Are Bitcoin Transactions Traceable?

Thinking of sending a bitcoin transaction that you would prefer to stay private?

Are you wondering what steps you can take to make sure your transactions is not traceable?

You’ve come to the right place.

In this article, we will cover everything you want to know about the state of bitcoin traceability in 2023.

Let’s read on…

Are Bitcoin Transactions Traceable?

Let’s get the simple question out of the way: are bitcoin transactions traceable in 2023?

The short answer is: (mostly) yes.

Bitcoin transactions are thought by many to be anonymous, but this is not entirely true.

Bitcoin is designed with a pseudonymous system, using public addresses to mask the identity of users.

Due to the public nature of its blockchain, transactions can still be traced, and in some cases, identities can be revealed.

However, you CAN have mostly private bitcoin transactions if you are willing to take some precautions.

Below we will cover how bitcoin transactions are traced today and what you can do to protect yourself.

How Professionals Trace Bitcoin Transactions

Analyzing transaction patterns is a technique used by blockchain analysis companies, researchers, and law enforcement agencies to trace Bitcoin transactions by identifying patterns in transaction data.


chainalysis homepage


Analysts like these pour over the blockchain to find the identities behind the transactions.

Below are some assumptions used by these professionals to trace your bitcoin transactions.

By understanding what the assumptions are and why they are made, we can act in ways that break them.

We can also create new technologies that make them obsolete and unreliable.


NOTE

Almost none of the assumptions and techniques listed below could, by themselves, be used to determine your identity. But...taken together, they can paint a very descriptive picture of who you are.


Common Input Ownership Assumption

The Common Input Ownership Assumption (CIOA) is a widely-used assumption in Bitcoin transaction analysis that helps to link addresses and transactions to a single user or entity.

The assumption is based on the idea that if a transaction has multiple inputs, all those inputs are likely owned by the same user.

When a user wants to make a Bitcoin transaction, they need to use one or more of their unspent transaction outputs (UTXOs) as inputs for the new transaction.

In many cases, a single UTXO might not be enough to cover the desired transaction amount, so the user needs to combine multiple UTXOs as inputs.

According to the CIOA, since all these UTXOs are being used in the same transaction, they most likely belong to the same user.


common input ownership heuristic


For example, let’s say Alice wants to send 1.5 BTC to Bob, but her wallet contains three UTXOs with 0.6 BTC, 0.7 BTC, and 0.5 BTC.

To send the desired amount, Alice’s wallet would create a transaction using the 0.6 BTC, 0.7 BTC, and 0.5 BTC UTXOs as inputs (totaling 1.8 BTC) and send 1.5 BTC to Bob’s address. The remaining 0.3 BTC would be sent back to a new address controlled by Alice as change.

By applying the CIOH, an analyst can assume that the addresses associated with the 0.6, 0.7, and 0.8 BTC UTXOs belong to the same user (Alice) since they were used as inputs in the same transaction.

Change Address Assumption

This assumption states that the change output in a transaction is the output that has the lowest value, or the output that creates a new address not seen in the blockchain before.

By identifying the change address, analysts can separate transaction outputs into recipients and change, which can provide valuable insights into transaction patterns and user behavior.


change address heuristic


Taking the example above, analysts may use this assumption to guess that the change address that received the remaining 0.3 BTC from Alice also belongs to Alice.

First-Seen Safe Assumption

This assumption assumes that the first time an address is seen on the blockchain, it is controlled by the sender of coins that this address received them from.

This can help analysts link addresses to specific users and trace transaction chains.

Coin Age Assumption

Coin age refers to the time elapsed since a particular coin (UTXO) was last spent.

This assumption is based on the assumption that users tend to spend newer coins before older ones.

By analyzing coin age, blockchain analysts can make inferences about user spending habits and potentially identify connections between transactions.

Round Amounts Assumption

The Round Amounts Assumption is another assumption used in Bitcoin transaction analysis to identify potential connections between transactions, addresses, and users.

This assumption is based on the idea that users often send round amounts of Bitcoin when transacting, which can be a clue to associate certain transactions with the same user or entity.

