You'll be able to buy bitcoins and some ATMs will allow you to sell them, too, using cash or a debit card. But you may need a Bitcoin wallet to. Sell Bitcoin (BTC) swiftly and securely with Thailand's fastest growing digital assets investment platform. Sign up to trade with zero fees. Selling Bitcoin (BTC) can be similar to buying Bitcoin, except in a somewhat reversed process. To sell BTC, you must first have BTC on hand in your wallet. BITCOIN BLOCKCHAIN TECHNOLOGY
CRYPTO SPACE FUN
The Bitcoin Core software is open-source, meaning that anyone can contribute to it. You can also report bugs, or translate and improve the documentation. Changes to the software go through a rigorous reviewing process. After all, software that handles hundreds of billions of dollars in value must be free of any vulnerabilities. What Is Bitcoin? Table of Contents.
Tech Essentials Blockchain Bitcoin Mining. Home Articles What Is Bitcoin? Bitcoin is a digital form of cash. Instead, the financial system in Bitcoin is run by thousands of computers distributed around the world. Anyone can participate in the ecosystem by downloading open-source software.
Bitcoin was the first cryptocurrency , announced in and launched in It provides users with the ability to send and receive digital money bitcoins, with a lower-case b , or BTC. People use Bitcoin for a number of reasons. Many appreciate it for its permissionless nature — anyone with an Internet connection can send and receive it.
Bitcoin has been nicknamed digital gold , due to a finite supply of coins available. Some investors view Bitcoin as a store of value. Holders believe that these traits — combined with global availability and high liquidity — make it an ideal medium for storing wealth in for long periods. In order to add new information, the Bitcoin blockchain uses a special mechanism called mining.
It is through this process that new blocks of transactions are recorded in the blockchain. The blockchain is a ledger that is append-only : that is to say, data can only be added to it. Once information is added, it is extremely difficult to modify or delete it. The blockchain enforces this by including a pointer to the previous block in every subsequent block.
The pointer is actually a hash of the previous block. If the input is modified even slightly, the fingerprint will look completely different. Since we chain the blocks along, there is no way for someone to edit an old entry without invalidating the blocks that follow. Such a structure is one of the components making the blockchain secure.
For more information on blockchains, see What is Blockchain Technology? The Ultimate Guide. Nobody knows! Satoshi could be one person or a group of developers anywhere in the world. Satoshi published the Bitcoin white paper as well as the software. However, the mysterious creator disappeared in See also: History of Blockchain.
DigiCash was a company founded by cryptographer and computer scientist David Chaum in the late s. It was introduced as a privacy-oriented solution for online transactions, based on a paper authored by Chaum explained here. B-money was initially described in a proposal by computer engineer Wei Dai, published in the s.
B-money proposed a Proof of Work system used in Bitcoin mining and the use of a distributed database where users sign transactions. A second version of b-money also described an idea similar to staking , which is used in other cryptocurrencies today. Such is the resemblance between Bit Gold and Bitcoin that some believe that its creator, computer scientist Nick Szabo, is Satoshi Nakamoto.
At its core, Bit Gold consists of a ledger that records strings of data originating from a Proof of Work operation. Bitcoin has a finite supply, but not all units are in circulation yet. The only way to create new coins is through a process called mining — the special mechanism for adding data to the blockchain.
This is due to periodic events known as halvings , which gradually reduce the mining reward. By mining, participants add blocks to the blockchain. To do so, they must dedicate computing power to solving a cryptographic puzzle. As an incentive, there is a reward available to whoever proposes a valid block.
The reward — often labeled the block reward — is made up of two components: fees attached to the transactions and the block subsidy. With every block mined, it adds a set amount of coins to the total supply. You can also buy and sell Bitcoin on peer-to-peer markets. This allows you to purchase coins from other users directly from the Binance mobile app.
You can buy gift cards for hundreds of services and top up your phone with Bitcoin and other cryptocurrencies here. Heatmap of retailers which accept cryptocurrency as payment. Some prefer to store them on exchanges , while others take custody with a variety of wallets. You can make money with Bitcoin, but you can also lose money with it.
Typically, long-term investors buy and hold Bitcoin believing it will rise in price in the future. Others choose to actively trade Bitcoin against other cryptocurrencies to make short- to mid-term profits. Some investors adopt hybridized strategies. They hold bitcoins as a long-term investment while simultaneously trading some in a separate portfolio in the short-term. Lending is an increasingly popular form of passive income.
By lending your coins to someone else, you can generate interest that they will pay out at a later date. Platforms like Binance Lending allow you to do this with Bitcoin and other cryptocurrencies. A hot wallet is software that connects in some way to the Internet. Generally, it will take the form of a mobile or desktop application that allows you to easily send and receive coins. An easy to use example of a mobile wallet with a lot of supported coins is Trust Wallet.
For a more in-depth breakdown of wallet types, be sure to check out Crypto Wallet Types Explained. You might notice a certain pattern here. Give or take a handful of months, a new halving seems to occur every four years. Instead, it goes by block height — every , blocks, a halving occurs. In the above chart, we can see the decrease in the block subsidy over time and its relationship with the total supply.
At first, it may seem that the rewards have dropped to zero and that the max supply is already in circulation. But this is not the case. The curves trend incredibly close, but we expect the subsidy to reach zero around the year Having a finite supply means that the currency is not prone to debasement in the long run. It stands in stark contrast to fiat money , which loses purchasing power over time as new units enter into circulation. If Bitcoin continues to rely on a Proof of Work algorithm , fees would need to rise to keep mining profitable.
This scenario is entirely possible, as blocks can only hold so many transactions. If there are a lot of pending transactions, those with higher fees will be included first. Others disagree with this logic, arguing that the market has already factored the halving in see Efficient Market Hypothesis.
