Central Academy

for Police
Training, Bhopal
FOCUS ON
BUILDING
BASICS ON
BITCOIN &
BLOCKCHAIN

& THEN
DISCUSS HOW
CRYPTOCRIMES
HAPPEN?
I M NOT AN EXPERT....

a
How
Many
of you
have NOT
Heard
the term
BITCOIN &
BLOCKCHAIN?
 BITCOIN
IS AN
APPLICATION
OF
BLOCKCHAIN
TECHNOLOGY
DRIVING BITCOIN SINCE 2009
No
Government
Intervention
 SATOSHI
कहहह गयह, उसस ढढ ढढ ढ
NAKAMOT
Name used by the
unknown O
person who
designed BITCOIN
and created its
original reference
implementation
 le a s e d
o t o r e
ak a m o in
o sh i N f B i t c
Sat sio n 0 .1 o
o r g e o n
V e r u r c e f
th e e o n S o
f t w a r
so y 2 0 09.
n u a r
9 Ja
 Nakamoto created
domain
name bitcoin.org a
nd continued
to collaborate with
other
developers on the
Bitcoin
software
 e h a n d e d o v e r
m i d 2 0 1 0 , h
Around c o d e
o l o f t h e   s o u r c e
co nt r e s e n a n d
 to   G a v i n A n d r
repository l a t ed   d o m a i n s  to
e v e r a l re
transferred s e m b e r s o f t h e
p r o m i n e n t m
various d s t o p p e d h i s
m u n it y , a n
Bitcoin com o je c t 
i n t he p r
involvement
AS O N DATE

Known number of
CRYPTOCURRENCIES that
exist in the world today
OF THEM
 ~Rs 33 Trillion

Rs 3,35,82,39,99,99,975
 AS OF 30 Aug 2019
1 BITCOIN IS WORTH

9455$
6,77,831/-
SOURCE : https://blockchain.info/charts/n-transactions
 280467
SOURCE : https://blockchain.info/charts/n-transactions
 ANONYMITY
VS
PSEUDONYMITY

Public key addresses similar in function to an

email address, are used to send and receive
Bitcoins and record transactions, as opposed
to personally identifying information.
DESIGNED
FOR
More DETAILS an Investigator
KNOWS about the TECH
ARCHITECTURE, the CLOSER
he gets to CLOSE the CASE
BLOCKCHAIN
IS A COMBINATION OF
VARIOUS
TECHNOLOGIES
GENESIS BLOCK ie 1st BLOCK

BLOCK 2 BLOCK 3 BLOCK 4 BLOCK 5 BLOCK 6 BLOCK 7 BLOCK 8

MATHEMATICALLY LINKED BOGIES

TRADITIONAL WAY
OF SHARING
DOCUMENTS
TRADITIONAL WAY OF
SHARING DOCUMENTS
 IF SUFFICIENT
BANDWIDTH NOT
AVAILABLE,SERVER
CRASHES
EVERY NODE
MAINTAINS A LOCAL
COPY

ALL THE COPIES ARE

IDENTICAL

ALL THESE COPIES ARE

UPDATED BASED ON GLOBAL
INFORMATION
 A B
PUBLIC DR GULATI PUBLIC BUSINESS MAN
LEDGER Rs 1000/- LEDGER Rs 1000/-

C D
PUBLIC CABLE WALA PUBLIC JOKER
LEDGER Rs 1000/- LEDGER Rs 1000/-
 Rs 200/-
A B
PUBLIC DR GULATI PUBLIC BUSINESS MAN
LEDGER Rs 1000/- LEDGER Rs 1000/-

C D
PUBLIC CABLE WALA PUBLIC JOKER
LEDGER Rs 1000/- LEDGER Rs 1000/-
 A B
PUBLIC DR GULATI PUBLIC BUSINESS MAN
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200

C D
PUBLIC CABLE WALA PUBLIC JOKER
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200
 A B
PUBLIC DR GULATI PUBLIC BUSINESS MAN
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200

