Bitcoin investigation and wallet seizure
Summary
TLDRThis video script delves into cryptocurrency wallets, contrasting custodial wallets used by exchanges like Coinbase with local wallets like Electrum. It explains how exchanges reduce fees by internal ledger accounting and how local wallets function as nodes in the network, allowing users to generate multiple addresses for transactions. The script also covers wallet security, encryption, and the process of seizing a wallet by obtaining the seed, master private key, or private keys for addresses. It concludes with a practical challenge for viewers to seize Bitcoin from hidden wallet IDs and a teaser for future videos on advanced blockchain analysis.
Takeaways
- 💼 Exchanges like Coinbase use custodial wallets, which means they hold the user's cryptocurrency and allow users to trade without making transactions on the blockchain, reducing fees.
- 🔑 Wallets can be analyzed by joining the respective blockchain network as a node, which allows for downloading and monitoring transactions.
- 📱 Local wallets, such as Electrum, are used by serious cryptocurrency users and act as nodes in the network, enabling them to send and receive funds directly on the blockchain.
- 🏠 Local wallets can generate multiple addresses, allowing users to have different addresses for different transactions and purposes.
- 🌐 Blockchain explorers like blockchain.com provide a simple interface for analyzing transactions and wallet addresses.
- 🔐 Wallets can be secured with encryption and passwords, making it more difficult to seize funds without the proper keys or seed values.
- 🔑 The seed value, master private key, and bitcoin address private key are crucial for seizing a wallet, as they allow access to make transactions and control the wallet.
- 🔍 Investigating a wallet involves looking for the wallet's configuration files, transaction history, and key stores, which may contain the seed or private keys in plain text or encrypted form.
- 🔒 Encrypted wallets require finding the encryption keys or seed values, which can be in a password manager or backed up elsewhere by the user.
- 🔄 If a wallet is open, one can export private keys directly, which allows for seizing the associated bitcoin addresses.
- 🕵️♂️ For complex investigations, especially in cases of money laundering, more advanced tools like Chainalysis may be necessary to handle the vast amount of transaction data.
Q & A
What is the primary function of a cryptocurrency wallet?
-A cryptocurrency wallet serves as a user interface to interact with the blockchain ledger system, allowing users to send, receive, and store cryptocurrencies.
What type of wallet does an exchange like Coinbase typically use?
-Exchanges like Coinbase typically use a custodial wallet, where they hold the actual cryptocurrency and manage the transactions on their own ledger system, reducing the need for on-chain transactions.
How does a custodial wallet reduce transaction fees for users?
-A custodial wallet reduces transaction fees by not requiring every buy or sell action to be recorded on the blockchain. Instead, the exchange manages the assets internally and updates user balances accordingly.
What is a non-mining node in the context of cryptocurrency wallets?
-A non-mining node is a participant in the cryptocurrency network that can see and verify transactions but does not participate in the mining process to create new blocks.
Why would someone choose a local wallet over a custodial wallet provided by an exchange?
-A local wallet provides more control and security over one's funds, as it is not managed by a third party. It allows the user to directly interact with the blockchain and is often preferred by those who are more serious about cryptocurrency.
What is a multi-signature wallet and how does it work?
-A multi-signature wallet requires multiple keys to authorize a transaction. It adds an extra layer of security by ensuring that a transaction can only be executed when a certain number of approved parties agree.
What is a seed in the context of cryptocurrency wallets?
-A seed is a group of words that can be used to regenerate a wallet's private keys. It serves as a backup mechanism to recover access to the wallet in case the original keys are lost.
Why is it important to encrypt a cryptocurrency wallet?
-Encrypting a cryptocurrency wallet adds an extra layer of security, making it difficult for unauthorized individuals to access and potentially seize the funds within the wallet.
How can a user find out if their wallet is encrypted and how to access it?
-A user can check if their wallet is encrypted by looking for an encrypted file or by attempting to open the wallet without a password. If the wallet is encrypted, a password will be required to access the wallet's contents.
What is the purpose of a blockchain explorer tool like blockchain.com?
