Bitcoin: A Tale of Digital Trails

Once thought of as an anonymous method of buying and selling goods and services, Bitcoin users and researchers are increasingly aware of the inherent limits of anonymity in the context of Bitcoin use.  Similar to any other electronically-generated transaction, Bitcoin transactions leave a digital trail.  With proper analysis, the digital trail is potentially traceable to an individual or entity.  Once identified, it is then possible to track who that individual or entity is transacting with.  The traceability of Bitcoin transactions yields opportunities for the electronic discovery of information for use in litigation.  As one can imagine, this information is potentially quite significant depending on the issues being litigated.

Whether in the context of a company attempting to hide assets, or a criminal conducting drug sales, it is important to have a basic understanding of this highly-technical process so that the proper ESI can be searched for and collected.

To use Bitcoin, a Bitcoin wallet must first be created.  The Bitcoin wallet operates to store Bitcoins, just like a physical wallet that stores cash or credit cards.  Each wallet has a unique address associated with it.  Within each user’s wallet, there is a private key.  The private key, which is a cryptographic signature, is what a user provides for each Bitcoin transaction to essentially prove that user’s right to spend the particular Bitcoin(s) within their wallet. 

The Bitcoin system operates so that every single Bitcoin transaction is published online on what is known as the blockchain.  The blockchain represents a public ledger of all Bitcoin transactions.  The only information on the blockchain that identifies a Bitcoin user is that user’s uniquely generated Bitcoin wallet address.  Some users publicly share their Bitcoin addresses online, thus it is possible to run searches online for specific people or usernames and uncover Bitcoin wallet addresses.  Once you obtain this information, you can then use it to locate all Bitcoin transactions associated with that address/individual on the blockchain.  Knowing this information, as well as the information of the recipient, can shed light on the nature of the transactions, thereby making it possible to determine whether the transaction was linked to criminal activity, or simply the purchase of a novelty item from a well-known retail site.

Another method of identifying Bitcoin senders and recipients is by physically locating an individual through their IP address, if they did not anonymize it.  For every Bitcoin transaction that is logged on the blockchain, there is also an IP address linked with that transaction.  Assuming a Bitcoin user does not anonymize their IP address, their physical location can potentially be identified, thereby linking them to a particular Bitcoin transaction(s).  Once that link is made, it is possible to go through the entire blockchain in search of that unique wallet address in an effort to locate every Bitcoin transaction for that particular individual.

Information about Bitcoin users and transactions can also be obtained by law enforcement agencies, government officials, or third parties through subpoenas or court orders served on Bitcoin exchange and management services.  Many of these companies collect information about users, including names, addresses, phone numbers, email addresses, and Facebook IDs, to name some.  These websites specifically state that this information is collected and can potentially be shared with law enforcement, government officials, or other third parties pursuant to a subpoena request, a court order, or some other legal procedure.  Some websites also state that the information can be shared if it is necessary to prevent physical harm or financial loss, or if illegal activity is suspected.  The significance of these identifying factors is that this information can then be linked to a user’s wallet address, thereby providing a direct link to all of that user’s Bitcoin transactions that have been logged on the blockchain.

While there are many methods of increasing anonymity, for example, through services known as Tumblers, which launder and gradually mask the sources of Bitcoin, or services that mask or anonymize IP addresses, the average user will leave holes open that can lead to the discovery of highly relevant and damaging evidence in a case.  Practitioners should therefore think about conducting, or having their vendors conduct, online investigations in search of information related to Bitcoin transactions.  Including a request within written discovery and subpoenas for any and all records relating to transactions involving any and all types of digital currencies is also recommended. There is no telling what information one might find when taking a stroll along a Bitcoin user’s digital trail.