A Proposed High-Level Methodology on How OSINT is applied in Blockchain Investigations


  • Wian Gertenbach Council for Scientific and Industrial Research, Pretoria, South Africa
  • Johnny Botha Council for Scientific and Industrial Research, Pretoria, South Africa
  • Louise Leenen University of Western Cape and CAIR, Cape town, South Africa




Blockchain, OSINT, Cryptocurrency, Blockchain-investigation, Cybercrime


The characteristics of blockchain established a desirable platform for entities to innovate and operate in a secure, transparent, and decentralised manner. However, cybercriminals have increasingly found refuge in the decentralised environment of blockchain technology. Cryptocurrencies are increasingly misused in malicious activities that encompass the trade of illicit goods, money laundering, various types of scams and ransomware attacks. The total cryptocurrency value received by illicit addresses reached an all-time high of $20.6 billion in 2022 according to Chainalysis. The inherent privacy and anonymity features of many blockchain networks make it challenging for law enforcement and regulatory agencies to track and apprehend wrongdoers. Consequently, a pressing need arises not only to initiate investigations on the blockchain to identify unlawful activities, but also to discover connections between these activities and the identities of the responsible individuals. Due to blockchain data being publicly available, the application of Open-Source Intelligence (OSINT) techniques is proposed to facilitate these types of investigations. In the context of blockchain, OSINT, together with investigation tools hold the promise of unearthing valuable information that could aid in attributing malicious activities to the individuals responsible for those actions. By analysing and synthesizing data from publicly accessible sources, such as data from blockchain explorers and link analysis tools such Chainalysis, Maltego or Spiderfoot, investigators could potentially unveil valuable clues that assist in building a comprehensive picture of blockchain-related criminal activities. Ultimately, with sufficient information and actionable intelligence collected, the main goal is to link it to Know Your Customer (KYC) data, that could be obtained from cryptocurrency exchanges via a subpoena from law enforcement agencies. This paper delves into the mechanisms of various OSINT tools and techniques, to determine their adaptability to the specific demands of blockchain investigations. This study provides a methodology and recommendations with insights into how these tools can be wielded to bridge the gap between blockchain's pseudonymity and real-world identities.