A collection of resources useful for OSINT Investigations on Cryptocurrencies and WEB3. For sure, it isn't a complete resource, most of what you find here is related to some investigation I did. Feel free to fork and make any addition you want.
Table of contents
CRYPTO-OPSEC Methodologies and Info
| Info / Tool |
Description |
| OfficerCIA Guide |
Collection and discussion about the best DeFi,Blockchain and crypto-related OpSec researches |
| Anubitux |
AnuBitux is a free project that aims to provide everyone with a safe and secure environment to manage crypto-stuff. Full documentation and tutorials here. |
| Slowmist Blockchain Darkforest |
Blockchain dark forest selfguard handbook: Master these, master the security of your cryptocurrency. |
Bitcoin - BTC
BTC Address Regex
| Address regex |
Description |
1[a-km-zA-HJ-NP-Z1-9]{25,34} |
Legacy addresses |
3[a-km-zA-HJ-NP-Z1-9]{25,34} |
P2SH address |
bc1[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{39,59} |
Segwit addresses |
bc1p[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{59} |
Taproot addresses |
BTC Blockchain explorers
| Link |
Description |
| 3xpl.com |
Fastest ad-free universal block explorer |
| Blockchain.com |
One of the first and robust explorer, it permits to explor Bitcoin, Ethreum, Bitcoin Cash , other Assets and also NFT |
| Blockchair |
An explorer that supports differents cryptovalutes, Bitcoin, Ethereum, Dogecoin, the search permits to query address, transaction and embedded text inside block |
| Crystalblockchain |
The public explorer helps to search for adresses, transactions, it also display a comprensive detail about ad address. |
| Tokenview |
Another blockcahin explorer, it supports different tokens and cryptocurrencies, BTC, ETH, XMR ... Search info by addresses and or trnsactions |
| Graphsense |
GraphSense is a cryptoasset analytics platform emphasizing full data sovereignty, algorithmic transparency, and scalability. |
| Coincodex |
Hystorical price of Bitcoin |
| Awebanalysis |
Validate Bitcoin format |
| WalletExplorer |
A service which try to retrieve the wallet related to an address #BacarefullwhatyouOSINTWith
|
| Breadcrumbs.app |
An investigation tool that help to visualize address relation, it's very helpful and it contains information about sanzioned address and assets. It supports BTC, ETH and any ERC20 Token |
| TRM |
TRM Tranasction Monitor and TRM Forensics are two tools that help in dept analysis on Blockchain transactions |
| Lampyre |
Like Maltego it supports BTC investigations and correlations. #BacarefullwhatyouOSINTWith
|
| Bitquery.io |
Full explorer which support, addresses analysis, smartcontracts and assets explorer |
| Ciphertrace |
Inspect/Armada - Cryptocurrency Risk and Fraud Controls for Financial Institutions/Cryptocurrency Risk and Fraud Controls for Financial Institutions |
| Coinfirm |
industry-leading blockchain analytics, investigations and AML solutions are trusted to best analyse and manage risk. |
| Whalealert |
An alerting system, it's helpful to get alerts when wallets with a big amount of funds are making transactions |
| BTCparser |
A project to get information about differents kind of wallets, it monitors old wallets or wallets related to the Satoshi era |
| Bitref |
A simple, address explorer. It display amount of Bitcoin held on given addresses |
| Arkhamintelligence |
A tool that permits network mapping different Networks currently it supports BTC / ETH |
| Metasleuth |
BTC Address explorer and wallet monitor |
| SpyderLab |
Spyderlab.org offers blockchain forensics, crypto AML solutions, and OSINT tools for comprehensive investigative analysis. |
BTC Blockchain Databases and Analyzers
| Link |
Description |
| CryptoBlacklist |
An addresses blacklist, it contains simple reports about the type of activities the address is related to |
| Bitcoinwho'swho |
An address lookup service to indify report related to a malicious BTC addresses. |
| Bitcoinabuse |
Tracking bitcoin addresses used by ransomware, blackmailers, fraudsters, etc. |
| Chainabuse |
Report a cryptocurrency hack or scam across multiple blockchains and search addresses and domains to see if they are connected to any fraudulent activity. It supports BTC, ETH, SOL and ADA |
| Scamsearch |
It's a global scam database. Search by Profile Picture, Email, Username, Pseudo Name, Phone Number, crypto address or website. |