Another point often made is that the industry was extremely underdeveloped during the first two halvings. Nowadays, it has a higher profile, offers sophisticated trading tools, and is more accommodating to a broader investor pool. The next halving is expected to take place in , when the reward will drop to 3. Not really. The Bitcoin blockchain is public and anyone can see the transactions. Bitcoin addresses are viewable to everybody, but the names of their owners are not. Unfortunately, Bitcoin is used in many scams that you should be aware of.
These might include phishing and other social engineering schemes, such as fake giveaways and airdrops. Never give your private keys or seed phrase to anyone, and be cautious of schemes that offer to multiply your money with little risk on your behalf. If you send your coins to a scammer or to a fake giveaway, they will be lost forever. Throughout the many parabolic rises in Bitcoin price, it was common to see people referring to it as a speculative bubble. Many economists have compared Bitcoin to periods like the Tulip Mania or the dot-com boom.
In other words, Bitcoin can be a volatile asset at times. But volatility is part of the financial markets, especially ones with relatively lower volume and liquidity. Instead, it uses digital signatures and hash functions. Miners seek to make a return on their investment into hardware and electricity, so they prioritize transactions with higher fees. Based on the average number of transactions per block, Bitcoin can manage approximately five transactions per second at the moment. The Lightning Network is a proposed scalability solution for Bitcoin.
We call it a layer two solution because it moves transactions away from the blockchain. For a more detailed explainer on the scalability issue and its potential solutions, take a look at Blockchain Scalability — Sidechains and Payment Channels. A soft fork is a change to the rules that allows updated nodes to interact with old ones.
Suppose that we have a block size of 2MB and that half of the network implements a change — from now on, all blocks must not exceed 1MB. They would reject anything bigger. Using a clever technique, it introduced a new format for blocks and transactions. A hard fork is messier. Suppose now that half of the network wants to increase the block size from 2MB to 3MB.
If you try to send a 3MB block to older nodes, the nodes reject it as the rules clearly state that 2MB is the maximum they can accept. Because the two networks are no longer compatible, the blockchain splits into two. To learn more about forks, see Hard Forks and Soft Forks. A full node validates transactions and blocks if they meet certain requirements i.
Most full nodes run the Bitcoin Core software, which is the reference implementation of the Bitcoin protocol. Bitcoin Core was the program released by Satoshi Nakamoto in — it was simply named Bitcoin at the time, but was later renamed to avoid any confusion. If a full node stores a full copy of the blockchain, it is referred to as a full archival node. Some users discard older blocks, though, in order to save space — the Bitcoin blockchain contains over GB of transaction data.
Where a full node downloads all blocks to validate them, light nodes only download a portion of each block called a block header. Though the block header is tiny in size, it contains information that allows users to check that their transactions are in a specific block. For a breakdown of the different kinds of nodes, see What are Nodes? From there, the Running a Full Node guide on bitcoin. Transitioning through various kinds of hardware, the mining industry eventually entered what we might call the Application-Specific Integrated Circuits ASICs era.
As the name might suggest, these devices are built with a specific purpose in mind. So, a mining ASIC is a specialized computer that is used for mining and nothing else. You can also choose to solo mine , where you work alone.
How quickly you can mine a coin depends on the amount of electricity and hash rate available to you. What Is Symmetric Key Cryptography? Apr 8, 5m. Sybil Attacks Explained. Dec 7, 2m. What Is a Limit Order? Oh, and a final thing: When I tried to buy lunch after all this, my card got declined. My bank had blocked the card after the initial purchase. Check out: Personal Finance Insider's picks for best cryptocurrency exchanges.
Keep reading. US Markets Loading H M S In the news. Chris Weller. This is what the Coinbase app looks like on an iPhone. When you first open the app, you're presented with the latest price of bitcoin and its change within a certain period. You can see in the chart below how wild the latest moves have been. We bought the bitcoin in January I happen to be one of the many who have never traded bitcoin before. There's a certain level of wariness in buying into the cryptocurrency world.
However, Coinbase's interface makes it simple to enter the basic personal information it needs to create your account. User-friendliness quickly hit a snag. When I put in my address, the app didn't recognize I had already selected it from the autofill menu.
I couldn't proceed unless I switched to the desktop app. So switch I did. From the desktop portal I could easily enter more identifying info. The final step before entering my financial information was two-step verification for security, which Coinbase quickly sent to my phone.
I decided to give the app another try and opted to use my debit card to buy the bitcoin. Entering all my information was just as straightforward as everything else. The problem was that I couldn't exit this screen. Neither the "buy" nor "not now" option registered. I had to press the X and start all over.
Ultimately, and frustratingly, it was back to the desktop. So far, the actual process of buying bitcoin was simple — the app itself was my only nemesis. No looking back! Until I sell, of course. It appeared the price was falling pretty fast the morning I decided to buy.
Anyone selling bitcoin bitcoin trading stock exchangeBITCOIN BREAKDOWN: SELLING $1.2 MLN CAR FOR BTC!!!
Are crypto linguist-analyst navy have hit
BEST CRYPTOCURRENCY TRADING APP MULTIPLE EXCHANGES
Addresses are cryptographic information, essentially random numbers. On their own they do not reveal much about the real owner of any bitcoins on them. Usually an adversary will try to link together multiple addresses which they believe belong to the same wallet. Such address collections are called "clusters", "closures" or "wallet clusters", and the activity of creating them is called "wallet clustering".
Once the clusters are obtained the adversary can try to link them real-world identities of entities it wants to spy on. For example, it may find wallet cluster A belonging to Alice and another wallet cluster B belonging to Bob. If a bitcoin transaction is seen paying from cluster A to cluster B then the adversary knows that Alice has sent coins to Bob.
It can be very difficult to fine-tune heuristics for wallet clustering that lead to obtaining actually correct information . This is a heuristic or assumption which says that if a transaction has more than one input then all those inputs are owned by the same entity. This transaction would be an indication that addresses B and C are owned by the same person who owns address A.
