Cryptocurrency

Cryptocurrency: How to Transact on the Darknet

Tumbling, hashing and mining, oh my! To be an active user of darknet markets, it is necessary to become at least somewhat savvy in cryptocurrency. To learn more about how to safely and securely use cryptocurrencies like bitcoin, read on; we include an intro to marketplace exit scams, a review of the blockchain process and a quick look at bitcoin mining.

As mentioned in our cryptocurrency primer, the process of acquiring bitcoins (or any similar digital currency) can be achieved via numerous methods, each with their own varying degree of anonymity and complexity. Let's dive into the details of the delicate art form of transacting on a darknet market, including tips on keeping your cryptocurrency, and your identity, secure.

Bitcoin Tumbling

Helix, a bitcoin tumbling third party service.

Helix, a bitcoin tumbling third party service.

Bitcoin tumbling is an optional step one can take to obfuscate the origin of bitcoins in a bitcoin wallet and to whom or where they are being sent when a transaction occurs. Typically, this involves using a third party service to break the connection between the bitcoin address sending the coins and the addresses receiving coins. Depending on the level of tumbling or "mixing" required, the process can take anywhere from 10 minutes to 6 hours.

While a plethora of commercial, third party tumbling services exist, there are equally as many that are fraudulent scam operations. These scams are made possible in part by the fact that all cryptocurrency tumbling services require a fee, usually equivalent to a percentage (1-5%) of the coin value being mixed. Fraudulent sites pose as tumbling services and collect the cryptocurrency from unsuspecting users. No "mixing" occurs, and the cryptocurrency never reaches its intended recipient. 

One of the best ways to avoid tumbling scams is to do due diligence and stick with reputable, peer-reviewed services that have been established for a respectable period of time. For a small fee, some of the darknet markets, such as AlphaBay, offer their own internal mixing service using a proprietary mixing methodology to further obfuscate the details of the transactions performed on their site.

Secure Transaction Methods

When purchasing goods or services off of a darknet market, there are, in general, three cryptocurrency transaction methods: Finalize Early (FE), Escrow and Multiple Signature Escrow (multisig).

Finalize Early (Insecure; only use with well-established vendors) This is a payment method, also known as “first” transactions, in which a vendor requires receipt of payment before dispatch of the purchased goods. While risk is required on the buyer's end, this method expedites the transaction as there is little to no risk on behalf of the vendor.

Escrow (Moderately Secure) This is a payment method in which a market will generate a bitcoin address to which the buyer can transfer payment. The market acts as a middleman, holding the buyer's money and paying the vendor only after the terms of the sale have been met; the buyer must mark the order complete for payment to be released to the vendor. 

Multiple Signature Escrow (Highly Secure) This payment method is the most secure, as multiple keys are generated for the bitcoin transaction and payment release process. The multisig can be 2/2 or 2/3, where 2 of 3 provides the most security for three keys, the market’s key, the vendor’s key and the buyer’s key. The keys for each option are:  

  • 2-of-2 Multisig: Market public key, vendor public key
  • 2-of-3 Multisig: Market public key, vendor public key + customer public key

Once the goods or services have been received, the buyer signs off on the transaction using their key, at which time the market signs in with their key and releases the funds to the vendor. The market can mediate the transaction and use its key if the buyer doesn’t communicate with the vendor and enough time has passed to reasonably presume the buyer has received their order.

Blockchains

As we explained in our first cryptocurrency blog post, a blockchain is a public ledger in which all virtual transactions are indexed and recorded. Because all bitcoin transactions are recorded, and thus tied to a traceable blockchain in this manner, many cryptocurrency enthusiasts are entering the bitcoin mining market to further obfuscate their transactions.

By utilizing methods such as "double spending" and "hashing" (more on that later), it is possible to reap the monetary benefits of bitcoin rewards by creating a new blockchain hash. To review, a blockchain is basically a string of multiple “blocks” each correlating to a bitcoin transaction. The blockchain starts with the initial block, known as the genesis block, and subsequent transactions and solved hashes add new blocks after this genesis block, creating the chain.

Hackers with enormous processing power can create "orphaned blocks," with which an attacker can attempt to take complete control of the blockchain ledger by manipulating the blocks in the ledger. The most recent example of this is known as the "51% attack."

Bitcoin Mining

Another common tactic for taking advantage of cryptocurrency is known as bitcoin mining. Bitcoin mining involves procuring specialized hardware that is used to compile a few hundred transactions from the blockchain ledger and turn them into a mathematical puzzle. Miners can then try to solve this puzzle once it is released back to the network. The first participant to solve the puzzle gets to place the next block on the block chain and claim a reward called a “block reward."