Rs 600/-

C D
PUBLIC CABLE WALA PUBLIC JOKER
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200
 A B
PUBLIC DR GULATI PUBLIC BUSINESS MAN
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200
B>D Rs 600 B>D Rs 600

C D
PUBLIC CABLE WALA PUBLIC JOKER
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200
B>D Rs 600 B>D Rs 600
 A B
PUBLIC DR GULATI PUBLIC BUSINESS MAN
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200
B>D Rs 600 B>D Rs 600
Rs 10000/-

C D
PUBLIC CABLE WALA PUBLIC JOKER
LEDGER Rs 1000/- LEDGER Rs 1000/-
A>B Rs 200 A>B Rs 200
B>D Rs 600 B>D Rs 600
 Rs 1000/-
A>B Rs 200
B>D Rs 600
C>B Rs 100
B>C Rs 200
A>B Rs 100
C>D Rs 250
PUBLIC LEDGER B>C Rs 170
D>C Rs 189

MILLIONS OF
TRANSACTIONS

A>B Rs 100
C>D Rs 250
B>C Rs 170
D>C Rs 189
G LO BA L E XC E L S H E E T
 GB
CURRENT BITCOIN BLOCKCHAIN
APPROX SIZE AS IN AUG 2019
 1.46 × 10^48  possible
Bitcoin Addresses

That gives every

person on Earth
2.05×10^38 Different
Addresses
CONSENSUS
Consensus is defined as a
GENERAL AGREEMENT
of a state
 MINING DIFFICULTY

TH/Sec

2009 2011 2015 2020

 HASH RATE DENOMINATIONS
1 kH/s is 1,000 (one thousand) hashes/sec

1 MH/s is 1,000,000 (one million) hashes/sec

1 GH/s is 1,000,000,000 (one billion) hashes/sec

1 TH/s is 1,000,000,000,000 (one trillion) hashes/sec

1 PH/s is 1,000,000,000,000,000 (one quadrillion) hashes/sec

1 EH/s is 1,000,000,000,000,000,000 (one quintillion)

hashes/sec
https://anders.com/blockchain/blockchain.html
CIRCULATION STATS
TRANSACTION/DAY STATS
WALLET USER STATS
 Blockchain provides the
basis for the TRUSTLESS
DISTRIBUTED SYSTEM
BITCOIN MINING
Mining is the process
of writing blocks of
Bitcoin transactions
into the ‘The Bitcoin
Blockchain’, and
getting rewarded with
newly created bitcoins
BITCOIN MINING FARMS
BITCOIN MINING FARMS
BITCOIN MINING FARMS
BITCOIN MINING FARMS
BITCOIN MINING FARMS
BITCOIN MINING FARMS
 A miner performs the
MINING OPERATIONS
ALONE without joining
a pool.

All mined blocks are generated to

the MINER'S CREDIT.
The current hardware’s utilized for the
process of solo mining can deliver an
experience which is more like playing the
lottery, but if you do it right you can exit
with a lot of cash
LOOKS
MINING
HARDWARE
 MINING
HARDWARE
 MINING
HARDWARE
MINING
HARDWARE
OPEN DOMAIN COURSES INDIA SAMPLE AD
OPEN DOMAIN COURSES INDIA SAMPLE AD
 WALLET is basically
the Bitcoin Equivalent
of a Bank account.

RECEIVE BITCOINS,
Allows to
STORE(!!!!) them, and then
SEND them to others
Cold Wallets & Hot Wallets
COLD implies it is Offline or
Disconnected from the
Internet
Connected to the Internet
or is online is said to be HOT

Cold is considered most Hot is suitable for

Secure & suitable for Frequently
Storing Large Accessed funds
Amounts of bitcoins
Designed to be downloaded

DESKTOP WALLETS
& used on Laptops/PCs

Easy to Access.

Available for Different OS

– Windows, Mac OS and Ubuntu.