One of the purposes of CoinJoin is to break this heuristic. Nonetheless this heuristic is very commonly true and it is widely used by transaction surveillance companies and other adversaries as of The heuristic is usually combined with address reuse reasoning, which along with the somewhat-centralized bitcoin economy as of is why this heuristic can be unreasonably effective . The heuristic's success also depends on the wallet behaviour: for example, if a wallet usually receives small amounts and sends large amounts then it will create many multi-input transactions.
Many bitcoin transactions have change outputs. It would be a serious privacy leak if the change address can be somehow found, as it would link the ownership of the now spent inputs with a new output. Change outputs can be very effective when combined with other privacy leaks like the common-input-ownership heuristic or address reuse. Change address detection allows the adversary to cluster together newly created address, which the common-input-ownership heuristic and address reuse allows past addresses to be clustered.
Change addresses lead to a common usage pattern called the peeling chain. It is seen after a large transactions from exchanges, marketplaces, mining pools and salary payments. In a peeling chain, a single address begins with a relatively large amount of bitcoins. A smaller amount is then peeled off this larger amount, creating a transaction in which a small amount is transferred to one address, and the remainder is transferred to a one-time change address.
This process is repeated - potentially for hundreds or thousands of hops - until the larger amount is pared down, at which point in one usage the amount remaining in the address might be aggregated with other such addresses to again yield a large amount in a single address, and the peeling process begins again . Now are listed possible ways to infer which of the outputs of a transaction is the change output:. If an output address has been reused it is very likely to be a payment output, not a change output.
This is because change addresses are created automatically by wallet software but payment addresses are manually sent between humans. The address reuse would happen because the human user reused an address out of ignorance or apathy. This heuristic is probably the most accurate, as it is very hard to imagine how false positives would arise except by intentional design of wallets.
This heuristic is also called the "shadow heuristic". Some very old software from the era which did not have Deterministic wallets did not use a new address change but sent the change back to the input address. This reveals the change address exactly.
Avoiding address reuse is an obvious remedy. Another idea is that those wallets could automatically detect when a payment address has been used before perhaps by asking the user and then use a reused address as their change address; so both outputs would be reused addresses. Also, most reused addresses are mentioned on the internet, forums, social networks like Facebook, Reddit, Stackoverflow It's like a little bit de-anonymization of pseudo-anonymized blockchain.
A careful analyst sometimes deduce which software created a certain transaction , because the many different wallet softwares don't always create transactions in exactly the same way. Wallet fingerprinting can be used to detect change outputs because a change output is the one spent with the same wallet fingerprint. As an example, consider five typical transactions that consume one input each and produce two outputs. A, B, C, D, E refer to transactions.
A1, A2, etc refer to output addresses of those transactions. If wallet fingerprinting finds that transactions A, B, D and E are created by the same wallet software, and the other transactions are created by other software, then the change addresses become obvious. The same transactions with non-matching addresses replaced by X is shown. The peel chain is visible, it's clear that B2, D2, E1 are change addresses which belong to the same wallet as A1.
If multiple users are using the same wallet software, then wallet fingerprinting cannot detect the change address. It is also possible that a single user owns two different wallets which use different software for example a hot wallet and cold wallet and then transactions between different softwares would not indicate a change of ownership.
Wallet fingerprinting on its own is never decisive evidence, but as with all other privacy leaks it works best with data fusion when multiple privacy leaks are combined. Many payment amounts are round numbers, for example 1 BTC or 0. The leftover change amount would then be a non-round number e.
This potentially useful for finding the change address. The amount may be a round number in another currency. The amount 2. BIP defines a mechanism for replacing an unconfirmed transaction with another transaction that pays a higher fee. In the context of the market for block space , a user may find their transaction isn't confirming fast enough so they opt to "fee bump" or pay a higher miner fee.
However generally the new higher miner fee will happen by reducing the change amount. So if an adversary is observing all unconfirmed transactions they could see both the earlier low-fee transaction and later high-fee transaction, and the output with the reduced amount would be the change output. This could be mitigated by some of the time reducing the amount of both outputs, reducing the payment amount instead of change in a receiver-pays-for-fee model , or replacing both addresses in each RBF transaction this would require obtaining multiple payment addresses from the receiver.
Also called the "optimal change heuristic". Consider this bitcoin transaction. Assuming one of the outputs is change and the other output is the payment. But if the 1 BTC output is the payment amount then the 3 BTC input is unnecessary, as the wallet could have spent only the 2 BTC input and paid lower miner fees for doing so. This is an issue for transactions which have more than one input.
One way to fix this leak is to add more inputs until the change output is higher than any input, for example:. Now both interpretations imply that some inputs are unnecessary. Unfortunately this costs more in miner fees and can only be done if the wallet actually owns other UTXOs.
Some wallets have a coin selection algorithm which violates this heuristic. An example might be because the wallets want to consolidate inputs in times of cheap miner fees. So this heuristic is not decisive evidence. Sending funds to a different script type than the one you're spending from makes it easier to tell which output is the change. For example, for a transaction with 1 input spending a p2pkh coin and creating 2 outputs, one of p2pkh and one of p2sh, it is very likely that the p2pkh output is the change while the p2sh one is the payment.
This is also possible if the inputs are of mixed types created by wallets supporting multiple script types for backwards compatibility. If one of the output script types is known to be used by the wallet because the same script type is spent by at least one of the inputs while the other is not, the other one is likely to be the payment.
This has the most effect on early adopters of new wallet technology, like p2sh or segwit. The more rare it is to pay to people using the same script type as you do, the more you leak the identity of your change output. This will improve over time as the new technology gains wider adoption. Some wallet software handles change in a very un-private way.
For example certain old wallets would always put the change output in last place in the transaction. Equal-output- CoinJoin transactions trivially reveal the change address because it is the outputs which are not equal-valued.
