Blockchain is a system for digitally recording information in a distributed, decentralized way that makes it difficult (if not impossible) to change, hack, or cheat the system. Its goal is to allow information to be publicly documented and distributed, but not edited.
Cryptocurrencies are one of the primary manifestations of blockchain technology where any and all financial transactions that take place between two parties -- using Bitcoin, Ethereum, or the thousands of other cryptocurrencies out there -- are recorded on the blockchain and are accessible and viewable by anyone at any time using blockchain "explorer" websites.
In this sense, the blockchain can be an extremely important source of information for Open Source Intelligence (OSINT) practitioners. But there’s a catch…
Want to see the current balance and activity of a specific account (i.e. “wallet”)?
Easy! Just copy and paste the wallet address into a site like Blockchain.com to see all relevant information about this wallet, including the dates and amounts of all previous transactions and information about other wallets that have interacted with the target address.
Want to know who owns the wallet? Not so easy. Because the blockchain enables users to conduct transactions behind a veil of anonymity using a faceless wallet number as their only connection to the virtual exchange of funds, there’s usually no simple way for investigators to find a direct link between a particular wallet address and the true identity of its owner. This helps explain why cryptocurrency has become the financial medium of choice for criminals and terrorists worldwide.
To find the link between wallet and owner, OSINT practitioners must usually rely on the human factor or, perhaps more accurately, on human folly to bridge information gaps in their investigations. When a person of interest in an investigation intentionally or inadvertently ties their wallet address to their name, email address, phone number, or other identifiable information on any public online platform, investigators will take note and document the connection so they can put a face to the account, as it were.
When the need for privacy clashes with the desire to make money, many people will opt for the latter at the expense of the former, and this is when digital clues are left behind.
The NFT Loophole
An NFT or "Non-Fungible Token" is a digital item or asset, such as an image, audio or video clip, or piece of code or software that is created and exists on the Ethereum blockchain. NFTs are created (or minted), bought, and sold on dedicated marketplaces, such as OpenSea.io, Rarible.com, and others. And, much like on regular online marketplaces like eBay, Facebook Marketplace, etc., an NFT marketplace user must create an account with some information about their brand/product for marketing purposes and must connect that account to their crypto wallet address to conduct any sort of transaction on the network. Can you see where this is going?
In OSINT, any piece of new information that can shed light on an otherwise hidden entity is good news. Because NFTs are designed first and foremost to sell products, they require more visibility and more social media interaction on the part of the marketplace account owner for networking and advertising, therefore leaving behind a larger digital footprint and more potential leads for investigators.
Here's where things get interesting... NFT marketplaces will allow you to find a user account by wallet number, which means you can gain much more visibility into the activity of the wallet owner, not only in terms of which transactions were carried out on the blockchain and the sums involved, but also in terms of the wallet owner's other accounts on other marketplaces, as well as their social media presence, activity, and, perhaps, even their true identity.
To search by a wallet number on Opensea, use the URL https://opensea.io/WALLET#, substituting the target wallet number for the highlighted segment. To do the same thing on Rarible, modify and use the following URL https://rarible.com/user/WALLET#.