 
The Source 1 Bitcoin Miner, KnC’s operation in Sweden

The Source 1 Bitcoin Miner, KnC’s operation in Sweden

 

In less than a decade, bitcoin mining has evolved from individuals solving complex hash puzzles on their personal laptop computers in their houses to huge clusters of networked, parallel computers utilizing specialized application specific integrated circuits (ASIC) mining processors running at unprecedented speeds and consuming considerably less electricity and energy. Mining benefits the entire bitcoin community by validating and verifying transactions, securing the blockchain network and keeping the system synchronized.

With cryptocurrency, like any darknet related commodity, there is the ever-present risk of being scammed or subject to fraud. Cloud-based bitcoin mining has been particularly fraught with scammers. Even seemingly legitimate bitcoin mining hardware manufactures, such as Active Mining and Ice Drill, have reportedly conned the darknet, purportedly raising money to make ASICs and share the profits from them, but never delivering on these profits, and instead disappearing with hundreds of victim’s bitcoin investments.

A Last Note

Keeping cryptocurrency and identities secure while transacting on the darknet can be challenging. We encourage everyone to do their due diligence while exploring this area of the darknet to avoid being scammed out of valuable, digital currency.


An Introduction to Cryptocurrency

We've had a number of people asking about Bitcoin and other cryptocurrencies lately; how they work, where you can obtain them and more. So, this week, we're jumping into the cryptic world of cyptocurrency.

What is cryptocurrency?

Cryptocurrency refers to a medium of trade, designed for the purpose of exchanging digital information using the principles of cryptography to secure the transaction. In layman’s terms, cryptocurrency is merely electricity converted into lines of code with monetary value that can then be used to purchase digital goods or services.  Or, even more simply, cryptocurrency is a form of digital currency. 

The first and arguably most well-known type of cryptocurrency is the bitcoin. Bitcoin was first developed in 2009 by a pseudonymous developer, or group of developers, named Satoshi Nakamoto. Nakamoto utilized a set of cryptographic hash functions that were initially developed by the U.S. National Security Agency (NSA), known as the Secure Hash Standard (SHA-256).  

Table depicting SHA-256 initial hash derivation and resulting values in hexadecimal form. In technical speak, SHA-256 is much akin to its algorithmic cousin, SHA-224. The algorithm for SHA-256 uses the same sequence of 64 constant 32-bit words, which represent the first 32 bits of the fractional parts of the cube roots of the first 64 prime numbers, to parse the signal and computationally transform it into a 256-bit message digest, representing the value of the currency.   (Source)

Table depicting SHA-256 initial hash derivation and resulting values in hexadecimal form. In technical speak, SHA-256 is much akin to its algorithmic cousin, SHA-224. The algorithm for SHA-256 uses the same sequence of 64 constant 32-bit words, which represent the first 32 bits of the fractional parts of the cube roots of the first 64 prime numbers, to parse the signal and computationally transform it into a 256-bit message digest, representing the value of the currency. (Source)

Not only is all of this rather "cryptic" and difficult to understand, but it is also computationally intensive, which is why different types of “mining” or hashing have evolved so extensively, and why new digital currency sets continue to emerge. For example, newer forms of cryptocurrency include Litecoin, NEMstake and Monero. 

DECENTRALIZED MONEY

Of highest importance is the concept that cryptocurrencies are a decentralized form of money. In other words, there is no single governing body overseeing and/or verifying cryptocurrency transactions. Among the many other implications of this notion is the fact that this makes it the perfect go-to currency for darknet marketplace users.

However, while some find the darkness of the currency intriguing, it is not completely anonymous. A public ledger of sorts exists, called the "block chain," where all virtual transactions are recorded. While no personally identifiable information (PII) is recorded in a block chain, the transaction is captured in the ledger. These transaction logs are traceable to a degree, as they are stored on every computer node that has a bitcoin wallet and partakes in the cryptocurrency network.

Of highest importance is the concept that cryptocurrencies are a decentralized form of money. In other words, there is no single governing body overseeing and/or verifying cryptocurrency transactions.

To further increase anonymity in this space, regular users of cryptocurrency often invest time into “mixing” their bitcoins. Bitcoin mixing, or digital currency laundering, is the process of using a third party service to scramble the connection between the originating bitcoin address (the identifiable marker of the person sending bitcoins), and the recipient party's bitcoin address by mixing numerous bitcoins together from multiple sources. The resulting originating bitcoin address becomes a combination of several addresses, obfuscating the true origin of the transaction and skewing the information that is recorded in the block chain.

