The Devil Behind the Mirror: Tracking the Campaigns of Cryptocurrency Abuses on the Dark Web

Pengcheng Xia,Zhou Yu,Kailong Wang,Kai Ma,Shuo Chen,Xiapu Luo,Yajin Zhou,Lei Wu,Guangdong Bai
2024-04-07
Abstract:The dark web has emerged as the state-of-the-art solution for enhanced anonymity. Just like a double-edged sword, it also inadvertently becomes the safety net and breeding ground for illicit activities. Among them, cryptocurrencies have been prevalently abused to receive illicit income while evading regulations. Despite the continuing efforts to combat illicit activities, there is still a lack of an in-depth understanding regarding the characteristics and dynamics of cryptocurrency abuses on the dark web. In this work, we conduct a multi-dimensional and systematic study to track cryptocurrency-related illicit activities and campaigns on the dark web. We first harvest a dataset of 4,923 cryptocurrency-related onion sites with over 130K pages. Then, we detect and extract the illicit blockchain transactions to characterize the cryptocurrency abuses, targeting features from single/clustered addresses and illicit campaigns. Throughout our study, we have identified 2,564 illicit sites with 1,189 illicit blockchain addresses, which account for 90.8 BTC in revenue. Based on their inner connections, we further identify 66 campaigns behind them. Our exploration suggests that illicit activities on the dark web have strong correlations, which can guide us to identify new illicit blockchain addresses and onions, and raise alarms at the early stage of their deployment.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is: the tracking and analysis of cryptocurrency abuse activities in the dark web. Specifically, the authors aim to identify and track cryptocurrency - related illegal activities in the dark web through multi - dimensional and systematic research, and reveal the illegal organizations or campaigns behind these activities. They hope that through in - depth understanding of the characteristics and dynamics of these illegal activities, they can provide effective tools and methods for law enforcement agencies to combat illegal behavior in the dark web. ### Main Problem Description 1. **Challenges Brought by the Anonymity of the Dark Web**: - The dark web has become a safe haven and breeding ground for illegal activities due to its high anonymity. - The use of cryptocurrencies further enhances the concealment and non - traceability of illegal transactions. 2. **Lack of In - Depth Understanding of Cryptocurrency Abuse**: - Although many studies have focused on illegal activities in the dark web, there is insufficient understanding of the specific characteristics and dynamics of cryptocurrency abuse. - Existing research has failed to explore in depth the organizational structure and community characteristics hidden behind illegal activities. ### Paper Objectives - **Identify Illegal Dark Web Sites**: Develop an automatic method to detect and classify dark web sites related to illegal activities. - **Track Cryptocurrency Transactions**: Extract and analyze the transaction records of illegal blockchain addresses to reveal the fund flow of illegal activities. - **Reveal Illegal Campaigns**: By analyzing the associations between multiple illegal sites, identify possible illegal campaigns or organizations behind them. ### Solutions 1. **Data Collection**: - A custom crawler was used to collect 4,923 cryptocurrency - related onion sites, containing a total of more than 130,000 pages. 2. **Illegal Site Identification and Classification**: - Through manual annotation and machine - learning methods, a benchmark data set was constructed, and a similarity - based method was developed to identify and classify illegal sites. 3. **Blockchain Address Analysis**: - The blockchain addresses on illegal sites were extracted and verified, and finally 1,189 illegal blockchain addresses were determined, involving a trading volume of 90.8 BTC. 4. **Illegal Campaign Identification**: - By analyzing the associations between illegal addresses, 66 illegal campaigns were identified, revealing the internal connections between illegal activities. ### Key Findings - **Uneven Income Distribution**: Most of the illegal income is concentrated on a small number of long - term active addresses. - **Diverse Campaigns**: Many illegal campaigns carry out multiple malicious activities through multiple onion sites, but most campaigns only use one blockchain address to receive payments. - **Prominent Investment Scams**: Investment scams are one of the main types of illegal activities, accounting for one - quarter of the total illegal income. Through these studies, the authors have provided important clues and methods for combating illegal activities in the dark web, which are helpful to improve the response efficiency and accuracy of law enforcement agencies.