From 51% Attack to Tracking through Transaction Flooding

This week, we committed ourselves to looking more in depth into how North Korea uses the cryptocurrency it steals. We also pitched our shift in perspective with our sponsor. The OSD seemed to be interested in the idea, and put us in touch with Colonel Giordano, who works in the Cyber Command and has more familiarity with cryptocurrencies. What are in the process of setting up a time to chat with him and further contacts.

One of the MVPs that we presented last week, considered the possibility of performing a 51% attack that would “freeze” all anonymous coins (Monero, Zcash…), in order to make North Korea unable to do anything with the currencies it holds and that, unlike pseudonymous coins, are not traceable. We called this “Digital Asset Freeze”. This idea seemed to receive positive feedback from the teaching team, and as a consequence we decided to further develop it.

We had the opportunity to pitch the idea to academics, current and former government people (particularly, Department of Justice and Treasury), and practitioners in the field. Although the majority acknowledged it was “an interesting” perspective and a novel idea, the concerns they expressed some recurrent concerns with respect to feasibility:

“Treasury and White House would not allow messing with financial system, because collateral is way too big”

     Former Intelligence Officer

“Disruptive things like this look like the US government going to war with commercial industry, which they are going to be really hesitant to do”

  Ming Luo, In-Q-Tel

“It’s not really a realistic concept…They would never do that, going up against the tech community as a whole”

   Kayla Izenman, Royal United Service Institute

Although the likelihood that a 51% attack would be deployed seems very small, the assumption upon which this MVP rests – that untraceability of anonymous coins is the bulk of the problem – is fully validated.

A related learning we had this week is that North Korea likely exchanges cryptocurrency to access foreign currency. Consequently, we tried to map what the laundering of a stolen coin might look like:

After having stolen cryptocurrencies from insecure exchange, North Korea likely launders it and exchanges it to a fully anonymous coin, primarily Monero. They then exchange it back to Bitcoin, before turning it into hard currency. Although the stolen BitCoin is traceable, the US government loses track of it once it is converted into fully anonymous coins.

We heard from more than one interviewees that all coins have vulnerabilities that can be somehow exploited. While the tech sector would look at how those can be exploited for profit, the goals of the US government are obviously different. We tried to understand how the US can leverage said vulnerabilities to touch the issue we’re trying to solve. Because of the skeptical feedback we got on the possibility of a 51% Hold Attack, we started to look at an alternative option.

We have come across the potential of performing a tracking through transaction flooding.

This would technically work as follows:

Assuming a Monero transaction tx with one input tx.in containing six keys (tx.in = {pk1, pk2, pk3, pk4, pk5, pk6}), while one of the keys (e.g. pk4) represent the real coin being spent, the remaining three keys are being used as decoys to obfuscate the real key being used in the transaction. However, if five of the public keys (e.g. pk1, pk2, pk3, pk5 and pk6) are owned by the attacker, it becomes easy to find out which is real.

Source: https://eprint.iacr.org/2019/455.pdf

In short, having a large enough rolodex of keys, it would become increasingly easier to identify which ones are “decoy” and to track what is happening to cryptocurrency.

This process has already been described on a recently published paper, so we have supporting data showing its feasibility from a practical perspective. On a more utilitarian side, this solution presents less disadvantages from a 51% attack, as it would likely not cause the same extent of backlash in the cryptocurrency industry.

In order to deploy this product, however, we will have to perform some activities, such as test the algorithm in the Monero chain, create output gathering wallets and ramp up transactions to avoid detection. We will also have to ensure we have beneficiary support. So far, we found some evidence that the Department of Homeland Security (DHS) would support a similar project. In fact, a few months ago, they issues a solicitation request for tools for blockchain forensic analysis.

As we further explore this latter MVP, additional next steps for this week will be:

  • Pitch MVPs to sponsor, Treasury and possibly IC and adjust
  • Continue to flesh out deployment strategy by speaking with cyber/crypto analysts in the DoD, IC, and U.S. Treasury
  • Explore vulnerabilities in other anonymous coins

Interviewee List

  1. H.R. McMaster, Former National Security Advisor
  2. Intelligence Officer
  3. Will Rich, Dept. of Treasury
  4. Maurice Herlihy,  Professor of Computer Science
  5. Alex Pruden, Crypto Investor
  6. Kayla Izenman, Center for Financial Crime at RUSI
  7. Ming Luo, In-Q-Tel
  8. Herb Lin, Cyber Policy Expert
  9. Elizabeth Philip, Harvard Kennedy School
  10. Mehek Sethi, Harvard Kennedy School
  11. Michele Korver, Dept. of Justice Money Laundering Section
  12. Jessica Renier, Dept. of Treasury Office of Terrorist Financing
  13. John Giordano, CYBERCOM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s