Bitcoin transactions: a digital discovery of illicit activity on the blockchain

Adam Turner, Angela Samantha Maitland Irwin

Research output: Contribution to journalArticlepeer-review

45 Citations (Scopus)


The purpose of this paper is to determine if Bitcoin transactions could be de-anonymised by analysing the Bitcoin blockchain and transactions conducted through the blockchain. In addition, graph analysis and the use of modern social media technology were examined to determine how they may help reveal the identity of Bitcoin users. A review of machine learning techniques and heuristics was carried out to learn how certain behaviours from the Bitcoin network could be augmented with social media technology and other data to identify illicit transactions.

A number of experiments were conducted and time was spend observing the network to ascertain how Bitcoin transactions work, how the Bitcoin protocol operates over the network and what Bitcoin artefacts can be examined from a digital forensics perspective. Packet sniffing software, Wireshark, was used to see whether the identity of a user is revealed when they set up a wallet via an online wallet service. In addition, a block parser was used to analyse the Bitcoin client synchronisation and reveal information on the behaviour of a Bitcoin node when it joins the network and synchronises to the latest blockchain. The final experiment involved setting up and witnessing a transaction using the Bitcoin Client API. These experiments and observations were then used to design a proof of concept and functional software architecture for searching, indexing and analyzing publicly available data flowing from the blockchain and other big data sources.

Using heuristics and graph analysis techniques show us that it is possible to build up a picture of behaviour of Bitcoin addresses and transactions, then utilise existing typologies of illicit behaviour to collect, process and exploit potential red flag indicators. Augmenting Bitcoin data, big data and social media may be used to reveal potentially illicit financial transaction going through the Bitcoin blockchain and machine learning applied to the data sets to rank and cluster suspicious transactions.

The development of a functional software architecture that, in theory, could be used to detect suspicious illicit transactions on the Bitcoin network.
Original languageEnglish
Pages (from-to)109-130
Number of pages22
JournalJournal of Financial Crime
Issue number1
Publication statusPublished - 2018


  • Heuristics
  • Social media
  • Machine learning
  • Bitcoin blockchain
  • Functional architecture
  • Illicit transactions


Dive into the research topics of 'Bitcoin transactions: a digital discovery of illicit activity on the blockchain'. Together they form a unique fingerprint.

Cite this