Open transactions and bitcoin

Ethical hacking and penetration testing

InfoSec, IT, Kali Linux, BlackArch

How to trace a Bitcoin wallet transaction. Bitcoin transaction visualization

Bitcoin Wallets Information

All transactions on the blockchain network (Bitcoin network) are public. That is, for the wallet you are interested in, even if it is someone else’s wallet, you can find out at any time:

• current balance
• total number of transactions, including transactions of received and sent money
• total income and expense for all time
• addresses of wallets that sent money or to which money was sent from this wallet

All this information is available on the official blockchain.com website, which supports site searches. The address of the Bitcoin wallet is a long string, which consists of letters and numbers, for example: 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr

In addition to the search, you can refer to the site at direct addresses:

If you need raw information, for example, for processing in your program, then you can use an address of the form:

Scrolling a little lower you can see information about transactions, green indicates the receipt of funds, and red indicates the expenditure:

If you click on the address of any wallet, you can see the same information for it.

Each transaction has a unique identifier. If you click on it, you can see more detailed information:

There you will see additional information: time, cost of translation, etc.

When you click on the link ‘View the tree diagram’ you can traceroute money:

Information for the wallet 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr you can see in raw format at the corresponding link https://blockchain.info/rawaddr/1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr

As you can see, the websites blockchain.com and blockchain.info provide us with enough information about the transactions made. But there are special programs for tracking the way of Bitcoins.

How to build a Bitcoin money flow chart

Since all data are open, it is enough to analyze them. That is, for the wallet of interest, see what other wallets it has transactions with, and then see the transactions for each of the found wallets and so on. Thus, a path of any length can be traced.

The problem is that there is a lot of data, and without any means of assistance it is easy to get confused. One option is to visualize Bitcoin transactions. For it, you can use, for example, the Orbit tool.

How to install orbit

The Orbit program installs the same way on any Linux. If you have not already installed the git package, then start by installing it, then simply run the commands:

If help appears, then everything is all right.

How to use Orbit

Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections.

The graphs used to visualize the data do not completely solve the problem of excess data. But with the help of them, you can sometimes reveal some extra information.

I will show an example of analyzing my wallet about which I know something. More precisely, I only know about outgoing transactions. Will I be able to say at least something additional in this situation, find at least some other information? Let’s check.

How to run Orbit to track bitcoins

My wallet address is 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr, it is used for donations to the sites Miloserdov.org, HackWare.ru, Kali.Tools, SuIP.biz. By the way, if you like any of these sites you can also support them.

The wallet for analysis must be specified after the -s option. All other options are not necessary. But we will do the first launch with the -d option, which adjusts the crawling depth. By default, the crawling depth is 3. Set the level to 1 to see only the wallets from which or to which transactions were made with respect to this wallet:

At the first start, the program will output:

These lines mean that the optional Quark program is installed right now, which is necessary for generating graphs.

When all requests are completed, the results will be saved to a file and this file will be opened in a web browser. When analyzing one level, we get such a sun, each ray of which shows the address of the wallet from/to which the transaction was sent.

We continue and now do the analysis at two levels:

At the very beginning we get the following scheme:

Let’s do a little analysis. Let’s start by searching for the wallet of interest, enter 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr and click the Find button. The desired element will be highlighted in yellow, I will pull it out of the general group so that I always know where it is:

Now click the Make Clusters button to form clusters based on the community detection algorithm. After that, use Color Clusters to assign different colors to the clusters. Finally, click Spacial to fix overlapping nodes & edges.

It has become noticeably better.

I will continue the analysis. To demonstrate interesting findings, I will remove some “bushes”. You can delete nodes one at a time. To do this, click the Delete button in the menu. You can also select several using the Lasso tool at once:

Look at the highlighted green triangle:

I cash out all received bitcoins in currency exchanger (I do not need bitcoins, I need to pay bills). That is, this ‘curly’ node, which I designated with the letter B, is a currency exchanger. I designated my wallet with the letter A. Therefore, we can conclude: the donor (by the way, thank him for his support, and in general, thanks to everyone who supports, especially financially!), And so, the donor bought bitcoins in this exchanger (they came to the site C), and then sent it to another wallet (D) and then sent part of the amount to me.

