Abstract
We consider a particular instance of user interactions in the Bitcoin network, that of interactions among wallet addresses belonging to scammers. Aggregation of multiple inputs and change addresses are common heuristics used to establish relationships among addresses and analyze transaction amounts in the Bitcoin network. We propose a flow centric approach that complements such heuristics, by studying the branching, merger and propagation of Bitcoin flows. We study a recent sextortion campaign by exploring the ego network of known offending wallet addresses. We compare and combine different existing and new heuristics, which allows us to identify (1) Bitcoin addresses of interest (including possible recurrent go-to addresses for the scammers) and (2) relevant Bitcoin flows, from scam Bitcoin addresses to a Binance exchange and to other other scam addresses, that suggest connections among prima facie disparate waves of similar scams.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
The curated ego network dataset used in this paper can be found at Oggier et al. (2019).
Our tool uses the Python library Beautifulsoup4.
References
Akcora CG, Li Y, Gel YR, Kantarcioglu M (2019) Bitcoinheist: topological data analysis for ransomware detection on the bitcoin blockchain. arXiv:1906.07852
Ayoub J, Lotfi D, El Marraki M, Hammouch A (2020) Accurate link prediction method based on path length between a pair of unlinked nodes and their degree. Soc Netw Anal Min 10(1):9
Binance. https://twitter.com/binance/status/961666467325358081. Accessed 2 May 2020
Bistarelli S, Santini F (2017) Go with the -bitcoin- flow, with visual analytics. In: International conference on availability, reliability & security (ARES)
BitcoinAbuse.com: Bitcoin abuse database. https://www.bitcoinabuse.com/. Accessed 3 Mar 2020
BitcoinWhosWho.com: Bitcoin whos who. https://bitcoinwhoswho.com. Accessed 3 Mar 2020
Borggren N, Koplik G, Bendich P, Harer J (2017) Deanonymizing shapeshift: Linking transactions across multiple blockchains
Bursztein E, McRoberts K, Invernizzi L (2017) Tracking desktop ransomware payments. Black Hat USA Presentation, Las Vegas
Catanese S, Ferrara E, Fiumara G (2013) Forensic analysis of phone call networks. Soc Netw Anal Min 3(1):15–33
Cimpanu C (2019) US mayors group adopts resolution not to pay any more ransoms to hackers. https://www.zdnet.com/article/us-mayors-group-adopts-resolution-not-to-pay-any-more-ransoms-to-hackers/. Accessed 2 May 2020
Di Battista G, Di Donato V, Patrignani M, Pizzonia M, Roselli V, Tamassia R (2015) Bitconeview: visualization of flows in the bitcoin transaction graph. In: IEEE symposium on visualization for cyber security (VizSec)
Digital Shadows: A tale of epic extortions: how cybercriminals monetize our online exposure. Digital Shadows Report. https://resources.digitalshadows.com/whitepapers-and-reports/a-tale-of-epic-extortions-how-cybercriminals-monetize-our-online-exposure. Accessed 3 Mar 2020
Gmaxwell: Coinjoin: Bitcoin privacy for the real world. https://bitcointalk.org/?topic=279249 (2013). Accessed 3 Mar 2020
Huang DY, Aliapoulios MM, Li VG, Invernizzi L, McRoberts K, Bursztein E, Levin J, Levchenko K, Snoeren AC, McCoy D (2018) Tracking ransomware end-to-end. In: IEEE Symposium on security and privacy
Huber M, Mulazzani M, Leithner M, Schrittwieser S, Wondracek G, Weippl E (2011) Social snapshots: digital forensics for online social networks. In: 27th annual computer security applications conference
Kharraz A, Robertson WK, Balzarotti D, Bilge L, Kirda E (2015) Cutting the Gordian knot: a look under the hood of ransomware attacks. In: International conference on detection of intrusions and malware, and vulnerability assessment