For those interested in learning more about bitcoin mixing, the most popular service is currently Helix.  

With the popular bitcoin mixing service Helix, users enter the bitcoin address of their desired recipient, and Helix provides an alternate bitcoin address. While the bitcoins will ultimately reach the intended destination, Helix scrambles the bitcoins while in route.

With the popular bitcoin mixing service Helix, users enter the bitcoin address of their desired recipient, and Helix provides an alternate bitcoin address. While the bitcoins will ultimately reach the intended destination, Helix scrambles the bitcoins while in route.

How to obtain cryptocurrency

Now that you have a better understanding of the formation of the digital “coin” – it's time to look at how one might go about acquiring such currency in their digital "wallet".

  1. Exchange Service: The easiest way to get started is to use an exchange service that sells bitcoins (BTC) in exchange for U.S. dollars (USD), or your preferred regional currency. This method often requires providing a proof of address and/or legal identification (i.e. drivers license). However, many Bitcoin ATMs, which will exchange paper currency for bitcoins, are now available in markets, airports, casinos and convenience stores. Coin ATM Radar contains a map of Bitcoin ATMs, allowing users to search for a Bitcoin ATM closest to them.
     
  2. Marketplaces: The second most straightforward approach to acquiring digital cryptocurrency is to sell goods and/or services through a marketplace that uses bitcoin as currency. While you may choose to create a vendor account on a darknet marketplace, there are several surface net ecommerce websites that exclusively utilize bitcoins for transactions. For example, Glyde.
     
  3. Mining: Lastly, you can “mine” for bitcoins, which involves procuring and using specialized hardware called “ASIC miners.” This hardware is used to compile a few hundred transactions from the block chain ledger and turn them into a mathematical puzzle. "Miners" then have the opportunity to try to solve this puzzle once it is released back to the network. The first participant to solve the puzzle gets to place the next block on the block chain and claim a reward called a “block reward,” which can equal upwards of 100 BTC (~$113,097 USD).

What does the cryptocurrency market look like?

Bitcoin dominates the market, as it was the first cryptocurrency and is now the most well-known used for digital transactions. While its value has fluctuated over time, the past year has proven especially strong for the currency, with its value increasing steadily over the last six months.

The current price for 1 BTC is over $1,200.00 USD, and bitcoin holds a market volume of over $263 million USD.

While bitcoin is the clear frontrunner in the cryptocurrency market, there are hundreds of alternative cryptocurrencies. CoinMarketCap tracks over 600 active digital currencies in the market with a total market cap at $24,814,920,123 billion USD.  Some of these were developed due to security concerns over Bitcoin’s SHA-256 algorithm, while others require less computational power to “mine.” Still others entered the market to capitalize on the shift to digital currency.  

CRYPTOCURRENCY FRONT RUNNERS

The top cryptocurrencies in the current market include: 

  1. Litecoin – 1 Litecoin (LTC) = $6.42 USD
    Set up as the “silver to Bitcoin’s gold,” transactions are purportedly processed more quickly with Litecoin than Bitcoin.
     
  2. Ethereum – 1 Ethereum (ETH) = $52.15 USD
    Discovered by Vitalik Buterin in 2014, this currency is the first Turing-complete cryptocurrency that uses Ether as fuel to incentivize its network.
     
  3. Monero – 1 Monero (XMR) = $20.72 USD
    This cryptocurrency uses the cryptographic method of ring signatures to conceal sender identities.
     
  4. Ripple – 1 Ripple (XRP) = $0.01143 USD
    Using a custom cryptographic protocol, this currency leverages an iterative consensus process, which allows for automation scripts and plays well with other currencies. The price of the Ripple is very low in comparison to other bitcoin alternatives, but the trading volume is significant, currently over $11 million USD.
     
  5. Dash – 1 DASH (DASH) = $81.87 USD
    Nine rounds of encryption ensure security and anonymity in its transactions via the X11 hashing algorithm. 

The future of the cryptocurrency market

Since the beginning of 2017, there has been a significant shift in the cryptocurrency market. While Bitcoin, Dash, Monero and Ethereum have all witnessed substantial increases in value and market share, Dash has experienced the greatest increase overall over the past 30 days.

DarkOwl Cybersecurity will continue to watch the ever-changing climate cryptocurrency and the darknet.  Join us for our upcoming discussion in which we will explore how these currencies are used in buyer-seller transactions in darknet markets, including how AlphaBay is now using "multi-sig escrow" and "finalize early" options for cryptocurrency transactions.