{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,26]],"date-time":"2025-11-26T16:45:32Z","timestamp":1764175532897,"version":"build-2065373602"},"publisher-location":"New York, NY, USA","reference-count":71,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,15]],"date-time":"2023-11-15T00:00:00Z","timestamp":1700006400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/501100004837","name":"Ministerio de Ciencia e Innovaci\u00f3n","doi-asserted-by":"publisher","award":["TED2021-132464B- I00,PID2022-142290OB-I00,PRE2019-088472"],"award-info":[{"award-number":["TED2021-132464B- I00,PID2022-142290OB-I00,PRE2019-088472"]}],"id":[{"id":"10.13039\/501100004837","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,15]]},"DOI":"10.1145\/3576915.3623094","type":"proceedings-article","created":{"date-parts":[[2023,11,21]],"date-time":"2023-11-21T12:35:13Z","timestamp":1700570113000},"page":"3183-3197","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-1510-5599","authenticated-orcid":false,"given":"Gibran","family":"Gomez","sequence":"first","affiliation":[{"name":"IMDEA Software Institute & Universidad Polit\u00e9cnica de Madrid, Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3454-1692","authenticated-orcid":false,"given":"Kevin","family":"van Liebergen","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute & Universidad Polit\u00e9cnica de Madrid, Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2962-1348","authenticated-orcid":false,"given":"Juan","family":"Caballero","sequence":"additional","affiliation":[{"name":"IMDEA Software Institute, Madrid, Spain"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,11,21]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"Bitcoinponzitool 2018. https:\/\/github.com\/bitcoinponzi\/BitcoinPonziTool\/."},{"key":"e_1_3_2_1_2_1","volume-title":"A bitcoin transactions perspective (dataset)","author":"On","year":"2018","unstructured":"On the economic significance of ransomware campaigns: A bitcoin transactions perspective (dataset), 2018. https:\/\/spritz.math.unipd.it\/datasets\/btcransomware\/ knowledge_base.zip."},{"key":"e_1_3_2_1_3_1","unstructured":"Ransomware in the bitcoin ecosystem | dataset extraction 2019. https:\/\/github. com\/behas\/ransomware-dataset."},{"key":"e_1_3_2_1_4_1","unstructured":"Spams meet cryptocurrencies dataset 2019. https:\/\/github.com\/MatteoRomiti\/ Sextortion_Spam_Bitcoin."},{"key":"e_1_3_2_1_5_1","unstructured":"Cryptocurrency exchange scams dataset 2020. https:\/\/cryptoexchangescam. github.io\/ScamDataset\/."},{"key":"e_1_3_2_1_6_1","unstructured":"Bitcoin abuse 2022. https:\/\/www.bitcoinabuse.com."},{"key":"e_1_3_2_1_7_1","unstructured":"WatchYourBack 2022. https:\/\/github.com\/cybersec-code\/watchyourback."},{"key":"e_1_3_2_1_8_1","volume-title":"no change heuristic","author":"Wiki Bitcoin","year":"2023","unstructured":"Bitcoin Wiki: no change heuristic, 2023. https:\/\/en.bitcoin.it\/wiki\/Privacy#Exact_ payment_amounts_.28no_change.29."},{"key":"e_1_3_2_1_9_1","unstructured":"Chainalysis 2023. https:\/\/www.chainalysis.com\/."},{"key":"e_1_3_2_1_10_1","volume-title":"Bitcoin, ethereum, crypto news and price data","author":"Coindesk","year":"2023","unstructured":"Coindesk: Bitcoin, ethereum, crypto news and price data, 2023. https:\/\/api. coindesk.com\/v1\/bpi\/historical\/close.json."},{"key":"e_1_3_2_1_11_1","unstructured":"Double and nothing dataset 2023. https:\/\/double-and-nothing.github.io\/."},{"key":"e_1_3_2_1_12_1","unstructured":"iocsearcher 2023. https:\/\/github.com\/malicialab\/iocsearcher."},{"key":"e_1_3_2_1_13_1","unstructured":"Wallet explorer 2023. https:\/\/www.walletexplorer.com\/info."},{"key":"e_1_3_2_1_14_1","volume-title":"January","author":"Abrams L.","year":"2022","unstructured":"L. Abrams. New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key, January 2022. https:\/\/www.bleepingcomputer.com\/news\/security\/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key\/."