When analyzing Bitcoin transactions, round amounts often stand out as they represent more “natural” numbers that people are accustomed to using in everyday transactions, such as 1 BTC, 0.5 BTC, or 0.1 BTC.


round amounts heuristic


Users tend to choose round amounts for various reasons, such as convenience, ease of calculation, or familiarity.

By identifying transactions with round amounts, analysts can potentially link related transactions or addresses.

For example, if a user consistently sends transactions in round amounts like 0.1 BTC or 1 BTC, this pattern could be used to associate seemingly unrelated transactions with the same user.

Temporal Proximity Assumption

This assumption is based on the idea that related transactions tend to occur close together in time.

By examining the time difference between transactions, analysts can identify potential links between addresses or transactions that may be associated with the same user or entity.

Address Clustering Assumption

This assumption involves grouping addresses that are likely to be controlled by the same user or entity based on various factors, such as transaction patterns, inputs, and outputs.

Address clustering can help analysts get a better understanding of user behavior and trace transactions more effectively.

Social Network Analysis

This approach involves analyzing connections and relationships between users, entities, and addresses based on data from social networks, forums, and other online sources.


social network analysis
An analyst could look at the people will follow and those who follow us on twitter and try to discovery if any of them are likely to be receiving coins from us or sending them to us.


By correlating on-chain transaction data with off-chain information, analysts can uncover additional links between transactions, addresses, and users.

Dust Output Assumption

“Dust” refers to very small amounts of cryptocurrency that are uneconomical to spend due to transaction fees.

This assumption states that dust outputs are created as a deliberate technique to obfuscate transaction trails.

By identifying dust outputs, analysts can potentially uncover attempts to conceal transaction patterns or user behavior.

Transaction Fee Assumption

This assumption is based on the idea that users or entities may have specific preferences for transaction fees, either consistently choosing low fees to save on costs or high fees to prioritize transaction confirmation times.

By analyzing fee patterns, it may be possible to link seemingly unrelated transactions to the same user or entity.

Wallet Fingerprinting

This assumption identifies patterns and characteristics unique to specific wallet software or services.

Different wallet software may generate transactions with specific structures, metadata, or address formats.

By recognizing these fingerprints, analysts can potentially link addresses or transactions to specific wallet providers or software, narrowing down the pool of possible users.

Steps You Can Take to Protect Your Transactions from Tracing

As I stated before, none of the above methods of tracing your bitcoin transaction are likely to dox your identity.

It’s when they are taken together that they cause problems for you.

With that in mind, you want to break as many of these assumptions as possible.

Let’s talk about how we can do that today:

CoinJoins

CoinJoin is a privacy-enhancing technique used in Bitcoin and other cryptocurrencies to improve the anonymity of transactions.

The main idea behind CoinJoin is to combine multiple transactions from different users into a single transaction, making it more difficult to link specific inputs to outputs and trace the flow of funds.

This process effectively “mixes” the coins, obscuring the relationship between senders and recipients.


Wasabi Coinjoin
Wasabi Wallet offers one of the most popular coinjoining softwares on the market today. Source: Wasabi Wallet.


By using CoinJoin, the transaction inputs and outputs become intermingled, making it significantly harder for blockchain analysis tools and techniques to link specific inputs to outputs.

This provides an increased level of privacy and anonymity for users compared to regular transactions.

However, it is important to note that CoinJoin is not a perfect privacy solution.

Advanced blockchain analysis techniques may still be able to uncover patterns or associations between users in some cases.

Using Tor

Tor, short for The Onion Router, is a privacy-focused network that enables users to browse the internet and communicate online without revealing their IP addresses.


tor project homepage


By using Tor, you can enhance the privacy of your Bitcoin transactions and make it more difficult for blockchain analysts and other parties to trace your activities.

All you have to do to use Tor is to use a wallet that supports tor routing for transaction broadcasting out of the box.

Electrum is a great option as well as Bitcoin Core.


electrum wallet homepage


These are also good options because they support Taproot, full nodes, and address re-use prevention - all of which we will talk about below.

