The blockchain industry often has news that exchanges have been stolen. This has basically become commonplace, and it is expected that it will continue to happen in the future.
The latest news is that South Korea ’s upbit exchange was stolen more than 20 days ago, and 342,000 ETHs were missing. It is still unknown who did it. The 342,000 ETHs flowed into the market through various channels, some of which entered Binance, some of which went to Huobi, some of which went to exchanges of other countries, and some of which were exchanged for stable coins through decentralized exchanges.
Some people have this question: All transaction information on the blockchain is open and transparent. Since hackers have so many transactions on so many channels, we really have no way to find out the relationship behind these transfer records and find Is there a criminal behind it?
Similar news also happened on the plustoken. Since the high-profile run of the plustoken, multiple transactions and transfers have also been found on multiple exchanges and browsers. You must know that the amount of plustoken involved is as high as 20-30 billion, including several Ten thousand bitcoins, although several founders have been arrested, there are still a large number of people involved in the case that have not been arrested, and at the same time, crazy transaction transfers are still being carried out. Such a large amount of cash-out demand has also caused market worries, so that every time the market conditions change, people are worried about whether the group of plustokens began to cash out again.
Similarly, we also have this question: are we really unable to take these black money? Can you just watch them cash out step by step?
2, Decentralized digital assets such as Bitcoin
They are also digital assets. They have different characteristics and different trading channels, which need to be treated differently. According to different final cash-out channels, I simply divide them into digital assets that do not need to be cashed out, such as Bitcoin, assets that are cashed out by centralized exchanges, and assets that are cashed out by decentralized exchanges.
Why separate strong decentralized digital assets such as Bitcoin (hereinafter referred to as Bitcoin) separately? Because they can be traded on the exchange, and they can exist independently without relying on the exchange, and they can serve as transaction equivalents. For example, there are already many places in the world that support Bitcoin transactions. You can buy a house, buy a car, pay tuition, buy pizza, drink coffee and more directly with Bitcoin.
As we all know, Bitcoin has the characteristics of openness and transparency at the same time. Anonymity refers to the anonymity of the real identity behind the address. Openness means that all the information of the transaction itself is open and transparent. This is Bitcoin and the traditional financial system. The biggest difference is also the basis for the entire Bitcoin system to work.
Since it is anonymous, do we have no way to lock down the identity of criminals? This is not absolute. If criminals hold a large amount of bitcoin, only carry out simple transfer transactions, do not buy things in real life, and do not cash out, we generally cannot accurately lock specific people, but many times can draw a rough map .
There is a saying that Bitcoin does not have complete anonymity, but in fact, only a pseudonym is implemented, and the person behind can be found through correlation analysis. For example, because all transactions can be found on the browser, when the number of transaction transfers increases, the amount of information will increase, and then using the current big data analysis technology, it will be possible for funds to flow from where List an approximate map.
At the same time, the use of public information on the market, such as the addresses of many large households, project parties, and exchanges, is public. Based on these public account information, many useful information can be inferred. At present, there are many teams on the market dedicated to Do what is called “correlation analysis” in this forum title. Some of them are manual statistics, and some are software data analysis. Marking the account addresses that have been published to date, coupled with the data in the fully open data browser, draw a transfer chart, which can analyze a lot of useful information.
Someone seems to have analyzed Li Xiaolai’s account before to study whether he has six-digit bitcoin and his various transfer relationships. Interested friends can go online to find posts by themselves.
But, again, “correlation” analysis can only infer a vague approximation, it can only infer limited information, there will be many “faults” that cannot be analyzed, and the effect is limited;
Moreover, data analysis and investigation and anonymity are in a relationship of “one foot high, one foot high”. With the development of big data analysis technology, Bitcoin is also developing anonymity similar to “mixed coin service”. The strong characteristics have brought difficulties to data analysis.
It should be said that Bitcoin itself does have strong anonymity, but through analysis of public transaction information, clues can be drawn. The more and more frequent the transaction information, the easier it is to draw a rough picture.
3, The centralized exchange
Relying on big data analysis of Bitcoin alone, it is very difficult to lock in specific people. At this time, the cooperation of a centralized exchange is required.
Because bitcoin currently can buy directly a few products, after all, most digital assets still have to embark on the road of cash. At present, the main cash channel is through centralized exchanges.