-A blockchain explorer tool allows users to view transaction histories, track the flow of funds, and analyze the activity associated with specific cryptocurrency addresses.
How can an investigator seize a cryptocurrency wallet during an investigation?
-An investigator can seize a cryptocurrency wallet by obtaining the wallet's seed value, master private key, or the private keys associated with the wallet's addresses, which would grant them access to make transactions and potentially seize the funds.
Outlines
💼 Understanding Wallet Systems and Exchanges
This paragraph introduces the concept of cryptocurrency wallets, focusing on exchange-based custodial wallets like those found on coinbase.com. It explains how exchanges manage transactions internally to reduce blockchain fees, and how they automatically create wallets for users. The speaker also touches on the use of blockchain explorers for analyzing transactions and the importance of joining specific networks like Bitcoin or Ethereum to analyze their respective ledger systems. A distinction is made between simple transaction analysis using online tools and the need for more complex analysis for larger cases, suggesting the use of blockchain access or commercial products like Chainalysis.
🔐 Seizing Cryptocurrency Wallets and Encryption
The second paragraph delves into the process of seizing cryptocurrency wallets by obtaining a wallet's seed value, master private key, or bitcoin address private key. It discusses the creation of new seeds and the use of custom words to enhance security against brute force attacks. The speaker explains how encrypted wallet files can complicate investigations, emphasizing the importance of finding passwords or backup seeds. The paragraph also covers how to access and interpret wallet files, including the significance of the master public and private keys, and the process of exporting private keys for seizure. It concludes with a brief mention of the challenges of large-scale investigations and the tools available for such purposes.
🕵️♂️ Analyzing Transactions and Investigative Techniques
The final paragraph discusses the investigative process of analyzing cryptocurrency transactions, starting with identifying and examining the transactions associated with a suspect's wallet addresses. It explains how to use a transaction ID to trace the flow of funds and determine the origin and destination of transactions. The speaker suggests using blockchain.com for basic transaction analysis but highlights the limitations when dealing with complex cases involving money laundering. The paragraph concludes with an invitation for viewers to practice seizing bitcoins from hidden wallet IDs and a teaser for future videos on more advanced blockchain analysis techniques.
Mindmap
Keywords
💡Custodial Wallet
💡Exchange
💡Ledger System
💡Local Wallet
💡Node
💡Blockchain Explorer
💡Transaction ID
💡Seed Value
💡Master Private Key
💡Wallet Encryption
💡Hardware Device
Highlights
Introduction to two types of wallet systems: exchange wallets and local wallets.
Exchanges like Coinbase use custodial wallets, which reduce fees by not requiring transactions on the blockchain for every purchase.
Local wallets, such as Electrum, act as nodes in the network and allow users to make transactions directly on the blockchain.
Explanation of how exchanges create wallets for users automatically and record transactions within their system.
Different tools for analyzing various cryptocurrency ledger systems due to their unique network structures.
Demonstration of using blockchain explorer tools to analyze wallet addresses and transactions.
The importance of understanding different networks for effective cryptocurrency transaction analysis.
How serious cryptocurrency users tend to move to local wallets for more control and security.
Local wallets' ability to generate multiple addresses for enhanced privacy and security.
Process of creating a new wallet in Electrum, including options for security features like two-factor authentication and multi-signature wallets.
The significance of seed phrases in wallet security and the ability to regenerate private keys.
How to locate wallet files on a user's system and the information they contain, such as addresses and transaction history.
The risks of unencrypted wallet files and the importance of securing them with passwords.
Methods for seizing a wallet by obtaining the seed value, master private key, or bitcoin address private key.
How to export private keys from a wallet for forensic analysis and potential seizure of cryptocurrency.
Using transaction IDs to trace the flow of funds through blockchain explorers and identify relevant addresses.
The limitations of basic tools for large-scale investigations and the need for more advanced blockchain analysis software or services.
An invitation for viewers to practice seizing bitcoin by finding wallet IDs hidden in a challenge.
A preview of upcoming videos covering more complex technical analysis of blockchain systems.
