Bitcoin Forum
December 05, 2024, 07:16:35 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 4 »  All
  Print  
Author Topic: Silk Road: Trail of 11,329.89BTC  (Read 35093 times)
assortmentofsorts (OP)
Member
**
Offline Offline

Activity: 91
Merit: 10



View Profile
October 14, 2013, 02:45:07 PM
 #1

So, I have been playing around with Neo4j lately and was wanting to experiment using a large dataset. The blockchain struck me as the best dataset for performing analysis. I was always intrigued by this address specifically : 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a which has around 111114.60025818 BTC with nothing spent. From the recent disclosures on Silk Road and about DPR having safely locked up 600000 BTC into an encrypted offline wallet, I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalk.org/index.php?topic=6460.msg94424#msg94424

Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail. I just used a shortest path algo to find the path that leads to the final destination. So here is the trail:

1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS (tx: afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892) ->
1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (tx: acb4608da3e06bb787682c7b2f5c4808b831301617cdf5986fd2693970c8040e) ->
12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (tx: fb059f1acfe0399ca2d5090ff9264dfe88b918230c01f09391eaefa83082f4fb) ->
1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (tx: f3b6040fd5c2f70d4be82e5a97b9fcad67a1ebdfa20af8c7915b82afdd8aa174) ->
1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (tx: 758b776dec1851a94a6c4ee1782aaf7210a59ae1e8c184d2b469d8039ff1773c) ->
15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (tx: 70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081) ->
1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

What do you guys think?

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
illpoet
Sr. Member
****
Offline Offline

Activity: 341
Merit: 250


View Profile
October 14, 2013, 03:04:30 PM
 #2

its pretty impressive that you found that. i also didn't know that dpr is thought to be username altoid.  I guess in theory he could have just used a random address in the thread but unlikely.  now if we could only figure out the private key...

Tym's Get Rich Slow scheme: plse send .00001 to
btc: 1DKRaNUnMQkeby6Dk1d8e6fRczSrTEhd8p ltc: LV4Udu7x9aLs28MoMCzsvVGKJbSmrHESnt
thank you.
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
October 14, 2013, 03:31:32 PM
 #3

So, I have been playing around with Neo4j lately and was wanting to experiment using a large dataset. The blockchain struck me as the best dataset for performing analysis. I was always intrigued by this address specifically : 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a which has around 111114.60025818 BTC with nothing spent. From the recent disclosures on Silk Road and about DPR having safely locked up 600000 BTC into an encrypted offline wallet, I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalk.org/index.php?topic=6460.msg94424#msg94424

Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail. I just used a shortest path algo to find the path that leads to the final destination. So here is the trail:

1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS (tx: afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892) ->
1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (tx: acb4608da3e06bb787682c7b2f5c4808b831301617cdf5986fd2693970c8040e) ->
12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (tx: fb059f1acfe0399ca2d5090ff9264dfe88b918230c01f09391eaefa83082f4fb) ->
1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (tx: f3b6040fd5c2f70d4be82e5a97b9fcad67a1ebdfa20af8c7915b82afdd8aa174) ->
1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (tx: 758b776dec1851a94a6c4ee1782aaf7210a59ae1e8c184d2b469d8039ff1773c) ->
15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (tx: 70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081) ->
1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

What do you guys think?


I found the same link too. The 1933ph..... could be DPR's address but I think the evidence is not strong enough. It's possible that he just spent 2000BTC with the tx afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892.

BTW, someone sent 2 x 1.73632986BTC to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a on 2013-10-09.

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
franky1
Legendary
*
Offline Offline

Activity: 4424
Merit: 4815



View Profile
October 14, 2013, 03:33:38 PM
 #4

its pretty impressive that you found that. i also didn't know that dpr is thought to be username altoid.  I guess in theory he could have just used a random address in the thread but unlikely.  now if we could only figure out the private key...

the SR arrest warrent of DPR mentions that altoid is DPR.. and thats how he was caught.. altoids email address was Ross Ulbricht@gmail

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
andrewboy44
Sr. Member
****
Offline Offline

Activity: 252
Merit: 250



View Profile
October 14, 2013, 03:44:09 PM
 #5

Very Impressive
assortmentofsorts (OP)
Member
**
Offline Offline

Activity: 91
Merit: 10



View Profile
October 14, 2013, 03:53:41 PM
 #6

I found the same link too. The 1933ph..... could be DPR's address but I think the evidence is not strong enough. It's possible that he just spent 2000BTC with the tx afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892.

