MFScope – A novel platform for identifying illegal crypto transactions on the dark web


Updated July 18th, 2019

The dark web has been widely used for a myriad of illegal activities, thanks to its anonymous communication protocols. Cryptocurrencies represent the main currencies used to conduct illegal financial transactions on the dark web, as they enable users to hide their identities throughout financial transactions.

A newly published research paper introduces MFScope, a novel framework that collects data related to cryptocurrencies from the dark web in order to identify their usage in various illicit activities taking place on this hidden part of the world wide web. Throughout this article, we will overview MFScope’s design and how it can be used to identify cryptocurrency abuses on the dark web.

Basic concept and design of MFScope:

The main goal of MFScope is to provide a thorough analysis of cryptocurrency usage on the dark web with emphasis on illegal transactions. Nevertheless, achieving this goal is not an easy task by any means due to three main challenges. First, harvesting data related to cryptocurrency off the dark web is relatively difficult due to the anonymous nature of the dark web. Second, as cryptocurrencies are “pseudonymous”, it is difficult to identify the owners of cryptocurrency addresses. Third, even if data pertaining to cryptocurrency transactions is successfully obtained, more information is needed to unmask identities of users for further analysis.

MFScope’s platform acts via extraction of seed onion domain addresses by making use of Tor network indexing services, namely Ahmia, and crawling those harvested hidden services. The platform also obtains links to other hidden services from the crawled data in order to boost the corpus of harvested data. Via MFScope’s platform, its developers managed to harvest around 27 million dark website pages in addition to around 10 million unique cryptocurrency addresses. The developers believe that such large scale process of data collection renders their analysis highly solid. However, they do not claim that their harvested data covers the majority of cryptocurrency use cases on the dark web due to the fact that it is difficult to estimate the precise size of the dark web, yet they argued that analyzing a massive amount of data can formulate a reasonable understanding of usage of cryptocurrencies on the dark web.

Results obtained via implementing MFScope:

Data obtained via MFScope revealed that 99.8% of harvested cryptocurrency addresses on the dark web were bitcoin addresses, which denotes that bitcoin is the most widely used coin on the dark web. This motivated the developers to conduct a thorough analysis of the illegal use cases of bitcoin on various dark web hidden services. Via the bitcoin addresses harvested from the dark web, the team of developers found out that 80% of the collected bitcoin addresses were associated with illicit activities via classification of their use cases (e.g. illicit drug trafficking on cryptomarkets, money laundering, selling of stolen personal data, financial fraud, etc). They also estimated the value (in USD) of the bitcoins which have been transacted via these bitcoin addresses. They demonstrated that the market size of illicit activities involving bitcoin on the dark web is around 180 million USD.

The money flows associated with the collected illicit bitcoin addresses were also computed. A novel algorithm was proposed, known as “Taint based bitcoin flow analysis”, which computes the volume of illicit transactions sent from an illicit address to their recipients. This aids in formulating a better understanding of illegal financial transactions taking place on the dark web. According to the performed taint analysis, it was shown that users engaging in illegal activities on the dark web tend to send a large amount of their funds to multiple bitcoin exchanges.

Finally, a correlation analysis with data from the surface web (Clearnet) was conducted in order to recognize missing data on the dark web. Via utilization of a combination of information harvested from various domains, the cross-referencing evidence points to important data that contributes to the process of demystification of the overall cybercrime scheme on the dark web. According to the analysis performed via MFScope, a pair of real world value chains associated with bitcoin on the dark web were revealed and bitcoin investments fraudulent schemes.

This study represents the first investigative study analyzing the real world value chains using cryptocurrencies on the dark web.

What do you think?

128 points
Upvote Downvote

Written by Kofi Anash


How to use Tor as a Socks5 proxy for IRC networks

chain security

Tutorial: XMPP/Jabber OTR Over Tor