Armory, Multibit, Msigna
and Hive to mention a FEW
MOBILE WALLETS
ONLINE WEB WALLETS
 Paper Wallets can
Securely hold your BITCOINS
PHYSICAL WALLETS

in Cold Storage form for a

long time

 Bitaddress.org 
or Blockchain.info

Once they are generated, you

print them out on a piece of
paper
BitcoinQt is the First ever built

BITCOIN CLIENTS
bitcoin CLIENT WALLET

Original bitcoin

WALLETS
wallet used by the
Pioneers of the
currency

COMPUTERS installed with these wallets

FORM PART OF THE CORE
NETWORK & have access to all
transactions on the blockchain
HARDWARE WALLETS
PAPER WALLETS
 FULL NODE CLIENT
LIGHT WEIGHT CLIENT
THIRD PARTY CLIENT
A user forCONDUCTING
TRANSACTIONS utilizing BITCOIN,
he or she must first DOWNLOAD and
setup a BITCOIN WALLET

BITCOIN WALLET can show the

total BALANCE of all BITCOINS it
CONTROLS and let A USER PAY a
specified AMOUNT
 INSTALLED &
Once wallet is
CONFIGURED, an ADDRESS
is GENERATED which is
SIMILAR to an E-MAIL or
PHYSICAL ADDRESS

WALLET contains a USER’S

PRIVATE KEY, which ALLOWS
FOR THE SPENDING of the
BITCOINS, which are located in
the BLOCK CHAIN
 THE LAST BITCOIN
(PROBABLY 21 MILLIONTH COIN)
WILL BE MINED IN THE YEAR

2140
 A reward system, in
the form of
a website or app, that
dispenses rewards in
the form of a satoshi,
for visitors to claim in
exchange for
completing
a captcha or task as
described by the
website. 

SATOSHI : 1/100th of a Millionth BITCOIN

They DON’T EXIST
ANYWHERE, even
on a hard drive
Legality of Bitcoin by Country Or Territory
Since 1643…
Organized crimes
An extortionist group responsible for
many BITCOIN extortion campaigns
involving DDoS attacks and ransom
demands
DDoS “4” Bitcoin — has ATTACKED
over 150+ COMPANIES since its
emergence in 2014.

Other groups, INSPIRED BY THEIR

SUCCESS, are jumping on the
bandwagon. Is this form of extortion
here to stay?
 Nitrogen Sports is dedicated to its
INTERNATIONAL USERBASE & offers
SPORTS BETTING for dedicated
fans to make some extra side money

When you visit the site, a unique

Bitcoin address is generated
for your use
NITROGEN SPORTS
ONLINE SPORTS BETTING
ONLINE SPORTS BETTING
Operation Pleiades
European Union's law

DD4BC
enforcement agency
investigators from
Europol, Bosnia
,Hezegovina,
Germany, France,
Japan, Romania,
Switzerland, the UK
and the US contributed
in tracking
down
the hacking group
 CRYPTOJACKING is the
unauthorized use of someone
else’s computer to mine
cryptocurrency.

Getting the victim to click on a

malicious link in an email that loads
crypto mining code on the
computer, or by infecting a website
or online ad with JavaScript code
Research has found
53,000 + websites
running crypto mining
scripts
Estimated that those site
had a BILLION combined
monthly visitors
https://www.csoonline.com/article/3253572/internet/what-is-cryptojacking-how-to-prevent-
detect-and-recover-from-it.html
 K HN I
RA
$32 million RAISED
2,31,93,60,000 Rs
$660 million RAISED
47,83,68,00,000 Rs
The Smominru Miner