BTW, someone sent 2 x 1.73632986BTC to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a on 2013-10-09.

You can verify that the first ever transaction to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a came from DPR's address: http://blockchain.info/tx/70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081

Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other addresses.

Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.

The script I wrote followed a path that had addresses with only 2-10 transactions.
So lets break in down:

DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS
Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions)
Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions)
Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler)
Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions)
Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output)
Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
October 14, 2013, 04:02:57 PM
 #7


Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other accounts.

Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.

The script I wrote followed a path that had addresses with only 2-10 transactions.
So lets break in down:

DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS
Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions)
Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions)
Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler)
Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions)
Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output)
Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.


The 1LDNL....... received 11,329.89 BTC, while only 2,000 BTC end up in 1933phf..... Not saying you are wrong but that's not strong enough.

Is there any other known addresses of DPR?

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
assortmentofsorts (OP)
Member
**
Offline Offline

Activity: 91
Merit: 10



View Profile
October 14, 2013, 04:15:05 PM
 #8


Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other accounts.

Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.

The script I wrote followed a path that had addresses with only 2-10 transactions.
So lets break in down:

DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS
Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions)
Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions)
Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler)
Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions)
Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output)
Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.


The 1LDNL....... received 11,329.89 BTC, while only 2,000 BTC end up in 1933phf..... Not saying you are wrong but that's not strong enough.

Is there any other known addresses of DPR?

This is because he split the 11K BTC into multiple transactions (one of 5KBTC and the other of 3K and 2K BTC). I'm pretty sure all the dest addresses for those transactions belong to the Tumbler service. The paths taken for each of the above 3 transactions can be different lengthwise. The script I wrote just followed 1 path (which was the shortest) which turned out to be the 2K BTC one (the path taken could have been any of the above transactions).

Unless DPR knew who the receiver was beforehand, it would not be possible for his 2K BTC to end up as the first transaction to 1933phf. The 1933phf address looks like it was used for only storage (probably offline) seeing that there are no coins spent from that address. This way I could conclude that both the sender and the receiver is DPR himself.

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
favdesu
Legendary
*
Offline Offline

Activity: 1764
Merit: 1000



View Profile WWW
October 14, 2013, 04:32:44 PM
 #9

bitcoinfog.com is the only deepnet service for this purpose (at least to my knowledge). maybe he used them, if he didn't mix it himself

jl2012
Legendary
*
Offline Offline

Activity: 1792
Merit: 1111


View Profile
October 14, 2013, 04:37:39 PM
 #10

bitcoinfog.com is the only deepnet service for this purpose (at least to my knowledge). maybe he used them, if he didn't mix it himself

This was not even existed in 2011

Donation address: 374iXxS4BuqFHsEwwxUuH3nvJ69Y7Hqur3 (Bitcoin ONLY)
LRDGENPLYrcTRssGoZrsCT1hngaH3BVkM4 (LTC)
PGP: D3CC 1772 8600 5BB8 FF67 3294 C524 2A1A B393 6517
RodeoX
Legendary
*
Offline Offline

Activity: 3066
Merit: 1147


The revolution will be monetized!


View Profile
October 14, 2013, 04:39:07 PM
 #11

Wow dude, nice work.  Smiley

The gospel according to Satoshi - https://bitcoin.org/bitcoin.pdf
Free bitcoin in ? - Stay tuned for this years Bitcoin hunt!
hivewallet
Sr. Member
****
Offline Offline

Activity: 378
Merit: 325


hivewallet.com


View Profile WWW
October 14, 2013, 05:45:48 PM
 #12

So, yet another mistake on DPR's part. For certain the highest-denominated wallet was going to receive this kind of scrutiny eventually.

