Why the Big Names in Tracing Bitcoin Have It Wrong

Abstract

This paper examines critical flaws in current Bitcoin tracing methods encouraged by major blockchain intelligence companies. It challenges the prevailing reliance on UTXO-based direct tracing and cluster based tracing techniques, arguing that these approaches fundamentally misapply traditional asset tracing principles. Through analysis of UTXO mechanics, wallet behavior, and established financial investigation practices, this paper demonstrates how current methods may inadvertently inject randomization into traces and compromise the legal basis for asset recovery. The discussion highlights the necessity of realigning cryptocurrency investigation techniques with traditional financial crime investigation precedents, particularly as the cryptocurrency ecosystem matures and faces increased legal scrutiny.

Introduction

Admittedly, the title is a bit hyperbolic, but not because it isn't true—it's because this requires nuance and discussion. To say one thing is wrong, you must, by logic, know the correct way for that thing to be done. When it comes to tracing cryptocurrencies and Bitcoin specifically, there isn't enough case law or established precedent to determine conclusively what is right or wrong. I do, however, find it necessary to highlight a common practice or opinion I believe to be grounded in a false premise: that clustering and UTXO identification can be relied upon to efficiently follow the flow of illicit proceeds.

Understanding UTXOs and Clustering

UTXO Fundamentals

For the uninitiated, a quick explanation of UTXOs and how clustering plays into asset tracing is necessary. For that matter, we must also address what is meant by asset tracing. UTXO stands for Unspent Transaction Output. This is the basis of the accounting system maintained by the Bitcoin blockchain, as well as others. In its simplest form, a UTXO is a way for the Bitcoin blockchain software to keep account of the available value any given wallet address has the authority to spend or reassign to another wallet address.

The best real-world comparison is that of cash. If I wanted to purchase an item for $10 but only had a $20 bill, I would send my $20 bill into that transaction and receive change of $10. This $10 bill would be the "unspent output" from that transaction, and I would put it back in my wallet to use another day. Wallet software applications work by gathering and counting all the various Unspent Transaction Outputs assigned to my wallet, where the application can add them up and display a total balance of those combined values.

Wallet Clustering Mechanics

In addition to a wallet address being a collection of various UTXOs in various denominations, a wallet application may be a collection of numerous wallet addresses all secured by the same master private key with the same owner. Yet, there may be no indication or record that each of these seemingly unique wallet addresses belongs to the same individual or entity. This is where wallet clustering comes into play. There are particular behavior patterns and technical functions displayed in public blockchain records that allow for the grouping or "clustering" of seemingly disconnected wallet addresses under one common ownership. This was the original lifeblood of blockchain intelligence companies that exist to link wallet addresses into clusters, then identify those clusters as belonging to criminal networks or virtual asset service providers. For purposes of attribution and displaying common ownership, clustering is extremely effective. However, it has been misused in the application of asset tracing.

Asset Tracing Principles

Traditional Methods and Applications

Asset tracing is not a new concept; in fact, many of the ideas used for asset tracing originate from English common law hundreds of years ago. The general concept is that once something of value is stolen and moved to another location, like a different bank account or crypto wallet address, the claim against that property for purposes of recovery exists so long as they remain traceable to the original crime. There are two concepts in tracing one must also be familiar with: direct tracing and equitable tracing. Direct tracing attempts to follow the specific item that was stolen, whereas equitable tracing is used to follow the equivalent value when direct tracing becomes impossible due to changes in form or the commingling of assets. It may sound simple on its face, but as you start to dig deeper, the complexities grow exponentially.

Practical Scenarios and Challenges

For the purposes of this review, we will avoid the injection of an innocent third party entering the chain of custody and instead focus solely on the actions of our notional criminal. If our criminal were to steal $100,000 in sequential bills from our victim who had an itemized list of each serial number and they are later recovered under the criminal's mattress, it is easy to see the correlation and return the recovered property. However, what is more likely is that the stolen money entered a bank account. In this scenario, the sequentially marked bills would now be in possession of the criminal's bank, and the criminal's bank account would be credited the balance.

