I often get asked about forensics and transaction tracking. The answer is that I prefer the clustering method and I will now show you how it works.
1 - Let’s take the wallet from this article - it belongs to SilkRoad.
Previous projects tried to de-anonymize the bitcoin by using P2P network traffic and find out an IP address of each bitcoin address owner. However, this method could only obtain the small number of reliable mappings between a bitcoin address and its owner’s IP address.
To improve this, AML companies added a BTC/ETH(ERC20) address clustering process which shows better results and shows unobvious crossings.
2 - Then I do an analysis of clusters through amlbot.com - quite an easy tool to work in.
Investigation revealed 26 connections to 25 clusters, where are 15 direct connections, and 11 indirect.
See full map:
The Investigation shows the names of the clusters, their risks and the number of intermediate addresses (distance to these clusters).
3 - My report proves that wallet owner received bictoins from SilkRoad and probably received money from top exchanges, once lost his bitcoins during the scandalous closure of BTC-E.
Report Proof: ID:24116220210717234420:E1DE144F5E58DFB
Report Generation Block Height: 691470
4 - Then it can be performed and proved In manual way:
Also suggest reading this article about Ethereum forensics Bookmark In previous tweet example I used BTC address, but same method (and amlbot.com) works fine with ERC20 too:
Please advise your fav tools and tactics too!