Investigating Dark Web Transactions: Challenges and Solutions

Merkle Science

5 minute read May 15, 2024 6:22:03 AM

Introduction

If you are reading this blog, you are likely doing so on the surface web (also known as the visible web), the part of the internet that is publicly available and indexable by search engines. The counterpoint to the surface web is the dark web, which is only accessible via specialized tools like the Tor Browser.

Because the dark web is more clandestine, criminals frequently use sites there, such as coin mixers and DeFi exchanges, to move illicit funds. Given the anonymous and decentralized nature of the dark web, authorities have a hard time tracking, identifying, and apprehending criminals who launder money there.

Challenges in identifying criminals on the dark web

When using the surface web, users can be tracked through their IP address. The IP address can tell others what internet service provider (ISP) a person is using and even geolocate their location, down to the city.

An IP address also makes it possible to identify criminals. Once an authority knows an IP address of a potential criminal, they can monitor network traffic to track suspicious activities. They can also request more information from the ISP, such as details about the subscriber, and conduct forensic analysis to gather evidence on that person’s connections, communications, and activities.

Understanding how an IP address helps criminal investigations is crucial because it marks a significant contrast from the dark web. To access the dark web, users need special tools like the Tor Browser, which is tailor-made to resist what it calls “tracking and surveillance.” The Tor Browser thus offers a suite of features that anonymize users, including the blocking of third-party cookies that facilitate tracking and identification across digital activities.

The Tor Browser also obfuscates identification by making users appear the same through multi-layer encryption that passes data packets through at least three Tor relays. This technique, known as Onion Routing, makes it hard for authorities to conduct network monitoring (and accounts for the Tor Browser’s onion mascot). Even if authorities were able to intercept the traffic, the encrypted data would be unreadable.

With the Tor Browser, you can browse both the surface web as well as dark web sites that are only accessible through its use, such as darknet marketplaces and file-sharing platforms. While Tor Browser and other similar tools have legitimate uses - for example, dissidents who want to avoid political persecution in totalitarian regimes - it also inadvertently protects criminals.

With their communication encrypted and their identities anonymized, criminals can operate more freely. They know that investigators will struggle with tracking their whereabouts, identifying who they are, and tracing their illegal activities, such as the flow of illicit funds.

Challenges in tracking transactions on the dark web

Transactions are especially hard to track on the dark web. Criminals will use various tools and techniques to further obfuscate their trail, such as coin mixers. To use a coin mixer, the user puts funds into a common pool, which are then mixed together with other users, and an amount equal to the original deposit is given back to the user. Because coin mixers break the connection between senders and recipients, their use makes it harder to track the illicit funds.

Many mixers have been taken off the surface web due to enforcement action by government agencies. In some ways, these removals may be a pyrrhic victory. Operators of coin mixers simply bring their platform to the dark web, where they can operate more freely and be accessed by a ready market of dark net users.

Coin mixers are frequently combined with other tactics, such as chain-hopping, to complicate tracking efforts. Chain hopping refers to the act of rapidly hopping from one blockchain to another, often using a cross-chain bridge. Some blockchain forensics tools only carry support for certain chains. When criminals hop onto chains outside of this technical scope, it will be difficult for authorities to track them there.

Challenges in Law Enforcement action on the Dark Web

Exchanges like Binance are centralized exchanges (CEXs). They have known leadership, conduct business from official offices, and seek the necessary registrations and licenses to operate within those jurisdictions. Because such businesses are centralized, they must abide by government policies, such as the need to conduct rigorous know-your-customer (or KYC) procedures.

Even more importantly, they are subject to government punishment, such as fines, if they run afoul of these policies. This fact is evident in the many punishments handed down to centralized exchanges, who then had to correct their error or face enforcement actions that escalate in severity.

The entities on the dark web are a true Wild West. Decentralized exchanges (or DEXs) and peer-to-peer (P2P) platforms on the dark web can ignore KYC procedures and welcome any user. They also do not need to follow other government policies, such as abiding by the travel rule or observing transaction limits.