5 LAKH USERS INFECTED

EXCHANGE HACKS
Mt. Gox (Magic The
Gathering Online Exchange)
World’s largest Bitcoin intermediary
handling 70% of the world’s Bitcoin
exchanges
Mt. Gox lost about 740,000 Bitcoin
(7% of all Bitcoin in existence at the
time)
March 7, 2014, Mt. Gox had sought
bankruptcy protection, announcing
that 850,000 of its Bitcoins, worth
some $473 million at the time—and
representing 7% of all Bitcoins
then in existence—had somehow
disappeared.
WORST DISASTER IN BITCOIN’S
SHORT HISTORY
 Arbitraging Software
Gekko
HaasBot
GunBot
Bitcoin Signal Robot
Kim Nilsson
At a time when Karpelès needed friends most, the
WizSec team scored an invite to his apartment by
offering to bring the Frenchman the ingredients he
needed to bake his famous apple quiche.

Soon, Karpelès was feeding Nilsson

internal Mt. Gox data that could help
solve the case. “I wish I had stolen the
money, because then I could just give it back,”
Karpelès told them at the time.
Kim Nilsson was just as vexed, but
standing in the snow wasn’t his style. A
modest Swedish software engineer with
a goatee and a quiet voice, Nilsson, who
also owned Bitcoins at Mt. Gox, had
never before worked on blockchain
technology.
But he had a reputation for getting to
the bottom of the toughest software
bugs; in his off-time, he’d been known to
beat all the levels of Super Mario Bros. 2 in
an afternoon sitting. And that’s how he
approached Mt. Gox: “It was basically
just the world’s biggest puzzle at
He teamed up with some
other Mt. Gox customers to
launch WizSec. But while the
company quickly
dissolved, Nilsson stayed
on the case in secret,
teaching himself
blockchain analysis and
tracing the money
stolen.
 Although Nilsson started off investigating
Karpelès’s role in the theft, he soon realized
the CEO was just as eager as he was to know
what happened.
Over the next four years, Nilsson estimates he
spent a year-and-a-half’s worth of full-time
hours pursuing the Mt. Gox hackers. He’s never been
paid for his work; his 12.7 Bitcoin claim at Mt. Gox
makes him one of its smallest creditors.
By early 2016, Nilsson had a suspect.
As he tracked the stolen funds, he saw
that, of the 650,000 Bitcoins reported
stolen from Mt. Gox, 630,000 had
gone straight into wallets controlled
by the same person. That person also
had an account at Mt. Gox.
Then onescorching day last July, police
stormed a beach in Greece to arrest a
Russian citizen vacationing with his family. U.S.
federal prosecutors charged Alexander Vinnik, a 38-
year-old IT specialist, with laundering 530,000
of the stolen Mt. Gox Bitcoins through his
WME wallets and other accounts.
They also accused him of helping to run the exchange BTC-e,
whose primary purpose was allegedly to launder money. It is
plausible, investigators say, that BTC-e was founded specifically
to launder funds stolen from Mt. Gox. Blockchain analysis shows
that the hack that devastated Mt.
Gox began in autumn
2011, around the time BTC-e started up .

Keys to Mt. Gox’s “hot wallet”—its online Bitcoin

repository—were stolen and copied, compromising
the exchange’s deposit addresses. So for the next two
years, in nine out of 10 instances, coins were being stolen as soon
as they came in, says Chainalysis’ Gronager, who is also a
creditor: “It meant that you had a hole in the bottom of the well,
and someone was just draining money.”
 EXCHANGE HACKS

65,66,68,80,000 Rs
worth of cryptocurrencies have been lost
so far, with most of these losses happening
through exchanges (Aug 2018)
Some of the Most Devastating
Crypto Hacks
 Ross
Ulbricht
 Ross
S Ulbricht R
I O
L U
K T
American Drug trafficker and Darknet
Market Operator
E
CURRENTLY SERVING
A DOUBLE
LIFE SENTENCE PLUS
FORTY YEARS
WITHOUT THE
POSSIBILITY OF
PAROLE
BUY ANYTHING
SELL ANYTHING
 Rs 87,55,80,00,000
/1.2 billion$ turnover

