The dark web has emerged as the state-of-the-art solution for enhanced anonymity. Just like a double-edged sword, it also inadvertently becomes the safety net and breeding ground for illicit activities. Among them, cryptocurrencies have been prevalently abused to receive illicit income while evading regulations. Despite the continuing efforts to combat illicit activities, there is still a lack of an in-depth understanding regarding the characteristics and dynamics of cryptocurrency abuses on the dark web. In this work, we conduct a multi-dimensional and systematic study to track cryptocurrency-related illicit activities and campaigns on the dark web. We first harvest a dataset of 4,923 cryptocurrency-related onion sites with over 130K pages. Then, we detect and extract the illicit blockchain transactions to characterize the cryptocurrency abuses, targeting features from single/clustered addresses and illicit campaigns. Throughout our study, we have identified 2,564 illicit sites with 1,189 illicit blockchain addresses, which account for 90.8 BTC in revenue. Based on their inner connections, we further identify 66 campaigns behind them. Our exploration suggests that illicit activities on the dark web have strong correlations, which can guide us to identify new illicit blockchain addresses and onions, and raise alarms at the early stage of their deployment.

翻译：暗网作为增强匿名性的前沿解决方案，如同双刃剑一般，在无意中成为非法活动的庇护所与温床。其中，加密货币被普遍滥用以收取非法收入并规避监管。尽管持续开展打击非法活动的努力，但关于暗网加密货币滥用特征与动态的深入理解仍显不足。本研究采用多维系统化方法追踪暗网上与加密货币相关的非法活动与活动链条。我们首先采集包含4,923个加密货币相关洋葱站点及超130K页面的数据集，继而检测并提取非法区块链交易以刻画加密货币滥用特征，聚焦于单/聚合地址与非法活动的特征分析。研究过程中，我们识别出2,564个非法站点与1,189个非法区块链地址，产生90.8 BTC的非法收益。基于内部关联性，进一步锁定其背后的66个活动链条。研究表明暗网非法活动存在强关联性，这种关联性可指导我们识别新型非法区块链地址与洋葱站点，并在其部署早期阶段触发预警。