Sign in to follow this  

Using Publicly Available Information Sources to Deanonymize Cryptocurrency Wallets

Recommended Posts

From a legal point of view, cryptocurrency can be defined as property in electronic form, created using cryptographic means, and recorded in a distributed register of digital transactions in accordance with the established rules of its management.

From a technical point of view, cryptocurrency is a distributed, open-source peer-to-peer virtual currency based on mathematical principles, when using which there is no centralized administrator, as well as appropriate control and supervision by government agencies or other third parties.

Cryptocurrencies have significant differences from the usual financial transactions. They do not require a centralized regulator or issuer. At the same time, all cryptocurrency transactions are public and are reflected in a special register - the blockchain. At the same time, there is no data on the actual owner of a particular cryptocurrency wallet in the blockchain. He is anonymous, and also has the ability to actually create an unlimited number of unique addresses to the wallet.

The existing methodology of deanonymization of cryptocurrency transactions involves tracking the entire chain of their commission from the moment of the payment under study to the proposed exchange of cryptocurrency for "fiat money" through cryptocurrency exchanges, in an exchanger or ATM.

Regular blockchain browsers can be used to collect data on crypto wallets and track their transactions:
As well as universal reviewers:
The latter make it possible to conduct a more thorough analysis and study several cryptocurrencies in one service. Browsers store the following information about completed transactions:

date and time of the transaction the
addresses of the sender's and recipient's cryptocurrency wallets
the amount of the transferred cryptocurrency the
fee for the transaction and the hash (serving as proof of the transaction and used to verify it)
The disadvantages of such browsers include: the lack of built-in systems for visual representation and analysis of transactions, the inability to set up a crypto wallet for control (tracking), as well as the inability to automatically assign the studied crypto wallets to known entities (individuals, projects, exchanges, mixers, etc.).

In part, these shortcomings can be offset by the use of free software. So a visual representation of cryptocurrency transactions can be organized using the services:
Also, the Maltego software package used in our company is suitable for such studies. Tracking the activity of crypto wallets is possible when using solutions such as: or .

Now that we are able to lay out transactions in a virtual environment, it is necessary to proceed to the study of the question of attributing each specific crypto wallet to known entities.

The first thing that comes to mind here is the use of Google's regular search capabilities. The proof confirming the fact of owning a crypto wallet may be the indication of the address of the cryptocurrency wallet as a payment system on a website, social network, messenger, blog or forum. Such data can be detected by Google search engines.

Of particular interest is the use of Google Dorks.

For example, the search query [address of the crypto wallet -block] allows you to clean the output, excluding most of the blockchain browsers from it.

Request [ the address of the crypto wallet] allows you to search for information about the crypto wallet on the selected site.

Request [site: Bounty intext:" "] makes it possible to find lists of identified crypto wallets involved in Bug Bounty programs.

The use of search engines allows us to detect a bundle of the address of a cryptocurrency wallet with other identifiers that may be useful to us to identify its user.

These identifiers include:

name or nickname email
phone number
user ID in a social network or messenger
photo website
other digital assets, etc.
Search for matches by name is possible in the service, by nickname in: or

Identification of the user's photo can be carried out by following the links:

Identification of contacts of site owners and domain names is possible when using sites such as:
WHOIS data, including archived data, is available on the resources:

Analysis of advertising identifiers - using services:

The mobile phone number and email address of the owner of the crypto asset can be identified using the services Telepoisk, Infosphere, NEO, Prima Inform, IDX, Spectrum Data and a number of others.

Next, information about crypto wallets should be searched on the "otzoviki".

They are interesting because they aggregate data on the use of wallets in illegal activities. These services include:

In part, we can also refer to the "otzoviki" service, which allows you to conduct a scoring evaluation of a crypto wallet.

And you can check whether a crypto wallet belongs to an exchange, an exchanger or another entity using resources such as:
In the end, it is worth noting that the detection of exchanges and exchangers in the transaction chains is extremely important, because as part of the KYC/AML procedure (in Russia AML /FT), crypto exchanges have committed themselves to identify their users and transmit information about them at the motivated request of law enforcement agencies or the court.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this