So would your claim be against the bank to recover the specifically numbered bills stolen from the victim (direct tracing)? Or would it be against the digital representation of value held in the criminal's account? Additionally, what if instead of putting the stolen money into a bank account, the criminal instead purchased a new sports car and paid cash (equitable tracing)? I think in each of these scenarios it is easy to see how the claim for recovery would pass onto the newly substituted representation of the equivalent value of the stolen property rather than attaching to the specifically identified sequentially numbered pieces of paper. This is the purpose and function of asset tracing.

Unfortunately, the simplified scenarios accounted above are rare. Criminal bank accounts are not usually opened to simply receive the stolen money and transact with it. Instead, they will often have a standing balance before the deposit of the stolen money then undergo numerous other additions and withdrawals. Once the stolen money enters the account it becomes instantly indistinguishable from the other money in the account. This is what we call the commingling of assets. This creates an insurmountable obstacle in direct tracing. However, equitable tracing techniques allow us to apply specific methods to conserve the claim beyond the initial account where funds are deposited (these methods have their own complexities and are a topic for another paper). Equitable tracing's utility is to solve for changes in form or commingling of fungible assets in order to preserve the path of assets being traceable to the original crime.

Bitcoin Fungibility and Tracing Implications

The Fungibility Question

Is Bitcoin fungible? While some would argue that the UTXO model somehow diminishes the fungibility of bitcoin, I think they make the mistake of confusing distinguishable with fungible. While each UTXO of Bitcoin has its own provenance and the ability to distinguish a particular UTXO in the wallet from another, each individual Satoshi (the smallest denomination of Bitcoin) is just as valuable as any other and they are entirely interchangeable when settling a payment. In fact, it is no different than US dollar bills which are each serialized and can also be distinguished from one another. So why then are the big names in crypto tracing tools advocating or at least designing their products for tracing based on UTXOs?

Historical Context and Evolution

The issue has grown since the origin of Bitcoin, or at least Bitcoin intelligence companies. Satoshi Nakamoto (pseudonym for the creator of Bitcoin), used the UTXO model as a solution to the double-spend problem inherent with the implementation of a digital currency. That is, if the value is digitally stored what prevents someone from making a copy and spending the same value multiple times? This is where blockchain technology, proof of work consensus mechanisms, and UTXOs all became revolutionary in achieving a secure peer-to-peer decentralized economy where settlement of transactions can occur without a trusted third party. The UTXO model, however, was not established with the application of asset tracing in mind.

Early blockchain intelligence companies emerged from founders with computer science backgrounds, pioneering the heuristics and clustering techniques now commonplace in cryptocurrency tracing. While these founders excelled in technical analysis, they lacked experience in traditional financial crime investigation. Their initial approach treated Bitcoin tracing as a computer forensics challenge rather than a financial investigation, focusing on data movement instead of currency flows. Though they later partnered with law enforcement, the investigative methods remained primarily technical rather than financial in nature in large part due to the novel idea of a digital currency. The landscape has since evolved dramatically—cryptocurrency has matured from a niche technology into a global financial system, and investigators now possess both the technical and financial expertise needed to understand the complexities involved and iterate on investigative best practices. This evolution necessitates a reassessment of investigative methods, aligning technical capabilities with established financial investigation principles.

There are two practices specific to UTXO blockchains which are at issue, the strict use of applying direct tracing methods to UTXOs and the substitution of assets in clustering. Both of these techniques are completely at odds with one another as well as traditional asset tracing practices, yet they are often built into tracing software applications without the investigator even being aware what is happening inside the tool.

Current Issues in UTXO Tracing

UTXO Direct Tracing Problems

The practice of UTXO direct tracing states that the given UTXO, that is, the particular denomination or chunk of Bitcoin that is the target transaction (victim's payment to the scam), can be traced into the suspect wallet address. Once there, that known suspect wallet address can be monitored. The specific UTXO originating from the victim can be observed so long as it remains assigned to the suspect's wallet address and when it is sent out again it may be followed. The target UTXO may be moved out immediately or it may sit in that wallet for months while other transactions (UTXOs) come and go. The direct tracing method would require the investigator to ignore all other incoming and outgoing transactions until the target transaction was moved. This violates the fungibility principle and in effect randomizes the trace path that could otherwise be followed when applying accepted tracing methodologies.

