OSINT Methodology for Cryptocurrency

This blog post comes from the “Tracking Threat Actors on Blockchain” by the Brandefense Research Team. For more details about the analysis, download the report.

Introduction

A “blockchain” is a decentralized database in which a number of computers communicate with each other on a distributed basis. All transactions that take place in this database are recorded in groups of data called “blocks”. Each block has a unique ID (“Block hash value”) that, together with the previous block, forms a chain, and all blocks contain the full transaction history.

Every blockchain network has specific conditions for the creation of a block.

In Ethereum, block formation adheres to a target time frame, typically aimed at an average of 12 seconds. However, this duration can vary depending on network congestion and transaction demands. The number of transactions that can be included in blocks is determined by a concept expressed as “gas.” Gas is a unit in the Ethereum network that measures the computational and resource use of executing a transaction. Each transaction consumes a specific amount of gas, and the amount of gas consumed can vary based on the complexity of the transaction and the computational resources required. Each block has a targeted size of 15 million gas, which means miners aim to fit transactions up to a total of 15 million gas into a block. However, based on network demands, the block size can expand up to a maximum limit of 30 million gas

In Bitcoin, a block is formed by completing a 10-minute duration or when the block size reaches 1 MB.

Since all computers in a blockchain network have a copy of the blockchain ledger, they can verify any transaction that takes place on the blockchain. This means that all participants in the blockchain network can verify transactions without the need for a central authority or intermediary. This way, everyone involved in the blockchain network can be sure that any transaction on the blockchain network has not been altered.

In the blockchain, transactions are verified by mathematical operations performed by many computers in the network. As a result of these operations, it is very difficult to change the transaction history. Therefore, instead of relying on a centralized authority, the blockchain network creates a secure database in a decentralized way.

A blockchain network uses public key cryptography. Each user has a public key and a private key. The public key is the key used to authenticate transactions, while the private key is the key that allows the user to make transactions.

Blockchains work in an open and transparent way, allowing anyone to track transactions and blocks. Blockchains record each transaction as a block, and each of these blocks references the previous block. This creates a chain between blocks, and when any block is changed, the rest of the blocks in the chain are also changed. This increases the security of blockchains.

Many blockchain technologies provide explorers to track blocks and transactions. For example, blockchain.com for Bitcoin, etherscan.io for Ethereum, and Hyperledger Explorer explorer for IBM Hyperledger Fabric (used to provide enterprise solutions and is open source) can view real-time transactions and blocks on blockchains.

Figure 1: Informationonblock780126ofBitcoin[1].

Most blockchain technologies provide as much transparency as they provide anonymity to users. Using Explorer, we can view “every transaction” that happens on the blockchain.

There are two different ways to use Explorer. The first is to rely on third-party sources such as Etherscan.io and Blockchain.com. The second is to become an archive node of a blockchain and view the transactions on your own computer. The sites Etherscan.io and Blockchain.com are able to provide this information because they are archive nodes. The second option is the most reliable and accurate, but it requires running or designing a local explorer to view the data. Since not all blockchain technologies are the same, different explorers are required for different blockchain technologies.

In the world of blockchains and cryptocurrency, there are blockchain technologies that are both traceable and nearly impossible to trace.

This blog post comes from the “Tracking Threat Actors on Blockchain” by the Brandefense Research Team. For more details about the analysis, download the report.