argue that many online stores, which accept Bitcoin,
comply with anti-money laundering legislation and regulations such as know your customer
(KYC) and customer due diligence (CDD) and, thus, have access to such information as
shipping addresses, credit card information and email addresses that may reveal user
identities (Reid and Harrigan, 2013), this information may not be reliably attained or
collected by these forms of business. Indeed, as discussed by Irwin et al. (2013), not all
organisations have sufficient mechanisms to comply with KYC and CDD regulations, thus
limiting this method considerably. Further, Irwin et al. (2013) comment that even services
that do exhibit these forms of regulatory protections against misuse often maintain
insufficient verification checks and protections in actual practice, allowing for fraudulent or
inadequate information to be submitted as a result. For adequate compliance to be upheld to
KYC and CDD regulations, the minimum requirement for identity confirmation is the supply
of users’ full legal name, age and residential address, most of which were discovered to be
insufficiently documented and verified, and thus fundamentally inadequate in their
application (Irwin et al., 2013, p. 18).
In addition to this, the enforcement of such regulations relies on the willingness of each
jurisdiction to implement penalties for non-compliance with the law, as KYC and CDD
regulations are the responsibility of each jurisdiction to enforce and uphold. This may
become problematic in situations where countries are reluctant to investigate possible
non-compliance and money laundering and terrorism financing threats due to the high cost
of investigation and enforcement of penalties against infringers. Governments may also be
reluctant to enforce KYC and CDD requirements due to neo-liberalistic pressure that has
been placed on international businesses to gain profits and maintain competitive edge within
the market (Box, 1983).
 This unwittingly provides strong incentives and, indeed, encourages using multiple Tracking
means, including illegal means, to gain market standing. Box (1983) argues that it is a digital
rational response for organisations to emphasise self-preservation when considering footprints
business profit margins and compliance with regulations. As a result of this, scholars such as
White and Perrone (2010) argue that businesses may be inherently criminogenic in nature as
the globalised nature of profit income introduces a conflict of interest between legally
obtaining wealth and the substantial gross economic product of crime (White and Perrone, 181
2010, p. 241). However, despite this argument, Quirk (1997) argues that the monitoring of
financial transactions, as suggested by the Financial Action Task Force (2012)
recommendations, through implementing KYC and CDD schemes, allows bodies to merely
identify the sources of income and offenders, rather than the government perception of
exerting unnecessary controls over the free market (Levi, 2002, p. 185).
The potential erosion of user anonymity may further be examined through the argument
put forward by Meiklejohn (2013). They argue that, while Bitcoin does afford some degree of
anonymity to users, due to certain idioms of use, anonymity may be broken down through
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

