1 00:00:10,620 --> 00:00:15,780 so um as mentioned my name is Haroon and 2 00:00:13,530 --> 00:00:17,759 i was speaking about how we trace 3 00:00:15,780 --> 00:00:20,549 transactions that went across cryptic 4 00:00:17,760 --> 00:00:23,369 cartilages this work is done by myself 5 00:00:20,550 --> 00:00:26,669 George Capas and Sarah Mahajan all of 6 00:00:23,369 --> 00:00:27,779 our from University College on so as 7 00:00:26,669 --> 00:00:29,490 obviously we speak about printer 8 00:00:27,779 --> 00:00:30,390 currencies we shall first start with 9 00:00:29,490 --> 00:00:33,150 Bitcoin 10 00:00:30,390 --> 00:00:34,770 so Bitcoin was at many as they said many 11 00:00:33,150 --> 00:00:38,400 times before the first winter coffee 12 00:00:34,770 --> 00:00:42,450 that was created in 2009 12 2008 she 13 00:00:38,400 --> 00:00:44,870 then first you did 2009 waited by one of 14 00:00:42,450 --> 00:00:48,420 the synonymous author Satoshi Nakamoto 15 00:00:44,870 --> 00:00:52,410 now with the system he was designed with 16 00:00:48,420 --> 00:00:54,210 the issue of having pseudonymity without 17 00:00:52,410 --> 00:00:57,870 by users who transact with each other 18 00:00:54,210 --> 00:01:00,810 have addresses which are unique and with 19 00:00:57,870 --> 00:01:02,970 that add a layer of anonymity but within 20 00:01:00,810 --> 00:01:05,519 this year they also mentioned that there 21 00:01:02,970 --> 00:01:07,200 are some issues with the system first 22 00:01:05,519 --> 00:01:09,900 being that's only anonymous if you keep 23 00:01:07,200 --> 00:01:12,659 your your coin your addresses private 24 00:01:09,900 --> 00:01:15,780 and the second is that if you leak your 25 00:01:12,659 --> 00:01:18,030 key then the transactions I have leaked 26 00:01:15,780 --> 00:01:19,799 can be perhaps been linked towards you 27 00:01:18,030 --> 00:01:21,840 and for them going backwards and going 28 00:01:19,799 --> 00:01:22,859 forwards but what they also don't 29 00:01:21,840 --> 00:01:24,509 mention is that if you were to other 30 00:01:22,859 --> 00:01:26,640 people were to leak your information 31 00:01:24,509 --> 00:01:29,789 would leak their information that could 32 00:01:26,640 --> 00:01:31,109 then also be used to target you so 33 00:01:29,789 --> 00:01:33,689 they're not more than five years later 34 00:01:31,109 --> 00:01:35,490 we see a large plethora of research 35 00:01:33,689 --> 00:01:38,699 which looks at attacking back when I 36 00:01:35,490 --> 00:01:40,048 mean of MTI provides many of these of 37 00:01:38,700 --> 00:01:42,630 these systems use techniques like 38 00:01:40,049 --> 00:01:45,119 address tracking address tagging and 39 00:01:42,630 --> 00:01:47,189 also address clustering in order to 40 00:01:45,119 --> 00:01:49,319 identify the antecedent system how they 41 00:01:47,189 --> 00:01:52,770 interact with each other and the overall 42 00:01:49,319 --> 00:01:55,170 flow as well as this we've also seen 43 00:01:52,770 --> 00:01:56,969 many crimes that no Bitcoin which then 44 00:01:55,170 --> 00:01:58,380 used these techniques in order to 45 00:01:56,969 --> 00:01:59,908 determine where the coins when and how 46 00:01:58,380 --> 00:02:01,770 and if they can't float the crimean 47 00:01:59,909 --> 00:02:05,759 process or the one of the most famous 48 00:02:01,770 --> 00:02:07,380 ones was the amount GOx hack which the 49 00:02:05,759 --> 00:02:09,030 very was the biggest exchange back in 50 00:02:07,380 --> 00:02:11,008 the day for tea they were hired to lost 51 00:02:09,030 --> 00:02:12,480 many of their coins but but using these 52 00:02:11,008 --> 00:02:13,739 tracking techniques will be able to find 53 00:02:12,480 --> 00:02:16,010 that these coins actually went to 54 00:02:13,740 --> 00:02:18,510 another exchange 55 00:02:16,010 --> 00:02:20,879 very recently another exchange balance 56 00:02:18,510 --> 00:02:22,679 was hacked and they they eight million 57 00:02:20,879 --> 00:02:24,380 dollars worth of bitcoins was stolen 58 00:02:22,680 --> 00:02:27,200 these are however been 59 00:02:24,380 --> 00:02:28,280 very closely monitors in case say what 60 00:02:27,200 --> 00:02:31,040 to move to an exchange with it could be 61 00:02:28,280 --> 00:02:32,210 prison Bitcoin isn't the only kind of 62 00:02:31,040 --> 00:02:34,280 currency as you honor there are many 63 00:02:32,210 --> 00:02:36,320 others in the space um there are some 64 