The decentralization of these crypto exchanges makes it difficult for authorities to take appropriate action. Centralized exchanges can be compelled to provide user and transaction information, freeze accounts, and turn over funds as part of a recovery process. There are no official representatives to contact for such matters.

Decentralized exchanges also have no official jurisdiction, which makes official proceedings difficult. As a counter-example, FTX - a CEX - was headquartered out of the Bahamas, which meant that the United States government could extradite its CEO, Sam Bankman-Fried,in order to prosecute him in the US (a move it made in December 2022).

In contrast, there is no clear path for conducting investigations and enforcement action on businesses that operate on the dark web. These businesses are not only decentralized, but the criminal activities they facilitate tend to be transnational, complicating matters further. Authorities that want to take enforcement action against such entities thus face a legal and jurisdictional quagmire.

Merkle Science: the solution to identify, track and prosecute dark web transactions

The dark web can be an effective cloak for criminals because it leverages cutting-edge technologies, including everything from web browsers with Onion Routing to coin mixers with sophisticated protocols. The only way for authorities to respond is to fight technology with technology, and the specific class of solutions needed are those in blockchain forensics.

To effectively combat criminal dark web transactions, government and law enforcement authorities need to look no further than Merkle Science. One of the most reputable blockchain forensics solutions in the market, Merkle Science’s Tracker tool boasts all the key features needed to identify, track and prosecute dark web transactions:

Compatibility with multiple chains: Some blockchain forensics solutions only provide support for several chains or a handful of popular chains. This approach does not work: The trail will go cold if the criminals move funds to chains not covered by the forensics software Furthermore, criminals frequently shift away from popular blockchains and go toward lesser-known chains for their laundering.

The best blockchain forensics solutions in blockchain forensics are thus capable of analyzing multiple chains so that they can follow criminals who engage in chain hopping.

With Tracker, Merkle Science’s solution for tracking, tracing, and investigating cryptocurrency transactions, authorities have the benefit of multichain coverage for Ethereum Virtual Machine (EVM) chains like Tron and even support for Layer 2 chains like Arbitrum and Optimism. Tracker can automatically graph the cross-chain movement of crypto transactions, so authorities can understand how, where, and to whom illicit funds are going.

Features that outsmart obfuscation: In addition to chain hopping, criminals will use a grab-bag of other tricks to evade authorities. Many solutions in blockchain forensics are fooled by these obfuscation techniques, unable to determine where the illicit funds went. The best solutions are thus capable of following the movement of funds even in spite of these under-handed strategies.

Tracker is equipped with this feature. While it is optimized for DeFi and smart contract investigations, Tracker also offers support for smart contract swaps, cross-chain bridges, and DeFi aggregators. This breadth ensures that authorities can track illicit funds to their source, no matter how many technological obstacles criminals throw in their way.

Intelligence beyond the blockchain: Most solutions in blockchain forensics focus entirely on examining different blockchains. While this ability is of course central to the category, blockchain data will only tell one part of the story. Authorities who use only blockchain data are not maximizing the evidence that they can gather.

The best blockchain forensics tools will gather a wider variety of data, so that the investigation process is accelerated. With Tracker, when authorities insert any cryptocurrency address, the solution will scan through both social media platforms and darknet sites. The open-source intelligence gathered from this crawling provides authorities with an additional level of insight into criminal operations.

With Tracker, authorities gain numerous advantages across the justice process. During the investigation, authorities can get real-time alerts over suspicious activity, track indirect exposure to addresses that have been sanctioned, and identify exit nodes for laundered money. Tracker’s tools will also aid in enforcement action, such as in gathering evidence for prosecution and training authorities for future operations.

Final Thoughts

The dark web has traditionally been a safe haven for criminals. Thanks to its decentralization and anonymity, criminals can more freely move funds on the darknet. As a result, authorities have a hard time identifying criminals, tracking transactions, and executing enforcement actions.