Use Taproot Addresses When Using Multisig to Store Coins

Taproot is an upgrade to the bitcoin protocol that can make complex transactions appear indistinguishable from simple transactions, improving privacy.

Taproot addresses begin with “bc1p”.

Use them whenever they are available is it will never hurt you to do so.

Don’t Reuse Addresses

Anyone can see all of the transaction history of a particular address.

For this reason, it is best to always generate a new address whenever requesting that someone sends you bitcoin.

This is easy to do with any modern bitcoin wallet and most wallets will do this for you automatically.

That said…this can become a bit more tricky if you are trying to receive donations in bitcoin because you don’t know when someone wants to send you coins.

There are solutions for this today using software called BTCPayServer.


BTCPayServer homepage


You host the BTCPayServer client and connect it to your full node.

Then, anytime someone wants to send you coins, they can go on your site and BTCPayServer will generate a one-time-use address just for them.

One added benefit of BTCPayServer is that they already implemented Payjoin (explained below in the next section) into their client, so you don’t need to wait for it to be implemented into Bitcoin Core.

In short, Payjoin helps break the Common Input Ownership Assumption.

Run Your Own Full Node

Operating a full node allows you to verify your transactions independently, reducing reliance on third parties that might expose your privacy.

Remember that whenever you send or receive bitcoin, that transaction must be broadcast to the network.

Someone’s full node must do that broadcasting. If it’s not yours, it’s someone else’s (usually the maker of your wallet).

This is a nice, free service the wallet producer provides, however, you are relying on them to:

  1. Verify your transaction is legitimate and confirmed.
  2. Not harvest your transactions for personally identifying data they can sell to chain analyses companies.

Just run a full node and you won’t need to worry about it.

If building your own feels a little daunting, you can buy one from a manufacturer like the Nodl.


electrum wallet homepage


Exchanging Bitcoin Off-Chain

Using tools like an OpenDime can enable off-chain transactions.


Open Dime Bitcoin Wallet


These transactions are impossible to trace because there is no public record of the change in ownership.

All you do is transfer some coins to the open dime, then give the open dime to whoever you want to have totally anonymous coins.

Using the Lightning Network

The Lightning Network is a second-layer solution built on top of the Bitcoin blockchain that enables fast, low-cost, and scalable off-chain transactions.

It achieves this by creating a network of payment channels between users, which allows funds to be transferred without the need to record every transaction on the main Bitcoin blockchain.


lightning network visualization
A visualization of the Lightning Network. Source: LnRouter.app.


This off-chain nature of the Lightning Network transactions provides several advantages in terms of privacy and makes it harder to trace bitcoins compared to on-chain transactions.

Despite these privacy-enhancing features, the Lightning Network is not a perfect privacy solution. Network analysis and other techniques might still reveal patterns and associations between users in some cases. However, the Lightning Network offers a significant improvement in transaction privacy compared to on-chain Bitcoin transactions and, when combined with other privacy techniques, can help make tracing bitcoins more difficult.

Future Developments That May Prevent Tracking in the Future

Several innovative proposals and technologies are being developed to improve Bitcoin’s privacy:

CoinSwaps

CoinSwaps are arguably a better alternative CoinJoins that offer enhanced privacy.

Instead of simply combining transactions that require a centralized coordinator, CoinSwaps use atomic swaps to exchange coins between participants.

This means that the coins effectively “swap” ownership without ever being linked on the blockchain.

The readme for the protocol characterizes it this way:

Imagine a future where a user Alice has bitcoins and wants to send them with maximal privacy, so she creates a special kind of transaction. For anyone looking at the blockchain her transaction appears completely normal with her coins seemingly going from address A to address B. But in reality her coins end up in address Z which is entirely unconnected to either A or B.

CoinSwaps provide stronger privacy than CoinJoins because:

  1. The link between the input and output addresses is completely broken (transaction graph asssumption), making it nearly impossible to trace the transactions.
  2. They do not require trust in a central coordinator, as atomic swaps are trustless by design.

Technically, you can use CoinSwaps today using MercuryWallet.


mercurywallet homepage
MercuryWallet's Homepage


However, be aware that MercuryWallet uses Statechains (explained below) to do Coinswaps, which are not exactly trustless, so this is still not a truly decentralized implementation.