00:02:34,280 --> 00:02:39,680 privacy once was almost the cash and 65 00:02:36,320 --> 00:02:42,019 Monaro a Volusia use next and the 66 00:02:39,680 --> 00:02:44,300 privacy audiology symposium they were 67 00:02:42,020 --> 00:02:47,300 attacked sour the that were shown upon 68 00:02:44,300 --> 00:02:48,860 these to anonymity wait so I'm trying to 69 00:02:47,300 --> 00:02:49,700 say here that the attacks are not only 70 00:02:48,860 --> 00:02:53,000 supposed to pick one they're also 71 00:02:49,700 --> 00:02:55,100 specific to anonymity coins now all of 72 00:02:53,000 --> 00:02:57,440 these systems alone these attacks occur 73 00:02:55,100 --> 00:02:58,070 on unchanged that occur within the same 74 00:02:57,440 --> 00:02:59,450 ecosystem 75 00:02:58,070 --> 00:03:01,160 well the Bitcoin attacks occur in a 76 00:02:59,450 --> 00:03:04,250 Bitcoin or the Zika attacks occur within 77 00:03:01,160 --> 00:03:06,470 Z cash so that's one change seems to be 78 00:03:04,250 --> 00:03:08,960 very studied and very looked into your 79 00:03:06,470 --> 00:03:12,320 amigo system but we've also seen a trend 80 00:03:08,960 --> 00:03:15,290 of crime going across chain this is 81 00:03:12,320 --> 00:03:16,720 where users move their coins from Bix a 82 00:03:15,290 --> 00:03:19,489 Bitcoin and they're backed by a theory 83 00:03:16,720 --> 00:03:20,990 when the most famous ones ones happen 84 00:03:19,490 --> 00:03:22,760 recently was the one a crack attack 85 00:03:20,990 --> 00:03:25,280 which was a ransom which affected many 86 00:03:22,760 --> 00:03:27,079 hospitals and a do so they were able to 87 00:03:25,280 --> 00:03:28,820 get one hundred forty two thousand 88 00:03:27,080 --> 00:03:30,590 dollars worth of Bitcoin which they then 89 00:03:28,820 --> 00:03:32,840 laundered through cross currency 90 00:03:30,590 --> 00:03:35,840 exchanges so the question now is can we 91 00:03:32,840 --> 00:03:40,880 track exchanges that allow you to do 92 00:03:35,840 --> 00:03:42,500 cross currency trades so there are a 93 00:03:40,880 --> 00:03:43,910 couple of exchanges which do this two of 94 00:03:42,500 --> 00:03:45,530 which we will speak about shape-shift 95 00:03:43,910 --> 00:03:47,329 and change Li focusing mainly on 96 00:03:45,530 --> 00:03:49,340 shape-shift what the doggies are 97 00:03:47,330 --> 00:03:51,140 exchange try to do cross currently 98 00:03:49,340 --> 00:03:53,480 trades so they're like a lightweight 99 00:03:51,140 --> 00:03:54,829 exchange they allow user to exchange 100 00:03:53,480 --> 00:03:56,540 multiple coins you're gonna shake bacon 101 00:03:54,830 --> 00:03:58,940 for a 30 mm for bicker whatever point 102 00:03:56,540 --> 00:04:02,780 you have and well the coins support you 103 00:03:58,940 --> 00:04:04,640 can crush it over in currently custom we 104 00:04:02,780 --> 00:04:06,590 have arrived 2000 cryptocurrencies but 105 00:04:04,640 --> 00:04:11,269 they combine the right to convert over 106 00:04:06,590 --> 00:04:12,500 140 so why would you do cross trade war 107 00:04:11,270 --> 00:04:14,720 there's many reasons that I said before 108 00:04:12,500 --> 00:04:16,430 it's very easy to use which I'll 109 00:04:14,720 --> 00:04:17,810 demonstrate perhaps give us some 110 00:04:16,430 --> 00:04:20,120 protection and Amity which won't explain 111 00:04:17,810 --> 00:04:21,019 they're not custodial and that means 112 00:04:20,120 --> 00:04:22,610 that you don't need them like you 113 00:04:21,019 --> 00:04:24,020 already need to have your coins in or 114 00:04:22,610 --> 00:04:24,650 account you just go to the website do 115 00:04:24,020 --> 00:04:25,640 the trade 116 00:04:24,650 --> 00:04:27,799 you've got your pointer back are 117 00:04:25,640 --> 00:04:28,969 straight away and also simply cheaper 118 00:04:27,800 --> 00:04:32,390 because you also do a single rate of 119 00:04:28,970 --> 00:04:33,979 change so how do you do a shift with is 120 00:04:32,390 --> 00:04:35,990 very very straightforward you go to a 121 00:04:33,979 --> 00:04:37,938 website and you say yeah I got Bitcoin 122 00:04:35,990 --> 00:04:41,129 and I want to get some thorough 123 00:04:37,939 --> 00:04:43,139 the next thing you do is you then say 124 00:04:41,129 --> 00:04:44,520 okay I've got this is the ones I want to 125 00:04:43,139 --> 00:04:46,169 confirm you give them the address that 126 00:04:44,520 --> 00:04:47,128 you want your coins