| Scamalert |
It offers a search engine for scam and crypto-address related frauds |
| Cryptoscamdb |
A scam database which contains information about sites scam and related address |
| Ransomwhere |
Bitcoin address used in ransomware activities, the databse is in raw format and it's integrated in chainabuese service |
| Know Your Coin Privacy |
Try to guess relation from BTC adddress using this techiques Boltzmann analysis, Entity analysis, Address reuse, Input/output merges |
| SPLcenter Addresslist |
A spreadsheet containing information about address used by extremists and far right communities |
| Bad Bitcoin |
A database containing info and details about Bitcoin Fraud since 2014 |
| Vivigle |
A global cryptoRatings and Analytics Platform |
BTC API
| Req |
Description |
https://3xpl.com/bitcoin/address/xxx |
Request for the status of the address using 3xpl API |
https://blockchair.com/bitcoin/address/xxx |
Request for the status of the address using Blockchair API |
https://blockchair.com/bitcoin-cash/transaction/xxx |
Request for the detail of a give Transaction |
https://www.bitcoinabuse.com/reports/ |
Looking for any entry related to a given address on the Bitcoinabuse database |
http://codacoin.com/api/public.php?request=validate&address=xxx |
An api for get a validation of a given BTC address |
https://blockchain.info/q/24hrprice |
Retrieving the price of the last 24h |
https://blockchain.info/q/getreceivedbyaddress/xxx |
Retrieving the amount received on a given BTC address |
https://blockchain.info/q/getsentbyaddress/xxx |
Retrieving information of what was sent by a given address |
https://blockchain.info/q/addressbalance/xxx |
Retrieving the balance for a given address |
https://chain.api.btc.com/v3/address/xxx |
Retrieving information about a given address |
https://blockchain.info/q/addressfirstseen/xxx |
It retrieve the first seen date of a given address |
BTC Other
| Link |
Description |
| CriminalIP |
It'a a infrstructure scanner. It scans ip and services, there is a section related to miner services exposed online |
| Intelx.io |
It indexes nformation retrieved from both closed and open source. It also indexs IP, email, BTC addresses and other kind of assets |
| Antianalysis |
Service is maintened and hosted by activist, it support machine learning to analyze information about an address and its related transactions |
| Antianalysis (DARK) |
Service is maintened and hosted by activist, it support machine learning to analyze information about an address and its related transactions |
| Cryptocurrencyalerting |
Getting alerts about transaction related to a given address |
| Localbitcoin |
Useful to check nicknames and details that could be related to Bitcoins adopters |
| Aware Online |
Different tools to conduct Osint investigation on given BTC addresses |
| GraphSense Maltego Transform |
A Maltego transform which leverage the power of GraphSense for Crypto investigations |
| Mempool Space |
A graphical dashboard to analyze history fo block congestion, fee, lighting networks and mining activities |
| Paxful |
An exchange that, starting from a given nickname, let you explore users and info related to them. |
Ethereum - ETH
ETH Address Regex
| Address regex |
Description |
0x[0-9A-Fa-f]{40} |
All Ethereum addresses have a length of 40 hexadecimal characters and begin with “0x” |
ETH Blockchain explorers
| Link |
Description |
| 3xpl.com |
Fastest ad-free universal block explorer. |
| Blockchain.com |
One of the first and robust explorer, it permits to explor Bitcoin, Ethreum, Bitcoin Cash , other assets and also NFT |
| Etherscan |
The most reliable and complete explorer for Ethereum ecosystem. It help to search Adressess, token , nft, smartcontracts and other also ens domains |
| Blockchair |
An explorer that supports differents cryptovalutes, Bitcoin, Ethereum, Dogecoin, the search permits to query address, transaction and embedded text inside block |
| Tokenview |
Another blockcahin explorer, it supports different tokens and cryptocurrencies, BTC, ETH, XMR ... Search info by addresses and or trnsactions |
| Blockscout |
It covers all about ethereum, from transactions and block information, token values to sidechains and private chains |
| Ethective |