Transcripts
we're continuing on with cryptocurrency
investigation and last time we talked
about blockchain and i specifically said
that wallets are a user interface to
interact with the ledger system so today
we're going to look at two different
types of wallet systems and the first is
an exchange which is usually a website
here i'm looking at coinbase.com but
there's lots of other types of exchanges
as well you can see if i'm trading i
have the option to buy for example
bitcoin ethereum tether usd coin and a
lot of other coins so exchanges tend to
use what's called a custodial wallet
where they actually have access to the
wallet and whenever you buy something
actually buy a share of whatever value
they're holding what that lets them do
is hold a large amount of money and then
say that you own a piece of it and keep
accounting that way that greatly reduces
fees because you don't actually have to
make transactions on the blockchain
every time you're trying to buy a
cryptocurrency you're just keeping it in
their own ledger system which they don't
charge you for or don't charge you as
much for any cryptocurrency that's
available they automatically create a
wallet for you you can see that i bought
bitcoin the amount that i bought and the
price that it was and then i also sent
bitcoin so you can see that there is
transactions recorded in the exchange
whenever you buy and you send or you
sell whatever you're doing there if i
look at the transactions i can see the
date i can see bitcoin was sent and the
address that bitcoin was sent to so i'm
specifically looking at bitcoin here you
saw that there were a lot of different
coins each coin will have its own ledger
system or might be writing on the back
of another coins ledger system so the
tools that you use to analyze each of
the letter systems will be slightly
different because they're different
networks so if i want to analyze for
example the bitcoin blockchain i need to
join as a node on the bitcoin blockchain
and then i can download all of those
transactions and monitor them as they
come in if i'm looking at something like
ethereum it's a different network so i'm
going to have to join as a node on that
network and then process transactions
from that network if we're just
analyzing some simple transactions then
i can use a couple different free tools
online so for example blockchain
explorer from blockchain.com that's an
easy one to use you just put in the
address you want to analyze here but the
block stream explorer and the bitcoin
explored the tool that they have you
just put in either the hash or the
wallet address that you want to analyze
but i'll come back to these so we were
talking about a custodial wallet which
is usually at an exchange or a website
that's holding your cryptocurrency for
you but what most people who are really
serious about cryptocurrency end up
doing is getting a local wallet either a
local wallet on their phone or on their
on their computer so i'm going to be
looking at the electrum bitcoin wallet
today you can download this and install
it on your local computer and then that
wallet becomes a node in the network
most likely a non-mining node it can see
the transactions and it can also make
new transactions on the blockchain and
then this is what it looks like i have
four different wallets open here each of
those wallets has a bitcoin address that
can send and receive funds in each
wallet so for example we go to our first
wallet you can see that i have two
transactions already made here i have
the option to send or i receive and then
i can generate an address so for example
if i click new address then i have a new
bitcoin address where i can actually
receive funds and now i can send that
address to my colleague i can request
them to send me bitcoin and then they
can send the bitcoin directly to that
address and it will end up in this
individual wallet and not these other
wallets so i can have multiple wallets
on my system each of those wallets have
different bitcoin addresses associated
with them and that's really an important
point i can generate as many bitcoin
addresses as i want for each wallet so
one wallet could have one address
another wallet could have a hundred
addresses and i can just keep generating
these addresses as much as i want to
make things a little bit more clear
let's go ahead and create a new wallet
so you can see the process so if i go to
file if i go to new and restore then i
can call the wallet new test wallet
click next and then i have a couple
different options either a standard
wallet a wallet with two-factor
authentication this uses a two-factor
authentication service the wallet can be
opened with two keys the key that we
hold and then a key that the two-factor
authentication service holds we
authenticate with the two-factor
authentication service and then they use
their key to unlock our wallet we also
have a multi-signature wallet and this
lets multiple people unlock the wallet
so for example though we have here four
different keys that are available let's
say four different people that are
coming together and out of those four
