assortmentofsorts (OP)
Member
Offline
Activity: 91
Merit: 10
|
|
October 14, 2013, 02:45:07 PM |
|
So, I have been playing around with Neo4j lately and was wanting to experiment using a large dataset. The blockchain struck me as the best dataset for performing analysis. I was always intrigued by this address specifically : 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a which has around 111114.60025818 BTC with nothing spent. From the recent disclosures on Silk Road and about DPR having safely locked up 600000 BTC into an encrypted offline wallet, I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalk.org/index.php?topic=6460.msg94424#msg94424Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail. I just used a shortest path algo to find the path that leads to the final destination. So here is the trail: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS (tx: afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892) -> 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (tx: acb4608da3e06bb787682c7b2f5c4808b831301617cdf5986fd2693970c8040e) -> 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (tx: fb059f1acfe0399ca2d5090ff9264dfe88b918230c01f09391eaefa83082f4fb) -> 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (tx: f3b6040fd5c2f70d4be82e5a97b9fcad67a1ebdfa20af8c7915b82afdd8aa174) -> 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (tx: 758b776dec1851a94a6c4ee1782aaf7210a59ae1e8c184d2b469d8039ff1773c) -> 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (tx: 70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081) -> 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a What do you guys think?
|
If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
|
|
|
illpoet
|
|
October 14, 2013, 03:04:30 PM |
|
its pretty impressive that you found that. i also didn't know that dpr is thought to be username altoid. I guess in theory he could have just used a random address in the thread but unlikely. now if we could only figure out the private key...
|
Tym's Get Rich Slow scheme: plse send .00001 to btc: 1DKRaNUnMQkeby6Dk1d8e6fRczSrTEhd8p ltc: LV4Udu7x9aLs28MoMCzsvVGKJbSmrHESnt thank you.
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
October 14, 2013, 03:31:32 PM |
|
So, I have been playing around with Neo4j lately and was wanting to experiment using a large dataset. The blockchain struck me as the best dataset for performing analysis. I was always intrigued by this address specifically : 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a which has around 111114.60025818 BTC with nothing spent. From the recent disclosures on Silk Road and about DPR having safely locked up 600000 BTC into an encrypted offline wallet, I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalk.org/index.php?topic=6460.msg94424#msg94424Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail. I just used a shortest path algo to find the path that leads to the final destination. So here is the trail: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS (tx: afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892) -> 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (tx: acb4608da3e06bb787682c7b2f5c4808b831301617cdf5986fd2693970c8040e) -> 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (tx: fb059f1acfe0399ca2d5090ff9264dfe88b918230c01f09391eaefa83082f4fb) -> 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (tx: f3b6040fd5c2f70d4be82e5a97b9fcad67a1ebdfa20af8c7915b82afdd8aa174) -> 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (tx: 758b776dec1851a94a6c4ee1782aaf7210a59ae1e8c184d2b469d8039ff1773c) -> 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (tx: 70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081) -> 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a What do you guys think? I found the same link too. The 1933ph..... could be DPR's address but I think the evidence is not strong enough. It's possible that he just spent 2000BTC with the tx afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892. BTW, someone sent 2 x 1.73632986BTC to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a on 2013-10-09.
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
franky1
Legendary
Offline
Activity: 4424
Merit: 4815
|
|
October 14, 2013, 03:33:38 PM |
|
its pretty impressive that you found that. i also didn't know that dpr is thought to be username altoid. I guess in theory he could have just used a random address in the thread but unlikely. now if we could only figure out the private key...
the SR arrest warrent of DPR mentions that altoid is DPR.. and thats how he was caught.. altoids email address was Ross Ulbricht@gmail
|
I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER. Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
|
|
|
andrewboy44
|
|
October 14, 2013, 03:44:09 PM |
|
Very Impressive
|
|
|
|
assortmentofsorts (OP)
Member
Offline
Activity: 91
Merit: 10
|
|
October 14, 2013, 03:53:41 PM |
|
I found the same link too. The 1933ph..... could be DPR's address but I think the evidence is not strong enough. It's possible that he just spent 2000BTC with the tx afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892.
BTW, someone sent 2 x 1.73632986BTC to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a on 2013-10-09.
You can verify that the first ever transaction to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a came from DPR's address: http://blockchain.info/tx/70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other addresses. Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a. The script I wrote followed a path that had addresses with only 2-10 transactions. So lets break in down: DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions) Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions) Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler) Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions) Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output) Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.
|
If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
October 14, 2013, 04:02:57 PM |
|
Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other accounts.
Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.
The script I wrote followed a path that had addresses with only 2-10 transactions. So lets break in down:
DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions) Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions) Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler) Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions) Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output) Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a
There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.
The 1LDNL....... received 11,329.89 BTC, while only 2,000 BTC end up in 1933phf..... Not saying you are wrong but that's not strong enough. Is there any other known addresses of DPR?
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
assortmentofsorts (OP)
Member
Offline
Activity: 91
Merit: 10
|
|
October 14, 2013, 04:15:05 PM |
|
Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other accounts.
Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.
The script I wrote followed a path that had addresses with only 2-10 transactions. So lets break in down:
DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions) Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions) Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler) Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions) Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output) Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a
There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.
The 1LDNL....... received 11,329.89 BTC, while only 2,000 BTC end up in 1933phf..... Not saying you are wrong but that's not strong enough. Is there any other known addresses of DPR? This is because he split the 11K BTC into multiple transactions (one of 5KBTC and the other of 3K and 2K BTC). I'm pretty sure all the dest addresses for those transactions belong to the Tumbler service. The paths taken for each of the above 3 transactions can be different lengthwise. The script I wrote just followed 1 path (which was the shortest) which turned out to be the 2K BTC one (the path taken could have been any of the above transactions). Unless DPR knew who the receiver was beforehand, it would not be possible for his 2K BTC to end up as the first transaction to 1933phf. The 1933phf address looks like it was used for only storage (probably offline) seeing that there are no coins spent from that address. This way I could conclude that both the sender and the receiver is DPR himself.
|
If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
|
|
|
favdesu
Legendary
Offline
Activity: 1764
Merit: 1000
|
|
October 14, 2013, 04:32:44 PM |
|
bitcoinfog.com is the only deepnet service for this purpose (at least to my knowledge). maybe he used them, if he didn't mix it himself
|
|
|
|
jl2012
Legendary
Offline
Activity: 1792
Merit: 1111
|
|
October 14, 2013, 04:37:39 PM |
|
bitcoinfog.com is the only deepnet service for this purpose (at least to my knowledge). maybe he used them, if he didn't mix it himself
This was not even existed in 2011
|
Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY) LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC) PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
|
|
|
RodeoX
Legendary
Offline
Activity: 3066
Merit: 1147
The revolution will be monetized!
|
|
October 14, 2013, 04:39:07 PM |
|
Wow dude, nice work.
|
|
|
|
hivewallet
|
|
October 14, 2013, 05:45:48 PM |
|
So, yet another mistake on DPR's part. For certain the highest-denominated wallet was going to receive this kind of scrutiny eventually.
|
|
|
|
waqas
|
|
October 14, 2013, 05:58:55 PM |
|
very good work done by you its apperciated good luck
|
|
|
|
trout
|
|
October 14, 2013, 06:33:40 PM |
|
there was a while ago an address with >500k BTC that was linked to SR: people just put money on SR and they ended at that 500k address. There was a lot of discussion about that address which was perhaps the reason that the owner split it into several - but still rather large - addresses, one of which is the still notorious 1933ph
so yeah. It's most probably him.
|
|
|
|
LouReed
|
|
October 14, 2013, 06:54:05 PM |
|
This was actually already addressed in this thread: https://bitcointalk.org/index.php?topic=94675.640The address (1933phf...) is clearly tied to SR. If you follow some of the addresses that feed into that one, they are linked to the "Seized Coins" wallet. There is not 600,000 coins either btw. That is the total amount of coins the FBI has said SR generated in commission since it was up and running. When you figure that for almost 2 years of SR's life, BTC's were valued at under $20, and he was paying his staff between $1,000-$2,000/week, and was paying for the servers and whatever else was involved in keeping SR secure, there's likely no where near 600,000 coins left. My guess is that the wallet in question was DPR's retirement fund. I know they said they have been unable to decrypt his large wallet, but I would be willing to bet that it is more likely that they cannot decrypt a file, or partition that they believe contains the secret keys to any other wallets he may have.
|
|
|
|
TippingPoint
Legendary
Offline
Activity: 905
Merit: 1000
|
|
October 14, 2013, 06:56:58 PM |
|
<snip> I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalk.org/index.php?topic=6460.msg94424#msg94424Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail. <snip> Nice work. Properly promoted, this account balance could be an incentive for thousands (or millions) of new Bitcoin users. Download a wallet and spin the wheel as many times as you want for a chance to win. Make lemonade. https://en.wikipedia.org/wiki/When_life_gives_you_lemons,_make_lemonade
|
|
|
|
assortmentofsorts (OP)
Member
Offline
Activity: 91
Merit: 10
|
|
October 14, 2013, 07:06:11 PM |
|
Nice to see others have also come to same conclusion. I'll try running my script against 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM tomorrow and see if I can come up with something Too sleepy to do this now... but was good fun! I know they said they have been unable to decrypt his large wallet, but I would be willing to bet that it is more likely that they cannot decrypt a file, or partition that they believe contains the secret keys to any other wallets he may have.
Or they could just get it out of him. Easier and faster.
|
If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
|
|
|
|
assortmentofsorts (OP)
Member
Offline
Activity: 91
Merit: 10
|
|
October 18, 2013, 01:56:02 PM |
|
Can you please share those addresses with us here? I don't know which addresses you are talking about.
|
If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
|
|
|
BitTrade
|
|
October 18, 2013, 02:03:22 PM |
|
Great job. You just saved Hank Schrader a TON of work.
|
|
|
|
|