Desktop-type wallets, like Electrum, create specific files which are needed to work correctly and store user information. In these files we can find information such as addresses included in the wallet, transactions carried out, information about the wallet type, etc. Obviously, given that this is very delicate information, these files are usually encrypted and cannot be consulted without knowing the correct password. It may happen that we have to access a wallet for which we do not know the password, for example because we have forgotten it, or because we are trying to access the wallet of a “bad guy”…
OsintOps
As you will recall, at the end of part 3 of our analysis, we encountered a transaction which involved two recipient addresses: the address 1DqYiuVPjxrS3tkE8VeSorvx4ZEeR3oGkZ which received 0.20223736 bitcoin and was examined in part 4 of our analysis and the address 1AgEeJ1cNWpXxABaTysv4CM6MqARSnXFce which received 2.5 bitoins. In this part of our analysis, let’s see what happens to the 2.5 bitcoins transferred. Such a precise amount was certainly intentionally transferred, it is not a random change. However, in most of the transactions examined so far, we have seen much smaller amounts sent to the actual recipients. Therefore, it is good practice…
Let’s continue our analysis. Remember that, in the last transaction seen in part 3, the address 1DqYiuVPjxrS3tkE8VeSorvx4ZEeR3oGkZ received 0.20223736 bitcoins and the address 1AgEeJ1cNWpXxABaTysv4CM6MqARSnXFce received 2.5. Since the behavior does not conform to that seen in the other cases, let’s try to focus on both addresses. To start, let’s continue to follow the changes Let’s start analyzing the activity of the address 1DqYiuVPjxrS3tkE8VeSorvx4ZEeR3oGkZ. We have already determined that this address received the change of the transaction. By following his activity you can see that the first and only outgoing transaction made involves an outgoing amount greater than the one received.…
Once we get to the starting transaction as explained in part 1 and part 2 of this analysis, let’s see what happened from there on. At the beginning you can see that the transactions continue with the same pattern: one address receives a lower bitcoin amount and with fewer decimal places and another receives the so-called remainder of the transaction, a higher amount and with more decimal places. With the same rules used up to now, we can state that the address 1NZ4MSeYcDKFiPRt8h7VK6XMhShwzhCzCp is the one that actually receives the bitcoins, while the address 1AK79g9gpvZ8jn2C9MsWQpijMFA5JaTdqP is the one that receives…
If you have no doubts about the first, let’s try to find an answer to the second question posed by our hypothetical decision maker: what happens to these bitcoins? As you have seen, all outgoing transactions, marked with the red arrow, usually had two addresses as recipients: an actual destination address and a change address held by the person who made the transaction. Understanding who a transaction is intended for Determining what the actual destination address is and what is the rest is not as immediate as you might imagine since it is necessary to analyze case by case, carry…
The article “Tracking Illicit Transactions With Blockchain: A Guide, Featuring Mueller” from Brenna Smith, published on Bellingcat’s website, describes a technique used to identify a Bitcoin transaction. The transaction is cited in a document from the Grand Court of the District of Columbia. Its exact amount is known (0.026043 equivalent to $ 9.74) and the date it was made (February 1, 2016). The transaction, according to the document, was carried out by a group of Russian secret agents adn was intended to manipulate the work of the US Democratic National Committee and Hillary Clinton’s presidential campaign. Brenna managed to find…