Tumbling down the stairs: Exploiting a tumbler’s attempt to hide with ordinary-looking transactions using wallet fingerprinting

The privacy of Bitcoin transactions is a subject of ongoing research from parties interested in enhancing their security, as well as those seeking to analyze the flow of funds happening in the network. Various techniques have been identified to de-obfuscate pseudonymity, e.g., heuristics to cluster addresses and transactions, automatic tracing of transaction chains based on usage patterns/features that may reveal common ownership. These techniques gave rise to services that attempt to make these techniques unreliable with specific forms of behavior. Examples of such behavior include using one-time addresses or transactions with multiple participants. Centralized services employing these behavior patterns, commonly known as tumblers or mixers, offer customers a way to obfuscate their financial flows. In turn, new approaches have been proposed in recent scientific literature to exploit the way the mixers operate in order to gain insight into the underlying financial flows. In this paper, we analyze some of these approaches and identify challenges in the context of their application to a particular modern mixing service – Anonymixer. Furthermore, based on this analysis, we propose a novel approach for identification of addresses involved in mixing with capability to distinguish between depositing/withdrawing parties and mixer inner addresses. The approach utilizes wallet fingerprints, which we have extracted using statistical measurements of mixer’s behavior. An internally developed tool implementing the proposed techniques automates the deobfuscation process and outputs individual money transfers.