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_4"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2021.3123894"},{"key":"e_1_3_2_1_17_1","volume-title":"Data Mining for Detecting Bitcoin Ponzi Schemes. In Crypto Valley Conference on Blockchain Technology","author":"Bartoletti M.","year":"2018","unstructured":"M. Bartoletti, B. Pes, and S. Serusi. Data Mining for Detecting Bitcoin Ponzi Schemes. In Crypto Valley Conference on Blockchain Technology, June 2018."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354230"},{"key":"e_1_3_2_1_19_1","unstructured":"Bitiodine 2023. https:\/\/github.com\/mikispag\/bitiodine."},{"key":"e_1_3_2_1_20_1","volume-title":"May","author":"Cable J.","year":"2022","unstructured":"J. Cable. Ransomwhere: A Crowdsourced Ransomware Payment Dataset, May 2022."},{"key":"e_1_3_2_1_21_1","unstructured":"Censys 2022. https:\/\/censys.io\/."},{"key":"e_1_3_2_1_22_1","unstructured":"Censys DeadBolt 2022. https:\/\/datastudio.google.com\/reporting\/f8d38b6c-9997-4bba-be93-19cf57d7371a\/page\/DcGtC."},{"key":"e_1_3_2_1_23_1","volume-title":"The World Wide Web Conference","author":"Christin N.","year":"2013","unstructured":"N. Christin. Traveling the Silk Road: A measurement analysis of a large anonymous online marketplace. In The World Wide Web Conference, 2013."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2018.08.008"},{"key":"e_1_3_2_1_25_1","volume-title":"February","author":"Coppinger N.","year":"2022","unstructured":"N. Coppinger. Netwalker Ransomware Guide: Everything You Need to Know, February 2022. https:\/\/www.varonis.com\/blog\/netwalker-ransomware."},{"key":"e_1_3_2_1_26_1","volume-title":"February","author":"Ellzey M.","year":"2023","unstructured":"M. Ellzey and E. Austin. The Evolution of ESXiArgs Ransomware, February 2023. https:\/\/censys.io\/the-evolution-of-esxiargs-ransomware."},{"key":"e_1_3_2_1_27_1","volume-title":"Automatic Bitcoin Address Clustering. In IEEE International Conference on Machine Learning and Applications","author":"Ermilov D.","year":"2017","unstructured":"D. Ermilov, M. Panov, and Y. Yanovich. Automatic Bitcoin Address Clustering. In IEEE International Conference on Machine Learning and Applications, 2017."},{"key":"e_1_3_2_1_28_1","volume-title":"October","author":"Gatlan S.","year":"2022","unstructured":"S. Gatlan. Police tricks DeadBolt ransomware out of 155 decryption keys, October 2022. https:\/\/www.bleepingcomputer.com\/news\/security\/police-tricks-deadbolt-ransomware-out-of-155-decryption-keys\/."},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0038"},{"key":"e_1_3_2_1_30_1","volume-title":"November","author":"Goldsmith A.","year":"2022","unstructured":"A. Goldsmith. What do we know about REvil, the Russian ransomware gang likely behind the Medibank cyber attack?, November 2022. https:\/\/theconversation.com\/what-do-we-know-about-revil-the-russian-ransomware-gang-likely-behind-the-medibank-cyber-attack-194337."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560587"},{"key":"e_1_3_2_1_32_1","volume-title":"Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage","author":"Gomez G.","year":"2023","unstructured":"G. Gomez, K. van Liebergen, and J. Caballero. Cybercrime Bitcoin Revenue Estimations: Quantifying the Impact of Methodology and Coverage, 2023. https: \/\/arxiv.org\/abs\/2309.03592."},{"key":"e_1_3_2_1_33_1","volume-title":"The Unreasonable Effectiveness of Address Clustering. In IEEE International Conference on Ubiquitous Intelligence and Computing (ATC)","author":"Harrigan M.","year":"2016","unstructured":"M. Harrigan and C. Fretter. The Unreasonable Effectiveness of Address Clustering. In IEEE International Conference on Ubiquitous Intelligence and Computing (ATC), 2016."},{"key":"e_1_3_2_1_34_1","volume-title":"Graphsense: A general-purpose cryptoasset analytics platform. Arxiv pre-print","author":"Haslhofer B.","year":"2021","unstructured":"B. Haslhofer, R. St\u00fctz, M. Romiti, and R. King. Graphsense: A general-purpose cryptoasset analytics platform. Arxiv pre-print, 2021. https:\/\/arxiv.org\/abs\/2102. 13613."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243840"},{"key":"e_1_3_2_1_36_1","volume-title":"Tracking Ransomware End-to-end. In IEEE Symposium on Security and Privacy","author":"Huang D. Y.","year":"2018","unstructured":"D. Y. Huang, M. M. Aliapoulios, V. G. Li, L. Invernizzi, K. McRoberts, E. Bursztein, J. Levin, K. Levchenko, A. C. Snoeren, and D. McCoy. Tracking Ransomware End-to-end. In IEEE Symposium on Security and Privacy, May 2018."