In this article, we will illustrate how to use blockchain explorers and OSINT (Open-source intelligence) tools to investigate cryptocurrency crimes.
1. Establishing A Timeline Of Events
To start investigating cryptocurrencies, the fundamentals of gathering and organizing sources of information is essential for any investigator.
As part of any investigation, the analyst should be listing numerous questions for the purposes of information gathering and problem-solving.
The Five Ws (questions) would be:
Generally, the subject, place, and incentive need to be considered and reviewed.
With regard to building a case, law enforcement agencies will typically prefer organizing information by establishing a timeline with a series of events.
Organizing is vital in any type of investigation or scholarly research since it can drastically improve clarity and coherence.
Every section of a case file should indicate a distinct action, along with supporting evidence that may be added subsequently.
With clarity and coherence, errors are minimized, and successful identification of the suspect in a cryptocurrency investigation may potentially be higher.
2. Using Blockchain Explorers To Analyze Wallet Addresses
In cryptocurrency investigations, blockchain ledgers play a significant role as they comprise a large number of gigabytes of illegible information.
To render it simpler to comprehend and make sense of the information, investigators may use blockchain explorers (Wallet explorers) to conduct transaction analysis on wallet addresses and transactions.
Blockchain explorers permit crypto analysts to explore the latest blocks, transactions, public addresses, and other valuable information. Additionally, blockchain explorers permit analysts to observe the input/output of each transaction, the fees related to that particular transaction, and the number of confirmations received.
Transaction analysis is crucial in cryptocurrency investigations since it not merely permits investigators to follow the money, but also determine the source and what sort of tools the suspect employed.
Analyzing a crypto transaction involves utilizing a blockchain analysis tool such as a blockchain explorer.
A thorough investigation of a blockchain address includes pinpointing accounts that belong to the same owner, which is referred to as clustering.
Wallet explorers may assist an analyst in finding out a wallet’s balance, value, and thorough record of transactions. Whereas using blockchain analysis tools will permit investigators to further investigate associated addresses and disclose patterns or dubious correlations.
Hence, analyzing and organizing involves examining more closely the information publicly available and how it can take place with time, amount, consistency, and destination of transactions.
Moreover, blockchain explorers are convenient since they permit crypto investigators to just type in the wallet address in the search bar of a wallet explorer without needing to log in to an application to check balances or transactions.
Therefore, examining addresses may grant analysts practically everything they require to understand the address, including information such as the transactions’ hash and values, wallet balance, what sort of tokens are retained and with which relative amount.
In the event that a wallet address is routinely receiving and sending funds from/to several sources, this can signify that it is either a cryptocurrency exchange or a mixing service deployed for concealing the source of the funds.
Blockchain transactions are simple to track in the case of public ledgers like Bitcoin or Ethereum.
Wallet explorers usually update in real-time the notable details of each transaction, comprising:
- TxHash: The transaction ID which serves as a way to look up a particular transaction on the blockchain.
- Block Height: The block number in which the transaction occurred.
- From/To: The sender’s address and the recipient’s address.
- Time Stamp: Each block includes the precise time for when the transaction entered the blockchain. Thus, the time the block was mined.
- Actual Tx Cost/Fee: The price of the transaction.
- TxReceipt Status: Confirmation of the transaction’s status. In other words, was the transaction successful?
- Value: How much cryptocurrency was sent and the equivalent USD value.
Therefore, utilizing such information, an analyst may discover plenty of other valuable information for their investigation.
For example, the sender’s wallet address along with the recipient’s wallet address (From/To) and quantities may demonstrate an evident connection between various wallets. Furthermore, the information is pivotal for collectively clustering addresses belonging to the same individual.
Hypothetically, investigators may track the entire history of transactions until they reach the initial account holder. However, regular transaction analysis is unable to draw correlations between the originating and receiving addresses when cryptocurrency mixers have been deployed.
More sophisticated investigative analytic methods are required to fingerprint the usage of cryptocurrency mixing services. Such methods could potentially reveal detectable patterns in the techniques used by mixing services.
3. Deploying OSINT (Open-source intelligence) Tools
Cryptocurrency investigators will not only deploy wallet explorers for investigating financial crimes, but also employ additional open-source intelligence tools (OSINT) for uncovering related emails, locations, social media sources, and other relevant information as part of investigations.
In addition, analysts will look for news articles from top tier cryptocurrency media websites to enhance their overall crypto knowledge and stay informed.
Analysts will also look into social networks for disclosures of blockchain addresses and other clues that may assist them in their investigations.
Furthermore, investigators will conduct searches on popular search engines like Google, Bing, and Yahoo.
4. Determining The Next Steps
After investigators have identified the individual behind the crypto crime, they should proceed by summarizing the findings in the case file.
The finalized dossier may subsequently be presented to law enforcement agencies for purposes of proceeding with any litigation processes. Alternatively, investigators may communicate directly with the individual responsible in an attempt to recover funds.