people two people need to agree to
unlock the funds in that wallet and then
we have import bitcoin address or
private keys and this is interesting
because if we import a bitcoin address
we don't actually get access to make
transactions under that bitcoin address
we can just monitor it so it's kind of
like read-only access to that address
but if we import the private key now we
have the ability to make transactions on
the blockchain getting those private
keys or getting a seed we'll see in a
second is basically how you're going to
seize wallets so we have a standard
wallet click next and then i was talking
about seeds so create new seed i already
have a seed use a master key or use a
hardware device a lot of people are
using hardware devices and their their
wallet is essentially stored off of
their computer on that hardware device
using a master key whenever you have a
wallet you have a private and public
master key if you input the public key
here you'll get read-only access to all
of the wallet if you import the private
key you'll get right access to the
ledger system so basically you'll get
full control if you know the suspect
seed value then that lets you regenerate
the private keys and then you can also
take over the wallet that way or you
have a new seed so let's go ahead and
click next and create a new seed the
seed looks like several different words
put together we also have options here
that lets us extend this seed with
custom words so these words are already
known the library or the dictionary of
words that are used are already known
and then they just make them random but
a lot of people also extend the seed
with custom words and then you can put
in any words you want so
just brute forcing this becomes a little
bit more difficult but a lot of people
don't do custom seeds so maybe brute
forcing is possible click next and then
this asks for a password if i put a
password in then i can encrypt the
wallet file i won't encrypt the wallet
file for now but we'll take a look at
that in a second now i have my new
wallet if i click information then we
can see our master public key but they
can't see my private key and that's the
important part whenever we want to seize
a wallet those are three things we
really want to look for is the seed
value the master private key or the
bitcoin address private key if we get
any of those three things that we can
get access to make transactions using
those keys so where can you find some of
these things if you're looking at a
suspect's computer and they already have
a wallet installed you can go into where
the wallets are held so for example i am
in my user directory and then a hidden
folder electrum and i do ls i'm on linux
but it also works for windows the only
thing really interesting in this
electrum folder is for example this
config file possibly recent servers and
then also wallets so we have for example
in the config information about wallets
and their locations so that could be
interesting the last wallet that was
used information about all of the
wallets in the system and their
locations so let's go into wallets and
then you can see that i have my four
wallets that were displayed and then i
also have our new test wallet so let's
go ahead and look at the investigation
test zero one so if i do cat
investigation test zero one and then i'm
going to pipe that into more first we
have the address history and this is
basically different addresses that are
inside that wallet transactions or other
information that's taken place invoices
here we have transactions and we also
have the local message this message
isn't on the blockchain that's just
locally held address that we've sent
some some balance to and then i believe
this is the balance next we have the key
store which has information about our
different hashes the seed for this
individual wallet you can see that it's
in plain text here we have the private
master key here we have the public
master key if we're able to get this
wallet file in plain text then we're
able to see the seed we're able to see
the master private key we can take over
this wallet and then potentially seize
all of the cryptocurrency that's
available there then we also have our
payment requests and this is basically
just our
transactions that have gone through that
was our investigation test01 but most
people are going to set a password and
use encryption so whenever you do
encrypt your wallets what it looks like
is cat investigation 2 encrypted so we
get something that looks like this this
is just encrypted text so most of the
time these days you're going to come
across an encrypted wallet because
keeping it in plain text is just too
dangerous just expect that the wallet
will be encrypted there's a couple
different ways to go about the
encryption we already have access to the
suspect system look for passwords look
for a password manager around the
suspect's device look for anything that
might look like a seed value people will
definitely want to back up that seed
value in case they're losing everything
if we're lucky the wallet will be
unencrypted and then we can just see the