practical common methods that users use. One such example is the recommended practice of
keeping a public key address inactive, termed a “change address”, and only using that
address to receive funds by the Bitcoin client after a transaction has been made, effectively
receiving the balance as “change”. These addresses may be used once in any transaction and
then discarded, or used multiple times depending on the user’s needs. These practices, while
not being mandatory for a transaction to be completed, are commonly implemented by users
within the system to receive increased levels of privacy, thereby ensuring that any one public
key address is used only once with the balance put into another address, rather than
continual use of the same address. However, Meiklejohn (2013) acknowledges that this may
not indeed be the case, as another idiom of use, which is highlighted within their research, is
that of creating a “peeling chain” where relatively large sums of Bitcoin, often in the
thousands, are slowly transferred through small, minute transactions to multiple change
accounts in an attempt to disguise who is receiving the bulk of the payment (Meiklejohn,
2013, p. 9). Due to this, if an agency discovers a user’s change address, they can effectively
cluster the input addresses of a transaction, allowing for a breakdown in anonymity. To
demonstrate this, Meiklejohn (2013) explored a combination of various methods of opening
accounts and making purchases with a broad variety of service providers and trawling
through Bitcoin forums to link public keys with businesses voluntarily offering their
ownership. Meiklejohn (2013) subsequently identified and labelled the public key or change
address used in the transaction as belonging to a certain service and consequently used
clustering methods to identify multiple public keys associated with a single public key. As a
result, this clustering method effectively mapped nodes of service relating to specific
individual users, rather than being limited to a single public key.
This finding demonstrates that although Bitcoin does provide some degree of anonymity
to users, by using clustering techniques and other methods of identifying data, such as the
voluntary disclosure of public keys, law enforcement agencies may be able to subpoena
records of individuals based on these forms of data (Meiklejohn, 2013, p. 2). As a consequence
of these findings, Meiklejohn (2013) argue that a gap is presented between the potential
anonymity provided within the Bitcoin system and the actual anonymity that is achieved.
Through surveying these methods of identity procurement through alternative information,
it is clear that the anonymity provided by these systems is lacking in practical application.
As a consequence, transactions may indeed be vulnerable to de-anonymisation efforts by law
enforcement and other agencies.
 JMLC However, these methods will become increasingly more difficult due to new methods of
20,2 disguising payments within the Bitcoin system, such as the introduction of Dark Wallet and
“mixing” services. Dark wallet services allow for multi-signature Bitcoin services, where
multiple people may contribute to a movement or payment of Bitcoins, as well as the
capability for transactions to be “mixed” with other transactions. Bitcoin “mixer” services
can effectively disguise transactions through implementing a time delay of the transaction to
182 the blockchain, and, at a later time, simultaneously enter transactions into the blockchain
with legitimate purchases in a single transaction (ShenTu and JianPing, 2015a, 2015b, p. 10).
For example, if Party A wished to purchase heroin on the silk road at 5.59 p.m, and Party B
purchased a woolen sweater at 6.05 p.m., a Bitcoin mixer could effectively “mix” or “join” the
transaction information so that both transactions are recorded simultaneously on the
blockchain, resulting in illicit transactions becoming significantly more difficult to trace.
However, while this is increasingly appealing to criminals wishing to hide their transactions,
the time delay on transactions is significant. Additionally, the transaction must be recorded
with the mixing service and thus leaves the transaction information vulnerable to
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

de-anonymisation. In light of the development of these new technologies, the need for stricter
identification controls and procedures, which are entrenched within the exchange service
process, is becoming increasingly more vital to protect against illicit misuse.

6. Methodology
The methodology undertaken within our research consisted of two main phases. The first
phase of our project, as illustrated above in Sections 1-6, involved a thorough background
review and typological search of the current literature, focusing specifically on the multiple
ways in which prior research has attempted to track transactions using cryptocurrencies. As
a result of conducting this research, we were able to determine what methods have been
adopted in the past to de-anonymise users trading in Bitcoin, and what problems occur in
these processes. This research culminated in an analysis of the types of online patterns that
are observed in individuals carrying out transactions within virtual environments, and
whether law enforcement or other interested bodies could theoretically trace transactions
back to the point of contact with a Bitcoin exchange. As a result of this phase, the
experimental research approach selected within this paper draws upon a mixture of the
research methodologies selected by Androulaki et al. (2013); Irwin et al. (2013) and Reid and
Harrigan (2013) in attempting to de-anonymise users through the collection of geographical
and identification data. As Reid and Harrigan (2013) note, by collecting data from other
sources such as email accounts and social media accounts, a partial repository of identifying
information may be built (2013, p. 15). However, the main focus of the research conducted
below specifically encompasses the role in which Bitcoin exchange services are able to
potentially de-anonymise users within this stage of the Bitcoin transaction process and, thus,
allow law enforcement to break down the anonymity of users and reveal their real-world
identities.

6.1 Methodological approach of experimental phase

The experimental phase of the project involved conducting an experimental analysis of four
separate Bitcoin exchanges. These experiments measured the extent to which these
exchange services were in compliance with anti-money laundering regulation, know your
customer procedures which have been specified for electronic payments and, further, what
forms of identifying information are required to buy and sell Bitcoin. By using this method,
the regulatory standard of identification security of exchange services would be tested to
scrutinize whether these exchange services sufficiently adhered to verification measures to
collect legitimate information surrounding identities of clients, and if so, whether this
 information was suitably reliable for use by law enforcement bodies. Through obtaining this Tracking
data, identity information provided at the verification stage of setting up a Bitcoin exchange digital
account may be able to be de-anonymised when tracing back transactions via the use of a
Bitcoin exchange.
footprints
However, the reliability of such information needs to be assessed in terms of adequate
verification methods to be a sufficient method of identifying users. The minimum
identification verification requirement in Australia, as set out in Section 71 of the Anti-Money
Laundering and Counter-Terrorism Financing Act 2006 (Cth), is a two-point identification 183
process to confirm identity when making electronic transactions. This standard was used as
the minimum standard within the experimental phase of this research. In addition to
collecting this information, it was further ascertained whether these requirements might be
circumvented through providing fraudulent information, and to what degree an exchange
provider investigates suspicious information collected, if at all. The process of determining
what information may be detected as fraudulent, and what forms of information may be
detected as legitimate, is outlined in Figure 3. In the interests of privacy and protection
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

against misuse, the Bitcoin exchanges, otherwise termed online service provider services
(OFSP’s), that were tested within our study are not identified within this paper and are
instead termed hereafter as OSP1, OSP2, etc.