9,60,000 USERS
HOW WAS HE CAUGHT?
u n n i ng hi s
r
about D o ll a r
Boasted u lt i m illi o n
n a t io n a l M nk e d In
Inte r e o n h is Li
s m a rke tplac
dru g
profile

He used a real photograph of himself for a

fake ID to rent servers to run his
international multimillion dollar drugs
marketplace
 In March
2012, a us
site Stack er registe
Overflow red on the
and the with Ulbr coding Q&
usernam ic h t ’ s e m A
proceeded e 'Ross ail addres
to post th Ulbricht'. s
to a Tor h e question He then
idden ser “How can
vice using I connect
curl in ph
p?”

co u ri e r fi r m s , p re su m ably
He sought contacts in in g s fro m h is
est s h ip th
to work out how to b s m a rk e tp la ce ,
o ll a r d rug
international multimillion d l fa ce a n d re al
a l n a m e , re a
on Google+, where his re
YouTube profile were visible
144,000
BITCOINS
1FfmbHfnpaZjKFvyi1okTjJJusN455paPH
1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a
SLEEPING SINCE 5 YEARS NOW
SEPT 16,2018
Sarah Meiklejohn, a Bitcoin focused
Computer Researcher
Extensive Research
in
Bitcoin Blockchain

Utilizing the data from

344
Found that by looking transactions,
blockchain an Meiklejohn able to
investigator can identify the owners of
uncover who owns a more than a million
Bitcoin addresses Bitcoin addresses
More SUCH unknown
currency UPCOMING
INVISIBLE INTERNET PROJECT (I2P)
is an anonymous network layer that
allows for censorship-resistant, peer
to peer communication
Kovri is a FREE, DECENTRALIZED,
ANONYMITY TECHNOLOGY developed
by Monero

Kovri uses both GARLIC ENCRYPTION

AND GARLIC ROUTING to create a
private, protected overlay-network across
the internet.

Effectively HIDES GEOGRAPHICAL

LOCATION and internet IP address.
With BITCOIN, you reveal your real
“HOME ADDRESS” in order to send and
receive BITCOIN

Monero, uses the EQUIVALENT OF A

“POST OFFICE BOX” as address to
send and receive Monero.
VIRTUAL P.O. box
instead of actual
address
Ring signature is a WAY TO MAKE
SURE A TRANSACTION CAN’T BE
TIED BACK to a specific individual
 CoinJoin is
ANONYMIZATION
method for bitcoin 
TRANSACTIONS
 “When you want to make a payment,
find someone else who also wants to
make a payment and make a joint
payment together.”  
When making a
joint payment,
there is no way
to relate input
and outputs in
one BITCOIN
transaction
Silent Bitcoin is a DIGITAL VOUCHER
CURRENCY 100% backed by bitcoins.

Means that 1.0 SBC

equals 1.0 BTC.
However the base
units for SBC vouchers
are mBTC, or milli-
bitcoin (0.001 BTC).
When a user spends BTC to a wallet
hash controlled by SilentVault, they
receive in exchange a voucher (a
cryptographically signed XML object) for
the same amount in SBC.
Thereafter THE SBC VOUCHER VALUE
CIRCULATES PRIVATELY OFF-CHAIN
BETWEEN SILENTVAULT WALLETS, until
a holder redeems their SBC voucher for
BTC.

At that point the SBC value is

decirculated, and a BTC spend is made
from SilentVault's reserve to the
address hash designated by the user
who surrendered the voucher.
tumblebit
 TumbleBit, a new unidirectional
unlinkable payment hub

Allows parties to make fast,

anonymous, OFF-BLOCKCHAIN
payments through an untrusted
intermediary called the Tumbler