For example consider this equal-output-coinjoin:. There is a very strong indication that output D is change belongs to the owner of input Y, while output C is change belonging to input X. However, CoinJoin breaks the common-input-ownership heuristic and effectively hides the ownership of payment outputs A and B , so the tradeoffs are still heavily in favour of using coinjoin.
Wallet clusters created by using the common-input-ownership heuristic usually grow in number of addresses slowly and incrementally . Two large clusters merging is rare and may indicate that the heuristics are flawed. So another way to deduce the change address is to find which output causes the clusters to grow only slowly. The exact value for "how slowly" a cluster is allowed to grow is an open question. As described in the introduction, addresses are connected together by transactions on the block chain.
The mathematical concept of a graph can be used to describe the structure where addresses are connected with transactions. Addresses are vertices while transactions are edges in this transaction graph. This is called a heuristic because transactions on the block chain do not necessarily correspond to real economic transactions. For example the transaction may represent someone sending bitcoins to themselves.
Also, real economic transactions may not appear on the block chain but be off-chain ; either via a custodial entity like an exchange, or non-custodial off-chain like Lightning Network. Taint analysis is a technique sometimes used to study the flow of bitcoins and extract privacy-relevant information. If an address A is connected to privacy-relevant information such as a real name and it makes a transaction sending coins to address B, then address B is said to be tainted with coins from address A.
In this way taint is spread by "touching" via transactions . It is unclear how useful taint analysis is for spying, as it does not take into account transfer of ownership. For example an owner of tainted coins may donate some of them to some charity, the donated coins could be said to be tainted yet the charity does not care and could not give any information about the source of those coins.
Taint analysis may only be useful for breaking schemes where someone tries to hide the origin of coins by sending dozens of fake transactions to themselves many times. Blockchain transactions contain amount information of the transaction inputs and outputs, as well as an implicit amount of the miner fee. This is visible to all.
Often the payment amount of a transaction is a round number, possibly when converted to another currency. An analysis of round numbers in bitcoin transactions has been used to measure the countries or regions where payment have happened . A mismatch in the sizes of available input vs what is required can result in a privacy leak of the total wealth of the sender. For example, when intending to send 1 bitcoins to somebody a user may only have an input worth 10 bitcoins.
They create a transaction with 1 bitcoin going to the recipient and 9 bitcoins going to a change address. The recipient can look at the transaction on the blockchain and deduce that the sender owned at least 10 bitcoins. It may well be higher of course, but it's at least not lower . Payments that send exact amounts and take no change are a likely indication that the bitcoins didn't move hands.
This usually means that the user used the "send maximum amount" wallet feature to transfer funds to her new wallet, to an exchange account, to fund a lightning channel, or other similar cases where the bitcoins remain under the same ownership. Other possible reasons for sending exact amounts with no change is that the coin-selection algorithm was smart and lucky enough to find a suitable set of inputs for the intended payment amount that didn't require change or required a change amount that is negligible enough to waive , or advanced users using manual coin selection to explicitly avoid change.
Payment batching is a technique to reduce the miner fee of a payment. It works by batching up several payments into one block chain transaction. It is typically used by exchanges, casinos and other high-volume spenders. The privacy implication comes in that recipients can see the amount and address of recipients .
When you receive your withdrawal from Kraken, you can look up your transaction on a block chain explorer and see the addresses of everyone else who received a payment in the same transaction. If Kraken made each of those payments separately, they might still be connected together through the change outputs and perhaps also by certain other identifying characteristics that block chain analysis companies and private individuals use to fingerprint particular spenders.
Most but not all bitcoin scripts are single-signature. Other scripts are possible with the most common being multisignature. A script which is particularly unusual can leak information simply by being so unique. A mystery shopper payment is when an adversary pays bitcoin to a target in order to obtain privacy-relevant information. It will work even if address reuse is avoided.
For example, if the target is an online merchant then the adversary could buy a small item. On the payment interface they would be shown one of the merchant's bitcoin addresses. The adversary now knows that this address belongs to the merchant and by watching the blockchain for later transactions other information would be revealed, which when combined with other techniques could reveal a lot of data about the merchant.
The common-input-ownership heuristic and change address detection could reveal other addresses belonging to the merchant assuming countermeasures like CoinJoin are not used and could give a lower-bound for the sales volume. This works because anybody on the entire internet can request one of the merchant's addresses. Forced address reuse is when an adversary pays an often small amount of bitcoin to addresses that have already been used on the block chain.
The adversary hopes that users or their wallet software will use these forced payments as inputs to a larger transaction which will reveal other addresses via the the common-input-ownership heuristic and thereby leak more privacy-relevant information. These payments can be understood as a way to coerce the address owner into unintentional address reuse  .
This attack is sometimes incorrectly called a dust attack . If the forced-payment coins have landed on already-used empty addresses, then the correct behaviour by wallets is to not spend those coins ever. If the coins have landed on addresses which are not empty, then the correct behaviour by wallets is to fully-spend all the coins on that address in the same transaction.
Amounts correlation refers to searching the entire block chain for output amounts. For example, say we're using any black box privacy technology that breaks the transaction graph. The privacy tech is used to mix V amount of bitcoins, and it returns V bitcoins minus fees back to the user.
Amount correlation could be used to unmix this tech by searching the blockchain for transactions with an output amount close to V. A way to resist amount correlation is to split up the sending of bitcoins back to user into many transactions with output amounts w0, w1, w2 which together add up to V minus fees.
Another way of using amount correlation is to use it to find a starting point. For example, if Bob wants to spy on Alice. Even if multiple matches are found it still gives Bob a good idea of which bitcoin addresses belong to Alice. Timing correlation refers to using the time information of transactions on the blockchain.
Similar to amount correlation, if an adversary somehow finds out the time that an interesting transaction happened they can search the blockchain in that time period to narrow down their candidates. Bitcoin nodes communicate with each other via a peer-to-peer network to transmit transactions and blocks. Nodes relay these packets to all their connections, which has good privacy properties because a connected node doesn't know whether the transmitted data originated from its peer or whether the peer was merely relaying it.
