Bitcoin, the famous peer-to-peer, decentralized electronic currency system, allows users to benefit from pseudonymity, by generating an arbitrary number of aliases (or addresses) to move funds. However, the complete history of all transactions ever performed, called "blockchain", is public and replicated on each node. The data it contains is difficult to analyze manually, but can yield a high number of relevant information. In this paper we present a modular framework, BitIodine, which parses the blockchain, clusters addresses that are likely to belong to a same user or group of users, classifies such users and labels them, and finally visualizes complex information extracted from the Bitcoin network. BitIodine labels users (semi-)automatically with information on their identity and actions which is automatically scraped from openly available information sources. BitIodine also supports manual investigation by finding paths and reverse paths between addresses or users. We tested BitIodine on several real-world use cases, identified an address likely to belong to the encrypted Silk Road cold wallet, or investigated the CryptoLocker ransomware and accurately quantified the number of ransoms paid, as well as information about the victims. We release an early prototype of BitIodine as a library for building more complex Bitcoin forensic analysis tools.
@inproceedings{Spagnuolo2014BitIodine_Extracting, title = {{BitIodine: Extracting Intelligence from the Bitcoin Network}}, author = {Spagnuolo, Michele and Maggi, Federico and Zanero, Stefano}, booktitle = {Financial Cryptography and Data Security}, series = {Lecture Notes in Computer Science (LNCS)}, month = {March}, year = {2014}, address = {Barbados}, isbn = {978-3-662-45471-8}, pages = {457--468}, publisher = {Springer Berlin Heidelberg} }