Abstract: Today there are hundreds of exchange portals it is getting even easier with new apps coming and old ones gathering more crowd every day. Regulators are struggling with how to provide consumer safety with these companies in addition to now looking at decentralized exchanges and crypto companies or banks to crypto exchanges.
We will talk about how to investigate better with OSINT tools and open source information to find the best lead to the attacker or fraud behind the act.
What are bitcoins & cryptocurrencies?
mainly was founded by Satoshi Nakamoto, who quotes “ is a new electronic cash system that uses a peer-to-peer network to prevent double-spending. It’s completely decentralized with no server or central authority.”
After years of failure on the different approach to centralized financial system the functions and security has its limitations like double spending the same user or the system makes the transaction twice, there are methods to overcome those like using a third party verifier who also stores transaction logs and ID’s to verify each transactions Satoshi developed a new form of peer-to-peer based system which is decentralized and has the power to overcome the centralized systems limitations. This new system uses a network to transact and process data.
In network each transaction data will contain sender’s and recipient’s public keys basically their addresses and the amount of coins to be transferred. The sender should sign the transaction with this private key. Each transaction done is logged in the public of the . Once the transaction is signed the data is not directly transferred to the network inturn to goes to the “miners Within a network, only miners can confirm transactions by solving a cryptographic riddles. They take transactions, mark them as legitimate and spread them across the network. Afterwards, every node of the network adds it to its database and the transaction is confirmed it becomes unforgeable and irreversible and a miner receives a reward, plus the transaction fees. Now in 2019 according to investing.com there are around 2525 different types of . Each market values varies according to the availability and the difficulty to crack the cryptographic puzzle. As of March 2019 is priced around $3995.5 per .
So You’ve given a Solution to a problem so what’s the harm?
As these ’s provide anonymity as a part of the security protocol these can be used by money laundering scammers, Terrorism funding, Drugs dealing and more unethical/illegal fraudulent transactions as these transactions tend to stay anonymous and there is not many technology built to investigate these platforms.
What is OSINT?
Open-source intelligence (OSINT) is data collected from publicly available sources to be used in an intelligence context, these data are used by researchers, journalists, pen testers & hackers to find confidential publicly available information on the Clearnet and Darknet.
INVESTIGATING BITCOINS TRANSACTIONS USING OSINT
Ps Note: This article is only for educational purpose and there will be no explanation on how to track to origin the owner. Unlike normal money transactions which are not logged anywhere who sent who the money bitcoins are logged in a public and we are going to discuss how to find this information using osint.
Tools used for analysis:
– Explorer:
– Tor Browser:
– Maltego —
-Wallet Explorer —
1. Url of the site which carried the funding Islamic state address: jihadlove5xhyfw3.onion
2. Use the Onion address to feed into the maltego transform and scan for information. We found a address attached to this site ‘1FmLPWZjru5njVmzDV9wgzJqnMbuJUWs36’
3. Maltego plugin gives addresses of different wallets where the transactions have been logged in the public and also the transaction hashes.
We can tell a number of things just from one address, such as:
– How many transactions have taken place
– Where money has come from and how much
– Where money has been sent and how much
– A historical timeline of transactions
– And other associated addresses in that
4. We use explorer to see the transactions
Now we see there are about 6 transactions to this . Totaling around 0.0915088 .
If I browse the Transactions we see a certain transaction starting with ‘6b172’
All the other transactions are normal with sender’s address and the receivers address but this transaction ‘6b172’ has multiple sender’s address because the sender used a technique of evasion to logging by using something called ‘-mixer’ these mixers populate the with fake and real addresses so that the real transaction wont be noticed. The end address might be a mixer service address or the anonymizer address.
For many vendors on the dark web, a mixing service, or tumbler, guarantees anonymity as it essentially scrambles the addresses and the payments made — perfect for illegal vendors and scammers, not for law enforcement.
Are there any Mixers Services that I can find easily?
Yes there is :
What do they do?
When you send your coins to BestMixer.io, they are entered into a pool of coins along with those of other depositors. Our mixing engine then tumbles your coins along with the others in the pool. The coins you receive as a result are made up of bits from many different sources, thereby scrambling their origins and making them untraceable
Coming back to our investigation, We go to a website called: where we can see the detailed analysis of this , Account balance, date and ID of the transaction.
When we analyze each transaction in explorer we can see that transaction ID ‘4156’ & ‘91cf’ the owner of the : ‘1FmLPWZjru5njVmzDV9wgzJqnMbuJUWs36’ is forwarding the bitcoins to one more account, this might be the primary address of the owner.
This account has a total of 472,438.23785633 totaling around 1,87,57,92,401.50 United States Dollar
Conclusion: The address is used by a scam group called ‘DOUBLE YOUR BITCOINS’ which is a famous scam and here we can conclude that saying the primary address which we found belongs to this group. Now that we have identified the scammers we can perform social engineering attacks or any other penetration tests on the email or phone numbers found on the open source information.
The jihad fund website uses such scamming programs to generate revenue they have also been known to use ransomware campaigns to get funding.
Twitter: /
Published at Mon, 25 Mar 2019 06:10:02 +0000
