BlockSci Traces Transactions Performed With Dash, ZCash, and Other Currencies

Blockchain analysis has become a booming industry over the past few years. Companies active in this industry scour public blockchains to identify suspicious or illegal transactions. While most of these efforts focus on the Bitcoin blockchain, BlockSci is doing things a bit differently. The company’s whitepaper details how it can thoroughly analyze transactions on other blockchains, including Dash. That is not good news for the privacy-oriented alternate cryptocurrency by any means. Other currencies include ZCash, Litecoin, and a handful of others.

BlockSci Paints a Somewhat Worrisome Future

Many cryptocurrency enthusiasts are not big fans of blockchain analysis firms. This additional scrutiny of cryptocurrency transactions could have major repercussions in the long run. It would not be a bad thing if the illegal activity associated with currencies such as Bitcoin were finally put to an end. Everyone knows Bitcoin provides no privacy or anonymity whatsoever, yet criminals still think they can get away with using this currency.

Blockchain analysis firms can easily track these suspicious transactions in real time. These efforts have been successful in aiding both law enforcement agencies and the IRS detect illicit activity involving Bitcoin. Whether we talk about crime proceeds or tax evasion, Bitcoin is not the tool for those things whatsoever. In fact, it only makes it easier for specialized firms to deanonymize users over time.

Criminals flocking to other cryptocurrencies may want to think twice about those as well. As BlockSci’s whitepaper explains, there are very few cryptocurrencies which have eluded their scrutiny. One of those currencies is Monero, as it provides a degree of anonymity and obfuscation the group has not been able to crack just yet. Monero is officially labeled an “unsupported blockchain due to it not following the one-input one-output paradigm.” That is an interesting point which shows how Monero may be the only cryptocurrency providing full privacy and anonymity right now.

Some people may wonder how Monero is any different from Dash or even ZCash in this regard. While it is true the latter two cryptocurrencies have focused on privacy and anonymity to a degree, their implementations are far from perfect. BlockSci describes how they successfully traced both ZCash and Dash transactions from beginning to end, regardless of features like PrivateSend. This is anything but good news for people who value these currencies for their privacy or anonymity features.

If there is one big lesson to take away from BlockSci, it is how blockchain analysis will become more prominent in the years to come. Anyone who demands more privacy and/or anonymity in cryptocurrency will have to carefully read this paper and draw their own conclusions. The team has made a lot of progress pointing to how privacy is not necessarily present in the currencies people may like. While the main focus is on Bitcoin, Litecoin, Namecoin, and Dash, the team is also looking into Dash, Bitcoin Cash, and a few other cryptocurrencies right now.

It is unclear what all this means in the bigger scheme of things, though. While blockchain analysis is not something most everyday users will be concerned about, it highlights that cryptocurrency is not necessarily providing any degree of privacy whatsoever. This could prove to be a big problem for specific cryptocurrency users moving forward. Then again, it also validates the fact that no one should use Bitcoin or altcoins to conduct illicit activities in the first place.

  • Ahmed Kamal

    Monero is the only truly private option .. Good job Monero devs

  • Дмитрий Полпуденко

    Why Zcoin didn’t get analyzed? Some say it’s superior to Monero, Zcash, etc and features latest state-of-the-art crypto techniques.

    • Scambuster

      Zcash has a trusted setup… trust is antithetical to good crypto…

      • Дмитрий Полпуденко

        Zcoin has nothing to do with zcash. It’s a diff crypto.

        • Andrew Grochan

          Zcoin can’t hide transaction amounts. It trades off that for not having a trusted setup. Better than Zcash, at least.

          • Дмитрий Полпуденко

            Zero-knowledge PoW does imply hiding tnx amount and is one of zcoin’s main features, isn’t it?

    • John Jaingle

      I doubt it. It’s not even in the top 100 altcoins for market cap with it’s 25m. And it has been around for a long while. It’s most famous for tricking people into thinking it’s Zcash at an amazing price.