to be sent to it's 127 00:04:46,169 --> 00:04:48,419 not a case we want to give them an 128 00:04:47,129 --> 00:04:53,069 ethereal address because we want to get 129 00:04:48,419 --> 00:04:55,198 thrown from our trade after that we then 130 00:04:53,069 --> 00:04:57,180 send them a bit quick to adjust that 131 00:04:55,199 --> 00:04:59,039 they specify once they confirm their 132 00:04:57,180 --> 00:05:01,199 bitcoins and they validate transaction 133 00:04:59,039 --> 00:05:02,789 they then will give us an alluring and 134 00:05:01,199 --> 00:05:06,629 that's it the trade is completely done 135 00:05:02,789 --> 00:05:07,949 you're not gonna cross a cross chain so 136 00:05:06,629 --> 00:05:09,449 what this looks like here on the tube 137 00:05:07,949 --> 00:05:10,770 block changes we've got a queen a which 138 00:05:09,449 --> 00:05:12,120 you're not kiss was Bitcoin and calling 139 00:05:10,770 --> 00:05:16,049 B which you can say is the transaction 140 00:05:12,120 --> 00:05:18,360 flows of ethereum now in point a we said 141 00:05:16,050 --> 00:05:19,500 that we've gone from our case to perhaps 142 00:05:18,360 --> 00:05:21,870 of shifting service that we might know 143 00:05:19,500 --> 00:05:23,759 the address of but in coin B we don't 144 00:05:21,870 --> 00:05:25,680 know where that changes and with that 145 00:05:23,759 --> 00:05:29,490 trades and a dot which no did a go - 146 00:05:25,680 --> 00:05:31,050 hardly propagate afterwards so the aim 147 00:05:29,490 --> 00:05:32,969 of our research is to indeed find the 148 00:05:31,050 --> 00:05:37,560 link which can allow you to connect the 149 00:05:32,969 --> 00:05:39,180 currency which go across chain these are 150 00:05:37,560 --> 00:05:41,279 some of the contributions that we did in 151 00:05:39,180 --> 00:05:45,000 our paper now go through most of them as 152 00:05:41,279 --> 00:05:48,150 we progress through this talk the first 153 00:05:45,000 --> 00:05:50,310 one being the analysis that we did and 154 00:05:48,150 --> 00:05:55,560 how we obtain the data set in order to 155 00:05:50,310 --> 00:05:57,180 perform our attacks of course to do to 156 00:05:55,560 --> 00:05:59,069 do this attack you first need data and 157 00:05:57,180 --> 00:06:01,500 there was a sensor one much it available 158 00:05:59,069 --> 00:06:03,389 we're gonna get ourselves do this so for 159 00:06:01,500 --> 00:06:05,729 this we just went to the urology see at 160 00:06:03,389 --> 00:06:08,069 the bottom and we scraped they can't the 161 00:06:05,729 --> 00:06:10,529 API for a number of month for 30 months 162 00:06:08,069 --> 00:06:13,050 no to obtain a large mass of 163 00:06:10,529 --> 00:06:15,569 transactions well this will give you is 164 00:06:13,050 --> 00:06:17,699 the following you've got a very simple 165 00:06:15,569 --> 00:06:20,129 JSON which contains full acidic piece of 166 00:06:17,699 --> 00:06:22,199 information the currency inputs are the 167 00:06:20,129 --> 00:06:24,000 personal carts you want to send the 168 00:06:22,199 --> 00:06:24,870 output point to the person the currency 169 00:06:24,000 --> 00:06:26,610 that they wanted 170 00:06:24,870 --> 00:06:29,189 you've got the amount that had sent and 171 00:06:26,610 --> 00:06:31,289 you've also got the timestamp with these 172 00:06:29,189 --> 00:06:33,389 simple things we cannot figure out what 173 00:06:31,289 --> 00:06:34,710 was the transaction the person did on 174 00:06:33,389 --> 00:06:36,810 the first chain so in our case just with 175 00:06:34,710 --> 00:06:38,789 Bitcoin so we know we've got Bitcoin 176 00:06:36,810 --> 00:06:40,710 which is fine here we know we've got a 177 00:06:38,789 --> 00:06:43,080 value of zero point five one and lots of 178 00:06:40,710 --> 00:06:44,279 other digits so we go and chain can we 179 00:06:43,080 --> 00:06:47,550 find a transaction with this specific 180 00:06:44,279 --> 00:06:49,830 output value and this specific time give 181 00:06:47,550 --> 00:06:50,460 or take some blocks was on Bitcoin and 182 00:06:49,830 --> 00:06:51,990 in fact we 183 00:06:50,460 --> 00:06:55,169 did fine and this is an example 184 00:06:51,990 --> 00:06:56,520 transaction that editor now we have this 185 00:06:55,169 --> 00:06:59,039 transaction what do we get we got the 186 00:06:56,520 --> 00:07:01,109 user who did the exchange we also have 187 00:06:59,039 --> 00:07:04,080 the exchange shape-shift