Based on the chart, you might think that we used one exchange at the same time — but this is not necessarily the case, since the chart shows all the transactions that have ever been made by my wallet. Another option – transaction AB is also a donation that was made by someone directly through the exchanger.

I redistributed the nodes a bit, look at point B – it is connected with the same nodes as my wallet (A), that is, with D, E, F, G. A donation came from user B, that is, he bought it somewhere on the exchanger Bitcoins, and sent part of the amount to me, and I returned these bitcoins back to exchangers.

The same can be said about point C, this user buys and sells on exchangers and once sent part of the amount to me. Alternatively, these wallets received funds from another source (not exchangers), but cashed them through them, and also sent me a few bucks.

By default, the search depth is three, that is, if you run without the -d option:

then you can get something like this:

By default, Orbit processes only the last 50 transactions from each wallet. You can change this value with the -l option. You can both reduce and increase the number of covered transactions.

Wallets that have made just a couple of interactions with our target may not be important, Orbit can be told to crawl top N wallets at each level by using the -t option.

If you want to view the data collected by the graph viewer of your choice, you can use the -o option. After it, you need to specify one of the supported formats:

• graphml (supported by most graph viewers)
• json (for raw processing)

Conclusion

The Orbit tool is not intended to deanonymize Bitcoin users, but it can help gather interesting information. For example, as it turned out, the world is rather cramped, and together with others I use approximately the same exchangers.

Under close scrutiny are bitcoins with an interesting “fate” or origin. For example, the public is watching the very first bitcoins that the author of Bitcoin mined. There are many of these bitcoins, and an attempt to cash out may well reveal the mystery of who invented Bitcoin. The public also watches the bitcoins that the FBI seized from Silk Road and various criminal bitcoins.

This is possible due to the fact that anonymity and decentralization are in conflict. As a countermeasure to this analysis, you can create unique wallet addresses for each transaction, for example, wikileaks generates a unique wallet address for each donor. But if then they merge (at any stage) into one wallet, then this measure loses its meaning.

We can assume other problems related to the transparency of the blockchain: if someone (for example, to me in a donation to the site) was transferred to criminal bitcoins. And without a second thought, I exchanged them for cash through the exchanger, where I specified my bank card number. It will turn out that law enforcement authorities may have questions for me…

Источник

Open Transactions – бесплатный программный инструментарий

Проект управляется всемирным сообществом добровольцев. Работа над Open Transactions и связанной с ним документации ведется на GitHub.

Финансовая криптография

Позволяет использовать сильные криптографические методы для создания безопасных финансовых инструментов. С помощью OpenTransactions создаются цифровые подписи для контрактов и цифровые деньги (токены). Транзакции в этой среде не поддаются фальсификации и изменению. При этом для подтверждения валидности транзакций не требуется сохранять какую-либо историю, кроме последней подписи за ней закрепленной.

Инструменты Open Transactions используют Ricardian Contracts: смарт-контракты, одинаково доступные для понимания людям и программному обеспечению компьютеров.

Финансовые инструменты

Обеспечивают надежное создание и обработку депозитных договоров с участием: эмитента, который создает контракты и несет ответственность за выполнение условий; и предъявителей – участвующих в сделке.

OTX протокол позволяет производить такие операции:

• Денежные трансферы с одного аккаунта на другой (в том числе атомарные, с участием реальных банковских аккаунтов).

• Выпуск неподделываемых чеков, ваучеров, счетов-инвойсов.

• Рыночная торговля (обмен заданных количеств одного инструмента на другой).