An adversary able to snoop on your internet connection such as your government, ISP, Wifi provider or VPN provider can see data sent and received by your node. This would reveal that you are a bitcoin user. Even if a connection is encrypted the adversary could still see the timings and sizes of data packets. A block being mined results in a largely synchronized burst of identically-sized traffic for every bitcoin node, because of this bitcoin nodes are very vulnerable to traffic analysis revealing the fact that bitcoin is being used.
If the adversary sees a transaction or block coming out of your node which did not previously enter, then it can know with near-certainty that the transaction was made by you or the block was mined by you. As internet connections are involved, the adversary will be able to link the IP address with the discovered bitcoin information. A certain kind of sybil attack can be used to discover the source of a transaction or block without the adversary entirely controlling the victims internet connection.
It works by the adversary creating many of their own fake nodes on different IP addresses which aggressively announce themselves in an effort to attract more nodes to connect to them, they also try to connect to as many other listening nodes as they can. This high connectivity help the adversary to locate the source newly-broadcasted transactions and blocks by tracking them as they propagate through the network.
Some wallets periodically rebroadcast their unconfirmed transactions so that they are more likely to propagate widely through the network and be mined. Some wallets are not full nodes but are lightweight nodes which function in a different way.
They generally have far worse privacy properties, but how badly depends on the details of each wallet. Some lightweight wallets can be connected only to your own full node , and if that is done then their privacy with respect to traffic analysis will be improved to the level of a full node.
Some bitcoin wallets are just front-ends that connects to a back-end server run by some company. This kind of wallet has no privacy at all, the operating company can see all the user's addresses and all their transactions, most of the time they'll see the user's IP address too. Users should not use web wallets. Main article: Browser-based wallet.
All bitcoin wallets must somehow obtain information about their balance and history, which may leak information about which addresses and transactions belong to them. Blockchain explorer websites are commonly used. Some users even search for their transaction on those websites and refresh it until it reaches 3 confirmations. This is very bad for privacy as the website can easily link the user's IP address to their bitcoin transaction unless tor is used , and the queries to their website reveal that the transaction or address is of interest to somebody who has certain behavioural patterns.
To get information about your transactions it is much better to use your wallet software, not some website. Many lightweight wallets use the BIP37 standard, which has serious design flaws leading to privacy leaks. Any wallet that uses BIP37 provides no privacy at all and is equivalent to sending all the wallets addresses to a random server. That server can easily spy on the wallet. Lessons from the failure of BIP37 can be useful when designing and understanding other privacy solutions, especially with the point about data fusion of combining BIP37 bloom filter leaks with blockchain transaction information leaks.
Main article: BIP37 privacy problems. Electrum is a popular software wallet which works by connecting to special purpose servers. These servers receive hashes of the bitcoin addresses in the wallet and reply with transaction information. The Electrum wallet is fast and low-resource but by default it connects to these servers which can easily spy on the user.
Some other software aside from Electrum uses the public Electrum servers. As of it is a faster and better alternative for lightweight wallets than BIP Servers only learn the hashes of addresses rather than addresses themselves, in practice they only know the actual address and associated transactions if it's been used on the blockchain at least once. It is not very difficult to run your own Electrum server and point your wallet to use only it.
This restores Electrum to have the same privacy and security properties as a full node where nobody else can see which addresses or transactions the wallet is interested in. Then Electrum becomes a full node wallet. A simple but effective privacy leak. Alice gives Bob one of her addresses to receive a payment, but the communication has been eavesdropped by Eve who saw the address and now knows it belongs to Alice.
The solution is to encrypt addresses where appropriate or use another way of somehow hiding them from an adversary as per the threat model. Sometimes the eavesdropping can be very trivial, for example some forum users publish a bitcoin donation address on their website, forum signature, profile, twitter page, etc where it can be picked up by search engines. In the example of the non-anonymous Chinese newspaper buyer from the introduction, his address being publicly visible on his forum signature was a crucial part of his deanonymization.
The solution here is to show each potential donator a new address, for example by setting up a web server to hand out unique addresses to each visitor. Sometimes users may voluntarily reveal data about themselves, or be required to by the entity they interact with. All this information is then linked with the bitcoin addresses and transactions that are later used.
When buying goods online with bitcoin a delivery mail address is needed. This links the bitcoin transaction with the delivery address. The same applies to the user's IP address unless privacy technology like Tor is used. Wallet software usually stores information it needs to operate on the disk of the computer it runs on.
If an adversary has access to that disk it can extract bitcoin addresses and transactions which are known to be linked with the owner of that disk. The same disk might contain other personal information such as a scan of an ID card. Digital forensics is one reason why all good wallet software encrypts wallet files, although that can be beaten if a weak encryption password is used. For example if you have a bitcoin wallet installed on your PC and give the computer to a repair shop to fix, then the repair shop operator could find the wallet file and records of all your transactions.
Other examples might be if an old hard disk is thrown away. Other software installed on the same computer such as malware can also read from disk or RAM to spy on the bitcoin transactions made by the user. For privacy don't leave data on your computer available to others. Exactly how depends on your threat model. Encryption and physical protection are options, as is using special operating systems like Tails OS which does not read or write from the hard drive but only uses RAM, and then deletes all data on shutdown.
If the adversary has not linked your bitcoin address with your identity then privacy is much easier. Blockchain spying methods like the common-input-ownership heuristic , detecting change addresses and amount correlation are not very effective on their own if there is no starting point to link back to. It works far better than any actual technology like CoinJoin. Physical cash is an anonymous medium of exchange, so using it is a way to obtain bitcoin anonymously where no one except trading partners exchange identifying data.