which was 188 00:07:01,110 --> 00:07:06,810 platform the use used now funny of this 189 00:07:04,080 --> 00:07:08,430 the shape-shift exchange actually allow 190 00:07:06,810 --> 00:07:09,780 actual give you information about the 191 00:07:08,430 --> 00:07:11,759 exchange done if you give them an 192 00:07:09,780 --> 00:07:15,059 address let's say this address able to 193 00:07:11,759 --> 00:07:16,289 use a seconds to you they will then tell 194 00:07:15,060 --> 00:07:18,000 you if this is correct and if it was 195 00:07:16,289 --> 00:07:20,789 quite that will return the full 196 00:07:18,000 --> 00:07:22,560 transaction that happened so here we see 197 00:07:20,789 --> 00:07:25,110 the user got Bitcoin cash here 2.7 198 00:07:22,560 --> 00:07:27,810 Bitcoin caches and the transaction hash 199 00:07:25,110 --> 00:07:29,220 that was available I'm just going to 200 00:07:27,810 --> 00:07:31,590 blockchain check this if this is real if 201 00:07:29,220 --> 00:07:34,020 this is real we now have the full data 202 00:07:31,590 --> 00:07:37,500 of the exchange and the user and when 203 00:07:34,020 --> 00:07:39,120 they receive the money that's just a 204 00:07:37,500 --> 00:07:41,699 very simple three-step process Script 205 00:07:39,120 --> 00:07:43,470 API find the transaction and then look 206 00:07:41,699 --> 00:07:45,180 at the look again Ali p8 confirm this is 207 00:07:43,470 --> 00:07:47,280 correct although there are ways to do 208 00:07:45,180 --> 00:07:50,759 this without using the API but you can 209 00:07:47,280 --> 00:07:53,419 read that in the paper so now we just 210 00:07:50,759 --> 00:07:56,669 shown you is how to link currencies and 211 00:07:53,419 --> 00:07:58,139 exchanges that go across chain I mean I 212 00:07:56,669 --> 00:08:02,430 found the link and we found the shift 213 00:07:58,139 --> 00:08:04,080 that's to call it so now we know how to 214 00:08:02,430 --> 00:08:06,210 do how to do this attack 215 00:08:04,080 --> 00:08:08,280 we looked into some of the heuristics 216 00:08:06,210 --> 00:08:09,409 that we could understand to figure out 217 00:08:08,280 --> 00:08:12,059 how users interact 218 00:08:09,409 --> 00:08:13,740 of course we first offer some results we 219 00:08:12,060 --> 00:08:15,500 scripted for 13 months so this as I said 220 00:08:13,740 --> 00:08:18,509 you've got two point eight million 221 00:08:15,500 --> 00:08:20,669 shifts in total and from need to pick 222 00:08:18,509 --> 00:08:21,449 top eight coins which are around 2.3 223 00:08:20,669 --> 00:08:24,240 million transact 224 00:08:21,449 --> 00:08:26,520 transactions to do this we also have to 225 00:08:24,240 --> 00:08:28,139 go into that run a full node download 226 00:08:26,520 --> 00:08:29,280 all the data and then pass all the data 227 00:08:28,139 --> 00:08:33,180 in order to be able to look into the 228 00:08:29,280 --> 00:08:34,978 chains ourselves so how do we do so 229 00:08:33,179 --> 00:08:36,478 before we were able to try 1.3 million 230 00:08:34,979 --> 00:08:38,909 transactions that weren't completely 231 00:08:36,479 --> 00:08:40,469 cross chain but give us the input 232 00:08:38,909 --> 00:08:42,809 transaction and the upper transaction 233 00:08:40,469 --> 00:08:44,250 duck and so the best case for Z cash we 234 00:08:42,809 --> 00:08:46,529 obtained run 90% of who those 235 00:08:44,250 --> 00:08:51,420 transactions for the worst case which is 236 00:08:46,529 --> 00:08:53,579 Bitcoin we obtain 76% so we now we know 237 00:08:51,420 --> 00:08:54,959 how to go through the chain what about 238 00:08:53,579 --> 00:08:56,310 what bars people try to be clever why 239 00:08:54,959 --> 00:08:58,560 they try to you know move their coins 240 00:08:56,310 --> 00:09:01,290 around try to be small try to obscure 241 00:08:58,560 --> 00:09:03,089 what they're doing so that we came up 242 00:09:01,290 --> 00:09:04,199 with two extra heuristics the first one 243 00:09:03,089 --> 00:09:05,910 was called a u-turn now 244 00:09:04,200 --> 00:09:08,370 it's very straightforward as you see in 245 00:09:05,910 --> 00:09:10,680 the picture the two shifts which are 246 00:09:08,370 --> 00:09:12,120 very close in time and proximity the 247 00:09:10,680 --> 00:09:14,250 first case said the person fix something 248 00:09:12,120 --> 00:09:16,920 he can't they have Bitcoin they do one 249 00:09:14,250 --> 00:09:18,510 trade and they go to Z cash