Last Friday, BitCluster was released at HOPE XI by David Decary-Hetu, and Mathieu Lavoie. BitCluster is a tool that helps one analyze the information found in the blockchain. The software builds a data base of nodes by associating bitcoin transactions together.
What this means is that for people who are not creating a new bitcoin wallet for every transaction, or if you are making multiple purchases from the same account; your sending a unique key to validate the data. This unique key is what BitCluster uses to track your transactions. This alone isn’t enough to out your identity information, but it does get the interested party a lot closer.
During the pairs talk at HOPE XI, Mathieu described their first try at mapping the blockchain as entertaining. At the run down they called Python script from the command line that started off analyzing around a block a second. Five blocks into it, it all stopped and went no further.
After the proper optimizations were made, it ran flawlessly. For one to re do this it would take a dedicated Python 64-bit machine with the highest grade processors you can afford, and another machine to run mongoDB, and an extra week with nothing else to do.
For those of us looking for the easy way out, here it is. The data base is available for download through a torrent, and a code to navigate it is on GITHUB. While this kind of technology isn’t brand new, an open source tool like BitCluster is.
The thing that stands out about BitCluster is that both Ransomware and illicit markets can be watched using this technique.
Research from 2014 shows that some of the ransomers used the same bitcoin address for all of they’re payments. Pulling around $10,000 a day but when it came down to it, the majority of the ransom during just one three-week span. This tells us that using the same wallet address is bad OPSEC, and that the ransomware is eventually stopped.
Another application for BitCluster is watching market activity. Before this technology, we had to rely on comments to base how much revenue the site was pulling in. With BitCluster, the ability to watch bitcoin payment nodes is a much more accurate method.
While most of the markets do use multiple BTC address to protect the users, escrow addresses are reused, making the surveillance by using BitCluster possible. The majority of the purchases were for things under $500, with only a small amount pushing $1000. The larger purchases, could be for a kilo or more of drugs. The small portion around $1000, ended up being in total around a third of the revenue for the site.
While usable, it is still in development, with automated database updates, node labeling so searching for specific addresses is easier, graphs and a hosted version of the search tool are being worked on.