Note that some services still require ID so that is worth checking. Some services require ID only for the trader placing the advert. As of late there is at least one decentralized exchange open source project in development which aims to facilitate this kind of trading without a needing a centralized third party at all but instead using a peer-to-peer network. Cash-in-person trades are an old and popular method. Two traders arrange to meet up somewhere and the buyer hands over cash while the seller makes a bitcoin transaction to the buyer.
This is similar to other internet phenomena like Craigslist which organize meetups for exchange. Escrow can be used to improve safety or to avoid the need to wait for confirmations at the meetup. Cash-by-mail works by having the buyer send physical cash through the mail. Escrow is always used to prevent scamming. The buyer of bitcoins can be very anonymous but the seller must reveal a mail address to the buyer.
Cash-by-mail can work over long distances but does depend on the postal service infrastructure. Users should check with their local postal service if there are any guidelines around sending cash-by-mail. Often the cash can also be insured. Cash deposit is a method where the buyer deposits cash directly into the seller's bank account.
Again escrow is used , and again the buyer of bitcoins can be near-anonymous but the seller must sign up with a bank or financial institution and share with them rather invasive details about one's identity and financial history. This method relies on the personal banking infrastructure so works over long distances. Cash dead drop is a rarely used method.
It is similar to a cash-in-person trade but the traders never meet up. The buyer chooses a location to hide the cash in a public location, next the buyer sends a message to the seller telling them the location, finally the seller picks up the cash from the hidden location. Escrow is a requirement to avoid scamming. This method is very anonymous for the buyer as the seller won't even learn their physical appearance, for the seller it is slightly less anonymous as the buyer can stalk the location to watch the seller collect the cash.
Cash substitutes like gift cards, mobile phone credits or prepaid debit cards can often be bought from regular stores with cash and then traded online for bitcoin. Bitcoins accepted as payment for work done can be anonymous if the employer does not request much personal information. This may work well in a freelancing or contracting setting.
Although if your adversary is your own employer then obviously this is not good privacy. Mining is the most anonymous way to obtain bitcoin. This applies to solo-mining as mining pools generally know the hasher's IP address. Depending on the size of operation mining may use a lot of electrical power which may attract suspicion. Also the specialized mining hardware may be difficult to get hold of anonymously although they wouldn't be linked to the resulting mined bitcoins.
In theory another way of obtaining anonymous bitcoin is to steal them. There is at least one situation where this happened. In May a hacker known as Phineas Fisher  hacked a spyware company that was selling surveillance products to dictators . The hacker used bitcoin stolen from other people to anonymously rent infrastructure for later attacks.
If you give up your delivery address which you'll have to if you're buying physical goods online then that will be a data leak. Obviously this is unavoidable in many cases. Bitcoin wallets must somehow obtain information about their balance and history. As of late the most practical and private existing solutions are to use a full node wallet which is maximally private and client-side block filtering which is very good. One issue with these technologies is that they always costs more resources time, bandwidth, storage, etc than non-private solutions like web wallets and centralized Electrum servers.
There are measurements indicating that very few people actually use BIP37 because of how slow it is  , so even client-side block filtering may not be used very much. Full nodes download the entire blockchain which contains every on-chain transaction that has ever happened in bitcoin.
So an adversary watching the user's internet connection will not be able to learn which transactions or addresses the user is interested in. This is the best solution to wallet history synchronization with privacy, but unfortunately it costs a significant amount in time and bandwidth.
In cryptography, a private information retrieval PIR protocol is a protocol that allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved. This has been proposed as a way to private synchronize wallet history but as PIR is so resource-intensive, users who don't mind spending bandwidth and time could just run a full node instead.
Client-side block filtering works by having filters created that contains all the addresses for every transaction in a block. The filters can test whether an element is in the set; false positives are possible but not false negatives. A lightweight wallet would download all the filters for every block in the blockchain and check for matches with its own addresses. Blocks which contain matches would be downloaded in full from the peer-to-peer network , and those blocks would be used to obtain the wallet's history and current balance.
Wallet histories can be obtained from centralized servers such as Electrum servers but using a new Tor circuit for each address. A closely-related idea is to connect together Electrum servers in an onion-routing network . When creating such a scheme, care should be taken to avoid timing correlation linking the addresses together, otherwise the server could use the fact that the addresses were requested close to each other in time. Bitcoin Core and its forks have countermeasures against sybil attack and eclipse attacks.
Eclipse attacks are sybil attacks where the adversary attempts to control all the peers of its target and block or control access to the rest of the network . Bitcoin Core and its forks use an algorithm known as trickling when relaying unconfirmed transactions, with the aim of making it as difficult as possible for sybil attackers to find the source IP address of a transaction.
For each peer, the node keeps a list of transactions that it is going to inv to it. It sends inv's for transactions periodically with a random delay between each inv. Transactions are selected to go into the inv message somewhat randomly and according to some metrics involving fee rate.
It selects a limited number of transactions to inv. The algorithm creates the possibility that a peered node may hear about an unconfirmed transaction from the creator's neighbours rather than the creator node itself    . However adversaries can still sometimes obtain privacy-relevant information. Encrypting messages between peers as in BIP would make it harder for a passive attacker such as an ISP or Wifi provider to see the exact messages sent and received by a bitcoin node.
If a connection-controlling adversary is a concern, then bitcoin can be run entirely over tor. Tor is encrypted and hides endpoints, so an ISP or Wifi providers won't even know you're using bitcoin. The other connected bitcoin nodes won't be able to see your IP address as tor hides it.
Bitcoin Core and its forks have features to make setting up and using tor easier. Some lightweight wallets also run entirely over tor. Running entirely over tor has the downside that synchronizing the node requires downloading the entire blockchain over tor, which would be very slow. Downloading blocks over Tor only helps in the situation where you want to hide the fact that bitcoin is even being used from the internet service provider .
It is possible to download blocks and unconfirmed transactions over clearnet but broadcast your own transactions over tor , allowing a fast clearnet connection to be used while still providing privacy when broadcasting. Dandelion is another technology for private transaction broadcasting.
