How to Investigate Any Crypto Wallet
Crypto-wallet investigation is the financial-crime side of OSINT — useful for journalists tracking ransomware payouts, fraud teams investigating chargebacks, and individuals trying to recover stolen funds. The blockchain is fully public, but tooling matters: raw blockchain explorers show transactions, while clustering tools reveal which addresses likely belong to the same entity.
Step-by-step
- 1
Identify the chain and address format
Bitcoin addresses start with 1, 3, or bc1. Ethereum starts with 0x and is 42 chars. Tron starts with T. Solana is 32-44 chars base58. Wrong-chain analysis is the #1 mistake.
Tools:Visual inspection, Skopio Wallet - 2
Pull transaction history from the canonical explorer
Bitcoin → blockchain.com or mempool.space. Ethereum → etherscan.io. Tron → tronscan.org. Solana → solscan.io. Read the entire history, especially the first incoming transaction (often reveals the funding source).
Tools:Etherscan, Blockchain.com Explorer - 3
Run the address through cluster analysis
Multiple addresses controlled by the same entity often co-spend in the same transaction. Tools like OXT (Bitcoin) or Arkham Intelligence cluster addresses likely owned by the same operator. Skopio aggregates clustering APIs.
Tools:OXT, Arkham, Skopio Wallet - 4
Check sanctions screening
OFAC, EU, UK sanctions lists include specific blockchain addresses tied to North Korean hackers, Russian oligarchs, sanctioned exchanges. Chainalysis has a free public-API for this. Skopio integrates sanctions checks automatically.
Tools:Chainalysis Sanctions API, Skopio Wallet - 5
Map flows in/out of exchanges
Exchange deposit-addresses are well-known (clustered by analysts). If your target wallet sent funds to a Binance/Coinbase deposit, that's where you'd file a subpoena to identify the owner. Skopio surfaces known exchange deposit addresses.
Tools:Arkham Intelligence, Skopio Wallet
- •Address clustering is probabilistic, not certain. A 90%-confidence cluster is still 10% wrong — don't act on cluster info alone.
- •Sanctioned-address lists update frequently. A wallet clean today may be sanctioned tomorrow. Re-screen periodically for ongoing relationships.
- •Subpoenaing exchanges to de-anonymize wallets is a legal process — investigators need standing and a valid investigation. Skopio surfaces leads, not evidence.
Skopio chạy tất cả những điều này chỉ trong một truy vấn
Tra cứu đầu tiên mỗi ngày miễn phí. Không cần thẻ.
Learn more
Frequently asked
Is the blockchain really fully public?+
Yes for Bitcoin, Ethereum, most major chains. Privacy coins (Monero, Zcash with shielded txs) are exceptions. For mainstream chains, every transaction is permanently visible.
Can I de-anonymize a wallet without a subpoena?+
Sometimes — if the wallet ever interacted with a regulated exchange that did KYC, you'd need a subpoena to that exchange. But sometimes wallets are linked to social handles publicly (NFT projects, ENS names).
What's address clustering?+
Algorithmic grouping of addresses likely controlled by the same entity, based on transaction patterns. See our glossary entry on this for detail.
Are sanctions checks free?+
Chainalysis offers a free public sanctions API. Skopio integrates it. Commercial-tier sanctions screening (with all global lists) is paid.
Can Skopio investigate a wallet end-to-end?+
Yes — the wallet category combines transaction history + clustering + sanctions check + exchange-flow tracing in one query.
Sẵn sàng điều tra?
Tra cứu đầu tiên mỗi ngày miễn phí. Không cần thẻ. Không cam kết.