How to trace a Bitcoin wallet transaction. Bitcoin transaction visualization
Bitcoin Wallets Information
All transactions on the blockchain network (Bitcoin network) are public. That is, for the wallet you are interested in, even if it is someone else's wallet, you can find out at any time:
- current balance
- total number of transactions, including transactions of received and sent money
- total income and expense for all time
- addresses of wallets that sent money or to which money was sent from this wallet
All this information is available on the official blockchain.com website, which supports site searches. The address of the Bitcoin wallet is a long string, which consists of letters and numbers, for example: 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr
In addition to the search, you can refer to the site at direct addresses:
If you need raw information, for example, for processing in your program, then you can use an address of the form:
For example, for wallet 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr: https://www.blockchain.com/btc/address/1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr
Scrolling a little lower you can see information about transactions, green indicates the receipt of funds, and red indicates the expenditure:
If you click on the address of any wallet, you can see the same information for it.
Each transaction has a unique identifier. If you click on it, you can see more detailed information:
There you will see additional information: time, cost of translation, etc.
When you click on the link ‘View the tree diagram’ you can traceroute money:
Information for the wallet 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr you can see in raw format at the corresponding link https://blockchain.info/rawaddr/1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr
As you can see, the websites blockchain.com and blockchain.info provide us with enough information about the transactions made. But there are special programs for tracking the way of Bitcoins.
How to build a Bitcoin money flow chart
Since all data are open, it is enough to analyze them. That is, for the wallet of interest, see what other wallets it has transactions with, and then see the transactions for each of the found wallets and so on. Thus, a path of any length can be traced.
The problem is that there is a lot of data, and without any means of assistance it is easy to get confused. One option is to visualize Bitcoin transactions. For it, you can use, for example, the Orbit tool.
How to install orbit
The Orbit program installs the same way on any Linux. If you have not already installed the git package, then start by installing it, then simply run the commands:
git clone https://github.com/s0md3v/Orbit cd Orbit/ python3 ./orbit.py -h
If help appears, then everything is all right.
How to use Orbit
Orbit is designed to explore network of a blockchain wallet by recursively crawling through transaction history. The data is rendered as a graph to reveal major sources, sinks and suspicious connections.
The graphs used to visualize the data do not completely solve the problem of excess data. But with the help of them, you can sometimes reveal some extra information.
I will show an example of analyzing my wallet about which I know something. More precisely, I only know about outgoing transactions. Will I be able to say at least something additional in this situation, find at least some other information? Let's check.
How to run Orbit to track bitcoins
My wallet address is 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr, it is used for donations to the sites Miloserdov.org, HackWare.ru, Kali.Tools, SuIP.biz. By the way, if you like any of these sites you can also support them.
The wallet for analysis must be specified after the -s option. All other options are not necessary. But we will do the first launch with the -d option, which adjusts the crawling depth. By default, the crawling depth is 3. Set the level to 1 to see only the wallets from which or to which transactions were made with respect to this wallet:
python3 ./orbit.py -s 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr -d 1
At the first start, the program will output:
[-] Quark is necessary to view graphs generated by Orbit. [~] Downloading Quark [2.37 MB]
These lines mean that the optional Quark program is installed right now, which is necessary for generating graphs.
When all requests are completed, the results will be saved to a file and this file will be opened in a web browser. When analyzing one level, we get such a sun, each ray of which shows the address of the wallet from/to which the transaction was sent.
We continue and now do the analysis at two levels:
python3 ./orbit.py -s 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr -d 2
At the very beginning we get the following scheme:
Let's do a little analysis. Let's start by searching for the wallet of interest, enter 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr and click the Find button. The desired element will be highlighted in yellow, I will pull it out of the general group so that I always know where it is:
Now click the Make Clusters button to form clusters based on the community detection algorithm. After that, use Color Clusters to assign different colors to the clusters. Finally, click Spacial to fix overlapping nodes & edges.
It has become noticeably better.
I will continue the analysis. To demonstrate interesting findings, I will remove some “bushes”. You can delete nodes one at a time. To do this, click the Delete button in the menu. You can also select several using the Lasso tool at once:
Look at the highlighted green triangle:
I cash out all received bitcoins in currency exchanger (I do not need bitcoins, I need to pay bills). That is, this ‘curly’ node, which I designated with the letter B, is a currency exchanger. I designated my wallet with the letter A. Therefore, we can conclude: the donor (by the way, thank him for his support, and in general, thanks to everyone who supports, especially financially!), And so, the donor bought bitcoins in this exchanger (they came to the site C), and then sent it to another wallet (D) and then sent part of the amount to me.
Based on the chart, you might think that we used one exchange at the same time - but this is not necessarily the case, since the chart shows all the transactions that have ever been made by my wallet. Another option – transaction AB is also a donation that was made by someone directly through the exchanger.
I redistributed the nodes a bit, look at point B – it is connected with the same nodes as my wallet (A), that is, with D, E, F, G. A donation came from user B, that is, he bought it somewhere on the exchanger Bitcoins, and sent part of the amount to me, and I returned these bitcoins back to exchangers.
The same can be said about point C, this user buys and sells on exchangers and once sent part of the amount to me. Alternatively, these wallets received funds from another source (not exchangers), but cashed them through them, and also sent me a few bucks.
By default, the search depth is three, that is, if you run without the -d option:
python3 ./orbit.py -s 1CeePVnmoGD3xpDtnFtshLHqA2jNrCNeEr
then you can get something like this:
By default, Orbit processes only the last 50 transactions from each wallet. You can change this value with the -l option. You can both reduce and increase the number of covered transactions.
Wallets that have made just a couple of interactions with our target may not be important, Orbit can be told to crawl top N wallets at each level by using the -t option.
If you want to view the data collected by the graph viewer of your choice, you can use the -o option. After it, you need to specify one of the supported formats:
- graphml (supported by most graph viewers)
- json (for raw processing)
The Orbit tool is not intended to deanonymize Bitcoin users, but it can help gather interesting information. For example, as it turned out, the world is rather cramped, and together with others I use approximately the same exchangers.
Under close scrutiny are bitcoins with an interesting “fate” or origin. For example, the public is watching the very first bitcoins that the author of Bitcoin mined. There are many of these bitcoins, and an attempt to cash out may well reveal the mystery of who invented Bitcoin. The public also watches the bitcoins that the FBI seized from Silk Road and various criminal bitcoins.
This is possible due to the fact that anonymity and decentralization are in conflict. As a countermeasure to this analysis, you can create unique wallet addresses for each transaction, for example, wikileaks generates a unique wallet address for each donor. But if then they merge (at any stage) into one wallet, then this measure loses its meaning.
We can assume other problems related to the transparency of the blockchain: if someone (for example, to me in a donation to the site) was transferred to criminal bitcoins. And without a second thought, I exchanged them for cash through the exchanger, where I specified my bank card number. It will turn out that law enforcement authorities may have questions for me…
Last Updated on
- How to extract all web site passwords stored in web bowser (60%)
- How to find all passwords (web browsers, email programs, etc.) in Windows and Linux (60%)
- Indicators of Man-in-the-middle attacks (60%)
- How to find out to which Wi-Fi networks a computer were connected to and stored Wi-Fi passwords (60%)
- How to see and change timestamps in Linux. How to perform timestamps-based searching (60%)
- Danger-zone tutorial (tool to visualize relationships between domains, IPs and email addresses) (RANDOM - 40%)