If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews

If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews

Bitcoin and similar cryptocurrencies are becoming increasingly popular as a payment method in both legitimate and illegitimate online markets. Such markets usually deploy a review system that allows users to rate their purchases and help others to determine reliable vendors. Consequently, vendors ar...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Schäfer Jochen, Müller Christian, Armknecht Frederik
Formato: article
Lenguaje:EN
Publicado: Sciendo 2022
Materias:
bitcoin
markets
reviews
identification
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
Acceso en línea:https://doaj.org/article/dc7257b3102a4d578fbd47cf1775bb5a
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:doaj.org-article:dc7257b3102a4d578fbd47cf1775bb5a
record_format dspace
spelling oai:doaj.org-article:dc7257b3102a4d578fbd47cf1775bb5a2021-12-05T14:11:10ZIf You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews2299-098410.2478/popets-2022-0022https://doaj.org/article/dc7257b3102a4d578fbd47cf1775bb5a2022-01-01T00:00:00Zhttps://doi.org/10.2478/popets-2022-0022https://doaj.org/toc/2299-0984Bitcoin and similar cryptocurrencies are becoming increasingly popular as a payment method in both legitimate and illegitimate online markets. Such markets usually deploy a review system that allows users to rate their purchases and help others to determine reliable vendors. Consequently, vendors are interested into accumulating as many positive reviews (likes) as possible and to make these public. However, we present an attack that exploits these publicly available information to identify cryptocurrency addresses potentially belonging to vendors. In its basic variant, it focuses on vendors that reuse their addresses. We also show an extended variant that copes with the case that addresses are used only once. We demonstrate the applicability of the attack by modeling Bitcoin transactions based on vendor reviews of two separate darknet markets and retrieve matching transactions from the blockchain. By doing so, we can identify Bitcoin addresses likely belonging to darknet market vendors.Schäfer JochenMüller ChristianArmknecht FrederikSciendoarticlebitcoinmarketsreviewsidentificationEthicsBJ1-1725Electronic computers. Computer scienceQA75.5-76.95ENProceedings on Privacy Enhancing Technologies, Vol 2022, Iss 1, Pp 440-459 (2022)
institution DOAJ
collection DOAJ
language EN
topic bitcoin
markets
reviews
identification
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
spellingShingle bitcoin
markets
reviews
identification
Ethics
BJ1-1725
Electronic computers. Computer science
QA75.5-76.95
Schäfer Jochen
Müller Christian
Armknecht Frederik
If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews
description Bitcoin and similar cryptocurrencies are becoming increasingly popular as a payment method in both legitimate and illegitimate online markets. Such markets usually deploy a review system that allows users to rate their purchases and help others to determine reliable vendors. Consequently, vendors are interested into accumulating as many positive reviews (likes) as possible and to make these public. However, we present an attack that exploits these publicly available information to identify cryptocurrency addresses potentially belonging to vendors. In its basic variant, it focuses on vendors that reuse their addresses. We also show an extended variant that copes with the case that addresses are used only once. We demonstrate the applicability of the attack by modeling Bitcoin transactions based on vendor reviews of two separate darknet markets and retrieve matching transactions from the blockchain. By doing so, we can identify Bitcoin addresses likely belonging to darknet market vendors.
format article
author Schäfer Jochen
Müller Christian
Armknecht Frederik
author_facet Schäfer Jochen
Müller Christian
Armknecht Frederik
author_sort Schäfer Jochen
title If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews
title_short If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews
title_full If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews
title_fullStr If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews
title_full_unstemmed If You Like Me, Please Don’t “Like” Me: Inferring Vendor Bitcoin Addresses From Positive Reviews
title_sort if you like me, please don’t “like” me: inferring vendor bitcoin addresses from positive reviews
publisher Sciendo
publishDate 2022
url https://doaj.org/article/dc7257b3102a4d578fbd47cf1775bb5a
work_keys_str_mv AT schaferjochen ifyoulikemepleasedontlikemeinferringvendorbitcoinaddressesfrompositivereviews
AT mullerchristian ifyoulikemepleasedontlikemeinferringvendorbitcoinaddressesfrompositivereviews
AT armknechtfrederik ifyoulikemepleasedontlikemeinferringvendorbitcoinaddressesfrompositivereviews
_version_ 1718371329322778624

Ejemplares similares