Beyond the Hash: Investigating the People Behind Web3 Wallets.

Real-Time Wallet Tracking Fights Crypto Fraud. New investigation tools combat cryptocurrency scams through cross-chain wallet monitoring, demonstrated by recent analysis of a 500,000 USDT theft case.

Investigating Web3 Wallets and OSINT/BLOCKINT People Research

On May 29, 2021, a user reported to imToken that his assets valued at over 500,000 USDT had been stolen from his wallet. The incident occurred after he conducted a search for "imToken" on Baidu (Chinese social media platform equivalent to Google), where he inadvertently clicked on a link to a fraudulent website that appeared on the first page of the results.

After clicking on the fraudulent link, he was asked to download a counterfeit wallet application, which resulted in the unfortunate loss of his assets. Following a thorough investigation of the incident, imToken discovered that the scammers had perfected SEO search terms and bought ad space on the same on Baidu to help them rank on the top, which they used to mislead people by directing them to fraudulent counterfeit apps and then scam them.

So when the users searched for terms like imToken, Mathwallet, TokenPocket, or MetaMask, the top three search results consistently directed them to the scam websites, from which fake wallet apps could be downloaded.

To investigate how the scammers were able to take advantage of people and how they operate, the investigators looked at their wallets and their blockchain activity, which included their Web3 activity. This helped them unravel their mystery and narrow down on their scamming activities. Here we explore how to track blockchain transactions and identify wallets of interest using tools such as OnChain Industries.

OnChain Industries | Web3 Investigation Tools
Add web3 to your OSINT investigations with onchain.industries interface and API

What are public keys and private keys in crypto?

A crypto wallet is essentially a software application that allows a user to monitor, send, and receive crypto and digital assets like NFTs via the blockchain and Web3, similar to how a traditional bank account operates.

Crypto basics - What is a crypto wallet?
Crypto wallets store your private keys and keep your crypto safe and accessible for spending, sending, or saving.

Each wallet is equipped with its own public key and private key, which we will discuss in further detail later.

A commonly said phrase is "Not your keys, not your coins." This phrase simply means if you store your cryptocurrencies on centralized exchanges, such as Coinbase, Binance, or Kraken, you do not truly own those assets, as you lack access to them fully.

While you may log in to these platforms to manage your holdings, the reality is that your account can be deleted in an instant, or the exchange itself could fall victim to a security breach which may lead to your assets being lost. In such cases, your assets disappear without a trace. e.g. Mt Gox hack.

What Was Mt. Gox? Definition, History, Collapse, and Future
Mt. Gox was a Tokyo-based cryptocurrency exchange that operated between 2010 and 2014.

Possessing your keys is vital for true ownership of your assets. But what exactly are these keys?

Your public key in crypto functions as your account identifier within the cryptocurrency network. It can be likened to an email address of sorts, as it is the destination to which others send cryptocurrency when they wish to transfer funds to you. Each coin in the blockchain has a specific format for its public keys, but it is usually a mix of characters and figures.

On the other hand, your private key is like your master password, typically derived from a 12 or 24 word seed phrase. This acts as your "main" password for your assets, enabling you to sign transactions and verify ownership of your public key. Understanding the difference between the two is crucial for anyone looking to investigate what happens in the blockchain or Web3 space.

What is Cryptography? - Cryptography Explained - AWS
What is Cryptography how and why businesses use Cryptography, and how to use Cryptography with AWS.

A wallet of any type is now basically an entity that has both your public key and a private key, which are associated with an address, the thing which can be involved in transactions on that chain. The public key is not sensitive, and is used whenever someone else sends assets to your address, but both the public key and the private key are used whenever your address makes an outgoing transaction. This makes it easier for tools such as OnChain Industries to help you track your assets on the blockchain.

The private key plays a crucial role in signing transactions, a necessary step for them to be recorded on the blockchain and executed fully. An unsigned transaction is merely a collection of data that includes the sender's address, the receiver's address, and the amount being transferred.

However, it cannot be processed until it is signed. Signing a transaction involves a cryptographic process where the private key provides proof that the transaction's creator possesses the private key linked to the sending address's public key.

It's important to note that while no one can deduce your private key from a signed transaction, anyone can confirm that the private key used for signing corresponds to the public key of the sender. This process may seem magical, but it is fundamentally based on cryptography on which the blockchain operates on.