No one, not even the Tumbler, can link a

payment from its payer to its payee
 1.46 × 10^48  possible
Bitcoin Addresses

that gives every

person on Earth
2.05×10^38 Different
Addresses
Bitcoin Mixer is an Anonymous
Service, that confuses the trails
of Bitcoin transactions.
LONGEST running, most established
BITCOIN MIXER, yet gossips are
they are selectively SCAMMING
their users. If you send a high
enough amount to them, you will not
see it again
 World's first Blockchain satellite
on February 2, 2018
https://www.forbes.com/sites/leonhardweese/2017/08/18/why-one-startups-
plan-to-use-satellites-to-beam-bitcoin-data-around-the-world-might-anger-
china/#2528f8f11a88
Broadcasts real-time Bitcoin
Blockchain data from a group of
communication satellites in space
to ALMOST EVERYONE ON THE
PLANET
Enables further participation in
Bitcoin, including the billions of
people in the world WITHOUT
INTERNET ACCESS
 Access to people in places
where BANDWIDTH
PRICES/SPEED make
participating cost prohibitive
JUST NOT BITCOIN
Community-based space platform that is
integrating BLOCKCHAIN+SPACE to lower
barriers of entry to space and promote
collaboration within the space community
 i FORENSICK!!
s
But Keep Calm & Trust Forensics

By : ANUPAM TIWARI
EMAIL: anupamtiwari@protonmail.com
BITCOIN ARTIFACTS
 NETWORK knows about a
Everyone on the
TRANSACTION and THE HISTORY
OF A TRANSACTION can be TRACED
BACK to the point where the BITCOINS
were produced
Conduct a
SEARCH based
on BLOCK
NUMBER,
ADDRESS,
BLOCK HASH,
TRANSACTION
HASH or
PUBLIC KEY
SOURCE : https://blockchain.info/ip-log
PROBLEM BATANA
ASAAN HAI….
DIG DEEP IN THE
TECHNOLOGY &
PRODUCE
EXPERTS

….NOT BUY TOOLS

PROJECT TITANIUM : Main thrust of the European
Union’s Titanium Project is to Monitor blockchains,
deanonymize wallet addresses, surveil dark net
markets, and block terrorists and money launderers .
TITANIUM, which stands for Tools for the Investigation of
Transactions in Underground Markets
ADVANCES IN MAPPING
TRACE
 investigator has the Bitcoin
Private key of the suspect, they can
search for that particular key on the
Blockchain to Trace the purchases
to other potential Suspects.
Attacking Bitcoin via the Internet
infrastructure using routing attacks
As Bitcoin connections are routed over the
Internet—in clear text and without
integrity checks—any third-party can
eavesdrop, drop, modify, inject, or
delay Bitcoin messages

Detecting such attackers is CHALLENGING

any day
BITCOIN FORENSIC ARTIFACT EXAMINATION

Gateway laptop ML6720

Windows 7 Professional
120 GB WD hard drive
Multibit
(4) USB ASIC Mining
Bitcoin-Qt
drives
Bitminter
USB powered cooling fan
Basic USB ASIC Bitcoin
32 GB USB thumb drive
 COLLECTION OF BITCOIN ARTIFACTS
• System Info

• Info about Logged users

• Registry Info

• Remnants of Chats

• Web browsing Activities

• Recent Communications

• Info from Cloud Services

• Decryption Keys for encrypted

volumes mounted
 COLLECTION OF BITCOIN
ARTIFACTS
Bitcoin transactions occur via a
Network Connection, an investigator
should seize any Physical Object that
can connect to the Internet in addition
to the hard drive
https://whois.icann.org/en
While most people have been focused on
Mark Karpeles since Mt. Gox disappeared,  it
turned out, bitcoin security firm WizSec
successfully found the culprit behind this
massive bitcoin price pump.

The culprit goes by the name of Willy,

and it is a bitcoin trading bot that only
made an appearance on the Mt. Gox
exchange. Willy first started its trading
spree in September of 2013, eventually
leading to the bitcoin price bubble and
crash months after.
RUSHED OVER OF A LOT OF CONCEPTS
Lot many
Dots
remain to
be
connected
anupamtiwari@protonmail.com
https://about.me/anupam.tiwari