OSINT investigations are starting to get interesting. I love to see how many different applications OSINT has in the realm of investigations. I’ve recently read all the articles posted by Benjamin Strick on Medium. He uses OSINT to investigate people, groups, or events by tracking them through the blockchain. Bitcoin is the most popular cryptocurrency and it is notoriously used by criminals of all stripes. Due to the supposedly anonymous nature of Bitcoin, despite it having a public ledger, it’s obvious why it attracts people who don’t want their money traced. This post will discuss how you can get started investigating the blockchain using OSINT. I’ll go over the tools and tactics current investigators are using as well as a few Bitcoin wallet addresses you can use to practice.
Examples of OSINT Investigations of the Blockchain
As mentioned before, Benjamin Strick is one of the foremost members of the OSINT community who is focusing on the blockchain in his OSINT investigations. Here are a few of his articles demonstrating his process.
Tracing an offshore bank and a dark web service using the blockchain — an OSINT investigation
This article not only demonstrates how you can trace criminal activity through the blockchain, it also gives a pretty good introduction to the dark web and how to use it during your OSINT research. What you find through this research is a lot of relationships and mapped networks, leading to very useful intelligence. However, as Benjamin explains, there’s not much you can do with it unless parties with authority are willing to consider the evidence as credible.
Tracing a Jihadi cell, kidnappers and a scammer using the blockchain — an open source investigation
This article talks about the discovery of an odd relationship between a Jihadi cell and kidnappers in South Africa that are connected by the same bitcoin wallet address. This article is probably my favorite of the three that Strick writes due to the explanation of the tools he uses and his emphasis on using free tools. It’s a good place to start to not only understand the blockchain, but to learn more about OSINT and its applications.
Meet The World’s First Jihadi Cryptocurrency Crowdsource Site On The Dark Web: SadaqaCoins
This article talks about a crowdsourced website called SadaqaCoins, hosted on the dark web, that openly solicits funding for jihadist activity. Though none of these crowdsourced projects have been funding, you can use the bitcoin wallet addresses to practice the methods Benjamin uses and collect very useful intelligence.
Other than Strick, the only other active member of the OSINT community who has looked at the blockchain with an emphasis on OSINT is Justin Seitz. He primarily writes about Python and how you can use it to rapidly increase your OSINT capability. He also writes about Python and how you can use it to collect OSINT from the blockchain.
Follow the Bitcoin With Python, BlockExplorer and Webhose.io
This article shows you how you can build a tool that takes a currently known Bitcoin address, though it’s owner may be anonymous, and searches the dark web for any other instances of that Bitcoin address. If you have a baseline technical ability, I recommend building this tool and going through Strick’s process to find if any other useful information can be found that he may have missed!
Bitcoin Forensics – A Journey into the Dark Web – Source
Bitcoin Forensics Part II: The Secret Web Strikes Back – Source
Tools and Tactics for Blockchain Investigations Using OSINT
Bitcoin Who’s Who is a great way to start your Bitcoin investigation. It’ll provide you information such as if a bitcoin address has been affiliated with a scam or not. It’ll also provide you information that blockchain.info will not. It’ll also tell you how many times that bitcoin wallet has appeared on other websites. In my experience, this feature isn’t very accurate.
Wallet Explorer is probably the best way to visualize a Bitcoin address for analysis if you prefer a csv format. You can punch in a Bitcoin wallet, get the results, export the results to a csv and manipulate the data in whatever way you want.
OXT is a tool I found after searching for any tool that would visualize bitcoin transactions and networks. I haven’t seen it listed on any other OSINT related article, so I hope it will be a solid contribution to the OSINT community. This tool will visualize all of the transactions a Bitcoin wallet has into graphs and charts that are very handy for trend analysis.
Bitcoin Addresses Worth Following and Practicing OSINT on
Daily Stormer (alt-right publication)
A Very Rich, Mysterious Person or Persons (largest bitcoin wallet)