},{"key":"e_1_3_2_1_37_1","volume-title":"Botcoin: Monetizing Stolen Cycles. In Network and Distributed Systems Security Symposium","author":"Huang D. Y.","year":"2014","unstructured":"D. Y. Huang, H. Dharmdasani, S. Meiklejohn, V. Dave, C. Grier, D. McCoy, S. Sav-age, N. Weaver, A. C. Snoeren, and K. Levchenko. Botcoin: Monetizing Stolen Cycles. In Network and Distributed Systems Security Symposium, 2014."},{"key":"e_1_3_2_1_38_1","volume-title":"USENIX Security Symposium","author":"Kalodner H.","year":"2020","unstructured":"H. Kalodner, M. M\u00f6ser, K. Lee, S. Goldfeder, M. Plattner, A. Chator, and A. Narayanan. BlockSci: Design and Applications of a Blockchain Analysis Platform. In USENIX Security Symposium, 2020."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/1562164.1562190"},{"key":"e_1_3_2_1_40_1","volume-title":"USENIX Security Symposium","author":"Kappos G.","year":"2022","unstructured":"G. Kappos, H. Yousaf, R. St\u00fctz, S. Rollet, B. Haslhofer, and S. Meiklejohn. How to peel a million: Validating and expanding bitcoin clusters. In USENIX Security Symposium, 2022."},{"key":"e_1_3_2_1_41_1","volume-title":"Cybercriminal Minds: An Investigative Study of Cryptocurrency Abuses in the Dark Web. In Network and Distributed Systems Security Symposium","author":"Lee S.","year":"2019","unstructured":"S. Lee, C. Yoon, H. Kang, Y. Kim, Y. Kim, D. Han, S. Son, and S. Shin. Cybercriminal Minds: An Investigative Study of Cryptocurrency Abuses in the Dark Web. In Network and Distributed Systems Security Symposium, 2019."},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-39828-5"},{"key":"e_1_3_2_1_43_1","volume-title":"Ahn. Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin. In APWG Symposium on Electronic Crime Research","author":"Liao K.","year":"2016","unstructured":"K. Liao, Z. Zhao, A. Doup\u00e9, and G.-J. Ahn. Behind Closed Doors: Measurement and Analysis of CryptoLocker Ransoms in Bitcoin. In APWG Symposium on Electronic Crime Research, June 2016."},{"key":"e_1_3_2_1_44_1","volume-title":"August","author":"Maxwell G.","year":"2013","unstructured":"G. Maxwell. Coinjoin: Bitcoin privacy for the real world, August 2013. https: \/\/bitcointalk.org\/index.php?topic=279249.0."},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1145\/2504730.2504747"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2020.101762"},{"key":"e_1_3_2_1_47_1","doi-asserted-by":"publisher","DOI":"10.1109\/eCRS.2013.6805780"},{"key":"e_1_3_2_1_48_1","volume-title":"A peer-to-peer electronic cash system. https:\/\/bitcoin.org\/bitcoin.pdf","author":"Nakamoto S.","year":"2008","unstructured":"S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https:\/\/bitcoin.org\/bitcoin.pdf, 2008."},{"key":"e_1_3_2_1_49_1","volume-title":"Master's thesis","author":"Nick J. D.","year":"2015","unstructured":"J. D. Nick. Data-Driven De-Anonymization in Bitcoin. Master's thesis, Distributed Computing Group, Computer Engineering and Networks Laboratory, ETH Zurich, Zurich, Switzerland, August 2015."},{"key":"e_1_3_2_1_50_1","volume-title":"November","author":"U.","year":"2021","unstructured":"U. D. of State. DarkSide Ransomware as a Service (RaaS), November 2021. https: \/\/www.state.gov\/darkside-ransomware-as-a-service-raas."},{"key":"e_1_3_2_1_51_1","unstructured":"Omni layer 2023. https:\/\/www.omnilayer.org."},{"key":"e_1_3_2_1_52_1","volume-title":"A tale of two markets: Investigating the ransomware payments economy","author":"Oosthoek K.","year":"2022","unstructured":"K. Oosthoek, J. Cable, and G. Smaragdakis. A tale of two markets: Investigating the ransomware payments economy, 2022."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1093\/cybsec\/tyz003"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1145\/3318041.3355466"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"publisher","DOI":"10.1109\/CNS.2018.8433199"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/3097983.3098082"},{"key":"e_1_3_2_1_57_1","unstructured":"T. M. Research. What We Know About the DarkSide Ransomware and the US Pipeline Attack May 2021. https:\/\/www.trendmicro.com\/en_us\/research\/21\/e\/what-we-know-about-darkside-ransomware-and-the-us-pipeline-attac.html."