Skip to content
Naked Security Naked Security

Bitcoin’s blockchain tainted with links to child abuse imagery

Are there legal landmines engraved into the Bitcoin blockchain?

Researchers from Germany’s RWTH Aachen and Goethe universities claim to have discovered links to child abuse images embedded within the Bitcoin blockchain.
The links were uncovered during an analysis of the non-financial content that users have knitted into the blockchain.
The blockchain is a ledger that records of all of the Bitcoin transactions that have ever taken place and it’s designed to make deletion of data a nearly-impossible task.
It does this by making sure that every one of the ten thousand or so Bitcoin node operators (individuals or organisations who validate bitcoin transactions and blocks) has a complete copy of it.
There are node operators all around the world, in many different legal jurisdictions.
The researchers believe that the presence of the non-financial content they’ve discovered, and the absence of barriers preventing something even worse, could make possession of the blockchain illegal:

While most of this content is harmless, there is also content to be considered objectionable in many jurisdictions, e.g., the depiction of nudity of a young woman or hundreds of links to child pornography. As a result, it could become illegal (or even already is today) to possess the blockchain

Although court rulings do not yet exist, legislative texts from countries such as Germany, the UK, or the USA suggest that illegal content such as child pornography can make the blockchain illegal to possess for all users

As of now, this can affect at least 112 countries … This especially endangers the multi-billion dollar markets powering cryptocurrencies such as Bitcoin.

The ability to store non-financial data is part of Bitcoin’s design.
The researchers’ search through Bitcoin’s stash of non-financial data uncovered 274 links to websites hosting images of child abuse, of which 142 were so-called Dark Web sites (Tor hidden services). They also discovered an image embedded into the blockchain that depicts “mild nudity of a young woman” whose age is uncertain.
Alongside the links and images, they also claim to have uncovered a bizarre collection of other digital artefacts – discoveries that highlight the pros, cons and potential for legal landmines that this kind of storage creates.
The following items are just some of the things lurking inside every single copy of the blockchain:

  • A pair of leaked cryptographic keys
  • Software for breaking the copy protection of DVDs
  • The text of a book
  • A cross-site scripting detector designed to detect XSS vulnerabilities in online blockchain parsers (which demonstrates the potential for embedding parser-exploiting malware directly into the blockchain);
  • Wedding photos
  • Emails
  • Chat logs
  • Personally identifiable information including phone numbers, addresses, bank accounts and passwords
  • A backup of the WikiLeaks “cablegate” data

It’s a collection that raises questions (different questions, in different parts of the globe) about intellectual property, copyright, data privacy and data retention.
For example, in the European Union individuals have a right to ask for their personal data to be deleted if it’s not needed, or if it has been used unlawfully.
How will that work on an ownerless system that’s designed to be the digital equivalent of engraved stone tablets?
Deleting things from the blockchain isn’t impossible, but it is extremely hard (which is, of course, entirely the point) because every block of transactions is cryptographically linked to the blocks that came before it.
In order to delete some unwanted data from the blockchain, 51% of the nodes on the Bitcoin network would have to agree to the deletion, and then recalculate all of the blocks that had been added to the blockchain after the original insertion of unwanted content.
If you want to delete something that was added two years ago then 51% of the nodes on the network have to redo two years’ worth of transactions (that’s a number in the hundreds of thousands).
And they can’t share the work of that recalculation between them – all of the nodes, thousands of them, would each need to redo all of that work independently.
Bitcoin bookkeeping is designed to be really hard work for computers, and the global Bitcoin network already consumes a vast amount of electricity just keeping up with business as usual (estimates go as high as 30 TWh per year).
For Bitcoin users, breathless analysts and blockchain-based startups, the technology’s lack of central control is a blessing. For node operators, it could yet prove to be the opposite.


Bitcoin “bookkeeping” – 3 consecutive double letters. Can’t think of another work that does this. interesting article btw


Thanks, that was interesting. The deleting of information made me wonder about Bitcoin nodes. How often are new nodes added? is it possible that data could never be deleted because nodes would be added changing the number of nodes agreeing to the delete from 51% back down to 50% during the recalculate?


Anyone can set up a node so, yes, the number of nodes could fluctuate. I think trying to do something like this in an ad-hoc fashion would be an enormous risk.
Pulling off this kind of deletion would require a considerable amount of coordination (of the kind that’s been seen in cryptocurrency hard forks before), an enormous commitment of additional computing power and maybe a change to the software itself to prevent backsliding or accidents.


The world has more important things to worry about than “nudity of a young woman”, that doesnt sound like child porn at all.


Except where that may make the whole chain illegal to hold for anyone in some countries. what use is the Blockchain if it can only be held in a rogue states.
It’s also an interesting form of DOS. Set up a blockchain ledger and then disable it by entering information which is illegal and infeasible to remove. It doesn’t even need to be criminal. Just put in your own personal information then demand it’s removal in Europe.


So, if enough time passes some things really become undeletable within the blockchain? I mean at some point it would just be too much effort to recalculate all that came before, wouldn’t it?


That’s the whole idea – once you have consensus on block N, you’ve essentially locked in blocks N-1, N-2 and so on.


Under some jurisdictions, just linking to illegal content is not against law per se. Embedding a full child porn image would be. Let’s see how long it takes for someone to make that happen.


Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?
You’re now subscribed!