      • The 6 Horse

        You clearly know nothing about Zcoin. Anyone who has an interest in advanced cryptography will find Zcoin’s website very, very stimulating. Their science is original, their own. Many of us believe a $30-40 million market cap makes Zcoin an excellent investment prospect.

        • vovannovig M

          What’s new with them? Have you tried Spectrecoin (XSPEC) Tor+OBFS4? Do not look at the capitalization, look at the future and then how friendly the community is, what’s new in the project, and you as a monkey on color advertising rush.

        • Me

          Zcoin Devs are theifs and scammer that intentionally wrote a backdoor and created coins and dumped them so f off.

    • vovannovig M

      You should know that those projects that are really outside the control of the authorities have a small advertisement and they are all the time trying to kill. I’m sure that you are not familiar with the project – Spectrecoin (XSPEC) Tor+OBFS4 – read it, I’m sure you will be interested.

      • r kh

        and we have a winner

    • Me

      You mean the coin the scmmer devs created all those free coins and dumped, Yeah I’m all in on that one! :rolleyes:

  • JoeMomma

    Show us some analysis or mathematical proof that you traced the z-transactions to the source. The article sounds like it’s shilling Monero.

    • It does. Pretty much lies about Dash too, to be honest.

    • ebliever

      That’s my feeling as well. It reads like a press release for Monero, and with no details/background on the analysis technique.

    • Erik

      Great catch, It sounded familiar to me, is there a text analyse tool we could use to proof this ?
      *I don’t trust Fluffypony for one second so I may be a bit biased in that regard, but than again my hunches not to trust people has been proven more right than wrong, so i’ll stick to it, and with a block-chain that is not trust-less, it may proof disastrous for does that do choose to trust the dev’s and code of monero.

      • Hueristic

        You Dumbass Monero is TRUSTLESS! Zcrap is not.

        • Erik

          My other is reply, is blocked but no it’s

          Proof that is matter of fact that bugs do exist and very like still excist still do just google this:
          Disclosure of a Major Bug in CryptoNote Based Currencies

  • Doc Winston

    If this is true I don’t think the Shadow Brokers would be using it as they are.

  • Solarguy

    It’s a little more complex than your article suggests. Here is a little snip from another reddit thread:

    Quote from article
    “Typical PrivateSend transactions currently outside of the scope of the vulnerability

    In the paper they ran the attack on a) their own implementation of PrivateSend and not on the live network (hence lab conditions) and b) over only 2 rounds (which is, for all intents and purposes, a joke). So the big takeaway from this research is: Mix 4 rounds or more.
    Will this potential attack vector be mitigated as the Dash network grows and more people use Privatesend?

    A larger pool of PrivateSend users mainly accelerates the mixing process but increases obscurity as well. If it had any real world feasibility the attack described would be most effectively mitigated two-fold: more mixing rounds and more mixing partners per round.

    Edit: Oh and just for the record: I think this research is wonderful and these scientists should be rewarded via the Bugcrowd program if it qualifies as newly discovered knowledge.


    • Nano Sapian

      What’s the current wait time for mixing?

      • Solarguy

        They have been running “Mixing Mondays” to encourage more people to mix at the same time. The more people that use it, the lower the wait times since there are more people to mix funds with.

        • Nano Sapian

          Nevermind, found a few threads where people have tried it and have waited a day or more for mixing. Better ways that are much faster–will use them.

          • Erik

            It’s a chicken and egg problem, even Monero talks about needing more users so that their is more mixing aka privacy for their users. Please also understand if know you need privacy, just buy and hodl ahead of time, but start mixing before hand, once that is done you, can use instant sent(for most people when you sent is the time you really need the speed).

          • Nano Sapian

            No, Monero anonymizes in seconds and the transaction is on the blockchain with every block at 2 minute. I’m not using something inferior because someone invested in something–I have options and I’ll use the best one.

          • Erik

            What I said is true I did not mention do how fast Monero is, do think you have to look again at it, with RING CT things work a bit different it actually uses timed transactions to hiding even better.