after some 250 00:09:16,920 --> 00:09:21,060 time they wait maybe like half an hour 251 00:09:18,510 --> 00:09:23,459 etc then then do another shift and they 252 00:09:21,060 --> 00:09:24,989 go back into Bitcoin question is how 253 00:09:23,459 --> 00:09:28,229 many users did this kind of transaction 254 00:09:24,990 --> 00:09:30,990 and of these can we figure out the 255 00:09:28,230 --> 00:09:32,579 values all if they had perhaps you the 256 00:09:30,990 --> 00:09:35,399 same coins I've gone using different 257 00:09:32,579 --> 00:09:36,510 addresses and then what this allows us 258 00:09:35,399 --> 00:09:38,040 to do is figure out the movement of 259 00:09:36,510 --> 00:09:39,240 coins wants to use a cell money to the 260 00:09:38,040 --> 00:09:41,339 exchange what did they do then after 261 00:09:39,240 --> 00:09:43,380 that so we found over one hundred and 262 00:09:41,339 --> 00:09:46,709 seven thousand transactions which 263 00:09:43,380 --> 00:09:48,089 matched our heuristic of these we found 264 00:09:46,709 --> 00:09:50,189 ten thousand with a person whose exact 265 00:09:48,089 --> 00:09:52,829 same address that they had received quiz 266 00:09:50,190 --> 00:09:54,750 from I was so and of these these a 267 00:09:52,829 --> 00:09:56,489 thousand of them actually the exact same 268 00:09:54,750 --> 00:10:02,940 coins meaning they did a complete trade 269 00:09:56,490 --> 00:10:05,190 going full circle so another case is 270 00:10:02,940 --> 00:10:06,720 round trip what if a use used it went 271 00:10:05,190 --> 00:10:09,690 through the circle but in fact he did 272 00:10:06,720 --> 00:10:10,980 something in the bottom here between the 273 00:10:09,690 --> 00:10:14,370 trade was kind of obscured what he was 274 00:10:10,980 --> 00:10:16,529 up to you so that is bracing to the 275 00:10:14,370 --> 00:10:19,079 u-turn is two shifts both in close time 276 00:10:16,529 --> 00:10:21,360 and in close value well we're looking 277 00:10:19,079 --> 00:10:23,370 how here is if the first if the value of 278 00:10:21,360 --> 00:10:24,930 the first shift is similar to the value 279 00:10:23,370 --> 00:10:27,660 of the second shift or if they return to 280 00:10:24,930 --> 00:10:29,399 the exact same input address did this 281 00:10:27,660 --> 00:10:30,630 user go from Bitcoin to Z cash do 282 00:10:29,399 --> 00:10:33,000 something that we weren't sure of and 283 00:10:30,630 --> 00:10:35,910 then go all the way back through back to 284 00:10:33,000 --> 00:10:37,680 the original dress and the advantage 285 00:10:35,910 --> 00:10:40,069 over the original one here is that the 286 00:10:37,680 --> 00:10:42,029 identity of the person of the original 287 00:10:40,070 --> 00:10:43,140 initiator is actually known because you 288 00:10:42,029 --> 00:10:44,970 know this person did a Bitcoin 289 00:10:43,140 --> 00:10:46,560 transaction here and he did something 290 00:10:44,970 --> 00:10:50,430 and then he went through Z cash back 291 00:10:46,560 --> 00:10:52,859 again to his version address now from 292 00:10:50,430 --> 00:10:53,880 from that we find around a hot 10,000 293 00:10:52,860 --> 00:10:56,339 100,000 294 00:10:53,880 --> 00:10:58,740 transactions which which one where is 295 00:10:56,339 --> 00:10:59,850 your stake and of those 10,000 actually 296 00:10:58,740 --> 00:11:05,069 went full circle and use the same 297 00:10:59,850 --> 00:11:06,470 address so this another reason is the 298 00:11:05,069 --> 00:11:09,449 point is because it helps us to identify 299 00:11:06,470 --> 00:11:11,459 users who perhaps used the cross chain 300 00:11:09,449 --> 00:11:13,529 system as a way to mix their coins 301 00:11:11,459 --> 00:11:16,010 around and attempt to obscure the 302 00:11:13,529 --> 00:11:16,010 transaction 303 00:11:16,950 --> 00:11:20,829 so now you know how work you know some 304 00:11:19,300 --> 00:11:22,899 of the attacks that we did also look 305 00:11:20,829 --> 00:11:25,569 into some real world scams or a real 306 00:11:22,899 --> 00:11:26,920 world scam where someone in fact did use 307 00:11:25,570 --> 00:11:31,959 this question you know to get away with 308 00:11:26,920 --> 00:11:33,939 the crime so um Russia in lost year late 309 00:11:31,959 --> 00:11:36,189 in early January the fan came up caught 310 00:11:33,940 --> 00:11:38,890 starscape capital what they promise is 311 00:11:36,190 --> 00:11:40,750 that if you invest