Wallet Tracking 

Wallet tracking involves analyzing the movements of significant assets on the blockchain and Web3 platforms like OpenSea, Ethereum, Solana and Decentraland. Wallet tracking allows researchers and investigators to gather insights on what happens on the blockchain and at what time. This is a crucial part of knowing a person/people behind a Web3 wallet or activity.

Crypto wallet trackers simplify the process of monitoring specific wallets by sending alerts whenever a transaction takes place. A tool like OnChain Industries allow users to search user activity with the real-time activities of chosen wallets on more than 70 modules. By connecting to their third-party API, investigators and researchers access a range of on-chain data feeds to gather transaction information that can help them in their investigation. This data is usually organized and presented in a user-friendly format for easier understanding.

Wallet trackers such as OnChain Industries usually comes equipped with customizable features such as easy API access, which can be used to create push notifications that notify investigators when a tracked wallet makes a transaction.

Such tools can provide essential information—like the transaction type and amount—via instant alerts on apps such as Telegram or WhatsApp.

Investigating Crypto Scams

Scam projects usually try to entice user attention by asking them to invest or interact with their project for a handsome return. This involves them sending their assets to predetermined wallets, after which the scammer disappears with the assets.

It is therefore important to DYOR whenever you decided to invest in a crypto or Web3 project. Investigate how the smart wallet obtained the token—was it purchased, claimed, or received from another user? Claim transactions are typically marked on EVM network explorers. You can identify a claim transaction by checking if a fee (claim fee) was paid during the process. A legitimate 'claim wallet' will usually have several similar transactions.

If the investor did not acquire the asset through a decentralized exchange (DEX) or centralized exchange (CEX) and it wasn't transferred from a peer (fellow user), it likely indicates a scam token leveraging the wallet owner's reputation.

You can use OnChain Industries tool to trace the originating wallet for the transaction and review its other activities and presence on other platforms. Additionally, you can check the wallet’s results obtained after searching for it on OnChain Industries for further details about their other presence on other platform. This helps you ensure you have verified the information provided regarding the project.

How to use OnChain Industries to track wallets

OnChain Industries provides access and insights into the Web3 landscape, enabling users to search for a wallet address and instantly obtain a detailed list of accounts linked to that address across various crypto platforms, all in real-time.

To use OnChain Industries, you first need to register an account. After registering, you can use the "New Search" function to get you started. You can input a wallet, username or email in the search field to get you started.

A page showing a place where to search for wallet, username or emails
A dashboard page showing where to conduct a search

After inputting your parameters, the tool would then proceed to do a deep search and collect all the available data.

A screen showing the tool running in the background
The tool is conducting a search on a sample wallet

Once done, the tool would now give you all the information that you need to proceed with your investigations.

A results page from OnChain Industries
A result that was obtained by OnChain Industries

You can easily find the wallets of major holders in the Web3 ecosystem by utilizing the tool to find the specific network where the asset is hosted.

OnChain Industries offer 77 modules, which means you are assured of an extensive coverage and enables you to conduct intensive investigations. They are actively adding more modules and that means, the number of modules available would expand.

To use the tool to say discover the top holders of a smart contract token, begin by locating the asset's smart contract address. This information is usually available on sites like CoinGecko, the official project website, or its social media pages. After obtaining the address, search it on the tool and then use the results to guide you in your investigations.

What are Smart Contracts & How Do They Work? | Kaspersky
Want to know about the future of global transactions & trades? Click to find out about smart contracts, the blockchain-based system of digital authentication.

Final conclusion

When investing in Web3, it is important to DYOR (Do Your Own Research). Tracking wallets can be a valuable part of your on-chain data analysis and investigation. This helps you make informed investment decisions if you want to invest in a Web3 project.

However, sometimes tracking a wallet can be a challenge. Especially when trying to leverage the data for larger-scale decisions. It is important to understand not only what assets the wallet holds but also the duration of their holdings and their motivations behind them. This can be easily achieved via a plethora of tools.

An investor can hold onto an asset for reasons other than profit, which means you can miss out on gains while waiting for signals from their wallet. Additionally, be careful of scam project that can manipulate wallet tracking to generate interest in sending large amounts of tokens to well-known wallets.