could be a great help for our forum investigators because has a very interesting way to visualize Ethereum network, that makes exploring transfers much more interactive. |
| Graphsense |
GraphSense is a cryptoasset analytics platform emphasizing full data sovereignty, algorithmic transparency, and scalability. |
| BitQuery |
A Blockchain explorer which supports different kind of assetts. It supports BTC, ETH, DOGE, ADA etc |
| Ethplorer |
Track address portfolios for any Ethereum address with comprehensive balance charts and transactions; |
| ENS Domains |
An ens domain explore, mainly used to purchase that kind of assets, it also help to find end domains and related information |
| Breadcrumbs.app |
An investigation tool that help to visualize address relation, it's very helpful and it contains information about sanzioned address and assets. It supports BTC, ETH and any ERC20 Token |
| Arkhamintelligence |
A tool that permits network mapping different Networks currently it supports BTC / ETH |
| Watchers.pro |
[Warning!!! Create a sock wallet, it needs a Metamask extension to access it] A tool that provides a dashboard for clustering and inspecting DEFI and altcoin related entities |
| Metasleuth |
ETH Address explorer and wallet monitor |
| TrackEnn |
Traceability project in blockchain. Ethereum for now. Transactions, internals, ERC-20 transfers, contracts, internal tagging, labeling, etc |
| Ward Graph |
Nice graph explorer for ETH blockchain. The Offical Repo
|
| Socketscan |
EVM bridge explorer |
ETH Blockchain Databases and Analyzers
| Link |
Description |
| CryptoBlacklist |
An addresses blacklist, it contains simple reports about the type of activities the address is related to. |
| Chainabuse |
Report a cryptocurrency hack or scam across multiple blockchains and search addresses and domains to see if they are connected to any fraudulent activity. It supports BTC, ETH, SOL and ADA |
| Scamsearch |
It's a global scam database. Search by Profile Picture, Email, Username, Pseudo Name, Phone Number, crypto address or website. |
| Cryptoscamdb |
A scam database which contains information about sites scam and related address |
| Cryptoscam |
Another database containing information about scammers, it supports Email/Address search |
| SPLcenter Addresslist |
A spreadsheet containing information about address used by extremists and far right communities |
| Vivigle |
A global cryptoRatings and Analytics Platform |
| Walletlabels |
Search engine based on a collection of more than 7.5M ETH labeled addresses |
| Dune |
A community driven dashboards collection, useful for exploring ETH, TOKENS and NFT |
ETH Other
| Link |
Description |
| Chat Blockscan |
A chat based on Ethereum blockchain, useful to reach an ens domain or address owner |
| CriminalIP |
It'a a infrstructure scanner. It scans ip and services, there is a section related to miner services exposed online |
| Naddison36 |
Ethereum transaction to UML sequence diagram generator |
| Cryptocurrencyalerting |
Getting alerts about transaction related to a given address |
| Aware Online |
Different tools to conduct Osint investigation on given ETH addresses |
| GraphSense Maltego Transform |
A Maltego transform which leverage the power of GraphSense for Crypto investigations |
| Etherscan Transforms for Maltego |
The official Etherscan transform for Maltego |
| Demixing Tornado cash bot |
Tool for demixing transaction made using Tornado cash (updated weekly) |
| Paxful |
An exchange that, starting from a given nickname, let you explore users and info related to them. |
| Onchain.industries |
A tool for identifying possible related addressed registered on different blockchain platform, it supports different modules for L1 and L2 blockchains |
| Cielo |
A tool for tracking and monitoring EVM wallets |
MONERO - XMR
XMR Address Regex
| Address regex |
Description |
[48][1-9A-Za-z]{94} |
A raw Monero address is a set of 95 characters starting with a '4' or an '8 |
XMR Blockchain Explorers
| Link |
Description |
| Blockchair |
Help to inspect transactiosn and related hashes. |
XMR Blockchain Databases and Analyzers
CARDANO - ADA
ADA Address Regex
| Address regex |
Description |
Ae2[1-9A-HJ-NP-Za-km-z]+ |
Legacy address ( Byron ) - Icarus-style |
DdzFF[1-9A-HJ-NP-Za-km-z]+ |
Legacy address ( Byron ) - Daedalus-style |
addr1[a-z0-9]+ |
Shelley address |
stake1[a-z0-9]+ |