in our fund who in 312 00:11:38,890 --> 00:11:42,220 fact give you a guaranteed 50% return 313 00:11:40,750 --> 00:11:43,829 and our special trading boat which does 314 00:11:42,220 --> 00:11:47,470 lots of magic machine learning and 315 00:11:43,829 --> 00:11:48,910 generates a big income blow up or okay 316 00:11:47,470 --> 00:11:50,440 obviously this is a good deal they look 317 00:11:48,910 --> 00:11:52,180 like legit company let's give them money 318 00:11:50,440 --> 00:11:53,860 and so they did and they raised their on 319 00:11:52,180 --> 00:11:57,219 two point two million dollars in Gerry 320 00:11:53,860 --> 00:11:58,810 2018 then of course you know you can't 321 00:11:57,220 --> 00:12:01,120 even get 50 percent of stock market so 322 00:11:58,810 --> 00:12:03,010 this is of course a scam and soon off 323 00:12:01,120 --> 00:12:03,880 the disappeared the removed got rid of 324 00:12:03,010 --> 00:12:06,370 the coins and moved it to a different 325 00:12:03,880 --> 00:12:07,779 address they moved the website the 326 00:12:06,370 --> 00:12:11,110 Ramudu social media they had completely 327 00:12:07,779 --> 00:12:12,459 gone off the grid but by looking to a 328 00:12:11,110 --> 00:12:13,630 more into more detail using the 329 00:12:12,459 --> 00:12:15,670 techniques we showed before we 330 00:12:13,630 --> 00:12:16,990 identified that they actually a quarter 331 00:12:15,670 --> 00:12:19,930 of their theory and they shifted 332 00:12:16,990 --> 00:12:22,779 straight into manera because from that 333 00:12:19,930 --> 00:12:29,439 they it can email it to my burner 334 00:12:22,779 --> 00:12:30,579 addresses that received these coins so 335 00:12:29,440 --> 00:12:32,050 there are more scammed in the people 336 00:12:30,579 --> 00:12:34,029 which you can look into such as many 337 00:12:32,050 --> 00:12:36,189 scams on ethereum DB which actually go 338 00:12:34,029 --> 00:12:38,890 question but I will leave that out for 339 00:12:36,190 --> 00:12:41,079 the talk when the last time things we 340 00:12:38,890 --> 00:12:42,640 looked into is how it uses make use of 341 00:12:41,079 --> 00:12:44,349 privacy coins you do they use proper 342 00:12:42,640 --> 00:12:47,620 sequence you know to augment the fact 343 00:12:44,350 --> 00:12:49,269 that they can do a crushing so for this 344 00:12:47,620 --> 00:12:50,740 we use two currencies which we know very 345 00:12:49,269 --> 00:12:53,350 well with the first ones that see cash 346 00:12:50,740 --> 00:12:54,699 and the second one was - so Z cash you 347 00:12:53,350 --> 00:12:56,140 have this feature called the shielded 348 00:12:54,699 --> 00:12:57,969 pool and where does it you put your 349 00:12:56,140 --> 00:12:59,769 coins into the pool and then it become 350 00:12:57,970 --> 00:13:01,630 completely hidden or on the chain you 351 00:12:59,769 --> 00:13:03,850 can move senator on the user you can 352 00:13:01,630 --> 00:13:05,620 split your Queen and do everyone but 353 00:13:03,850 --> 00:13:06,459 they will be the addresses and the 354 00:13:05,620 --> 00:13:09,579 values that you thought would be 355 00:13:06,459 --> 00:13:11,589 completely hidden so okay for in Z cash 356 00:13:09,579 --> 00:13:14,040 how many people send money from the pool 357 00:13:11,589 --> 00:13:16,600 directed to this crushed in exchange 358 00:13:14,040 --> 00:13:18,360 this would mean the exchange refused 359 00:13:16,600 --> 00:13:20,440 coins from a place it cannot 360 00:13:18,360 --> 00:13:23,470 legitimately identify this an unknown 361 00:13:20,440 --> 00:13:26,020 area from that we found our 3800 turns 362 00:13:23,470 --> 00:13:27,399 action which is quite significant which 363 00:13:26,020 --> 00:13:28,540 Kim which are today's money is there are 364 00:13:27,399 --> 00:13:30,390 three quarters of a million dollars 365 00:13:28,540 --> 00:13:33,339 worth of coins 366 00:13:30,390 --> 00:13:34,960 another case we looked into was - sure - 367 00:13:33,340 --> 00:13:37,000 and I shouldn't do something called Co 368 00:13:34,960 --> 00:13:38,860 enjoyed when you makes your transaction 369 00:13:37,000 --> 00:13:40,330 with many other people and doing so you 370 00:13:38,860 --> 00:13:43,990 try to hide who you are sending your 371 00:13:40,330 --> 00:13:45,070 Queens to fourth man - all the inputs 372 00:13:43,990 --> 00:13:46,270 that you do are similar to the same - 373 00:13:45,070 --> 00:13:48,370 