            As for needed more users your fluffy says it on multiple occasions included his interview with Max Keiser. The need for more users to hide in the masses goes for all crypto’s with privacy

            In the case for dash once user adoption picks up it will become much faster as well to use private send(hide in the masses), do there main focus is mainstream adoption, they will continue to improve it as time goes by.

            But you are free to choose with one you like and if you like you can try and buy a cup of coffee for a large transaction fee and having to wait 2 minutes before its confirmed, but this not really going to cut it in the real world.

            Because I am certain once Merchants understand how crypto works they will go for the coin that has instant confirmations coupled with low fee’s.

          • Nano Sapian

            TBH I don’t trust dash’s use of masternodes and would like to have privacy when I need it, not when there happens to be others who need it also.

          • Erik

            Than don’t trust them, you don’t need to the either way

          • Nano Sapian

            Yes, you do need to trust that they aren’t leaking information–whether on purpose, poor opsec or the host provider. But you are right, I don’t need to trust them because I wont use a system dependent on them.

          • Erik

            Unless you think some entity has acces to at least 1000 masternodes to anonomize a fraction of the transactions your clearly wrong, as would that enitity be because he would devalue his dash holding massively,

          • Nano Sapian

            Duffield likely does and hosting services have access to more than enough–and a subpoena trumps devaluation for most people. This is rationalizing for a poorly built system, no developer who understands, or cares about, privacy would incorporate an attack vector into their system.

          • Erik

            Nope, he took down every masternode he has, and has invested some of his Dash in a new DAO the “Dash labs” in Hong Kong, and once the new Dash labs is up and running he will probably build another new DAO, and another and another. The man really wants to make Dash all it can be, it really sad people like you keep trolling him.

            Hosting services really don’t check in app activity at all, and if they would, than most coins would be at risk.

            A subpoena from Trump to give access to view-keys of Monero transactions ? Every coin has he strength and weaknesses including bitcoin and the 51% attack on the network, nothing is perfect, and thing and everything can be broken in the World, For instance Monero’s transaction history can be retro actively broken with the arrival of quantum computers.

            Seriously your grasping at straws just so you can Bash Dash.

          • Nano Sapian

            Keep smoking that hopium, I’m sure it will make dash fast and secure.

          • Paul Janowitz

            Hasn’t InstantSend been disabled because it has been flawed recently?

            “they will continue to improve it as time goes by”
            Sorry, when I look in their GitHub, the only thing they keep to improve / edit is their website and their roadmap. No changes in code for months…

          • Erik

            Instant-send has been temporally disabled via a spork, because a bug was founded it will be corrected with the planned 12.2 update coming this september, currently there is a 240.000 dollar bug-bounty program running to pay hackers and coders to find bugs.

            You are correct that their GitHub does not get update regularly this because of 2 reasons:
            1) The dev team is a full team that works together and coordinates their work more effective and streamline, meaning less small updates, but bigger ones
            2) The Dash-core team did not want their code to be stolen as well, and will only publicize the open-source code just before going live, giving the competition less change, to copy past it

          • Paul Janowitz

            What’s the point of having a bug bounty program when code will be released only when going live? You only get a big probability of (critical) bugs not being found in time and they just had luck to find the instant send bug and being able to remotely disable it on all nodes (sic!).
            I rather trust my money to a completely openly developed cryptocurrency, where all code is being reviewed by several tech people interested in it…

          • Erik

            Your twisting my words so that you can win the argument, and the point should be an honest and open analyses about coins.

            The bug in Dash was relatively small, and would have needed at least 2 mil in dash collateral to even stand a change of pulling off, and good thing that DASH its code has build in safety features, which most coins wish they had.

            Dash is completely open-source, and the open-source code is open to be viewed by anyone, and when the next version of the Dash software is released, that that can be reviewed as well, and most likely there will be new bug bounty programs continuously (if this proofs to be a success).