Kondor D, Pósfai M, Csabai I, Vattay G (2014) Do the rich get richer? An empirical analysis of the bitcoin transaction network. PLoS ONE 9(2):e97205
Liao K, Zhao Z, Doupé A, Ahn GJ (2016) Behind closeddoors: measurement and analysis of cryptolocker ransoms in bitcoin. In: IEEE APWG symposium on electronic crime research (eCrime)
Liben-Nowell D, Kleinberg J (2007) The link-prediction problem for social networks. J Am Soc Inf Sci Technol 58(7):1019–1031
Malwarebytes: The lucrative business of bitcoin sextortion scams. Malwarebytes Labs blog (2019). https://blog.malwarebytes.com/scams/2019/08/the-lucrative-business-of-bitcoin-sextortion-scams/. Accessed 3 Mar 2020
Malwarebytes: Malwarebytes Labs blog. https://blog.malwarebytes.com/cybercrime/2019/02/sextortion-bitcoin-scam-makes-unwelcome-return. Accessed 3 Mar 2020
Meiklejohn S, Pomarole M, Jordan G, Levchenko K, McCoy D, Voelker GM, Savage S (2013) A fistful of bitcoins: characterizing payments among men with no names. In: ACM conference on internet measurement
Nakamoto S (2008) Bitcoin: a peer-to-peer electronic cash system
Nick J (2015) Data-driven de-anonymization in bitcoin. ETH master thesis
Oggier F, Datta A, Silivanxay P (2019) An ego network of suspected sextortionist(s). DR-NTU (Data). https://doi.org/10.21979/N9/VSK3KB. Accessed 3 Mar 2020
Paquet-Clouston M, Haslhofer B, Dupont B (2018) Ransomware payments in the bitcoin ecosystem. CoRR arXiv:abs/1804.04080 , http://arxiv.org/abs/1804.04080
Paquet-Clouston M, Haslhofer B, Romiti M, Charvat T (2019) Spams meet cryptocurrencies: sextortion in the bitcoin ecosystem. In: Proceedings of advances in financial technologies
Phetsouvanh S, Oggier F, Datta A (2018) Egret: extortion graph exploration techniques in the bitcoin network. In: IEEE international conference on data mining workshops (ICDMW)
Quintin C (2018) Sextortion scam: what to do if you get the latest phishing spam demanding bitcoin. EFF Blog. www.eff.org/deeplinks/2018/07/sextortion-scam-what-do-if-you-get-latest-phishing-spam-demanding-bitcoin. Accessed 3 Mar 2020
Reid F, Harrigan M (2013) An analysis of anonymity in the bitcoin system. In: Altshuler Y, Elovici Y, Cremers A, Aharony N, Pentland A (eds) Security and privacy in social networks. Springer, New York, pp 197–223
Spagnuolo M, Federico M, Stefano Z (2014) Bitiodine: extracting intelligence from the bitcoin network. In: International conference on financial cryptography & data security
Tuna T, Akbas E, Aksoy A, Canbaz MA, Karabiyik U, Gonen B, Aygun R (2016) User characterization for online social networks. Soc Netw Anal Min 6(1):104
Tung L (2019) Ransomware: cybercriminals are adding a new twist to their demands. https://www.zdnet.com/article/ransomware-cybercriminals-are-adding-a-new -twist-to-their-demands/. Accessed 2 May 2020
Wanner R (2019) Sextortion: follow the money: the final chapter. SANS ISC InfoSec Forums. https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/. Accessed 3 Mar 2020
Whalley J (2018) What happened when sextortion scammers targeted a bbc trending reporter? BBC.com video. www.bbc.com/news/av/stories-46323625/what-happened-when-sextortion-scammers-targeted-a-bbc-trending-reporter. Accessed 3 Mar 2020
Yousaf H, Kappos G, Meiklejohn S (2019) Tracing transactions across cryptocurrency ledgers. In: 28th USENIX security symposium
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Oggier, F., Datta, A. & Phetsouvanh, S. An ego network analysis of sextortionists. Soc. Netw. Anal. Min. 10, 44 (2020). https://doi.org/10.1007/s13278-020-00650-x
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s13278-020-00650-x