Tracking crypto fraud with unspent transaction outputs

When the enigmatic inventor of bitcoin, Satoshi Nakamoto, published the white paper, “Bitcoin: A Peer-to-Peer Electronic Cash System” in 2008, it introduced the world to the now-famous digital currency. Nakamoto described bitcoin as a peer-to-peer version of electronic cash that would circumvent financial institutions through a decentralized system, allowing people to wrest control from financial elites. Privacy was central to Nakamoto’s vision, and transactions appeared anonymous because they involved addresses that concealed users’ real identities. Two anonymous parties could establish trust through a “cryptographic proof,” known as proof-of-work, that verified the validity of their transactions. And while bitcoin’s cryptographic proof might’ve helped fuel the idea in the public that users’ identities were cloaked in secrecy and difficult to trace, thus providing security to those looking to hide illicit activity, the reality is that bitcoin isn’t anonymous. Rather, it’s pseudonymous, much like authors use pseudonyms to hide their identities. (See “Bitcoin: A Peer-to-Peer Electronic Cash System,” by Satoshi Nakamoto, Bitcoin.org, 2008; “Who is the mysterious Bitcoin creator Satoshi Nakamoto?” by Cointeligraph; “Cryptocurrency’s Myth of Anonymity,” Wired Gadget Lab podcast, Feb. 9, 2023; and “How ‘Trustless’ Is Bitcoin, Really?” by Siobhan Roberts, The New York Times, June 22, 2022.)

That pseudonymous nature might provide a certain level of privacy to its users, but it doesn’t mean that fraud examiners can’t trace the movement of bitcoin and discover its users’ identities. Indeed, some of bitcoin’s most important features and functions provide a wealth of data that investigators can use to track bitcoin transactions and crack fraud cases in which cryptocurrency is involved. Here, I’ll demonstrate how one such mechanism of bitcoin, its unspent transaction output (UTXO) system, makes it highly traceable and how it can facilitate fraud investigations.

Tracing the ‘untraceable’ with UTXOs

Instead of using personally identifiable information like bank account numbers or names, bitcoin uses addresses for transactions. These addresses are digital public identifiers that allow users to receive bitcoins. While a real identity might not be connected to a bitcoin address, every transaction that occurs is permanently logged on bitcoin’s blockchain, and anyone who views the information on the blockchain can trace those transactions. Once a transaction is recorded on the blockchain, it remains there forever, giving investigators a history to trace. Investigators can then trace bitcoin to a cryptocurrency exchange like Coinbase or Binance, which can be subpoenaed for the accountholder’s identity. This is the goal of most cryptocurrency fraud investigations. (See “Why Is Bitcoin Referred To As A Pseudonymous Network?” by Editorial Team, doubloin.com, July 22, 2023.)

Moreover, bitcoin’s transactional properties make it a far more transparent and more traceable version of cash. One of those properties is the UTXO, a transaction output that can be used as an input in a new transaction. Every input in a transaction was an output in a previous transaction. Bitcoin’s UTXOs define where each blockchain transaction starts and finishes; anytime a transaction is made, a user takes one or more UTXOs to serve as inputs and provides their digital signature, confirming ownership of the inputs. Outputs from the transaction become new UTXOs for future transactions. Ultimately, UTXOs keep track of where coins are at any given time. [See “Unspent Transaction Output (UTXO),” by Binance Academy, glossary.]

The UTXO system operates much like cash. Say you’re at a store buying something for $5, but you only have a $10 bill. You wouldn’t rip the bill in half; rather, you’d give the cashier the $10 bill, and the cashier returns $5. This is how bitcoin’s UTXO system works. If I previously received 0.9 bitcoin and then attempted to send 0.4 bitcoin to my friend, my bitcoin address is not debited 0.4. Instead, the entire 0.9 bitcoin UTXO is added to the “input” of the transaction. On the “output” side, 0.4 bitcoin is sent to my friend’s cryptocurrency address, and 0.5 bitcoin is returned to me in a new address, known as a “change address.” If someone makes numerous fractional transactions — transactions in which only a portion of the funds in the UTXO held by an address are sent — they can accumulate numerous change addresses within the same wallet. This accumulation of addresses within the same wallet is bitcoin’s transactional-tracing advantage.

A user could have three addresses in a single wallet, each with a UTXO storing 0.1, 0.2 and 0.3 bitcoin respectively. But if the user wishes to send an outgoing transaction worth 0.6 bitcoin, each address on its own is not enough to complete the transaction. All three addresses must be combined as inputs in the same transaction, providing the user with enough funds. When the user tries to complete this transaction, the wallet combines these addresses as inputs in the same transaction. This function constitutes one of the strongest and most valuable rules in blockchain forensics — the common input ownership heuristic. According to this heuristic, if a transaction has multiple inputs, those distinct addresses are all contained within the same wallet and controlled by the same individual. This allows investigators and analysts to cluster addresses together to determine ownership.