            I personally much radar have a full time paid dev team building open-source code and a paid for bug-bounty program, and everybody looking at it than just opensource, maybe people that have spare time for it.

            But than again the interest in been able to print coins in secret, which is possible in privacy coins that do not have an transparent block-chain, is of-course much more interesting……

          • Chris Webb

            Dash has hired agencies to evaluate their code before taking anything live, and then they have a bounty program for after it goes live to keep looking for bugs. It’s a very robust setup.

          • Paul Janowitz

            Many of these agencies just approve code without reviewing them, you never know which ones are really working and which ones just say everything is fine. Just to be said…

          • Chris Webb

            That’s possible I guess but they (the hired agencies) would be exposed once the code goes public.

          • Paul Janowitz

            Not necessarily, it could take months or even years for bugs being published. In the mean time they could have been exploited, since the only intention to review the code after it goes live is to hack it. Either the bounty will be enough or someone is able to make more money without disclosing it to the team… In an openly development, where anyone can join, you have much more incentives to read the code and collaborate.
            I don’t know… Just look at the mess of security issues with all the closed source software like Windows, Flash, Acrobat or CCleaner just now. Actively developed open source projects have much less issues like that.

    • Me

      Hi Shelby. 🙂

  • Erik

    Anybody with a basic understanding of how coin-join works and the improved version of dash called private sent should understand that is impossible, to conclusively determen which coins are which

    The simplest explanation how private sent works is this:
    We know that let’s say 10 coins have been earned via illicit activity.
    Now we put them in a pot with a total of 1000 identical coins, now we shake them, and one by one we take one out, which one is which one ? and now do that as many times as you feel needed (up to 8 rounds for private sent).

    Yes, for the first pot you can proof that at-least 10 coins have been used for a illicit activity, but it’s impossible to say with certainty which ones are which.

    But most people miss and even more important point, Once an activity is linked to certain people, and the transaction is linked to them as well. There is no further proof needed. In case of Monero the transaction or the amount can not be proven if it took place, so even do the criminal did the deed, the reason if it was for money can not be proven, so in an country with a fair Government this is a problem, and in a country with an unfair Government this is a solution, but than again if the Government is unfair, it probably will not care if the miss a piece of the puzzle.

    Personally I like it the police can do there jobs, well at-least uphold certain laws

    • Me

      Yeah, so thats why they disabled it. :rolleyes:

      • Erik

        It’s not disabled at all . :rolleyes:

  • Justin Thomas

    The analysis states: “Zcash is also supported, at least to the extent that Zcash blockchain analysis is even possible: it introduces a complex script that includes zero-knowledge proofs, but these aspects are parceled away in a special type of address that is not publicly legible by design.”

    So they can analyze the transparent address space but can’t do anything with the z-addresses. That’s by design; the report seems to give plaudits to Zcash while this article implies that they find it wanting. Dishonest.

  • Could theay really trace Zcash Z-address or only T-address? You should specify please.

    • vovannovig M

      You need to hide not only transactions but also your true location. The information is collected bit by bit, in one place the amount, in another nickname, in a third you are identified through social networks, and in the fourth one is checked with the location and entered into the database. Because of this, I chose the most anonymous crypto currency, my choice – Spectrecoin (XSPEC) Tor+OBFS4 !!!

  • vovannovig M

    That’s why I use – Spectrecoin (XSPEC) is the premier privacy-focused cryptocurrency, featuring an energy-efficient proof-of-stake algorithm providing fast transaction confirmations, and a fully integrated Tor+OBFS4 layer for network privacy. Spectrecoin is actively developed, with an ambitious roadmap that prioritises privacy, security, and true decentralisation with innovative features such as low-power mobile wallet staking in our upcoming Android wallet.

  • r kh

    Jesus guys, use TOR client and stay happy with it.
    Currently the only coin with TOR with obsfusication (to avoid blocking of TOR) is Spectre
    Do your search and stay happy

    Its ring signatures make this analysis not worth more than a used piece of toilet paper

    Nobody would get ya