Hive, a beautiful, secure wallet with an app platform for Mac OS X, Android and Mobile Web. Translators wanted! iOS and OS X devs see BitcoinKit.
Tweets @hivewallet. Skype us here. Donations appreciated at 1HLRg9C1GsfEVH555hgcjzDeas14jen2Cn
waqas
Sr. Member
****
Offline Offline

Activity: 378
Merit: 250



View Profile
October 14, 2013, 05:58:55 PM
 #13

very good work done by you its apperciated good luck  Smiley

trout
Sr. Member
****
Offline Offline

Activity: 333
Merit: 252


View Profile
October 14, 2013, 06:33:40 PM
 #14

there was a while ago an address with >500k BTC that was linked
to SR: people just put money on SR and they ended at that 500k address.
There was a lot of discussion about that address which was perhaps
the reason that the owner split it into several - but still rather  large - addresses,
one of which is the still notorious 1933ph

so yeah. It's most probably him.
LouReed
Hero Member
*****
Offline Offline

Activity: 732
Merit: 500


Nosce te Ipsum


View Profile
October 14, 2013, 06:54:05 PM
 #15

This was actually already addressed in this thread:

https://bitcointalk.org/index.php?topic=94675.640

The address (1933phf...) is clearly tied to SR. If you follow some of the addresses that feed into that one, they are linked to the "Seized Coins" wallet.

There is not 600,000 coins either btw. That is the total amount of coins the FBI has said SR generated in commission since it was up and running. When you figure that for almost 2 years of SR's life, BTC's were valued at under $20, and he was paying his staff between $1,000-$2,000/week, and was paying for the servers and whatever else was involved in keeping SR secure, there's likely no where near 600,000 coins left. My guess is that the wallet in question was DPR's retirement fund.

I know they said they have been unable to decrypt his large wallet, but I would be willing to bet that it is more likely that they cannot decrypt a file, or partition that they believe contains the secret keys to any other wallets he may have.
TippingPoint
Legendary
*
Offline Offline

Activity: 905
Merit: 1000



View Profile
October 14, 2013, 06:56:58 PM
 #16

<snip>
I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalk.org/index.php?topic=6460.msg94424#msg94424

Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail.

<snip>


Nice work.

Properly promoted, this account balance could be an incentive for thousands (or millions) of new Bitcoin users.

Download a wallet and spin the wheel as many times as you want for a chance to win.

Make lemonade.
https://en.wikipedia.org/wiki/When_life_gives_you_lemons,_make_lemonade

assortmentofsorts (OP)
Member
**
Offline Offline

Activity: 91
Merit: 10



View Profile
October 14, 2013, 07:06:11 PM
 #17

This was actually already addressed in this thread:

https://bitcointalk.org/index.php?topic=94675.640


Nice to see others have also come to same conclusion. I'll try running my script against 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM tomorrow and see if I can come up with something Wink Too sleepy to do this now... but was good fun!

Quote
I know they said they have been unable to decrypt his large wallet, but I would be willing to bet that it is more likely that they cannot decrypt a file, or partition that they believe contains the secret keys to any other wallets he may have.

Or they could just get it out of him. Easier and faster.

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
BCB
CTG
VIP
Legendary
*
Offline Offline

Activity: 1078
Merit: 1002


BCJ


View Profile
October 18, 2013, 12:10:38 PM
 #18

https://bitcointalk.org/index.php?topic=94675.msg3361705#msg3361705

Also has anyone made any connection between these SR Addresses and BCTST Addewssws?
assortmentofsorts (OP)
Member
**
Offline Offline

Activity: 91
Merit: 10



View Profile
October 18, 2013, 01:56:02 PM
 #19

https://bitcointalk.org/index.php?topic=94675.msg3361705#msg3361705

Also has anyone made any connection between these SR Addresses and BCTST Addewssws?

Can you please share those addresses with us here? I don't know which addresses you are talking about.

If you want to tip: BTC 1KbjTUEfcziwMv7BMXcjmvNAKEpTJbZCsF
BitTrade
Full Member
***
Offline Offline

Activity: 173
Merit: 100



View Profile
October 18, 2013, 02:03:22 PM
 #20

Great job.  You just saved Hank Schrader a TON of work. 

Pages: [1] 2 3 4 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!