the outputs it makes it very very 374 00:13:46,270 --> 00:13:52,300 difficult to determine who had sent 375 00:13:48,370 --> 00:13:53,950 coins to whom that we thought okay how 376 00:13:52,300 --> 00:13:55,390 many people do a quaint join and of 377 00:13:53,950 --> 00:13:58,390 those how many then send them money to 378 00:13:55,390 --> 00:14:00,250 shape-shift from this we found our two 379 00:13:58,390 --> 00:14:02,830 thousand transactions of those one point 380 00:14:00,250 --> 00:14:06,340 of the value is currently 1.2 million 381 00:14:02,830 --> 00:14:08,680 dollars worth this may seem seem like to 382 00:14:06,340 --> 00:14:11,320 be significant Oh - of the volume of 383 00:14:08,680 --> 00:14:12,520 both of these coins over this issue 384 00:14:11,320 --> 00:14:13,810 doesn't agree we don't find that this 385 00:14:12,520 --> 00:14:17,199 kind of music doesn't provide anonymity 386 00:14:13,810 --> 00:14:18,670 it specifically in these two points we 387 00:14:17,200 --> 00:14:20,200 have to go back and use our u-turn here 388 00:14:18,670 --> 00:14:21,069 so you figure out how people in these 389 00:14:20,200 --> 00:14:23,310 ecosystems 390 00:14:21,070 --> 00:14:26,830 use their addresses on the coins 391 00:14:23,310 --> 00:14:28,180 fortunately people in - it seems to use 392 00:14:26,830 --> 00:14:29,680 the same address quite or not and in 393 00:14:28,180 --> 00:14:32,699 fact with an R you tell you find it was 394 00:14:29,680 --> 00:14:35,620 a 64% of them if I use the same address 395 00:14:32,700 --> 00:14:38,590 and easy cash we found that those who 396 00:14:35,620 --> 00:14:40,930 had done a u-turn 54% of them use the 397 00:14:38,590 --> 00:14:42,520 same address and of this 28% of them 398 00:14:40,930 --> 00:14:44,560 actually use exact same coin you mean 399 00:14:42,520 --> 00:14:46,180 the dinner obviously obviously obtain 400 00:14:44,560 --> 00:14:48,040 any anonymity from using these two 401 00:14:46,180 --> 00:14:49,209 systems the reason for that are clear 402 00:14:48,040 --> 00:14:51,430 paps they don't know to use the system 403 00:14:49,210 --> 00:14:52,630 or perhaps they just weren't sure what 404 00:14:51,430 --> 00:14:53,979 what was happening 405 00:14:52,630 --> 00:14:57,910 perhaps today I want an M and an empty 406 00:14:53,980 --> 00:14:59,650 in the first place the summary these 407 00:14:57,910 --> 00:15:01,959 were our contributions we looked into 408 00:14:59,650 --> 00:15:04,120 transaction of cross chain some of our 409 00:15:01,960 --> 00:15:05,290 heuristics there's a relationship 410 00:15:04,120 --> 00:15:07,030 heuristic which you can look into in a 411 00:15:05,290 --> 00:15:08,740 paper which shows you how entities 412 00:15:07,030 --> 00:15:11,680 within the cross unique system operate 413 00:15:08,740 --> 00:15:13,060 and who are the big plays they're looked 414 00:15:11,680 --> 00:15:15,310 into some real-world scams are also more 415 00:15:13,060 --> 00:15:17,589 in the paper we also looked into how 416 00:15:15,310 --> 00:15:20,260 people trade within the system and if 417 00:15:17,590 --> 00:15:21,430 any of them you for transactions protect 418 00:15:20,260 --> 00:15:23,560 your obtain money i'm chris from 419 00:15:21,430 --> 00:15:26,859 arbitrage all other ways to obtain 420 00:15:23,560 --> 00:15:28,420 profit I will also show some demos and 421 00:15:26,860 --> 00:15:33,520 how people who use privacy queens 422 00:15:28,420 --> 00:15:35,680 interact with a cross chain system for 423 00:15:33,520 --> 00:15:43,639 that I am nothing thanks 424 00:15:35,680 --> 00:15:47,628 [Applause] 425 00:15:43,639 --> 00:15:47,629 as you have questions we go for lunch 426 00:15:47,869 --> 00:15:51,629 hey Dave great talk 427 00:15:49,889 --> 00:15:54,749 artemiy from the University of British 428 00:15:51,629 --> 00:15:56,279 Columbia I have a question for example 429 00:15:54,749 --> 00:15:58,199 if you have you consider or have you 430 00:15:56,279 --> 00:16:00,629 seen transactions where they possibly 431 00:15:58,199 --> 00:16:02,789 change let's say Theory m2 Bitcoin and 432 00:16:00,629 --> 00:16:05,879 Dan used tumbling services or other 433 00:16:02,789 --> 00:16:06,959 privacy-preserving techniques so we we 434 00:16:05,879 --> 00:16:10,049 didn't actually look into whether or not 435 00:16:06,959 --> 00:16:11,399 they use mixing surface often but I mean 436 