Wallet-Induced Randomization

Injecting randomization into a trace is not a good practice and is not sustainable as the industry of crypto tracing matures and comes under increased legal scrutiny. Wallet applications operate independently from the designed structure of the blockchain. So any attempts to justify applying a direct UTXO tracing method under the notion that the blockchain was designed that way ignores the variable introduced by various wallet software applications. The wallet application's job is to keep track of all UTXOs assigned to a given wallet address or group of addresses (cluster). It creates an easy user interface where the end user can get a display of the total value available to spend. The user, in most cases, does not then select which UTXOs they want to send into a transaction, the wallet makes that decision autonomously. Most wallets are coded to try and locate the exact amount to send to avoid having to receive change, but this is rare. So instead, the wallet application will try to get as close to the user's intended transaction amount by using the fewest number of UTXOs in order to save on fees. This in effect randomizes the time frame in which the traced UTXO may be spent and disassociates it from any intent that could otherwise be inferred onto the suspect's motives in the financial transaction gleaned from factors like timing and amount.

Cluster Tracing Limitations

Asset Substitution Issues

The practice of applying clustering identification mechanisms in blockchain data is crucial to obtaining the big picture and identifying criminal networks as well as legitimate service providers. However, using clusters in the application of asset tracing immediately injects the substitution of assets traceable to the original crime for assets which are not. Once that golden thread is broken, the investigator gets on very thin ice when preserving the character of assets as being "traceable to the original crime" as it applies to pursuing recovery or forfeiture. This practice groups multiple wallet addresses into one controlling entity, then treats all transactions universally as the actions of the one controlling entity. While I agree with this in principle and see its necessity in blockchain intelligence, it again is misapplied when used in the asset tracing process.

To better understand the issue this creates we must first again highlight the goal of asset tracing, and that is to locate assets that are "traceable" to the original crime. This standard is echoed in most laws which govern seizure and forfeiture and is therefore crucial to preserving any legal claim against property. When an asset ceases to be traceable or is otherwise rendered worthless, the substitution of assets principal states that the claim is not against the property but against the person who held that property. It then puts the onus on all of that individual's assets to come up with something of equivalent value. You are no longer at this point making a claim against assets that are traceable to the crime. While this is a nuanced distinction it carries tremendous implications in the pursuit of legal recovery.

To illustrate the issue let us think of a traditional bank account. A user may have three separate bank accounts held at their bank with three separate account numbers (we will call them A, B, and C). When they log into their bank account application with one log in, they will see all three accounts, they may even have a summary with a combined total balance of all accounts (think of this like a wallet application). However, if account A has $100,000 in it on Monday, then the account holder steals $100,000 on Tuesday but deposits it straight into account C, these funds have not been commingled between accounts. When the account holder moves the preexisting $100,000 out from account A on Wednesday, there is no authority to pursue that outbound $100,000 from account A. It is still plain to see that the funds in Account C are still there. The funds in account C are the assets which are directly traceable to the original crime and have not been moved. There are arguments to pursue the total of all assets held in all accounts, but these originate from a more complex argument of being used in the commission and facilitation of an underlying crime which is a different argument than being traceable to the original crime and would also require a broader investigation.

Conclusion

The current approach to Bitcoin tracing, while technologically accurate, suffers from fundamental misalignments with established asset tracing principles. The industry's reliance on UTXO-based direct tracing and cluster-based tracing introduces problematic randomization and asset substitution issues that could compromise legal recovery efforts. As cryptocurrency investigations mature and face increased legal scrutiny, it becomes crucial to realign crypto tracing methods with traditional financial investigation precedents.

The path forward requires a careful balance between leveraging blockchain's unique capabilities and adhering to established legal frameworks for asset recovery. This necessitates a shift from purely technical approaches to those that better integrate with traditional financial investigation methods used to infer criminal intent. The application of Proceeds-In-First-Out and the Lowest Intermediate Balance Rule asset tracing frameworks have been well established in traditional cases and are equally applicable to UTXO based transactions. Future developments in this field should focus on creating tools and methods that promote the preservation of the legal basis for asset recovery while taking advantage of blockchain's transparency and traceability features. This evolution is essential for ensuring the long-term viability and legal defensibility of cryptocurrency asset recovery efforts.

?