• Работа со смарт-контрактами (содержащими определенные пользователем сценарии, хуки и переменные).

Сценарии применения Open Transactions

Депозитарный учет цифровых валют, криптовалют, драгоценных металлов, обработка платежей (в том числе биллингового цикла).

Создание ценных бумаг на предъявителя.

Построение персональных проектов с использованием OTX, если они не противоречат возможностям и целям Open Transactions.

Источник

How can Open Transactions benefit Bitcoin?

OT is being integrated into the Multibit client.

How can such integration benefit users? What are some things it enables?

2 Answers 2

Market exchange

OT includes bid/ask markets, allowing for trade between assets. And unlike most exchanges, the voting pools feature makes it impossible for the server to steal the coins.

Untraceable transactions

OT incorporates Chaumian blinding (untraceable cash), meaning it can provide anonymity and untraceability, similar to what the Bitcoin community strives for with existing mix services. (Bitcoin by itself is publicly-audit-able, which is a strength, but is also the opposite of untraceable. Its benefit is censorship-resistance, not untraceability, which can be added separately using OT.)

Instant settlement

OT has instant finality of settlement (instead of waiting 10 minutes to an hour for a transaction to clear.) This can be useful where merchants and and shopping carts are involved.

Micro-transactions

Micro-transactions will be more feasible on transaction servers than they would be on the blockchain.

Cash streaming protocols

Cash streaming protocols, in general, should become more prevalent and help to solve issues of resource allocation on mesh networks, anonymous networks, etc. Virtual Tahoe LAFS hosting and so on will eventually become more available, whether via OT or some similar system. (This would help protect the lives of Syrian bloggers murdered by snipers, and the lives of Chinese bloggers unjustly imprisoned to decades+ of hard labor—and to protect the anonymity of Mexicans who otherwise risk being disemboweled and strung from a bridge when following a «Real Names» policy.)

Operates securely on low-trust servers

OT cannot lie on your receipt. It cannot change your balance or forge any of your transactions. (Bitcoin also is like this, but it’s still worth mentioning.) Combined with an auditing protocol, this makes it possible to run low-trust servers.

No transaction history

On OT, unlike most other systems, and unlike the blockchain, you will be able to prove which instruments are valid, and which transactions are cleared, without storing any transaction history, as long as you keep your last signed receipt. This is useful to all parties, and also reduces the cost of running a transaction server.

Full range of financial instruments

OT supports a full gamut of financial instruments, including cheques, transfers, cash, cashier’s cheques, receipts, recurring payments, market offers and trades, and smart contracts (scriptable clauses — write your own.) You will have to decide for yourself how to best use these capabilities.

You could use OT to write a market exchange, or online wallet or personal wallet. (Of course these exist already, but I’m just saying. )

Smart contracts

OT makes it possible to create custom-scripted agreements between parties, to be executed on the server side.

You could use OT to offer escrow services. You could devise your own escrow contract in script form, and then OT will process it.

Client-side scripting

OT also supports client-side scripting, meaning that people can combine «Unix scripting» with «financial transactions». The possibilities are endless, but that part is really up to the developer community.

You could use OT to build a digital ticketing system, printing out tickets with QR codes or whatever.

In-game representations of real-world financial environments

You could use OT to build a full financial transaction system into an online game or virtual universe. (Gold duplication can get to be a real issue on games.) People on the game would be able to open accounts, withdraw and deposit cash, write cheques, trade on markets, just like people in real life. People would even be able to issue their own currencies, and trade in basket currencies.

Protection against online wallet fraud

At some point OT will support Bitcoin voting pools, meaning it would be impossible for any single server to just disappear with your Bitcoins. (A problem currently endemic to the Bitcoin world.) This will be a protocol between OT servers based on existing features in the Bitcoin script language (like multi-sign.)

This capability goes beyond mere auditing or proof-of-reserves, since it actually prevents a server—or a malicious employee, or a hacker—from stealing the coins.

Источник