7. Results and findings

Four Bitcoin exchange services were examined to see what forms of identifying information
are required when exchanging fiat currency for virtual currency and whether this
information is sufficiently verified to protect against fraudulent information being
submitted. Each Bitcoin exchange required usage of a supplied Bitcoin wallet, allowing the
potential for identifying information to be tied to a particular wallet supplied by the
exchange. However, Bitcoins from this wallet could be transferred into a more secure Bitcoin
wallet that requires no identifying information, allowing funds to become layered within the
blockchain. This does not prevent the potential for law enforcement to trace back the original
transaction between the Bitcoin exchange wallet and the Bitcoin Core wallet and provides a
link between a user and the provided identifying information given to the exchange.
However, it limits the reliability of the source the more each Bitcoin is traded. The forms of
identifying information required to receive an account through a Bitcoin exchange is shown
in Table I below.

Figure 3.
Methodological
process
 JMLC Using Section 71 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006
20,2 (Cth) as the legal standard of satisfying anti-money laundering regulations within Australia,
OFSP’s 2, 3 and 4 satisfied the requirements of supplying two points of identification. OFSP1
failed to adequately verify user identities in accordance to the standards set out by the Act,
as it did not require two points of verified identification to be submitted before being able to
transact with other parties. This leaves the exchange vulnerable to criminals who exploit the
184 services provided by the OFSP. However, clients were only allowed to transact without
further verification of identity status through cash deposit and not electronic transactions
due to a policy implemented by the site. Thus, although this exchange limits the dollar
amount criminals would be able to transact with other parties, through restricting electronic
transfer requirements while using their services, it may be deemed more feasible by
criminals for privacy concerns. However, it is undeniable that the risk of street-level
detection may increase, as users must perform transactions in person, which may be less
favourable to the criminal’s interests.
The second phase of the experiment involved testing the verification provided by the
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

various OFSP’s, ascertaining whether the identity verification measures in place for each
exchange for electronic transactions were sufficiently enforced, and whether the standards
put in place could actually be circumvented through providing fraudulent information.

7.1 Testing identity verification on bitcoin exchange sites: first round

The first round involved attempting to submit obviously concocted information into the
verification steps and determine whether the verifications were actually performed. This
phase of the research was assisted through the use of proxy-disguising software TOR
browser, a likely precaution used by criminals when setting up an account with an OFSP.
From here, a fake pseudonym was developed with fake information, providing the basis of
the identity to be used within the next steps of verification. A fake email account, created
using concocted details of identity such as name and birth date, was set up for each OFSP to
ensure that, if discovered, the results of the other OFSP accounts would not be compromised.
From this point, a fake identity was created and submitted as “real” to each Bitcoin exchange.
The results of round one of the verification process are shown below (Table II).
As shown below, one Bitcoin exchange refused access to the site when a user was using
the proxy software, TOR. This result was confirmed on multiple computers over a period of
weeks, to ensure the fault was not due to a TOR malfunction. As a consequence, this
exchange was omitted from the results, as adequate information could not be gathered.
OFSP1, OFSP2 and OFSP4 did not accept obviously concocted information as sufficient
when validating identity. OFSP1 and OFSP2, while rejecting the verification of the
fraudulent information, failed to suspend the Bitcoin exchange account or flag the email
associated with that account for suspicious activity, at this stage. One of these accounts,

Type of Passport, driver’s

identifying Real Email Residential license or form of Phone Date of Geographical
information name address address photographic ID no birth location

OFSP1 x x
Table I. OFSP2 x x x x x
Identification OFSP3 x x x x x x x
requirements when OFSP4 x x x x x
creating a Bitcoin
account Note: x ⫽ yes
 OFSP1, could theoretically remain active in this time and transact with other persons, despite Tracking
verification being rejected. Only OFSP4 suspended the account associated with the exchange digital
within 24 h of the application being submitted and also flagged the email associated with the
account due to violating the standards of conduct of the email service.
footprints

