In last month’s blog, we talked about ransomware and how lucrative it can be for its developers and distributors.
We briefly touched on the method of payment often demanded by ransomware attacks – Bitcoin – and, following this, a number of you asked us to provide a simple and concise guide to this leading cryptocurrency.
So, here it is! Here is our whistle-stop tour of the cryptocurrency, Bitcoin…
Bitcoin (with a capital B) is the name of a cryptocurrency technology, which is based on Blockchain… but more on that in the next section.
A bitcoin (with a lower-case b) is a unit of this cryptocurrency.
If this seems confusing, think about the difference between sterling and pounds: one is the name of the currency, and one is the unit of measurement.
At the time of writing, a single bitcoin (or BTC) is valued at around £3200 – however, like a sterling pound with pennies, a bitcoin can be divided into smaller parts. In fact, one bitcoin is currently divisible down to 100 million parts(!) called ‘Satoshi’. This division means that while the price of one whole bitcoin seems (and is) high, it is possible to own tiny amounts of BTC.
Where do people keep their bitcoins?
This is where Blockchain comes in. In technical speak, Blockchain is a disruptive technology based on a public, distributed ledger.
Now to explain that in real terms.
Think about your bank account. The amount of money in your account can be checked in a number of ways and your activity and balance is recorded by the bank. This record is held by the bank, and by the bank alone. You can access it, but the bank holds the only record.
Imagine that instead of this singular record there are thousands of identical copies of your bank statement, held by different people around the world. This would mean that whenever your debit card is used, the transaction’s details are sent out to all of these people. Each person then makes a record of the transaction on their own copy of your bank statement. Because of the sheer number of copies, any irregularity on a copy which doesn’t match the thousands of others is deemed as a forged transaction.
Basically, the rest of the network see the irregular transaction as incorrect, therefore it becomes a rogue copy and that particular statement is rejected. This process is a simplified example of a distributed public ledger.
The Bitcoin blockchain is a ledger of every bitcoin transaction ever made, since its creation in 2009.
This ledger means that when someone owns bitcoin, they don’t actually keep it anywhere. A bitcoin is not a physical thing, nor is it a computer file or a piece of data that needs to be stored away. Owning bitcoin simply means that you control a bitcoin address, which has bitcoin associated with it on the blockchain. The ledger includes details of every bitcoin address to ever send or receive bitcoin, and therefore can show how much bitcoin is in a given address at any time.
Okay… so, what actually is a bitcoin address?
In an accessible analogy, a bitcoin address can be thought of as an account number.
The address is a unique identifier, and it can have bitcoins ‘sent’ to it. When this happens, the transaction is recorded on the blockchain, for all to see. The difference is that, unlike a bank account number, the address is not linked to any name, address, or any other information that could be traced to an individual.
The owner of a bitcoin address will also have a corresponding private key. For them to send bitcoin out of the address, they must use the private key to prove to the blockchain that they have the right to do so. This is like using your signature to prove to the bank that it was you who wrote a cheque on your account.
When people talk about keeping their bitcoin on their computer (or mobile phone, or USB device… or even a piece of paper) what they are actually storing is the private key to their bitcoin address.
How to spot a bitcoin address
Currently, BTC addresses consist of 25-36 alphanumeric characters, and begin with a 1 or a 3, for example:
You may find them written down, or stored as text on a device.
Often, they are encoded into a QR code, for ease of use.
However, this format is always subject to change in the future due to Bitcoin protocol updates, so do be aware.
Is a bitcoin address the same thing as a bitcoin wallet?
In fact, nowadays most addresses are used for only one transaction – therefore, a well-used bitcoin wallet may contain hundreds of addresses.
A wallet is most frequently stored in the form of an app on a device, such as a phone or a computer. These are called software wallets. Other types of wallet include:
- Hardware wallets
- These look like USB sticks.
- Popular brands include Trezor and Ledger Nano
- Paper wallets
- As the name suggests, this is a written/printed record of the address and private key.
- Online exchanges
- These are not strictly speaking bitcoin wallets, as the addresses and private keys are held by the exchange.
- Users have an account with the exchange, which gives them access to their entitlement of bitcoin, and the ability to send and receive it.
- Popular exchanges include Coinbase and Poloniex, though there are many more.
Can the owner of a bitcoin address be traced?
Addresses are created by users on demand, and at no point are they registered or linked to an individual, or even a device or an IP address.
However, in depth analysis of the blockchain CAN provide leads which could link an address to an individual.
That is a bit too complex for this blog post, though!
You can learn to conduct your own blockchain analysis with Blue Lights Digital’s CRYPTOCURRENCY INVESTIGATOR training!
What happens if bitcoin is encountered in an investigation?
If hardware or software wallet is found during an investigation, a digital forensic examination should be able to identify the actual bitcoin addresses from within it. From here, the blockchain can be searched to ascertain how much bitcoin the wallet contains, then a complete history of all linked transactions can be examined.
This can be incredibly valuable evidence or intelligence, and must be treated as such.
Similarly, paper wallets can be investigated in this way. Online exchanges, however, are more problematic, and should be considered more similar to bank accounts than bitcoin wallets.
Can bitcoin be seized?
Yes. In the eyes of the law, bitcoin is not currency – it is property. It can be seized as part of a criminal investigation under the same powers as any other item of value, such as an expensive watch or a car.
It is crucial that seized bitcoins are moved to a bitcoin address controlled by the seizing authority as soon as possible. If it is left in the same bitcoin address, simply seizing the hardware or software wallet does not prevent the bitcoin being moved by someone else.
Think about it – if you seized a car, you wouldn’t be happy to just take the key and leave the car on the suspect’s driveway for the duration of the investigation and court case, would you?!
Bitcoin is simultaneously the most anonymous and the most transparent currency in the world.
Identifying the person behind an address can be very difficult (but not always impossible)… yet on the flip-side it is possible to see the details of every transaction ever made.
It is a fascinating technology, which has the side effect and potential to make life far more difficult for investigators – but with a deeper understanding of cryptocurrencies and the tactics available to use, investigators can keep the criminals looking over their shoulders.
Want to know more?
Keep an eye out for our blog post next month which will delve deeper into Bitcoin and some of the associated challenges and opportunities – Subscribe here!
For assistance regarding cryptocurrencies in an investigation, contact our expert team.
Or, take a look at our CRYPTOCURRENCY INVESTIGATOR training.