In the battle to link real-world criminals to their anonymous bitcoin troves, Chainalysis has found a “meaningful” edge: a block explorer website that scrapes visitors’ internet protocol (IP) addresses.
According to leaked documents reviewed by CoinDesk, Chainalysis, the largest of the blockchain tracing firms, owns and operates “walletexplorer.com.” Like other block explorers, the service lets anyone view the history of public cryptocurrency wallet addresses. Chainalysis figures that bad actors would use its site to check transactions without fear of “leaving a ‘footprint’” on crypto exchanges, the documents said.
But where the exchanges – and presumably most block explorers – have no eyes, Chainalysis has its sights. It “‘scrapes’ the IP addresses of suspicious” users that fall into the honeypot of walletexplorer.com.
“Using this dataset we were able to provide law enforcement with meaningful leads related to the IP data associated with an address,” the documents, translated from Italian, say. “It is also possible to conduct a reverse lookup on any known IP address to identify other BTC addresses.”
In doing so, Chainalysis has effectively weaponized an unassuming website without disclosing its ties. It has never publicly associated itself with walletexplorer.com. The website was created in 2014, according to site registration documents that make no mention of Chainalysis.
A spokesperson for Chainalysis declined to comment.
The documents also show that Chainalysis thinks it can trace transactions in monero (XMR), which many consider to be the cryptocurrency with the strongest privacy defenses.
“Of the cases that Chainalysis worked on in collaboration with law enforcement, we were able to provide usable leads in approximately 65% of cases involving Monero,” the documents say.
Another slide from Chainalysis’ presentation to Italian police (DarkLeaks)
This is a developing story. Refresh later for updates.