The Must-Have Crypto Tracing Techniques For 2023

Investigating cryptocurrency transactions can be complex and challenging due to the pseudonymous and decentralized nature of cryptocurrencies such as Bitcoin and Ether, as well as the structural differences in their blockchains. 

The role of investigators and law enforcement officers requires them to be ready to enforce the rule of law and investigate illegal activities related to cryptocurrency transactions, sometimes even identifying and handling crypto-related evidence.

Cryptocurrency provides more transparency over financial transactions than its traditional counterparts. Having said that, it is not always a straightforward job to associate a transaction or a wallet with an entity or an individual. 

Here’s why investigators must have a specific set of tools and techniques to combat crypto crime. 

Why Do You Need to Use Special Techniques to Investigate Crypto?

One of the most popular misunderstandings regarding blockchain transactions is that they are completely anonymous. In truth, law enforcement and independent sleuths may find an ally in the underlying blockchains that enable cryptocurrencies to work, which helps to de-anonymize and find leads on bad actors.

Bitcoin is the most popular cryptocurrency, and its blockchain is completely public. Investigators can access and view Bitcoin transaction data at any time. Within this data, there is a wealth of information that can help investigators find leads on their targets, such as transaction volumes and block times. That said, we calculated that 80% of crypto theft in 2022 involved the Ethereum blockchain, on which Ether is based.

There is other information that investigators will not find on the blockchain, however. Blockchains do not hold personally identifiable information (PII). Hence, investigators need a special set of tools and techniques to identify the entities behind different wallets and transactions.

Are you an investigator of cryptocurrency? Learn how attribution data can speed up and help close cases in QLUETM, the tool you need to solve crypto crime investigations faster.

Additionally, the lack of a central authority to regulate and monitor cryptocurrency transactions means that investigators may not always be able to tie a name to a suspicious wallet address. Unless the wallet is regulated and its provider retains KYC data on its owner, it is just a bunch of digits.

What are the Most Fundamental Crypto-Tracing Techniques?

There are 5 must-have crypto-tracing techniques that investigators need to learn.

      1. Crypto Transaction Tracing

    It is the primary skill investigators need to learn to solve cases involving crypto. It helps investigators follow the flow of funds between addresses in a blockchain. The process involves analyzing transaction metadata such as timestamps, amounts and addresses involved to build a hypothesis.

    Consider this example: A criminal organization uses two addresses, X and Y, to transfer funds. Address X receives funds from several sources and then sends the aggregated amount to address Y. By tracing the transactions between X and Y, an investigator can uncover the connections between the criminal organization and other entities in the network.

    “By adding QLUE to our investigations, & leveraging our tailored intelligence tactics, not only were we able to locate a wallet address totaling near 1 million dollars of stolen digital assets from a complex romance scam & fraudulent exchange platform; we were able to identify the country of origin, and the true identity of the bad actor involved. Once determined, we were able to negotiate with the bad actor directly to have their platform taken down, & the safe return of our client’s funds immediately. QLUE is absolutely vital to our blockchain investigations, & we are proud to use them exclusively.”

    Kyeson Utley, Cyber Intelligence & Operations, SpookyGood.

    Transaction tracing is especially useful to identify suspicious entities and impose sanctions where applicable. For instance, The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned the virtual currency mixer Tornado Cash after its involvement in more than US$7 billion worth of virtual currency.

    Transaction tracing proves to be a valuable tool in cryptocurrency investigations. By following the flow of funds, investigators can identify hidden relationships, detect suspicious activities and increase transparency in the cryptocurrency landscape.

        1. Address Clustering

      It is a critical technique for investigators to learn to group addresses that are likely to belong to the same person or entity based on patterns of activity within a cryptocurrency network. 

      Address Clustering Using QLUE. The graph shows a clustering example for a sample of addresses investigated using QLUE during the arkgift.com giveaway scam.

      By analyzing the patterns of activity associated with a particular set of addresses, investigators can uncover hidden relationships and connections between different entities in the network.

      The idea behind address clustering is that people often use a set of addresses for different transactions, rather than generating a new address for each transaction. By analyzing the patterns of activity associated with a particular set of addresses, investigators can infer that they are likely controlled by the same person or entity.

