Bitcoin deanonymized: how to recognize change address

This is a post by guest author Sebastian Neumann about privacy in bitcoin transactions and methods of de-anonymizing addresses by determining a transaction’s change address.

The question of privacy has been one of the main concerns ever since the creation of cryptocurrencies and blockchain transactions. Can one follow the funds on blockchain and reveal senders privacy even if bitcoin mixers are used?

In this article we will explore the following problem: is it possible to recognize which of the addresses in a BTC transaction can be attributed to another person, and which still belongs to the sender because it is a change address.


Sextortion scams: where the ransom money go

Definitely many of us have heard of sextortion, an online scam scheme already existing for at least a few years which usually targets victims of breached passwords. A monetary part of the scam consists of a claim to send bitcoin ransom in exchange for not sharing publicly some private photos or videos of you, which scammers claim they own (hint: they don’t).


Cryptocurrency scam schemes: following the money

The most illustrative part of crypto scam investigation is visualizing the flow of funds through transactions and addresses associated with a scammer’s wallet. This method allows us to reveal related addresses or their clusters and also to track funds to certain centralized exchanges where they can be potentially cashed out. Additionally, we can also include in the graph other entities related to scammer in order to create a full picture.

We will approach this task using two different investigation tools: Maltego CE and GraphSense. Both tools are available for free in non-commercial versions.