Last year I got hit by an impersonation scam. Someone I thought I was talking to wasn't who they said they were, and a few thousand dollars in crypto moved to a wallet I didn't control before I realized what had happened.
I did what everyone does next: I opened a block explorer, stared at a string of transactions I didn't understand, and started Googling.
Here's what I found.
Option 1: Pay a professional blockchain forensics firm. Quotes started at $500 and went up to $5,000 for anything useful. For someone who'd just lost money, that's a second gut-punch.
Option 2: Free block explorers like Etherscan. They show you raw transactions, but they don't tell you that the wallet on hop #4 is a Binance deposit address, or that the contract on hop #2 is Tornado Cash. You can see everything and understand nothing.
Option 3: Post on r/CryptoScams and hope a kind stranger helps.
There's a gap in the middle, and that gap is where most victims actually live. People who've lost enough money to care, but not enough to justify a $2,000 forensics bill.
So I built ChainTracing.
The technical problem
The interesting problem was cross-chain. Most consumer-facing tools handle one ecosystem well. Following funds from an EVM chain through a bridge into Solana, then to a Tron USDT address, then to a Binance deposit, is where they fall apart.
What I ended up building is a breadth-first search that runs across 8 chains in parallel: Ethereum, BSC, Polygon, Arbitrum, Base, Solana, Tron, and Bitcoin. Four separate tracer engines, one for each architectural family (EVM, Solana, Tron UTXO-style, Bitcoin UTXO), feeding into a unified hop graph.
At every node in the BFS, the trace cross-checks against:
Known CEX hot wallet databases (Binance, Coinbase, Kraken, OKX, Bybit)
Mixer contracts (Tornado Cash, Blender, etc.)
Cross-chain bridges
OFAC and EU/UK sanctions lists
A database of 4,700+ reported scam wallets
A "beyond-CEX" reliability flag: once funds hit an exchange, on-chain tracing becomes unreliable, so we explicitly flag that horizon instead of pretending we can still follow
A few things that were harder than expected
Cross-chain bridge detection. Bridges don't all behave the same way. Some lock-and-mint, some burn-and-mint, some just send to a custody wallet. Getting reliable "funds went from chain A to chain B via bridge X" signal required hand-tuning per bridge.
Solana. Nobody tells you this until you try, but Solana's data model is so different from EVM that 70% of the EVM tracer code was useless. Solana tracing ended up being a completely separate implementation.
CEX attribution confidence. Telling someone "your funds reached Binance" is useless if it's wrong. The entire value of the tool collapses. I ended up with a confidence-scored attribution system rather than a binary yes/no, and surface the confidence in the PDF so investigators can judge.
Scam database deduplication. Scam wallet lists from different sources overlap, disagree on case (checksummed vs lowercase Ethereum addresses are the same address), and sometimes include false positives. Normalizing across 10+ sources took longer than building the tracer.
Stack
Next.js 16, Supabase, Vercel. Free tier runs on public RPC endpoints; paid tiers use dedicated providers for throughput. PDF generation is server-side with a custom template because none of the off-the-shelf libraries produced output that looked like something a police officer would actually accept as evidence.
Where I'm at
Soft-launched at chaintracing-app.vercel.app. Free tier is a risk score and scam database check. Paid tiers ($9.99 and $29.99) generate PDF reports. Some early users, no paying ones yet. SEO restructure just shipped.
A question for the dev.to crowd
If you've built in a trust-sensitive vertical (security, healthcare, finance, crypto): how did you get past the credibility problem when you're a small team with a product that solves a problem big firms charge 50x more for? "Why so cheap?" is the #1 question I get, and I suspect my answer ("because the underlying compute cost is low and I'd rather have 1,000 users at $10 than 10 at $1,000") isn't as reassuring to readers as it is to me.
Also genuinely interested: if you've ever been scammed or helped someone who was, what would have made the difference at that moment?
Top comments (1)
So sorry to hear about the scam! Hope your tool helps others avoid this 💪