      The technique is based on various factors, including the frequency, amount and timing of transactions. For example, suppose we have three addresses: A, B, and C.

          • Address A receives several small transactions from different addresses, amounting to a total of 1000 units of cryptocurrency.

          • Address B sends a single large transaction of 5000 units of cryptocurrency to address C.

          • Address C receives the 5000-unit transaction from address B and sends several small transactions to different addresses, amounting to a total of 1000 units of cryptocurrency.

        Based on these transactions, we can infer that addresses A, B, and C are likely controlled by the same person or entity. This conclusion is based on the following factors:

            • The small transactions received by address A and the small transactions sent from address C follow a similar pattern, suggesting that they are used for similar purposes.

            • The large transaction from address B to address C suggests that there is a relationship between the two addresses.

            • The total amount of cryptocurrency moving between addresses A, B and C is consistent, suggesting that they are part of the same overall flow of funds.

          It’s important to note that address clustering is not a foolproof technique, as there may be legitimate reasons why two different people or entities would use similar patterns of activity. However, it remains a valuable tool for investigators seeking to improve transparency and detect suspicious activities in the cryptocurrency landscape.

              1. Graph Analysis

            Address clustering is often used in conjunction with other techniques, such as transaction tracing and graph analysis, to build a comprehensive picture of the flow of funds in a cryptocurrency network.

            Graph analysis is a visual representation of the flow of funds in a cryptocurrency network, with nodes representing addresses and edges representing transactions. By visualizing the network in this way, investigators can identify clusters, patterns and other insights into the movement of funds. Graph analysis is an effective tool for understanding the relationships between different addresses and transactions.

            For example, if two addresses are frequently used to send and receive funds in a similar pattern, graph analysis can efficiently and easily highlight this relationship and suggest that the addresses belong to the same person or entity. 

            Unlike typical blockchain analysis techniques where investigators resort to analyzing transaction volumes and timestamps, graph analysis can also be used to identify key players in a network and understand their role in the flow of funds. This information can be used to identify and target the most important entities in a network, improving the effectiveness of an investigation.

            QLUETM graph: our Mutant Ape Planet NFT scam graph analysis

            In the Mutant Ape Planet NFT scam analysis we conducted, QLUETM helped us, with its powerful visualization features, to identify the wallet addresses of the defrauders and the exchange where they deposited the stolen funds.

                1. Heuristics

              Heuristics involves best practices for finding patterns to identify suspicious activity in a cryptocurrency network. For example, if a large number of small transactions are made from one address to another, it could be a sign of money laundering. Heuristics are based on experience and knowledge of the cryptocurrency landscape and are a valuable starting point for further investigation.

                  1. Data Analysis

                As major thefts, money laundering operations and other large-scale crimes meet crypto, tracing funds may become insufficient. Data analysis is the study of patterns, relationships and anomalies in transaction information that could be key to closing cases of high complexity.

                Furthermore, in the event of financial crime or legal issues, transaction data may be used as evidence in court and legal proceedings. In 2022, QLUE™ evidence helped win 10s of millions in digital assets in 2 court cases. 

                The Norwegian company Adcudo made use of QLUE to uncover 220 Bitcoin and a mix of altcoins held in cold storage for half a decade – claimed to have been lost by an ex-husband. At its highest valuation in November 2021, a few months before the court date, the combined value of the cryptocurrencies surpassed US $15.000.000, making this the largest cryptocurrency case by monetary value to ever reach the courts of Norway. 

                Adcudo’s consultant and expert witness to the case stated “QLUE made it possible to uncover the transaction pattern that made the case, and to create a visual presentation for the court which was vital in relaying this essential information.”

                Data analysis is a powerful tool for uncovering hidden relationships and patterns in large amounts of data and is an essential component of cryptocurrency transaction investigation.

                The importance of learning to explore and investigate blockchain transactions cannot be overstated in the current digital landscape. Investigators need specialized tools and techniques to combat crypto crime and uncover hidden relationships and patterns in the flow of funds.

                Learn the most fundamental crypto tracing techniques, and start investigating crypto with confidence, with our on-demand Cryptocurrency Investigator TrainingTM (CCI).

                Written By: Omar Marzouk
                Writer, Content marketing


                • Solutions
                • Training
                • Resources
                • Support