December 6, 2023

Book review of Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency by Andy Greenberg


In May 2021, Colonial Pipeline Co. paid some $4.4 million in cryptocurrency to hackers who were holding its computer systems hostage. The culprits were part of a cybercriminal ransomware gang known as DarkSide, and the group helpfully provided the company with an address for a digital wallet where Colonial could deposit the ransom.

Cryptocurrency such as bitcoin has become the currency of choice for cybercriminals who believe that using it protects them from law enforcement because it is anonymous and untraceable.

It turns out they are only half right. Less than a month after Colonial paid DarkSide, the Justice Department was able to claw back nearly half of the ransom. How could that happen with an untraceable currency? Technology journalist Andy Greenberg explains in his new, immensely readable book, “Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency.”

An editor and reporter at Wired, Greenberg is known for his ability to explain complicated technology in a way anyone can understand, and he doesn’t disappoint when he tackles crypto. Among other things, he explains that cryptocurrency’s giant public ledger, the “instantaneous check of the blockchain, the unforgeable public record of who possessed every single bitcoin,” isn’t quite as secret as criminals had imagined.

“In Bitcoin, for good and for ill, everyone was witness to every payment … [which] offered an enormous collection of data to analyze,” he writes. “Who could say what sorts of patterns might give away users who thought they were cleverer than those watching them?”

To tell his story, Greenberg assembles an unusual cast of characters, from IRS and DEA agents to mathematicians such as Sarah Meiklejohn at the University of California at San Diego, who first heard about bitcoin in 2011, during her PhD studies. She had been focused on privacy research, studying things like systems that would allow people to pay road tolls without revealing their personal movements or how thermal cameras could be used to track the codes people punched into ATMs.

When she began to dig into the blockchain, she saw a puzzle that could be solved. “Yes, identities behind those payments were obscured by pseudonymous addresses, long strings of between twenty-six and thirty-five characters,” Greenberg writes. “But to Meikeljohn, this seemed like an inherently dangerous sort of fig leaf to hide behind. … The blockchain, like a massive undeciphered corpus of an ancient language, hid a wealth of secrets in plain view.”

What Meikeljohn discovered — and Greenberg lays out so well — is that there was a way to collapse some of bitcoin’s addresses into single identities. Sometimes a bitcoin transaction comes from several different addresses — as if, for a $10 transaction, you pulled a $5 bill out of your pocket and fished another one out of your wallet. Bitcoin software makes that transaction by listing two addresses as inputs, and then whoever receives them as one output.

That’s a pattern you can see on the blockchain — and that was Meikeljohn’s epiphany. “She scanned her blockchain database for every multi-input transaction, linking all those double, triple or even hundredfold inputs to single identities,” Greenberg writes. “The result immediately reduced the number of potential Bitcoin users from twelve million to date to around five million, slicing away more than half of the problem.”

Meiklejohn then started buying random things with bitcoin to see how the wallets worked, and she discovered a quirk. “Many Bitcoin wallets only allowed spenders to pay the entire amount of coins sitting at a certain address,” Greenberg explains. “Each address was like a piggy bank that has to be smashed open to spend the coin inside. Spend less than the whole amount in that piggy bank and the leftovers have to be stored in a newly created piggy bank.”

So if you are paying someone “6 bitcoins from a 10-coin address … your change, 4 coins, is stored at a new address, which your wallet software creates for you,” Greenberg writes. And that address where your change is sent can be used as an identifier. Meiklejohn realized that if she could “link the change addresses to the addresses they had split off from, she could make her own signposts. She could follow the money despite its branching paths. The result was that Meiklejohn could now link together entire chains of transactions that had previously been unlinked.”

If you understand this much about the mechanics of bitcoin and the blockchain, then the whole smoky world of crypto starts to open up. You can piece together how law enforcement has managed to claw back ransoms (as in the Colonial Pipeline case) and lift the curtain on how cybersecurity and threat intelligence companies have started tracing cryptocurrency transactions back to their source — not as manually as Meiklejohn has done, but with software designed for that purpose.

“Tracers in the Dark” doesn’t stop there. With the fundamentals explained, Greenberg takes readers on a romp through some of the most infamous dark web takedowns in recent memory: the 2½-year track and trace that identified the founder of the Silk Road market, 29-year-old Texan Ross Ulbricht; the 25-year-old Quebecois entrepreneur, Alexandre Cazes, who masterminded the drug market that took its place, AlphaBay. The stories are the stuff of thrillers, complete with stakeouts and missed opportunities.

Greenberg specializes in taking complicated tech and making it understandable. His last book, “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers,” was a prescient cautionary tale about Russia’s hacker corps and its vicious cyberattacks against Ukraine. He has now done something equally deft in demystifying cryptocurrency.

After reading “Tracers in the Dark,” I still count myself as a crypto skeptic, just a slightly more enlightened one. Crypto still seems sketchy, not least because its main purpose at this point appears to be allowing people to buy illegal things on the internet and enabling ransomware actors to get paid.

I’m not alone in this. “The fact that cryptocurrency is hard to explain should be a warning sign,” the cryptographer Bruce Schneier once told me. “You are gonna get hoodwinked, you are gonna get defrauded, you’re gonna lose your money, if you don’t understand it.”

Think FTX. While that implosion appears to be more about fraud and oversight and not about the blockchain, it is still a cautionary tale. Which is why, as much as I enjoyed Greenberg’s book, I’m sticking with cash.

Dina Temple-Raston was a longtime correspondent at NPR and is now the host and executive producer of “Click Here,” one of Apple’s top tech news podcasts about all things cyber and intelligence.

The Global Hunt for the Crime Lords of Cryptocurrency

Doubleday. 367 pp. $32.50

A note to our readers

We are a participant in the Amazon Services LLC Associates Program,
an affiliate advertising program designed to provide a means for us to earn fees by linking
to and affiliated sites.

Be the first to comment

Leave a Reply

Your email address will not be published.