A graph-theoretic forensic investigation of ransomware money laundering via Bitcoin mixers
Date
2022-05
Authors
Clark, Peter Gabriel
Major Professor
Advisor
Guan, Yong
Kamal, Ahmed
Jacobson, Douglas
Committee Member
Journal Title
Journal ISSN
Volume Title
Publisher
Altmetrics
Abstract
The Bitcoin cryptocurrency does not provide total security. The security of this
cryptocurrency is predicated on its decentralization, meaning that there is no association between
Bitcoin users and the addresses of their wallets. However, due to the nature of the Bitcoin
blockchain, a public record of every transaction between two wallets is maintained. Thus, Bitcoin
mixers are often used to combine and re-separate Bitcoin flows in order to obfuscate their
traceability in the ledger, which makes them ubiquitous in money laundering. In particular, these
mixers are used to hide money transactions associated with ransomware payments.
The Bitcoin blockchain can be modeled as a directed weighted multigraph, where each
transaction represents a directed edge whose weight corresponds to the amount of Bitcoin
transferred. This paper examines some of the prior work using this typology that analyze the
behavior of Bitcoin mixers. We present a new method and apply the typology to previous work in
the field. We identify the entrance and exit nodes of Bitcoin mixers and apply a heuristic to
identify possibly suspect nodes associated with ransomware payments, and then use a natural
language processing model to identify likely payout exchanges. Our results allow us to
estimate the average mixing depth of Bitcoin mixers and use timing analysis to attempt to
identify associations between wallets paying into the Bitcoin mixers and the wallets receiving
Bitcoin from the mixers.
Series Number
Journal Issue
Is Version Of
Versions
Series
Academic or Administrative Unit
Type
thesis