The main idea is that transaction propagation proceeds in two phases: first the "stem" phase, and then "fluff" phase. During the stem phase, each node relays the transaction to a single peer. Even when an attacker can identify the location of the fluff phase, it is much more difficult to identify the source of the stem. Some privacy technologies like CoinJoin and CoinSwap require interactivity between many bitcoin entities.
They can also be used to broadcast transactions with more privacy, because peers in the privacy protocols can send each other unconfirmed transactions using the already-existing protocol they use to interact with each other. For example, in JoinMarket market takers can send transactions to market makers who will broadcast them and so improve the taker's privacy.
This can be a more convenient for the taker than setting up Tor for use with tor broadcasting. At least one bitcoin company offers a satellite bitcoin service . This is a free service where satellites broadcast the bitcoin blockchain to nearly anywhere in the world.
If users set up a dish antenna pointing at a satellite in space, then they can receive bitcoin blocks needed to run a full node. As the satellite setups are receive-only nobody can detect that the user is even running bitcoin, and certainly not which addresses or transactions belong to them. As of the company offers a paid-for API which allows broadcasting any data to anywhere in the world via satellite, which seems to be how they make their money. But it appears the base service of broadcasting the blockchain will always be free.
This section describes different techniques for improving the privacy of transactions related to the permanent record of transactions on the blockchain. Some techniques are trivial and are included in all good bitcoin wallets.
Others have been implemented in some open source projects or services, which may use more than one technique at a time. Other techniques have yet to be been implemented. Many of these techniques focus on breaking different heuristics and assumptions about the blockchain, so they work best when combined together.
Addresses being used more than once is very damaging to privacy because that links together more blockchain transactions with proof that they were created by the same entity. The most private and secure way to use bitcoin is to send a brand new address to each person who pays you. After the received coins have been spent the address should never be used again.
Also, a brand new bitcoin address should be demanded when sending bitcoin. All good bitcoin wallets have a user interface which discourages address reuse. It has been argued that the phrase "bitcoin address" was a bad name for this object because it implies it can be reused like an email address. A better name would be something like "bitcoin invoice". Bitcoin isn't anonymous but pseudonymous, and the pseudonyms are bitcoin addresses.
Avoiding address reuse is like throwing away a pseudonym after its been used. Bitcoin Core 0. When an address is paid multiple times the coins from those separate payments can be spent separately which hurts privacy due to linking otherwise separate addresses. If someone were to send coins to an address after it was used, those coins will still be included in future coin selections.
The easiest way to avoid the privacy loss from forced address reuse to not spend coins that have landed on an already-used and empty addresses. Usually the payments are of a very low value so no relevant money is lost by simply not spending the coins. Another option is to spend the coins individual directly to miner fees.
Dust-b-gone is an old project  which aimed to safely spend forced-address-reuse payments. It signs all the UTXOs together with other people's and spends them to miner fees. Coin control is a feature of some bitcoin wallets that allow the user to choose which coins are to be spent as inputs in an outgoing transaction. Coin control is aimed to avoid as much as possible transactions where privacy leaks are caused by amounts, change addresses, the transaction graph and the common-input-ownership heuristic  .
An example for avoiding a transaction graph privacy leak with coin control: A user is paid bitcoin for their employment, but also sometimes buys bitcoin with cash. The user wants to donate some money to a charitable cause they feel passionately about, but doesn't want their employer to know. The charity also has a publicly-visible donation address which can been found by web search engines. If the user paid to the charity without coin control, his wallet may use coins that came from the employer, which would allow the employer to figure out which charity the user donated to.
By using coin control, the user can make sure that only coins that were obtained anonymously with cash were sent to the charity. This avoids the employer ever knowing that the user financially supports this charity. Paying someone with more than one on-chain transaction can greatly reduce the power of amount-based privacy attacks such as amount correlation and round numbers. Privacy-conscious merchants and services should provide customers with more than one bitcoin address that can be paid.
Change avoidance is where transaction inputs and outputs are carefully chosen to not require a change output at all. Not having a change output is excellent for privacy, as it breaks change detection heuristics. Change avoidance is practical for high-volume bitcoin services, which typically have a large number of inputs available to spend and a large number of required outputs for each of their customers that they're sending money to.
This kind of change avoidance also lowers miner fees because the transactions uses less block space overall. Another way to avoid creating a change output is in cases where the exact amount isn't important and an entire UTXO or group of UTXOs can be fully-spent. An example is when opening a Lightning Network payment channel. Another example would be when sweeping funds into a cold storage wallet where the exact amount may not matter.
If change avoidance is not an option then creating more than one change output can improve privacy. This also breaks change detection heuristics which usually assume there is only a single change output. As this method uses more block space than usual, change avoidance is preferable. The script of each bitcoin output leaks privacy-relevant information.
Much research has gone into improving the privacy of scripts by finding ways to make several different script kinds look the same. As well as improving privacy, these ideas also improve the scalability of the system by reducing storage and bandwidth requirements. ECDSA-2P is a cryptographic scheme which allows the creation of a 2-of-2 multisignature scheme but which results in a regular single-sig ECDSA signature when included on the blockchain .
One side effect is that any N-of-N  and M-of-N multisignature can be easily made to look like a single-sig when included on the blockchain. Adding Schnorr to bitcoin requires a Softfork consensus change. As of a design for the signature scheme has been proposed . The required softfork consensus change is still in the design stage as of early Scriptless scripts are a set of cryptographic protocols which provide a way of replicating the logic of script without actually having the script conditions visible, which increases privacy and scalability by removing information from the blockchain    .
With scriptless scripts, nearly the only thing visible is the public keys and signatures. More than that, in multi-party settings, there will be a single public key and a single signature for all the actors. Everything looks the same-- lightning payment channels would look the same as single-sig payments, escrows, atomic swaps , or sidechain federation pegs.
