When hackers hold their victims’ data for ransom, as happened in the WannaCry and NotPetya ransomware attacks that spread across the globe in mid-2017, a key to the criminals’ success is getting away with the money. That often means they use cryptocurrencies like bitcoin to collect payment, hoping to remain hidden behind a digital mask.
At the Initiative for Cryptocurrencies and Contracts, we have explored the ways cryptocurrency systems protect users’ anonymity. Anonymity in cryptocurrencies is fueling crime by enabling criminals to evade identification by law enforcement. We believe that this problem will get worse as cryptocurrencies evolve stronger privacy protections and become more flexibly programmable. We also believe there’s no simple solution.
All cryptocurrency systems work in roughly the same way. Groups of computers receive transaction information directly from users who want to send each other money. The computers order and permanently record these transactions in a public ledger so that anyone can read them. The public ledger also makes it possible to keep track of how much currency individual users own. Developers tweak the code in different cryptocurrency systems to add additional features, like fast transaction processing or improved anonymity.
The first major cryptocurrency system, bitcoin, allows users to conceal their real names. But users’ transaction amounts and bitcoin account numbers (known as “addresses”) are visible to anyone – even people who don’t use bitcoin but know how to read the transaction ledger. This approach offers more privacy than credit cards and bank accounts, even against powerful entities like governments who might try to trace money obtained by criminals. Bitcoin’s privacy both attracts users – law-abiding and otherwise – and raises…