PayJoin (BIP78)

PayJoin (also known as Pay-to-EndPoint or P2EP) is a privacy-enhancing technique for Bitcoin transactions that builds upon the CoinJoin concept.


PayJoin bip78 github summary
The pull request summary writeup for PayJoin on Bitcoin's Github repo.


In a standard Bitcoin transaction, it is generally easy to distinguish between the sender’s and recipient’s outputs. However, with PayJoin, both the sender and recipient contribute inputs to the transaction, which makes it harder for an observer to determine the transaction’s flow.

By involving both the sender and recipient in the transaction inputs, PayJoin transactions make it more difficult for blockchain analysis tools to determine which inputs and outputs belong to the sender and which belong to the recipient.

This breaks the common-input-ownership assumption, which assumes that all inputs in a transaction belong to the same user.

PayJoin transactions have some additional benefits:

Silent Payments

While Silent Payments are not typically thought of as privacy tech, there is a use case in which they do protect the privacy of senders specifically.


silent payments bitcoin magazine headline


Previously, we discussed BTCPayServer as a way of avoiding address reuse while soliciting donations.

One issue with BTCPayServer is it requires the person receiving the donation to run a server.

Not always so easy for normal non-technical people.

But there is another downside for the sender of the donation - that is, the person receiving your donated coins knows your address (even if they don’t know you).

With Silent Payments, the person receiving the donated coins simply posts a static address.

Then, you (as the donator) use that to address (known as a ‘silent payment address’) to create “…a public key from one of [your] chosen inputs for the payment, and [use] it to derive a shared secret that is then used to tweak the silent payment address.”

Because of this, the static address posted by the recipient is not actually the address that will receive the funds.

This allows the sender to break the link between their IP address and the address generated by BTCPayServer.

This would be very similar to generating a BTCPayServer payment address while using Tor.

Bulletproofs

Bulletproofs are a type of non-interactive “zero-knowledge proof” that is designed to be more efficient and compact than traditional zero-knowledge proofs.

Bulletproofs (and all zero-knoweldge proofs) allow users to prove that a statement is true without revealing any information about the statement itself.

For example, proving you know a code to a locked door without revealing the code for others to test themselves.


zero-knowledge proof example
An intuitive example of a zero-knowledge proof. Source: BBVA.


In the context of confidential transactions, Bulletproofs enable bitcoin senders to hide transaction amounts while still allowing the network to verify that the transaction is valid.

This is particularly important for bitcoin, since we need to be able to verify no new coins have been created out of thin air while still proving one has the coins they are trying to send.

If you can prove you have enough coins to cover your transaction without telling the network how many coins you are sending, that is a very useful feature.

For more on Bulletproofs, ieee.org has a great summary.

Dandelion++

Dandelion++ is a network-level privacy enhancement proposal for Bitcoin and other cryptocurrencies that aims to reduce the risk of transaction origin identification by adversaries monitoring the peer-to-peer (P2P) network.

Dandelion++ builds upon the original Dandelion proposal, improving its robustness and efficiency.

The main goal of Dandelion++ is to make it more difficult for an adversary to link transactions to specific IP addresses by changing the way transactions are propagated through the network.

There are apparently still issues to be solved involving DDoS attack vulnerability, so it may be awhile before this becomes widely available to users.

Conclusion

While Bitcoin transactions can be traced to some extent, there are numerous steps users can take to protect their privacy.

Current tools and techniques, along with future developments, are continually evolving to enhance the privacy of Bitcoin transactions.

About the Author

colin aulds

Colin Aulds is a founder at 10NetZero, a off-grid Bitcoin mining company. He is also the former VP and founder at Billfodl, a Bitcoin wallet backup company, as well as PrivacyPros.io, a blog dedicated to helping every day people increase their privacy online. He is also 1/4th of the Unhashed Podcast, a Bitcoin only podcast about the latest news and tech surrounding it.

Ask an Expert

Can’t find the information you're looking for? Message us with any of your unanswered questions, and we will get back to you within one business day.