seed value we can see the private key
and then we can just seize the entire
value of whatever's in that wallet if
the wallet is already open i can go to
for example wallet private keys and then
export private keys it will show me the
bitcoin address plus the private key
associated with those wallets then i can
just click export and then it will
export it as a csv file i want to try to
get that as quickly as possible because
those private keys will let me seize
that bitcoin address so i have my
wallet that i want to investigate but we
kind of know how the wallets work and
how you would seize wallets let's go
ahead and look at the transactions so i
have a transaction coming in and i have
this transaction id right so i'm going
to go ahead and copy that transaction id
i can see all the bitcoin addresses that
bitcoin was sent to including the
address that we're currently
investigating i can take this
transaction id go to the block stream
explorer and then just type in the
transaction id so i can use transaction
id i can use the hash i can use the
bitcoin address so i have the bitcoin
address that the money was sent from and
then i have all of the addresses that it
was sent to so on the left hand side is
where it's coming from on the right hand
side are all of the addresses that it's
sent to so if we go all the way to the
bottom number 63 is actually the address
that we're interested in is everything
else related to this address no so we
sent the money for example from coinbase
it will take all of the transactions
that were requested on coinbase from all
of the different users at that time it
will group them together and then send
them all as one transaction on the
blockchain all of these other addresses
are probably unrelated to us we're not
interested in them if we go up and we
see where the money was sent from this
is the address that it was sent from and
we have our
our address that we're looking at number
63 here if we click on it we can see
that there are two transactions this is
where we received the money that was
from coinbase so that's our coinbase
address sent to four different bitcoin
addresses each of these wallets if i
click on one of the wallets then i only
have one transaction coming in but from
this wallet we can see where the money
came from coinbase we can see where the
money went four other bitcoin addresses
that could be in either four wallets or
one wallet or two wallets or three
wallets we don't know what does that
actually look like whenever i'm looking
at the wallets the wallet with the
transactions so the first transaction
coming in and this is the money coming
in from coinbase and then we have the
wallets transactions going out we have
the four bitcoin addresses that it went
out to i can see for example that we
have one transaction to each of these
addresses so from a forensics
perspective the first thing you do is
find out what addresses are actually
associated with that suspect find all
the transactions with those addresses
and then take those transactions and
then use that in your interrogation to
find out who it's associated with if
you're doing big cases of money
laundering just using something like
blockchain.com is not going to be
powerful enough he saw that we only had
three or four transactions and it
already started to get a little bit
complicated and confusing because
there's so much information instead you
can either get access to the blockchain
yourself and then write statistics
software that will analyze whatever it
is you're trying to analyze or you can
use commercial products like chainalysis
to do these bigger investigations so in
later videos we will talk about more
complicated technical analysis of a
blockchain but from this video you
should at least have a basic
understanding of how to seize a wallet
using the seed a master private key or a
bitcoin address private key you should
also have an idea of how to get at least
basic transaction information if not
from the wallet directly from a website
like blockchain.com so as a practice i'm
going to hide some wallet ids around and
i want you to try to seize the bitcoin
inside those wallets so that should get
you started next week we'll talk about
more technical analysis of ledger
systems thank you very much
you
استعرض المزيد من الفيديوهات ذات الصلة
![](https://i.ytimg.com/vi/aPprQUQljHE/hq720.jpg)
Hardware Wallets Explained, Reviewed and Compared
![](https://i.ytimg.com/vi/qLZ1IoezucE/hq720.jpg)
Ethereum Wallets Explained Simply (Smart Contracts, Gas, Transactions)
![](https://i.ytimg.com/vi/A1Pl5hYHXiI/hq720.jpg)
What is a Bitcoin Wallet? (in Plain English)
![](https://i.ytimg.com/vi/Vlyux5zbEpk/hq720.jpg?sqp=-oaymwEmCIAKENAF8quKqQMa8AEB-AH-CYAC0AWKAgwIABABGH8gEygyMA8=&rs=AOn4CLBMGxQmkRq47f8U9vtfZsbPmayCeQ)
Top Hot and Warm Wallets for BSV - Electrum SV, Rockwallet and Hand Cash
![](https://i.ytimg.com/vi/waP7n8crMhg/hq720.jpg)
Bitcoin Fees and Unconfirmed Transactions - Complete Beginner's Guide
![](https://i.ytimg.com/vi/z9-wK7WmXzA/hq720.jpg)
How To Stake WMT | World Mobile Vault Guide - Passive Crypto Income
5.0 / 5 (0 votes)