00:16:10,049 --> 00:16:12,959 we have data so there's no reason why 437 00:16:11,399 --> 00:16:14,249 people couldn't have this there's no 438 00:16:12,959 --> 00:16:18,179 reason that prevents this from happening 439 00:16:14,249 --> 00:16:19,979 I did a shirt people did use obtain 440 00:16:18,179 --> 00:16:21,179 Quinn from like for example using Susie 441 00:16:19,979 --> 00:16:22,470 from Zeke I should then from them they 442 00:16:21,179 --> 00:16:24,749 didn't move their money into the pool 443 00:16:22,470 --> 00:16:26,549 this is in the paper people did obtain 444 00:16:24,749 --> 00:16:28,109 went from shape-shift and then do a coat 445 00:16:26,549 --> 00:16:29,848 went straight after but I we found will 446 00:16:28,109 --> 00:16:31,939 be significantly lower all right thanks 447 00:16:29,849 --> 00:16:31,939 so much 448 00:16:36,760 --> 00:16:44,740 okay any other questions for her own 449 00:16:39,070 --> 00:16:47,139 yeah one thing I didn't quite understand 450 00:16:44,740 --> 00:16:48,699 is with Z cache as I understand the 451 00:16:47,139 --> 00:16:53,260 addresses and values are concealed how 452 00:16:48,699 --> 00:16:54,579 did you know the total amount and volume 453 00:16:53,260 --> 00:16:57,279 that was being transferred into these 454 00:16:54,579 --> 00:16:58,630 services so Z cache in fact multiple 455 00:16:57,279 --> 00:17:00,339 types of transactions you can do within 456 00:16:58,630 --> 00:17:01,689 the pool one of them is a very private 457 00:17:00,339 --> 00:17:03,610 one which you can't reduce doesn't or 458 00:17:01,690 --> 00:17:06,250 anything which exchange does not allow 459 00:17:03,610 --> 00:17:08,589 you to do but it doesn't like to do an 460 00:17:06,250 --> 00:17:11,169 extra additional transaction where you 461 00:17:08,589 --> 00:17:12,549 go from the pool into the exchange when 462 00:17:11,169 --> 00:17:14,740 you do this you do not reveal who you 463 00:17:12,549 --> 00:17:16,599 are but you do reveal how many coins you 464 00:17:14,740 --> 00:17:20,189 send and then from W able to type and 465 00:17:16,599 --> 00:17:22,659 tally the total amounts thank you yeah 466 00:17:20,189 --> 00:17:25,929 okay so you have a brief question that 467 00:17:22,660 --> 00:17:30,520 you're the way you find transactions 468 00:17:25,929 --> 00:17:32,919 realize and timing and on values so what 469 00:17:30,520 --> 00:17:35,168 would be a good attack against your 470 00:17:32,919 --> 00:17:38,110 approach if the attackers willing to get 471 00:17:35,169 --> 00:17:40,600 smarter could could they split this over 472 00:17:38,110 --> 00:17:43,840 multiple smaller transactions or wait 473 00:17:40,600 --> 00:17:46,000 you know longer time in order to do the 474 00:17:43,840 --> 00:17:47,500 transfers so there are few ways you can 475 00:17:46,000 --> 00:17:48,850 through when we've done one of them is 476 00:17:47,500 --> 00:17:51,280 students not review the transactions 477 00:17:48,850 --> 00:17:53,110 like the the exchange is very very 478 00:17:51,280 --> 00:17:55,178 transparent just one of the big 479 00:17:53,110 --> 00:17:57,040 advantages if they didn't do this and be 480 00:17:55,179 --> 00:17:58,750 very difficult to track setting up the 481 00:17:57,040 --> 00:18:00,639 second way would be to just look into 482 00:17:58,750 --> 00:18:02,980 how the blockchain operates I try to 483 00:18:00,640 --> 00:18:04,210 mimic other users like this a lot of 484 00:18:02,980 --> 00:18:06,160 people like for example a Bitcoin we 485 00:18:04,210 --> 00:18:07,809 when we found out that there are much 486 00:18:06,160 --> 00:18:09,130 lower accuracy in determining the 487 00:18:07,809 --> 00:18:11,110 transaction but this is because beacon 488 00:18:09,130 --> 00:18:12,880 at such a high throughput that's a lot 489 00:18:11,110 --> 00:18:14,559 people do those values it's hard to 490 00:18:12,880 --> 00:18:16,240 figure out who was who so they were to 491 00:18:14,559 --> 00:18:18,970 try make that they could obtain more 492 00:18:16,240 --> 00:18:20,440 privacy but the issue then last one was 493 00:18:18,970 --> 00:18:22,090 a very advanced users will they have 494 00:18:20,440 --> 00:18:25,929 time to be able to look into this and is 495 00:18:22,090 --> 00:18:28,370 it worth the effort to do so okay let's 496 00:18:25,929 --> 00:18:30,430 take call our speakers and 497 00:18:28,370 --> 00:18:30,429 you