Trace the Untraceable
Cryptocurrency investigations will start with an address or multiple addresses of some kind. These addresses can be public addresses of a person of interest; it could be a private key that was recovered on the scene of an incident or exported from a wallet or a transaction ID related to a transaction of interest.
Once you have your starting point, you want to gain as much information about the address(es) as possible. The information may include transaction activity, other related addresses, usage statistics, clustering with different addresses. Different sites can provide various types of information in different formats. Depending on the investigation, monitoring the address for new activity may be required if it is ongoing. Several sites will allow the monitoring of addresses for further activity. The website blockonomics allows for email notifications for wallet changes. The site requires a login; however, it is a free service.
The majority of the work doing investigations involving cryptocurrency is tracking transactions. Tracking the transactions can become confusing because the addresses and transaction IDs are randomized alphanumeric characters that can be difficult to follow and lose track of what belongs to who. It is easy to get lost in the blockchain, following transaction chains, and forget where you started and how you got to where you are in the chain. Take thorough notes, use screen recording software. As you were following the transactions, take your time, document everything, understand each transaction before moving on to the next step of the chain. There are several blockchain explorer sites and programs available. You can also use visualization websites and or software to help make sense of what seems to be a tangled web.
When the smoke clears, the result an investigator is looking for is to identify a person, criminal enterprise, or organization that maintains the addresses or is responsible for the transactions that are under investigation. Because of how cryptocurrencies work and their decentralized and pseudo-anonymous nature, this can be challenging and, in some circumstances, impossible. One of the best tactics to reveal the identity behind an address is tracking transactions from and to a known cooperative organization. These entities can be exchanges, tumbling sites, or legitimate known traders. At this point, a judicially signed legal process can be served on the service, requesting information concerning addresses or transactions that are under investigation. The investigative process is recurring: you start with one address or transaction ID, that address or ID will lead to others, and the process begins again. In the end, the digital currency will hopefully wind up at an exchange, cashed out to another medium, and traced to an individual or group.
Post your comment on this topic.