However, the mainstream centralized exchanges currently have a good KYC, which is not only to meet the government’s rigid requirements, but also an important means for exchanges to ensure asset security and reduce disputes.
In this case, if a hacker eventually cashes through a centralized exchange, he can indeed lock his identity accurately. After the identity is locked, the police will dispatch him to arrest people or simply freeze the account directly by the exchange. There will be no follow-up troubles.
Although this method is simple, there are also some problems in the specific implementation process. For example, there are many fake KYC materials on the market that can be purchased, a set of several hundred dollars, with a full set of information, bank flow, ID cards, fingerprints, bank cards, and even various face recognition information. If you use a fake account to cash out, even if you can find the person behind you, it is just a “non-existent person”. Most real hackers use this method when cashing out on a centralized exchange.
At the same time, there are many exchanges when the transaction amount is less than a certain amount, such as less than 1 bitcoin, it is not necessary to force KYC. If hackers register the trumpet in batches, and then make full use of these small amount to cash out, it is difficult to trace; What’s more, after the investigation, most of the criminals are abroad, which also makes it more difficult for specific arrests.
4, Decentralized exchange
Through a centralized exchange, although criminals cannot be absolutely locked, after all, it provides a very valuable analytical clue, which is very helpful for subsequent investigation and evidence collection. But the rise of decentralized exchanges now seems to have changed.
For example, the upbit exchange mentioned above was stolen, and one of the hackers’ cash-out channels was to exchange ETH for stable currency through a decentralized exchange. Most decentralized exchanges now focus on anonymity and security. After the “cleansing” of decentralized exchanges, it is much more difficult to track down funds.
And the current development focus of the entire blockchain industry seems to be in the decentralized exchange, the DEFI financial one, then with the popularity of the decentralized exchange, are these hacker shipments even more blatant? Doesn’t it have a greater impact on the security of the entire industry?
If it goes in this direction, this is indeed the case, which is why I think that even a decentralized exchange cannot be completely anonymous.
In real life, as long as you do transactions with others, as long as it involves value exchange, you need deep cooperation between people. These cooperations require deep information sharing behind them, because it will involve the distribution of subsequent rights and obligations. At least at this stage of the society, it is necessary to support the real-name system. If the entire transaction is anonymous, you can neither find the buyer nor the seller, and if you have a dispute, you do n’t know how to resolve it. So how can this value exchange business do? What about trust?
In fact, the anonymity of the transaction alone is useless, and real life is always linked. It ’s as if you are buying something on Taobao. You can use your nickname and ID, but you need to pay. When you pay, you need a bank card. The bank card is the real name. When you want to fill in express mail, you need to fill Real identity address; when receiving express delivery, you need to get it in person. These are very closely linked. One link is real-name system, and the information in other links may be pushed back.
The blockchain is a part of the entire social life, and ultimately needs to be integrated with all aspects of society. In the end, the on-chain and off-chain must develop in a coordinated manner, and the off-chain part must require a real-name system, and the on-chain part also needs a real-name system In order to cooperate with the development of the off-chain part.
Moreover, anonymity and privacy are not in conflict. Publicity of identity is conducive to the development of business activities. Mastering privacy is the basic right of everyone. You can publicly reveal your identity to engage in some important activities, but you do not reveal your privacy, and privacy is still completely under your control. I think this is the mainstream of the future business world and the mainstream direction when the blockchain is launched.
Note that what I’m saying here is not to be anonymous, but not absolutely anonymous. For example, we can not reveal our true identity during all transaction transfers. Even major exchanges, decentralized exchanges, and counterparties do not know our true identity, but at the lowest level, with the police, There must be real-name identities with government agencies, because it is necessary to ensure that when an accident occurs, it is possible to trace the identity.
For decentralized exchanges, what we really need is the technology behind it, such as the UTXO account system, such as the public key and private key system that allows you to manage assets yourself, such as its efficient confirmation features, etc. These technologies are decentralized The real advantage of a centralized exchange is that anonymity is not the core advantage of a decentralized exchange. Security is.
Blockchain is not a place outside the law, and decentralization is not a talisman for criminals.
Asset security is a big issue. No matter whether it is decentralized or centralized, the real probability is inseparable from the real-name system.