BitIodine: Extracting Intelligence from the Bitcoin Network

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8437)


Bitcoin, the famous peer-to-peer, decentralized electronic currency system, allows users to benefit from pseudonymity, by generating an arbitrary number of aliases (or addresses) to move funds. However, the complete history of all transactions ever performed, called “blockchain”, is public and replicated on each node. The data it contains is difficult to analyze manually, but can yield a high number of relevant information. In this paper we present a modular framework, BitIodine, which parses the blockchain, clusters addresses that are likely to belong to a same user or group of users, classifies such users and labels them, and finally visualizes complex information extracted from the Bitcoin network. BitIodine labels users semi-automatically with information on their identity and actions which is automatically scraped from openly available information sources. BitIodine also supports manual investigation by finding paths and reverse paths between addresses or users. We tested BitIodine on several real-world use cases, identified an address likely to belong to the encrypted Silk Road cold wallet, or investigated the CryptoLocker ransomware and accurately quantified the number of ransoms paid, as well as information about the victims. We release a prototype of BitIodine as a library for building Bitcoin forensic analysis tools.


Bitcoin Financial forensics Blockchain analysis 


  1. 1.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  2. 2.
    Brugere, I.: Anomaly detection in the bitcoin transaction network. Technical report, ESP-IGERT (2012)Google Scholar
  3. 3.
    Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the 22nd International Conference on World Wide Web, WWW ’13, pp. 213–224 (2013)Google Scholar
  4. 4.
    Jarvis, K.: CryptoLocker Ransomware (2013)Google Scholar
  5. 5.
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Internet Measurement Conference, pp. 127–140. ACM (2013)Google Scholar
  6. 6.
    Möser, M.: Anonymity of bitcoin transactions: an analysis of mixing services. In: Proceedings of Münster Bitcoin Conference (2013)Google Scholar
  7. 7.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  8. 8.
    Ober, M., Katzenbeisser, S., Hamacher, K.: Structure and anonymity of the bitcoin transaction graph. Future Internet 5(2), 237–250 (2013)CrossRefGoogle Scholar
  9. 9.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A.B., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks, pp. 197–223. Springer, New York (2013)CrossRefGoogle Scholar
  10. 10.
    Spagnuolo, M.: Bitiodine: extracting intelligence from the bitcoin network. Master’s thesis, Politecnico di Milano, December 2013Google Scholar
  11. 11.
    U.S. District Court, Southern District of New York: Alleged silk road founder ross ulbricht criminal complaint (2013)Google Scholar

Copyright information

© International Financial Cryptography Association 2014

Authors and Affiliations

  1. 1.NECSTLab, DEIBPolitecnico di MilanoMilanoItaly

Personalised recommendations