7.2 Testing identity verification on bitcoin exchange sites: second round

Similar to the first round, the second round involved attempting to submit fraudulent
information into each OFSP’s verification of identity process steps, and determine whether
185
the verifications were simply performed on a risk-based basis. Thus, the second round
involved creating seemingly legitimate, yet fraudulent, information to see whether this
would cause the same red flag indicators within the systems of the exchanges as the
obviously concocted information. This phase of the research was assisted through the use of
similar proxy-disguising software to the originally used TOR browser, named ninja cloak or
Ninja Proxy. This software was used to determine whether OFSP3’s precautionary measures
were exclusive to users using the TOR network, or a blanket approach taken to any user
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

using proxy-disguising software.

The first steps of the process involved a similar process to Round 1; a fake pseudonym
was created with fake information, providing the basis of the identity to be used within the
next steps of verification. Identical to the first experiment, numerous fake email accounts
were set up for each OFSP to ensure that, if discovered, the results of the other OFSP accounts
would not be compromised. However, as the second round of the experiments aimed to see
whether seemingly legitimate information, albeit incorrect information, would pass through
the process unnoticed, real-world information was used such as legitimate street names and
numbers; however, incorrect details such as the name of resident were submitted. This
insured that the actual information being checked – residential address information and full
name details – was processed in correspondence to government records, and not simply
checked to ensure the information was correct and in line with profile information. The
results of Round 2 of the verification is shown below (Table III).
As noted above, one Bitcoin exchange again refused access to the site when a user was
using proxy disguising software. This confirms that the site exclusively does protect not
only its services from users who route their IP address through TOR software but also other
proxy services. This protection would allow a greater chance for law enforcement to gain
information regarding user identity and allow law enforcement to be able to track a user’s IP
address when using this exchange to transact. However, it is likely that criminals wishing to
use Bitcoin for illicit purposes would simply switch exchange services to those that do accept
proxy-disguising software such as TOR. Of the three remaining Bitcoin exchanges, again,
none accepted verification through providing fraudulent information. Only one OFSP
suspended the account associated with the exchange within 24 h of the application being
submitted, as well as flagging the email associated with the account to suspend activity due
to violation of standards of conduct of the email service. OFSP4 did not suspend the account

Disallowed access Verified fraudulent Flagged Allowed transactions

Online financial for users using and illegitimate Suspended email without valid
service provider TOR information account address verification
Table II.
OFSP1 No No No No Yes Results of
OFSP2 No No No No No experimental phase:
OFSP3 Yes – – – – Round 1 verification
OFSP4 No No Yes Yes No test
 JMLC created until 1 week after verification was submitted; however, no transactions could be
20,2 completed during this time. The email address used to create the fake account was not
flagged as suspicious or of violating standards of conduct due to the activity of submitting
fraudulent information or using fake details. After submitting seemingly legitimate, yet
fraudulent, information to each Bitcoin exchange, two of the three would not allow further
transactions to be made. However, OFSP1 may have maintained the ability to transact
186 significant amounts of Bitcoin, despite the identity verification process being rejected
through the ability to transact using cash deposits.
When considering the actions taken by OFSP3 in rejecting users from using their services
when using proxy-disguising software such as TOR, law enforcement agencies may be able
to identify individuals through analysing transaction history with a Bitcoin exchange. This
acquired information, along with other forms of data, may potentially allow law enforcement
bodies to identify and arrest perpetrators of financial crime and terrorism financing activities
through information which can be linked back to the real-world identity of an offender.
However, the compliance and implementation of identification verification standards are
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

insufficiently used, resulting in more technologically adept criminals being able to

circumvent identification controls and transact with other actors while remaining
anonymous through exploiting less secure exchanges where identity verification is minimal
or inadequate.
Consequently, this paper advocates that all service providers which deal and trade in
cryptocurrencies and digital currencies, be forced to disallow the use of proxy-disguising
software when a user creates an account or buys or sells Bitcoins or other cryptocurrencies.
This will ensure that those who use Bitcoin for illicit activity, will be able to be identified
much more easily even if effective or sufficient verification procedures have not been carried
out. By implementing these reforms, the approach taken by Reid and Harrigan (2013) of
combining sources of information from a Bitcoin account with other forms of identifying
data collected from external sources, such as email addresses, billing information, etc., it
would be much easier to track a Bitcoin transaction back to a user’s real-life identity.
However, implementing suggested measures as this might be difficult when considering the
global operation of Bitcoin exchanges and the multi-jurisdictional nature of operation and
would require global cooperation and commitment.

