The Basics of OSINT for Cryptocurrency Investigation: Part 1
New to cryptocurrencies? Learn to investigate addresses step-by-step, from blockchain explorers to scam databases in our beginner's guide.
If you know nothing about cryptocurrencies, you can still investigate them with some basic background knowledge. This will be the first in a series of articles that will educate readers on how to investigate cryptocurrency.
Very Basic Background on Cryptocurrency
Cryptocurrencies exist only online. A person owning cryptocurrency will have an “address” that contains the currency. The address is generally a unique long series of numbers and letters. Each address has one owner.
The owner can have a “wallet” containing several addresses. Crypto addresses, the amount of currencies held in them, and the financial transactions of cryptocurrencies are all publicly viewable. The name of the person or entity that owns the address is not public.
Therefore, the available public information generally consists of the addresses and the amounts of currency passing between them. A “blockchain” can be understood as a kind of public list of cryptocurrency data (the addresses, how much they own, and every transaction).
(Crypto experts will chafe at that reductive description; please let it go.)
There are thousands of different kinds of cryptocurrencies, but the two main currencies are Bitcoin and Ethereum. As of 2023, the cryptocurrency Bitcoin made up roughly half the market share of the entire crypto market and Ethereum roughly one-fifth (based on information from slickcharts.com). The next largest currencies’ market shares drop precipitously from there. Much of the information here focuses on these two currencies that are most of the market.
Basic Investigation of Crypto Addresses
It is possible to do a basic investigation into a cryptocurrency address by looking for information about the address itself (whereas a more advanced investigation can look into the address's activities and connections).
Blockchain Explorer Websites
Blockchain explorer websites can look up addresses and crypto transactions. You can use these sites to look up basic information about an address by simply copying and pasting the address into the website’s search bar.
Each explorer contains the following information about the crypto address: current balance, total number of received and spent cryptocurrencies, and dates of the first and last transactions.
These sites will sometimes identify if an address is known to belong to a financial organization, criminal group, or other known entity.
- blockchair.com
- etherscan.io
- oxt.me
- walletexplorer.com
General Internet Searches
Do a general internet search for the address. By default, the address should only be listed on blockchain explorer websites, so if the address is listed anywhere else, there might be interesting information there. Google the address number followed by “-block” (without the quotes) to filter out unnecessary results. If you search the address alone, you will get a lot of results that are simply blockchain explorer websites listing the address’s basic profile, which is not what we are looking for here.
A great search tool is:
https://inteltechniques.com/tools/Currencies.html
To search for a connection between two addresses:
https://learnmeabitcoin.com/tools/path/
Crypto Address Databases
Several websites have databases of crypto addresses reportedly involved in scams. The sites’ main function is to let people search for an address that was changed in a scam, hack, or other suspicious activity. The scam reports are crowd-sourced; anyone can report an address and submit it to the database.
Many of the sites will broadly collect all sorts of identifying information on addresses. Therefore, it is worth using these sites to seek out additional address information.
The primary sites are:
- Bitcoin Who’s Who –https://www.bitcoinwhoswho.com/
- A tool to identify cryptocurrency holders, associates, and financial histories.
- Insights into address owners and known scams linked to specific addresses.
- A directory of addresses was reported as being involved in scams.
- Bitcoin Abuse – https://www.bitcoinabuse.com/
- A website with independent information on reported Bitcoin abuses.
- Provides details about alleged scammers and fraudulent activities.
- Reports often include an email address used by the scammer.
- ScamSearch – https://scamsearch.io/#anchorCeckNow
- A crowd-sourced scam reports database linked to cryptocurrency.
- Provides details about reported scams associated with search terms.
- Lists known reported details associated with the search term
Additional sites include:
- https://checkbitcoinaddress.com/
- https://bitcoinais.com/
- https://ransomwhe.re/
- https://www.chainabuse.com/
- https://scam-alert.io/
- https://cryptscam.com/
Read the next part: How I Research a Bitcoin Wallet's Past