Advanced Course Practicals

UTXO Change Address Analysis 

 

On March 14, 2025, a registered sex offender (victim) was contacted by scammer advising that he had an outstanding arrest warrant for being within 1000 feet of a public park where kids where present. The scammer told the victim that the warrant could be removed if he paid a fine of $25,000 immediately at a Bitcoin ATM machine. The scammer provided the victim with the address of the nearest ATM machine. The victim traveled to the bank, with drew approximately $30,000 USD and then went to the ATM machine. The suspect provided the following bitcoin address to the victim.

bc1qprkvr7ktkmyuyv5nq8f0af92hg0nyzvurvvwn2

On 2025-03-14 19:22:21 the victim sent approximately $17,800 USD which equaled .2105 BTC to the target address. On 2025-03-14 22:16:50 the victim sent approximately $8300 USD which equaled .0995 BTC to the target address. Based on the above information, answer following questions using an advanced blockchain analytical tool: 

(NOTE – CT PRO USE THE TRACER FEATURE ONLY AND SET A DATE FILTER OF March 13, 2025 - May 11, 2025)

  1. Using an automated graphing feature, attempt to identify a possible CEX or DEX exchange the target used to liquidate or convert the BTC. ((NOTE – CT PRO – Use Bot Trace in Tracer After Searching the Initial Target Address). Document this name of this CEX/DEX.

     
  2. Using the in/out tracing method analysis, trace the movement of the BTC and attempt to identify a potential exchange used to cash out the cryptocurrency.

    Document the last four of the transaction hash, the target address, and the exchange deposit address that you would use to prepare a legal process to the DEX or CEX exchange for account information.  Ensure that you can articulate exactly why you believe there is probable cause that the illicit proceeds were sent to the exchange that you identified.
     
  3.  Go back to Target Hop #2, begin tracing the change address also. (NOTE FOR CT PRO: You will add both the likely not change and the change address on Target Hop #2. Follow both addresses and attempt to identify a wallet where the change addresses reconnect with the non-change addresses. DO NOT GO TO FAR DOWN A RABBIT HOLE. THE PURPOSE OF THIS PART OF THE PRACTICAL IS SIMPLY ILLUSTRATE CHANGE ADDRESSES RECONNECTING WITH OTHER ADDRESSES) Document the wallet address that received multiple transactions from change addresses.

 

CLICK THE BELOW LINK TO VIEW A VIDEO DEMONSTRATION OF THE TRACE.

https://vimeo.com/1120683505?share=copy#t=0

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.