Shelley address used in stacking pool |
ADA Blockchain explorers
| Link |
Description |
| Blockchain.com |
One of the first and robust explorer, it permits to explor Bitcoin, Ethreum, Bitcoin Cash , other Assets and also NFT |
| Cardano explorer |
The official scanner for Cardano transactions, it help to analyze addresses, transactions for each epoch |
| Blockchair |
An explorer that supports differents cryptovalutes, Bitcoin, Ethereum, Dogecoin, the search permits to query address, transaction and embedded text inside block. |
| Adastat |
An explorer related to the whole Cardano ecosystem, it can inspect Addresses, Block, Trnsactions Epoch |
| Adapool |
An Stacking pool explorer, it helps to browse stacking pool and the currently related activities |
| BitQuery |
Full explorer which support, addresses analysis, smartcontracts and assets explorer |
ADA Blockchain Databases and Analyzers
| Link |
Description |
| Chainabuse |
Report a cryptocurrency hack or scam across multiple blockchains and search addresses and domains to see if they are connected to any fraudulent activity. It supports BTC, ETH, SOL and ADA |
SOLANA - SOL
SOL Address Regex
| Address regex |
Description |
[1-9A-HJ-NP-Za-km-z]{32,44} |
A Solana address's length varies from 32 to 44 characters. |
SOL Blockchain explorers
| Link |
Description |
| Solana Explorer |
The official scanner for Solana transactions, it help to analyze addresses, transactions, tokens |
| Blockchair |
An explorer that supports differents cryptovalutes, Bitcoin, Ethereum, Dogecoin, the search permits to query address, transaction and embedded text inside block. |
| Solscan.io |
A Solana scanner which support Address, transaction, token and NFT. Solscand was acquired by Etherscan |
SOL Blockchain Databases and Analyzers
| Link |
Description |
| Chainabuse |
Report a cryptocurrency hack or scam across multiple blockchains and search addresses and domains to see if they are connected to any fraudulent activity. It supports BTC, ETH, SOL and ADA |
SOL Other
| Link |
Description |
| Onchain.industries |
A tool for identifying possible related addressed registered on different blockchain platform, it supports different modules for L1 and L2 blockchains |
TONCOIN - TON
TON Address Regex
| Address regex |
Description |
0:[a-z0-9]{64} |
The raw address, it is an hexadecimal format |
| `(E\ |
U)Q[a-zA-Z0-9-_]{46}` |
\w\s\w\s\w |
It also supports generated nickname like Graceful Tan Takin <_< |
TON Blockchain explorers
| Link |
Description |
| 3xpl.com |
Fastest ad-free universal block explorer |
| Tonscan |
An address lookup service, it helps to find details about a given address |
| Ton.sh |
An address lookup service, it helps to find details about a given address, it support API |
| Tonmoon |
Help to inspect an address, it support canonical address and nickname also |
| Youton |
Another Address explorer |
| Toncoin |
An more technical esplorer, it helps to query the TON network using different keyfields, workchain ,shard and so on |
| TonAPI |
Is a platfor and API useful for inspect TON address and any related assets, it supports Number and also NFT |
| Ton.page |
Another Explorer, fast and easy to use |
| Ton.cx |
A raw and in depht analysis tool for TON transactions |
| GetGems |
A marketplace for NFTs for TON network assets |
| re:doubt |
A platform for conduct TON analysis and investigations. It's an opensource prokject hosted here
|
TON Blockchain Databases and Analyzers
TON OTHER
| Link |
Description |
| Tonwine |
An interactive way to pay with TON |
| Fragment |
Is a marketplace/ auction used to purchase number or nickname usable on the Telegram platform https://fragment.com/username/[username]
|
| Ton place |
A platform for monetize from content and fanbase, dork site:ton.place [content]
|
| Tonex |
A social netowrk directly integrated on TON network |
| TONwhale |
A list of top 1000 accounts |
| TONmeterbot |
A service used to make scores about users. The score is generated on Balance/NFTnum basis. |
| re:doubt |
A search engine for scam report related to The Open Network ecosystem |
| TON Forbes |
TON Forbes is an intelligent social rating of The Open Network blockchain wallets. |
CCTP EXPLORERS
| Link |
description |
| Range |
CCTP transactions explorer |
SMARTCONTRACTS
| Tool |
Description |
| PALKEO |
An Ethereum explorer focused on smart contracts |
