Cryptos, and NFTs, and OSINT, oh my!

Blockchain is a system for digitally recording information in a distributed, decentralized way that makes it difficult (if not impossible) to change, hack, or cheat the system. Its goal is to allow information to be publicly documented and distributed, but not edited.


Cryptocurrencies are one of the primary manifestations of blockchain technology where any and all financial transactions that take place between two parties -- using Bitcoin, Ethereum, or the thousands of other cryptocurrencies out there -- are recorded on the blockchain and are accessible and viewable by anyone at any time using blockchain "explorer" websites.


In this sense, the blockchain can be an extremely important source of information for Open Source Intelligence (OSINT) practitioners. But there’s a catch…


Want to see the current balance and activity of a specific account (i.e. “wallet”)?

Easy! Just copy and paste the wallet address into a site like Blockchain.com to see all relevant information about this wallet, including the dates and amounts of all previous transactions and information about other wallets that have interacted with the target address.


Want to know who owns the wallet? Not so easy. Because the blockchain enables users to conduct transactions behind a veil of anonymity using a faceless wallet number as their only connection to the virtual exchange of funds, there’s usually no simple way for investigators to find a direct link between a particular wallet address and the true identity of its owner. This helps explain why cryptocurrency has become the financial medium of choice for criminals and terrorists worldwide.


To find the link between wallet and owner, OSINT practitioners must usually rely on the human factor or, perhaps more accurately, on human folly to bridge information gaps in their investigations. When a person of interest in an investigation intentionally or inadvertently ties their wallet address to their name, email address, phone number, or other identifiable information on any public online platform, investigators will take note and document the connection so they can put a face to the account, as it were.


When the need for privacy clashes with the desire to make money, many people will opt for the latter at the expense of the former, and this is when digital clues are left behind.

The NFT Loophole


An NFT or "Non-Fungible Token" is a digital item or asset, such as an image, audio or video clip, or piece of code or software that is created and exists on the Ethereum blockchain. NFTs are created (or minted), bought, and sold on dedicated marketplaces, such as OpenSea.io, Rarible.com, and others. And, much like on regular online marketplaces like eBay, Facebook Marketplace, etc., an NFT marketplace user must create an account with some information about their brand/product for marketing purposes and must connect that account to their crypto wallet address to conduct any sort of transaction on the network. Can you see where this is going?


In OSINT, any piece of new information that can shed light on an otherwise hidden entity is good news. Because NFTs are designed first and foremost to sell products, they require more visibility and more social media interaction on the part of the marketplace account owner for networking and advertising, therefore leaving behind a larger digital footprint and more potential leads for investigators.


Here's where things get interesting... NFT marketplaces will allow you to find a user account by wallet number, which means you can gain much more visibility into the activity of the wallet owner, not only in terms of which transactions were carried out on the blockchain and the sums involved, but also in terms of the wallet owner's other accounts on other marketplaces, as well as their social media presence, activity, and, perhaps, even their true identity.


To search by a wallet number on Opensea, use the URL https://opensea.io/WALLET#, substituting the target wallet number for the highlighted segment. To do the same thing on Rarible, modify and use the following URL https://rarible.com/user/WALLET#.

In this example, we can see that besides linking to the same wallet, the two marketplace accounts have more in common, including shared images, a shared item appearing in both accounts, and more. In addition, the Opensea account features links to Twitter and Instagram pages belonging to the wallet owner, which may lead us down the path to additional exploration of the owner's identity. Pretty cool, right?


But wait, there's more!


ENS: The Plot Thickens

Looking more closely at the target account page on Opensea, we also notice that there’s something resembling a domain name ending in ".eth" next to the wallet address. This is known as an ENS or "Ethereum Name Service" domain which has similar goals to Internet domain names (DNS), namely, to map human-readable names to machine-readable identifiers such as IP addresses or, in this case, Ethereum wallet addresses to make them easier to memorize and use than long strings of random letters and numbers.


ENS names can be purchased by anyone with an Ethereum wallet and can also be linked to any wallet address, essentially replacing that address in all transactions, and can even be traded as tokens in the marketplace just like any other NFT.


From an OSINT perspective, this can be really useful as this added layer of association between wallets and ENS domains could give investigators one more lead to follow.


To check who purchased and owns any ENS domain, go to the Ethereum Name Service web app and either type in the desired ENS domain to see which wallets are associated with it, or copy and paste a wallet address in the search bar to see if it returns any domains.


In this case, searching by wallet number returns two ENS results, which also appear on Opensea, Rarible and Instagram.


In summary, remember that a person with something to provide or sell online will want to advertise their products or services somewhere where they can be seen and heard by potential buyers. When the need for privacy clashes with the desire to make money, many people will opt for the latter at the expense of the former, and this is when digital clues are left behind.


OSINT is like searching for the pieces of a puzzle scattered across a vast, unkempt garden. This article is an attempt to help you turn the stones you might have otherwise left untouched. Good hunting!

130 views