Pretty much anything you think about that people are doing on bitcoin in , can be made to look essentially the same . It improves privacy and scalability by removing information from the blockchain  . The Schnorr signature can be used to spend the coin, but also a MAST tree can be revealed only when the user wants to use it.
The schnorr signature can be any N-of-N or use any scriptless script contract. The consequence of taproot is a much larger anonymity set for interesting smart contracts, as any contract such as Lightning Network , CoinSwap , multisignature , etc would appear indistinguishable from regular single-signature on-chain transaction. The taproot scheme is so useful because it is almost always the case that interesting scripts have a logical top level branch which allows satisfaction of the contract with nothing other than a signature by all parties.
Other branches would only be used where some participant is failing to cooperate. Graftroot is a smart contract scheme similar to taproot. It allows users to include other possible scripts for spending the coin but with less resources used even than taproot. The tradeoff is that interactivity is required between the participants   . It can be used in certain situations to create a more private timelock which avoids using script opcodes.
ECDH addresses can be used to improve privacy by helping avoid address reuse. For example, a user can publish a ECDH address as a donation address which is usable by people who want to donate. An adversary can see the ECDH donation address but won't be able to easily find any transactions spending to and from it.
However ECDH addresses do not solve all privacy problems as they are still vulnerable to mystery shopper payments ; an adversary can donate some bitcoins and watch on the blockchain to see where they go afterwards, using heuristics like the common-input-ownership heuristic to obtain more information such as donation volume and final destination of funds.
ECDH addresses have some practicality issues and are very closely equivalent to running a http website which hands out bitcoin addresses to anybody who wants to donate except without an added step of interactivity. It is therefore unclear whether ECDH are useful outside the use-case of non-interactive donations or a self-contained application which sends money to one destination without any interactivity.
This is an old method for breaking the transaction graph. Also called "tumblers" or "washers". A user would send bitcoins to a mixing service and the service would send different bitcoins back to the user, minus a fee. In theory an adversary observing the blockchain would be unable to link the incoming and outgoing transactions.
There are several downsides to this. The mixer it must be trusted to keep secret the linkage between the incoming and outgoing transactions. Also the mixer must be trusted not to steal coins. This risk of stealing creates reputation effects; older and more established mixers will have a better reputation and will be able to charge fees far above the marginal cost of mixing coins.
Also as there is no way to sell reputation, the ecosystem of mixers will be filled with occasional exit scams. There is a better alternative to mixers which has essentially the same privacy and custody risks. A user could deposit and then withdraw coins from any regular bitcoin website that has a hot wallet. As long as the bitcoin service doesn't require any other information from the user, it has the same privacy and custody aspects as a centralized mixer and is also much cheaper.
Examples of suitable bitcoin services are bitcoin casinos, bitcoin poker websites, tipping websites, altcoin exchanges or online marketplaces . The problem of the service having full knowledge of the transactions could be remedied by cascading several services together.
A user who wants to avoid tracking by passive observers of the blockchain could first send coins to a bitcoin casino, from them withdraw and send directly to an altcoin exchange, and so on until the user is happy with the privacy gained. CoinJoin is a special kind of bitcoin transaction where multiple people or entities cooperate to create a single transaction involving all their inputs.
It has the effect of breaking the common-input-ownership heuristic and it makes use of the inherent fungibility of bitcoin within transactions. The CoinJoin technique has been possible since the very start of bitcoin and cannot be blocked except in the ways that any other bitcoin transactions can be blocked. Just by looking at a transaction it is not possible to tell for sure whether it is a coinjoin.
CoinJoins are non-custodial as they can be done without any party involved in a coinjoin being able to steal anybody else's bitcoins . This transaction breaks the common-input-ownership heuristic , because its inputs are not all owned by the same person but it is still easy to tell where the bitcoins of each input ended up. By looking at the amounts and assuming that the two entities do not pay each other it is obvious that the 2 BTC input ends up in the 2 BTC output, and the same for the 3 BTC.
To really improve privacy you need CoinJoin transaction that have a more than one equal-sized output:. In this transaction the two outputs of value 2 BTC cannot be linked to the inputs. They could have come from either input. This is the crux of how CoinJoin can be used to improve privacy, not so much breaking the transaction graph rather fusing it together.
The privacy gain of these CoinJoins is compounded when the they are repeated several times. Cryptos and stocks have traded in a choppy range so far this year. Layer 2. Our new digital magazine goes beyond the daily headlines to put crypto and blockchain developments in perspective. Price extension! Tickets increase in:. Register Now. Bitcoin BTC. Learn more on CoinDesk Indices. Gemini Sponsored Investing just got more rewarding.
Gemini is a simple, elegant and secure platform to build your crypto portfolio. About Bitcoin. Bitcoin Value Proposition. Digital gold. Bitcoin price. How does Bitcoin work? Here are the main features of blockchain technology:. Transactions are sent directly from the sender to the receiver without any intermediaries.
Holders who store their own bitcoin have complete control over it. Bitcoin has a fixed supply of 21 million. No more bitcoin can be created and units of bitcoin cannot be destroyed. Unlocking blocks work as follows:. Crypto mining uses a system called cryptographic hashing. Even changing one character of the input will result in a totally different fixed-length code.
Previously Aired. Community Crypto. Watch CoinDesk TV. Bitcoin Market Cap. Bitcoin 24H Volume. Bitcoin Price. All Time High. Returns YTD. Bitcoin Market Stats. Total Supply. Max Supply. Twitter Sentiment. Trending Assets. Bitcoin Calculator. Crypto to FIAT. Crypto to Crypto. Go To Bitcoin Calculator. Latest About Bitcoin.
First mover. Apr 14, at p. Apr 14, Market wrap. By Damanick Dantes Angelique Chen. Technical analysis. By Damanick Dantes. Research Reports All.
Anyone selling bitcoin bill gates ethereumSelling Bitcoin at a Coin Shop!
Следующая статья jupiter bitcoin faucet