Bitcoin Block Chain Network
I found this article very interesting: https://www.coindesk.com/irs-using-bitcoin-tracking-software-since-2015/
It described how the IRS was using a startup called Chainalysis to track the flow of bitcoins through the block chain. The IRS, being interested in tracking individuals’ hidden assets, clearly would like to know if someone has bitcoins but hasn’t disclosed that. Law enforcement have been attempting to do the same thing to track silk road purchases and payments made to ransom-ware. A piece of ransom-ware might distribute itself and only ask individuals to send bitcoins to a particular address, which would simply appear as 1HyasSC2VifTZo7YkUNn33udnWXw3Ffq7T.
The problem is that addresses are free to make, and so people trying to hide their identity have no reason to use the same wallet twice, or not use many intermediary wallets. On the other hand, every transaction is publicly available for inspection, so many straight forwards tricks such as an intermediary wallet would be pointless. What is less pointless is sending bitcoins to a large, “hub”, node and receiving them out to another address or to multiple addresses. Because of the branching factor near such hubs it becomes very difficult to track the true identities behind these transactions.
This presentation showed off some of the techniques used to catch scammers and track bitcoins: https://www.sans.org/summit-archives/file/summit-archive-1498165491.pdf
Some of the techniques are as simple as noticing patterns, such as a set of transactions always of a certain size and always divisible by certain values. Other tell tail signs involve tracking how bitcoins are divided by certain wallets. For example, in one incident the author of a malicious piece of code split the profits in a 20-80 manner with a partner. This split quickly became a tell-tale sign of malicious activity. In other circumstances, the original creators of wallets could be deduced by checking who originally put bitcoins into it. In another circumstance, related nodes were found by calculating how often they participated in similar transactions.