8. Regulation, the law and the bitcoin system

The regulatory efforts to control potential criminal activity within virtual environments will
likely be a difficult road fraught with obstacles. Indeed, it is argued by Ajello (2013) that to
effectively regulate and control potential money laundering risks within virtual currency
systems, key disclosure laws will need to be implemented internationally to ensure customer
identities are available to law enforcement agencies. However, this would likely create
opposition from both Bitcoin users and privacy rights activists (Ajello, 2013, p. 446). Further,

Verified seemingly
Disallowed access legitimate Suspended Allowed transactions
Online financial for users using fraudulent Suspended email without valid
service provider Ninja Cloak information account address verification
Table III.
Results of OFSP1 No No No No Yes
experimental phase: OFSP2 No No No No No
Round 2 verification OFSP3 Yes – – – –
test OFSP4 No No Yes No No
 as different jurisdictions within a country have varying legislation regarding financial Tracking
activities, these regulations would necessarily be required to be uniform in nature to comply digital
with a globalised virtual platform such as Bitcoin (Middlebrook, 2014).
To ensure effective uniform regulation, multiple bodies must commit to enforce strict
footprints
penalties for non-compliance of regulations. In addition to this, Irwin et al. (2013, p. 17)
observe that, in many cases, customer identity verification systems are left vulnerable to
manipulation due to loopholes in regulation or poor implementation of regulation. While
these loopholes may be fixed with stricter adherence to regulation procedures, these forms of 187
regulation by governmental bodies may have the consequence of legitimizing virtual
currencies further, and as a consequence, possibly drive future market adoption (Kien-Meng
Ly, 2014, p. 608) by both consumers and criminals alike.

9. Conclusions
Despite promises of high levels of anonymity afforded to transactions, law enforcement
agencies may be able to identify and prosecute bad actors through the analysis of transaction
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

history tracing back to an interaction with a Bitcoin exchange in which they were required to
submit forms of identifying information. However, for third parties to be able to do so,
universal regulation must be sufficiently set up to regulate identification standards that
comply to anti-money laundering and counter-terrorism financing regulations. The current
compliance and implementation of anti-money laundering legislation and customer
identification security standards are insufficiently used within online platforms and virtual
currency systems. As a result, technologically adept criminals are able to circumvent
identification controls and transact without revealing their identity.
By enforcing targeted financial sanctions against online service providers that do not
conform to anti-money laundering regulations, and encouraging the cooperation of states to
comply with the recommendations established by the Financial Action Task Force in 2012 to
monitor transactions, states will be better equipped to combat the new threat of white-collar
crime, cybercrime and terrorist financing activities and be able to prosecute offenders more
effectively.

Note
1. A Sybil attack attempts to target user reputation features in a peer-to-peer network system through
forging multiple identities and acting as several nodes within the system.