},{"key":"e_1_3_2_1_58_1","unstructured":"Responders.NU October 2022. https:\/\/deadbolt.responders.nu\/."},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-39884-1_2"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-44774-1_1"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"crossref","first-page":"345","DOI":"10.1007\/978-3-319-11212-1_20","volume-title":"Computer Security - ESORICS 2014","author":"Ruffing T.","year":"2014","unstructured":"T. Ruffing, P. Moreno-Sanchez, and A. Kate. Coinshuffle: Practical decentralized coin mixing for bitcoin. In Computer Security - ESORICS 2014, pages 345--364. Springer International Publishing, 2014."},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-45719-2_11"},{"key":"e_1_3_2_1_63_1","unstructured":"Shodan 2022. https:\/\/www.shodan.io\/."},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-45472-5_29"},{"key":"e_1_3_2_1_65_1","volume-title":"Analysis and Takeover of the Bitcoin-Coordinated Pony Malware. In ACM ASIA Conference on Computer and Communications Security","author":"Taniguchi T.","year":"2021","unstructured":"T. Taniguchi, H. Griffioen, and C. Doerr. Analysis and Takeover of the Bitcoin-Coordinated Pony Malware. In ACM ASIA Conference on Computer and Communications Security, 2021."},{"key":"e_1_3_2_1_66_1","volume-title":"October","author":"Team F. I.","year":"2022","unstructured":"F. I. Team. Conti Ransomware: The History Behind One of the World's Most Aggressive RaaS Groups, October 2022. https:\/\/flashpoint.io\/blog\/history-of-conti-ransomware."},{"key":"e_1_3_2_1_67_1","volume-title":"SoK: Cryptojacking Malware. In IEEE European Symposium on Security and Privacy","author":"Tekiner E.","year":"2021","unstructured":"E. Tekiner, A. Acar, A. S. Uluagac, E. Kirda, and A. A. Selcuk. SoK: Cryptojacking Malware. In IEEE European Symposium on Security and Privacy, 2021."},{"key":"e_1_3_2_1_68_1","volume-title":"Workshop on the Economics of Information Security","author":"Thomas K.","year":"2015","unstructured":"K. Thomas, D. Huang, D. Wang, E. Bursztein, C. Grier, T. J. Holt, C. Kruegel, D. McCoy, S. Savage, and G. Vigna. Framing dependencies introduced by underground commoditization. In Workshop on the Economics of Information Security, 2015."},{"key":"e_1_3_2_1_69_1","first-page":"4079","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"van de Laarschot J.","year":"2021","unstructured":"J. van de Laarschot and R. van Wegberg. Risky business? investigating the security practices of vendors on an online anonymous market using Ground-Truth data. In 30th USENIX Security Symposium (USENIX Security 21), pages 4079--4095. USENIX Association, Aug. 2021. https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/van-de-laarschot."},{"key":"e_1_3_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3449880"},{"key":"e_1_3_2_1_71_1","first-page":"98","article-title":"Characterizing Cryptocurrency Exchange Scams","author":"Xia P.","year":"2020","unstructured":"P. Xia, H. Wang, B. Zhang, R. Ji, B. Gao, L. Wu, X. Luo, and G. Xu. Characterizing Cryptocurrency Exchange Scams. Computers & Security, 98, 2020.","journal-title":"Computers & Security"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Copenhagen Denmark","acronym":"CCS '23"},"container-title":["Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623094","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3576915.3623094","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,21]],"date-time":"2025-08-21T01:37:53Z","timestamp":1755740273000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3576915.3623094"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,15]]},"references-count":71,"alternative-id":["10.1145\/3576915.3623094","10.1145\/3576915"],"URL":"https:\/\/doi.org\/10.1145\/3576915.3623094","relation":{},"subject":[],"published":{"date-parts":[[2023,11,15]]},"assertion":[{"value":"2023-11-21","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}