With the rise in popularity of cryptocurrency and blockchain technologies, there many misunderstood facts in circulation about the technologies. One of the most widely believed myths is that cryptocurrency is a completely anonymous form of payment. While cryptocurrencies such as bitcoin can be more private than some traditional forms of currency and banking, they are far from anonymous; in fact, many would be surprised to learn that bitcoin transactions are publicly viewable. You can look at the transactions yourself, with the right tools and introductory knowledge of Blockchain Analysis.
Bitcoin is technically pseudonymous, in the sense that every bitcoin transaction is able to be seen online, however attribution to an individual actor is not known by default. At a basic level, you can see that ‘Subject A’ sent 1 bitcoin to ‘Subject B’, but you don’t know if ‘Subject A’ is your neighbor, a bank, or a foreign country. What is hidden from public view are the real identities behind the transactions. When address ownership is revealed willingly (or unwillingly in the case of cyber indictments, social media leakage, OSINT investigations, ect), you can understand the intricacies of the transactions. With the help of Blockchain Analysis tools, anyone can see when and how much bitcoin is sent around the world.
Blockchain Analysis is the process of understanding cryptocurrency transactions with specially designed web applications and proprietary software. Each type of cryptocurrency uses a different underlying blockchain technology, meaning that blockchain analysis techniques are slightly different depending on the cryptocurrency being analyzed. In this tutorial, I will describe how to conduct Blockchain Analysis for bitcoin. Future tutorials will focus on other cryptocurrencies such as Ethereum and Monero.These methods have been used to track illicit finance, terrorist organizations, and even foreign intelligence services. Once you’re comfortable with these techniques, you can start analyzing transactions to become a crypto sleuth.
When examining the blockchain, you first require a blockchain explorer. There are almost as many blockchain explorer tools as there are cryptocurrencies; some explorers are built for one cryptocurrency, while others can handle a few different ones. Luckily, many of these are free and easy to operate. Some of the most widely used bitcoin blockchain explorers are Blockchain.info and Blockexplorer. For this tutorial we will use Blockchain.info.
The second thing you’ll need is a bitcoin address to analyze. An address is the identifier for where bitcoins are both sent and received from. When a subject sends someone else bitcoin, they send it to a particular address. You can think of the address as a wallet that a person or entity owns. They can use this address to make or receive deposits, and to transfer bitcoin to other wallets. A person can have one or many different bitcoin addresses. For this tutorial we will use the bitcoin address owned by Linux-Mint, “13JszmQDACVvb6XxPwEb1TzzCyoooQ9WKH”. Linux-Mint is a community driven, open source software development organization that accepts bitcoin donations to help cover the cost of development and upkeep.
To start the blockchain analysis, open up the Blockchain.info explorer in a new tab. Copy the bitcoin address and paste it into the search bar in the center of the explorer. Before you search, open the drop-down menu titled ‘All Blockchains’ and select bitcoin. Now hit ‘Search.’
The resulting landing page has two main sections, the first being the summary table at the top. This table includes basic information about the address like hash, number of transactions, total bitcoins received and final balance. You will also find the QR code of the bitcoin address, which is another way to visualize the bitcoin address. As of this article, the Linux-Mint address has 129 transactions amounting to $ 6,007.73 USD worth of bitcoin donations.
Below the Transaction Summary, you will find a detailed list of each transaction. Depending on how active the bitcoin address has been, this might be several pages long. Let’s take a look at what’s included in the transaction’s history.
Each transaction shows the transaction hash, sending and receiving addresses, directionality indicator, transaction amount, as well as date and time. The transaction hash is an identifying number unique to each transaction. On Blockchain.info it’s located at the top of the transaction. Below the hash on the left is the sending address. Depending on the type of transaction, there can be many different sending addresses. Addresses in blue are hyperlinked and clicking on the link will take you to another page to explore the transactions of that address.
Immediately to the right is the directional indicator. A green arrow shows an incoming transaction; incoming refers to bitcoin flowing into the original address you searched for. A red arrow indicates outgoing bitcoin transactions, where the address is sending bitcoins somewhere else. These transactions will always have your original address on the left, and the ‘sent to’ address on the right.
On the far right you’ll find more details including the time and date of the transaction, and the amount of bitcoin. By default, Blockchain.info shows the transactions by amount of bitcoin. If you would like to view transactions by other currencies such as USD or British pound, you can do so at the bottom of the page. Scroll to the bottom right until you see the drop-down menus for language and currency. Open the drop-down menu and select the currency you’d like to use.
Many blockchain explorers allow you to customize how you view transactions. There are several ways to do so on blockchain.info. At the top right of the transactions section there is a drop-down menu that allows filtering by directionality and confirmation. If you are just interested in the dates and times an entity withdrew bitcoins, you can select the ‘sent’ filter.
Block explorer are great tools to understand bitcoin transactions, but they are just the beginning of blockchain analysis. Once you are comfortable with the explorer, you can start trying more advanced techniques. Modeling tools like Maltego and Analyst Notebook can show visual representations of transactions, making it easy to determine trends and patterns. What’s more, once you have identified that an entity owns a particular address, you can learn more about who they transact with. Did an entity pay a ransomware hacker in bitcoin? You can also use online tools to download bitcoin transactions and import them into Excel or Tableau Importing these files into programs like Excel or Tableau allows you to further drill down into the blockchain. These methods will be covered in future tutorials.
Article by Tyler Butler, Editing by Cole Iafolla