The common input ownership heuristic at work

The common input ownership heuristic has numerous practical uses in cryptocurrency fraud investigations. An embezzlement case involving a digital asset brokerage company that my firm investigated perfectly demonstrates the UTXO system’s value for tracking fraudsters’ identities. In this case, a digital asset brokerage company bought and sold digital assets and frequently received payments in cryptocurrency. The brokerage performed an audit and discovered that it hadn’t received digital assets in exchange for the bitcoins it sent. Because the transactions occurred completely online, the company concluded that one of their brokers embezzled company funds by creating fake customers and sending bitcoins to their personal cryptocurrency addresses.

We analyzed three cryptocurrency transactions between the broker and three supposed customers. After receiving bitcoins from the brokerage, all three addresses then sent a large proportion of funds to the same address. The remaining bitcoins (the “change”) were transacted into three new change addresses. We could deduce that the “input,” or sender of the original transactions, had the bitcoins in these change addresses as this “change” was returned to the owner. These three change addresses were then combined as inputs in the same transaction to send funds to a new address. (See Figure 1 below.) This discovery was vital to our investigation. We couldn’t confirm if the broker controlled these addresses, but our evidence suggested that these three “customers” were likely the same person. According to the common input ownership heuristic, all three seemingly unrelated addresses were controlled through the same wallet, supporting the idea that one person owned the addresses.

Figure 1: Three change addresses combine as inputs in the same transaction. These three addresses are in the same wallet and are likely controlled by one person. Image created with QLUE by the Blockchain Intelligence Group.

Using inputs and outputs

Just like the common input ownership heuristic facilitates bitcoin tracing so too does the cash-like nature of bitcoin. Because the entire bitcoin UTXO must be sent as the input in a transaction, you can trace specific inputs and outputs more easily than tracing money through traditional online banking. So, if an individual received two incoming transactions, one worth 0.5 bitcoin and the other 0.6 bitcoin, we know that those entire UTXOs must be the inputs in a future transaction. Using information recorded on the blockchain, we can determine when each UTXO is sent in a corresponding outgoing transaction. In the account-based model system, you only know the debits and credits moving through an account. If someone with an account balance of $1,000 receives $300, and then sends $200 to another account, you can’t know whether that $300 was used for the outgoing $200 transaction. This is not the case with bitcoin’s UTXO system.

Connecting inputs and outputs is crucial in a fraud investigation, especially when an address has many incoming transactions. This was central to a case my firm investigated that involved tracing stolen funds from an investment scam. In this case, our client sent bitcoins to an address that he thought was associated with a legitimate investment platform. However, the platform was fraudulent and the client lost access to his bitcoins. We analyzed the transactional information on the blockchain and traced the funds to an address with more than 22,000 transactions and 61,000 bitcoins (more than $1 billion as of November 2023). Since we traced specific inputs and outputs, we located the client’s stolen funds through this address. The fraudsters had sent 5.0843 bitcoins, stolen from our client, to the high-volume address mentioned above. If this address wanted to transact the 5.0843 bitcoins it received, it must send that amount in its entirety, which allowed us to focus our investigation on this amount.

Thanks to the transparency of the bitcoin blockchain, we quickly identified the outgoing transaction. In this transaction (see Figure 2 below), the high-volume address combined UTXOs from previous transactions for a large outgoing transaction of 202.99 bitcoins. Even though the input (5.0843) wasn’t equivalent to the output (202.99), we determined when the UTXO was sent as it appeared in the transactional data. As mentioned, multiple UTXOs contained within a single wallet are combined if the transactional request is too large for a single UTXO to be the input. In this case, the 202.99 bitcoins were significantly more than the value of each UTXO the wallet stored, and therefore, numerous UTXOs — 20 in this case — were combined, including the 5.0843 UTXO.

Figure 2: We traced the 202.99 UTXO because the 5.0843 bitcoins were inside them. Image created with QLUE by the Blockchain Intelligence Group.

Many people think of bitcoin transactions as a sort of black box and the anonymity of address ownership means that investigations are futile. But as we’ve shown, bitcoin’s cash-like transactions have created a system far more transparent than many people give it credit for. It’s an improved version of cash for following funds across multiple entities, and its UTXO system allows for deductions not possible in traditional online methods of transactions.

Sean Tweed, CFE, CCAS, CCI, is a cryptocurrency investigator for the Preston Matthews Group in Vancouver, British Columbia, Canada. You can contact him at st@prestonmatthews.com.