References
Ajello, N. (2013), “Fitting a square peg in a round hole: bitcoin, money laundering and the fifth element
of self-incrimination”, Brooklyn Law Review, Vol. 80 No. 2, pp. 435-461.
Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T. and Capkun, S. (2013), “Evaluating user
privacy in bitcoin”, in Sadeghi, A.R. (Ed.), Financial Cryptography and Data Security. FC 2013.
Lecture Notes in Computer Science, Springer, Berlin, Vol. 7859.
Backstrom, L., Dwork, C. and Kleinberg, D. (2007), “Wherefore Art Thou r3579x?: Anonymized social
networks, hidden patterns, and structural steganography”, Proceedings of the 16th International
Conference on World Wide Web, Communications of the ACM, Vol. 54 No. 12, pp. 133-141.
Bayern, S. (2013), “Of Bitcoins, independently wealthy software, and the zero-member LLC online
essay”, Northwestern University Law Review, Vol. 108, pp. 1485-1500.
Biryukov, A., Khovratovich, D. and Pustogarov, I. (2014), “Deanonymisation of clients in Bitcoin P2P
network”, available at: http://arxiv.org/pdf/1405.7418v3.pdf (accessed 9 July 2016).
 JMLC Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A. and Felten, E.W. (2015), “SoK: research
perspectives and challenges for bitcoin and cryptocurrencies”, IEEE Symposium on Security and
20,2 Privacy, Fairmont, SAN JOSE, CA, 18-20 May 2015, pp. 104-121.
Bouchard, M. (2007), “On the resilience of illegal drug markets”, Global Crime, Vol. 8 No. 4, pp. 325-344.
Box, S. (1983), Power, Crime and Mystification, Tavistock, London.
Camenisch, J., Hohenberger, S. and Lysyanskaya, A. (2005), “Compact e- cash”, Advances in Cryptology –
188 EUROCRYPT, Springer, Berlin Heidelberg, pp. 302-321.
Chaum, D. (1982), Blind Signature for Untraceable Payments, Advances in Cryptology-Eurocrupt 82,
Plenum Press, New York, NY, pp. 199-203.
Crandall, D., Backstrom, L., Cosley, D., Suri, D., Huttenlocher, D. and Kleinberg, J. (2010), “Inferring
social ties from geographic coincidences”, Proceedings of the National Academy of Sciences,
Vol. 107 No. 52, pp. 22436-22441.
Department of the Treasury Financial Crimes Enforcement Network (2013), “Application of FinCEN’s
regulations to persons administering, exchanging or using virtual currencies”, available at:
http://fincen.gov/statutes_regs/guidance/pdf/FIN-2013-G001.pdf (accessed 9 July 2016).
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

Dion, D. (2013), “I’ll gladly trade you two bits on Tuesday for a byte today: Bitcoin, regulating fraud in
the economy of Hacker-cash”, Journal of Law, Technology and Policy, Vol. 1, pp. 165-201.
Eskandari, S., Barrera, D., Stobert, E. and Clark, J. (2015), “A first look at the usability of bitcoin key
management”, Workshop on Usable Security (USEC), pp. 1-12.
Federal Bureau of Investigation (2013), “Manhattan US attorney announces seizure of additional $28 Million
Worth of Bitcoins belonging to Ross William Ulbricht, alleged owner and operator of “silk road”
Website”, available at: www.fbi.gov/newyork/press-releases/2013/manhattan- u.s.-attorney-
announces-seizure-of-additional-28-million-worth-of-bitcoins-belonging-to- ross-william-ulbricht-
alleged-owner-and-operator-of-silk-road-website (accessed 9 July 2016).
Financial Action Task Force (2012), “International standards on combating money laundering and the
financing of terrorism and proliferation”, The FATF Recommendations, available at: www.fatf-
gafi.org/media/fatf/documents/recommendations/pdfs/FATF_Recommendations.pdf (accessed
9 July 2016).
Financial Action Task Force (2014), “Virtual currencies – key definitions and potential AML/CFT
risks”, Financial Action Task Force, available at: www.fatfgafi.org/media/fatf/documents/
reports/virtual-currency-key-definitions-and-potential-aml-cft-risks.pdf (accessed 9 July 2016).
Gross, R. and Acquisti, A. (2005), “Information revelation and privacy in online social net- works”,
Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society, Alexandria, VA,
7-10 November 2005, pp. 71-80.
Hansen, R. (2013), “TOR hidden service passive de-cloaking”, White Hat Security, available at: www.
whitehatsec.com/blog/tor-hidden-service-passive-de-cloaking/ (accessed 9 July 2016).
Irwin, A., Slay, J., Choo, R. and Liu, L. (2013), “Are the financial transactions conducted inside virtual
environments truly anonymous?: an experimental research from an Australian perspective”,
Journal of Money Laundering and Control, Vol. 16 No. 1, pp. 6-40.
Kaminsky, D. (2011), Black Ops of TCP/IP Presentation, Black Hat, Chaos Communication Camp,
Las Vegas.
Kien-Meng Ly, M. (2014), “Coining Bitcoin’s ‘Legal-bits’: examining the regulatory framework for
Bitcoin and virtual currencies”, Harvard Journal of Law and Technology, Vol. 27 No. 2,
pp. 587-606.
Koshy, P., Koshy, D. and McDaniel, P. (2014), “An analysis of anonymity in Bitcoin using P2P Network
traffic”, Financial Cryptography and Data Security, Vol. 1, pp. 469-485.
Levi, M. (2002), “Money laundering and its regulation”, The Annals of the American Academy of
Political and Social Science, Vol. 582, pp. 181-194.
 Martin, J. (2014), “Lost on the silk road: online drug distribution and the “Cryptomarket””, Criminology Tracking
and Criminal Justice, Vol. 14 No. 3, pp. 351-367.
digital
Masciandaro, D. (1999), “Money laundering: the economics of regulation”, European Journal of Law and
Economics, Vol. 7, pp. 225-240.
footprints
Meiklejohn, S. (2013), “A fistful of Bitcoins: characterizing payments among men with no names”, IMC,
available at: https://cseweb.ucsd.edu/⬃smeiklejohn/files/imc13.pdf (accessed 9 July 2016).
Middlebrook, S. (2014), “Bitcoin for merchants: legal considerations for businesses wishing to accept
bitcoins as a form of payment”, Business Law Today, available at: www.americanbar.org/
189
publications/blt/2014/11/02_middlebrook.html (accessed 9 July 2016).
Middlebrook, S. and Hughes, S. (2014), “Regulating cryptocurrencies in the United States: current issues
and future directions”, William Mitchell Law Review, Vol. 40, pp. 813-848.
Nakamoto, S. (2008), “Bitcoin: a Peer-to-Peer electronic cash system”, available at: https://bitcoin.org/
bitcoin.pdf (accessed 9 July 2016).
Narayanan, A. and Shmatikov, V. (2009), “De-anonymizing social networks”, Proceedings of the 30th
Symposium on Security and Privacy, Oakland, CA, 17-20 May 2009, pp. 173-187.
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)

