A new research study accepted in this year’s Privacy Enhancing Technologies Symposium may prove to be the final bullet in Bitcoin as a currency supported by darknet markets. For the past few years, the dark web had already been shifting toward privacy coin Monero, but recent revelations regarding the ease with which certain vendor Bitcoin addresses can be identified leave the classic crypto shockingly ill-fitted for continued market acceptance.
The study, which first appeared in this month’s issue of Proceedings on Privacy Enhancing Technologies, Volume 2022, was conducted by three privacy researchers at the University of Mannheim, Germany, and involved pouring over thousands of product reviews posted on two (now-defunct) darknet markets, Cannazon and Cryptonia. In all, the study managed to identify “potential payout addresses” for 308 Cryptonia vendors and 45 Cannazon vendors.
The researchers developed models based on the rules of the markets and filtered the blockchain for transactions that fit the characteristics of market payments to vendors, managing to match payments with customer reviews in several instances. They found over 80% of reviews from the two markets were posted on the same day that order funds were released to the vendor.
The authors suggest the behavior of reviewers makes it especially easy to identify BTC addresses of vendors at markets that support Direct Deposit or Multisig Escrow payments (as employed by Cryptonia and Cannazon, respectively). They also noted that markets using these methods thereby put vendors at risk for attack by an adversary, whether it be law enforcement or the competition.
“In particular, transferring the funds directly from the escrow address to the vendor payout address results in a single point of attack, which can be easily exploited by attackers,” the authors noted. “In this regard, wallet-based centralized transfer markets could provide higher degrees of privacy as they allow vendors to withdraw their funds in chunks of arbitrary values completely unrelated to the prices of their items.”
Though the benefits of using Monero (XMR) over Bitcoin (BTC) as a currency on darknet markets have long been apparent, the results of the study expose the true level of risk involved when using Bitcoin on a market.
The researchers added the following caveat to the results of their investigation:
“While the findings appear to be plausible, we cannot state with absolute certainty that the addresses found by our attack do in fact constitute addresses of Cryptonia Market or Cannazon vendors.”
They also proffered theoretical advice as to what darknet markets could do to potentially mitigate the shortfalls inherent in accepting BTC as a method of payment:
“While security by obscurity is not a reliable security paradigm, releasing as little information on the payment system as possible seems to be advisable, as attacks become easier the more a-prior knowledge an attacker has…”