UPDATE : After some comments I have received I want to clarify, this is not a mandate or instruction to the masses to go do this but my own mumblings as I have not seen anything in operation similar to this but I thought it would have been.

I also know that some of the industry who deal in this area of Bitcoin may not like the idea as it may harm their business models – again, this is just my personal blog where I put down ideas.

I also take on board those open rights advocates who believe that this is a bad idea, we are all allowed our own opinions and this blog is just that, my own personal opinion.

I have not seen this in operation, and as such, I thought I’d get this idea down. However, if you know this existing, then please let me know….

The question, which seems an obvious question, is

“Is there a central collection somewhere of Bitcoin addresses that have been used in malicious activity, that someone can reference to – a Bitcoin Blacklist if you will?”

As I have not found anything on this topic, I therefore took some time to put down my own personal thoughts which go as follows:

Process

1. An attack happens
2. A Bitcoin address becomes attached to the incident (e.g. Ransomware address)
3. The address becomes identified as being attached
4. Bitcoin address is registered to blacklist
5. Bitcoin exchanges blacklist the account
6. Bitcoin would be harder to be extracted into ‘real-world’ cash

Let me break this down into each layer…

An Attack Happens

As with most computers and devices, they are connected to the internet. This allows for international crime, sent from anywhere to attack anything across the globe. This may be one of many types of attack, but here, we are focussing specifically on those that require a financial transaction of some kind. These include, but are not limited to:

• Ransomware
• Extortion
• Fraud

A Bitcoin address becomes attached to the incident (e.g. Ransomware address)

As the incident unfolds, Bitcoin addresses may become attached to the incident, e.g. in WannaCry, we saw 3 Bitcoin Wallets mentioned across the ransomware notices. Other attacks may use multiple wallets, perhaps one per infection.

The wallet used may be where a payment is made for illicit content (paedophile images etc).

However, in the case of extortion or fraud, the Bitcoin account may only be discovered later.

The address becomes identified as being attached

A verification check needs to be made to confirm that the address does indeed belong to the attacker or part of the attack vector to prevent mis-identification of valid Bitcoins being used.

Bitcoin address is registered to blacklist

Law enforcement, infosec professionals then submit the Bitcoin Wallet addresses identified in the attack to a central Bitcoin Blacklist. The information submitted should be, I guess similar to a CVE there will be certain details that need to be committed:

• name of author,
• detail of incident,
• Bitcoin wallet address
• expected sizes of transactions.

Bitcoin exchanges blacklist the account

This is the section that I think needs to be developed if it doesn’t exist already!

Similar to DNS with IP propagation or SpamHaus etc this incident detail then propagates round all Bitcoin Exchanges to then flag the Bitcoin Wallets as being involved with a criminal attacker.

This may also form part of some kind of reputational feature of Bitcoin Exchanges as you will be able to identify Exchanges that are regularly being used to set up criminal accounts – maybe forcing them to request more details on registration.

Bitcoin would be harder to be extracted into ‘real-world’ cash

As a result of the Wallet now being flagged, it would make any transactions on that wallet more monitored, either by threat intel, agencies, monetary regulators etc. We saw some of this in action when the wallets involved with WannaCry started to transact and the infosec community blogged about it.

I believe that with exchanges pulling together it would reduce the ways that criminals can extort money from their victims, by knowing that Bitcoin Wallets could be monitored or blacklisted. If exchanges worked together for the greater good and disable the wallets from converting to cash then it would mean that we are reducing the ways that criminals can hit their targets.

Why should we bother with this?

Bitcoin is unique in that it is an anonymous form of financial transfer. The adoption is growing and its success needs to be protected. However, due to the anonymity it offers, it is therefore attractive to criminals who can force those being attacked to have an anonymous way to be paid. Ransomware is now using this method increasingly.

If a Bitcoin Blacklist can help to cause the criminals to stop using this crypto-currency as a way to be paid thus making their criminal activity then I think this is worth the investment. I also think that it would help to further legitimise Bitcoin and the reputation element would also help Bitcoin Exchanges to reduce their criminal users.

Finally, this also helps security researchers to have a way to demonstrate the reasons they may be investigating certain Bitcoin Wallets and reduce their likelihood of being investigated for their research.

As I have said, these are my own opinions and thoughts – not everyone will agree and I am by no means a Bitcoin expert. However, I am a citizen of the digital world and if the above means that we can make it safer, then I think it should at least be discussed.