Pflaum, I. and Hateley, E. (2014), “A bit of a problem: national and extraterritorial regulation of virtual
currency in the age of financial disintermediation”, Georgetown Journal of International Law,
Vol. 45 No. 4, pp. 1169-1215.
Quirk, P.J. (1997), “Money laundering: muddying the macroeconomy”, International Monetary Fund
Finance and Development, Vol. 34 No. 1, pp. 7-9.
Reid, F. and Harrigan, M. (2013), “An analysis of the anonymity in the Bitcoin system”, in Altshuler, Y.,
Elovici, Y., Cremers, A.B., Aharony, N. and Pentland, A. (Eds), Security and Privacy in Social
Networks, Springer, New York, NY.
Schneider, F. and Windischbauer, U. (2008), “Money laundering: some facts”, European Journal of Law
and Economics, Vol. 26 No. 3, pp. 387-404.
Serious Organised Crime Agency (2006), “The United Kingdom threat assessment of serious organised
crime”, available at: www.soca.gov.uk/assessPublications/downloads/threat_assess_unclass_
250706.pdf (accessed 9 July 2016).
ShenTu, Q. and JianPing, Y. (2015a), “Transaction remote release (TRR): a new anonymization
technology for Bitcoin”, available at: http://arxiv.org/abs/1509.06160 (accessed 9 July 2016).
Shentu, Q. and JianPing Y (2015b), “A blind-mixing scheme for Bitcoin based on an elliptic curve
cryptography blind digital signature algorithm”, available at: http://arxiv.org/pdf/1510.05833v1.pdf
(accessed 9 July 2016).
Stokes, R. (2013), “Anti-money laundering regulation and emerging payment technologies”, Banking &
Financial Services Policy Report, Vol. 32 No. 5, pp. 1-11.
Taylor, M.B. (2013), “Bitcoin and the age of bespoke silicon”, International Conference on Compilers,
Architecture and Synthesis for Embedded Systems (CASES), Montreal, 29 September-4 October
2013, pp. 1-10.
White, R. and Perrone, S. (2010), Crime, Criminality and Criminal Justice, Oxford University, South
Melbourne, Victoria.

For instructions on how to order reprints of this article, please visit our website:
www.emeraldgrouppublishing.com/licensing/reprints.htm
Or contact us for further details: permissions@emeraldinsight.com
 This article has been cited by:

1. RamAsheer Jaywant, Asheer Jaywant Ram. 2018. Taxation of the Bitcoin: initial insights through
a correspondence analysis. Meditari Accountancy Research 26:2, 214-240. [Abstract] [Full Text]
[PDF]
Downloaded by 112.215.219.192 At 18:58 03 July 2018 (PT)