| Ethereum Signature Database |
A database containing the bytes related to functions used in Database |
| Grep.app |
Search for smartcontract source code. It could be useful for search for nft or contract sourcecode |
| EIS3 |
A ENS domain (.eth domain) analyzer |
| Dune |
A community driven dashboards collection, useful for exploring ETH, TOKENS and NFT |
DEFI
|Sonar.watch | A multichain dashboard / explorer |
NFT
| Tool |
Description |
| Opensea |
The first and more relevant NFTmarketplace, it also supports ENS name, accounts could be explorer using this pattern: https://opensea.io/[nickname]
|
| Binance NFT |
NFT marketplace directly managed by Binance |
| Rarible |
Another NFT marketplace, it supports ETH, SOL, Thezos and Polygon |
| Coinbase |
NFT marketplace directly managed by Coinbase |
| Crypto.com |
NFT marketplace directly managed by Crypto.com |
| NFT Calendar |
A Calendar for NFT project, it doesn't require any author validation |
| Luckyblock |
NFT explorer for NFT minted on the BNB network |
| Nftsearch |
A reverse search for finding NFT, it supports images, address and so on |
| NFTfinder |
A reverse search for finding NFT, it supports images, address and so on |
| Compass |
An explorer which help to understand statistics about NFTs |
| Context.app |
An NFT explorer mainly related to owners, it should synk Twitter followers to their address or ENS name |
| NFT Analyst Starter Pack |
USing alchemy API key, it can generate CSV extracts for all token transfers, historical sales, and each underlying item's metadata |
| Nftfreeviewer |
An NFTs epxlorer that supports ETH and Polygon netowrk |
| Tonnft |
A marketplce and explorer for TON nft |
| GetGems |
Another marketplace for NFTs for TON network assets |
| Disintar |
A marketplace for NFTs based on TON netowrk, there is also a collection related to Telegram names |
| NFTGO.io |
Discover, analyze, and trade NFTs faster and smarter than anyone else, aided by in-depth analytics and intelligent toolkits. |
| NFT scan |
An nft explorer which supports different blockchain like Ethereum, Binance, Polygon, Solana and others |
| Dune |
A community driven dashboards collection, useful for exploring ETH, TOKENS and NFT |
| ZORA |
A platform for minting NFT, it let you explore useful information on some MINT statistics |
NFT Databases and Analyzers
| Link |
Description |
| Scamsniffer |
A full solution to track NFT scammer, it also supports a Browser extension and a Discord bot |
NFT API
| Tool |
Description |
API CALL |
| Alchemy API |
Help to navigate ETH and other chain data via API |
import { Alchemy } from "alchemy-sdk";Alchemy().nft.getNftsForOwner("0xshah.eth").then(console.log); |
IPFS
| Tool |
Description |
ipfs dht findprovs <hash-of-file> |
returns IDs of all nodes having the file |
ipfs dht findpeer <nodeID> |
returns the list of node addresses (IP v4 and v6, TCP and UDP) |
| IPFS scanner |
IPFS scanning can identify new hosted content or expose information leaks similar to Amazon S3 buckets. |
| IPFS browser |
Search, view, access, and download IPFS files quickly and easily right in your web browser from any device! |
METAVERSE - WEB3
| LINK |
Description |
| Spatial |
An example of Metaverse, it contains different spaces where people can connect with. https://www.spatial.io/@[USERNAME]
|
| Debank |
A WEB3 messanger and Portfolio |
| Zapper |
A multachain, WEB3 explorer. It allows search and monitor different kind of assets like TOKEN, NFT etc. |
| Scamsniffer |
A chrome extension aimed to block and detect scams and ragpull during the WEB3 surfing |
DORK
| Dork |
Description |
[ADDRESS] -block |
Identify information related to the address but not indexed by common search engines |
site:[url of interest] [ADDRESS] |
help to find information about an address on a target url of interest |
(antminer) AND protocols.raw: “80/http” AND 80.http.get.title: “401” |
(Shodan) dork for antminer |
ETH - Total Speed |
(Shodan) Claymore Miner Software |
NOTABLE ACCOUNT TO FOLLOW
| Account |
Description |
| CIA_Officer |
Independent Security Researcher • Not the CIA • OpSec & Privacy Guru • On-Chain & OSINT Sleuth |
| Rugpullfinder-(Inactive) |
The NFT community's premier source of information |
| ZachXBT |
On-chain sleuth. Rug pull survivor turned 2D detective |
TOOLS
📖 RESOURCES, REFERENCES, READING
Top comments (0)