What happens under the hood of a cryptocurrency investigation? How do we locate your money on the so-called “untraceable” blockchain? How do we identify the bad actors behind the scams that have potentially caused you, and your family, grief?

Contrary to popular belief, the blockchain is not the dark, untraceable platform it is sometimes reputed to be. The blockchain is open source and completely transparent. Addresses and transactions are recorded on a public ledger for all the world to see. Yes, it is a confusing place, with more information added every minute. But with the right information and the right knowledge, crypto investigators can successfully ‘follow the money’ to potentially resolve your case.


When you fill out our Crypto Crime Report, it will ask you to provide a comprehensive amount of data, including;

  • Your wallet address (this gives us a starting point for the investigation), 
  • The address or addresses your funds were sent to (this helps us identify the actors behind the scam and connect cases together),
  • The transaction hashes (TX IDs) for every transaction involving  the scam (these are the blocks that let us build the cryptocurrency investigation),
  • The dates and times of the transactions, and
  • The amounts of those transactions, both in your native currency and in whatever cryptocurrency you were using (this helps us identify what crypto belongs to you).

This data is crucial to our cryptocurrency investigation. The blockchain, of whatever cryptocurrency you use, is a massive place. On the Bitcoin network there are over 44 million registered addresses and upwards of 484,000 transactions per day. On the Ethereum network there are over 238 million registered addresses, and over 94 thousand transactions a day. 

You can see how addresses and transactions can be easily lost. If we are to make a thorough and accurate investigation, then we need the data you provide to be complete and accurate. If so, then the chances of success increase. 

Let me reassure you that none of the crypto data you submit in the report is private or sensitive information. You will never be asked for your private keys, or your secret recovery phrase. The crypto information you provide in the crime report is available to everyone on the blockchain. We ask for you to specify it so we don’t waste time sifting through irrelevant information. 

Once you submit your report our investigators are notified. Then the cryptocurrency investigation will begin.

What Are We Looking For?

In our initial investigation, what we call a ‘triage,’ we are searching for a few different things. Notably;

  • Where your funds have gone,
  • All the crypto addresses involved in the scam (this can help us identify other victims of the same scam),
  • Any VASPs (Virtual Asset Service Providers) the funds have been deposited into, (certain exchanges can often be subpoenaed by law enforcement to produce KYC information, if we can provide adequate proof of a crime).

Using our specialized tools, we will create a visual picture of the flow of funds that we can use to show where your money has gone.



Tracing cryptocurrencies from address to address is theoretically simple. In some cases, it is as simple as tracking one chunk of cryptocurrency from address to address in a straight line.

Investigation Example

This image is an example of what the flow of funds from a scam can look like.

Initially the funds are stolen from the victim’s wallet (grey circle). Often the funds aren’t sent to the same location, which is why I’ve illustrated the funds being split between two scam addresses (red circles). Then the funds are sent to a single address to consolidate (blue circle), before being transferred to a VASP (purple circle) where they are exchanged for fiat currency.

This is a simple example of a cryptocurrency investigation, and just with this information we can do a lot. But in other cases there are factors that make life much harder. Such as:


  • If the funds have been split many different ways and sent to many different addresses,
  • If the inputs and outputs are so arranged as to make tracing the exact money impossible, or
  • If the money has been sent to a mixer or laundering service.


This is not as bleak as it appears. Often, our goal is not to trace the stolen crypto to its final resting place but to tell the story of what happened. The chances of recovering stolen crypto are very low, so the best thing we can do is to try and identify who was behind your scam and potentially bring them to justice.

The blockchain is pseudo anonymous, so how can we identify the people behind the addresses? This is where OSINT comes in. 

OSINT is short for Open-Source Intelligence. This is how we take the information you provide  – phone numbers, emails, websites – and use it to compile a picture of the people involved. It can even locate other victims of the same scam. 


What Then?

When the triage is complete and the OSINT is done, we review the data and see if the case is viable to take on. Whether it is viable or not, one of the team will contact you by phone or email to discuss the details. How you want to proceed from there is up to you. If you want to present the case to law enforcement, or simply cut your losses.  

Unlike recovery scammers, we are realistic about the chances of recovering your money. In some cases, this is just not possible. But with our crypto information and OSINT, we can potentially stop those scammers causing harm to anyone else. 


Further Reading:

For further information on cryptocurreny scams: https://rexxfield.com/what-are-my-chances-of-recovery-from-a-crypto-scam/
If you want to file a cryptocurrency crime report, please do so here: https://rexxfield.com/cryptocurrency-crime-report/