What Can We Learn From The Bitcoin Address of a Darknet Illicit Market
The researcher Caleb (@5auth) recently discovered the bitcoin address that the darknet illicit market (Wall Street) administrators used to manage all the purchases made on their market. This leak demonstrates just how much intelligence can be gathered using our BitCluster bitcoin intelligence tool as well as a simple bitcoin address.
The wallet Caleb identified is not the first and only wallet Wall Street administrators used. The market was launched in 2016 but the wallet’s transactions only begin in December 2017. It is, however, the last one used to exit scam and steal millions of dollars from the market participants.
The figure above presents the daily sales of the Wall Street darknet illicit market. Over the past year, the sales multiplied by 6 and peaked at over US$200,000 per day. The administrators of darknet markets charge a commission on each sale they facilitate. This commission ranges from 1% to 9%. Using a conservative 4% commission fee on sales, the Wall Street administrators likely earned over US$8,000 per day, almost US$3,000,000 on an annual basis.
Many of the sales made on darknet illicit markets are for illicit recreational drugs like cannabis and ecstasy. These drugs are shipped through the mail which takes a few days for delivery. The above figure suggests that much of the orders are made on Tuesday, probably with a delivery date right before the weekend when these drugs are often consumed.
Most transactions are for fairly small amounts. 67% of sales are for products under $100 and about 1% is for products over $1,000. This suggests that the products for sale are not high end or sold in bulk. There are exceptions, however, and past research has shown that large quantities of drugs and large caches of stolen information could be purchased on darknet illicit markets for well over $1,000.
Few customers make repeat purchases on darknet illicit markets. 94% of the bitcoin wallets used to make a purchase are not used again. In fact, 99% of wallets are only used 2 times or less. Of course, buyers can change the wallet they use to make a purchase each time. But this suggests that few actually do.
A bitcoin wallet seldom leaks information about the identity of its owner. It does allow for the profiling of its owner’s activities, however. In this case, we can track the behavior of customers and the patterns of purchases made on the Wall Street darknet illicit market. Flare Systems offers the BitCluster software tool that generates the datasets needed to analyze the patterns of bitcoin flows and follow the money going in and out of darknet illicit markets.
This enabled us to identify the growth of Wall Street but also that its users were mostly offenders making occasional small purchases. Many believe that bitcoin is an anonymous currency, but we provide here evidence that it is leaking much information. For offensive or defensive reasons, it would be possible to push further our analysis and identify the largest wallets connected to Wall Street which could lead to investigative leads.
We recommend that our customers use our BitCluster tool to investigate their own bitcoin wallets or that of their partners to determine if they are connected to darknet illicit markets or other illicit activities. BitCluster integrates into our Firework solution to run open-source searches against bitcoin wallets and provide further intelligence into this supposedly anonymous currency.
Subscribe to our blog to stay up to date on the darknet and cybersecurity.