1. THIS PRACTICAL WILL TRACE THE COINBASE HACK PRACTICAL USING ENHANCED ANALYTICS.

• On November 30, 2021, a victim reported that their Coinbase account was hacked. The victim advised that the suspects converted over $20,000 of Ethereum and Solano into Bitcoin and then executed dozens of transfers in the amount of $100.  The victim advised that the suspect sent most funds to the following address:

              bc1qp2vjk39ajxwy5uh7xq6yr0gtgzhlkgk7xdecg9

• Using the TRACER feature of CT PRO Select Bitcoin as the network and set a date filter of 11/30/2021 - 12/2/2021.  Add the suspect address to the graph. Left click and analyze the address.
   
• Trace the cryptocurrency until an exchange is identified (NOTE: STOP TRACING WHEN TWO ARROWS POPULATE ON NODE:)
   
• Document the exchange name, last four of the transaction hash, the target address, and the exchange deposit address that you would use to prepare a legal process to the exchange for account information. Ensure that you can articulate exactly why you believe there is probable cause that the victim's cryptocurrency was sent to the exchange that you identified.
  
  CLICK THE BELOW LINK TO VIEW A VIDEO DEMONSTRATION OF THE TRACE IF NEEDED. https://vimeo.com/1123055211?share=copy

 2. On 2024-03-12 17:46:36, a victim sent approximately $1269 of Bitcoin to a scammer who initiated a “Sextortion Scam.”           The victim sent the funds to the following address:

                    1FECxHyNFvYjj7FVQtmD1GrMxoLEBFHDCV
 

• Using the Tracer feature in CT PRO, track the movement of the funds and identify the name of an exchange that may have been used to liquidate the cryptocurrency. (DO NOT SET A DATE FILTER)
   
• Document the exchange name, last four of the transaction hash, the target address, and the exchange deposit address that you would use to prepare a legal process to the exchange for account information. Ensure that you can articulate exactly why you believe there is probable cause that the victim's cryptocurrency was sent to the exchange that you identified.
  
  CLICK THE BELOW LINK TO VIEW A VIDEO DEMONSTRATION OF THE TRACE IF NEEDED. https://vimeo.com/1123059897?share=copy#t=0
   

 3. On March 26, 2024, an undercover officer arranged for the purchase of 1 ounce of powder cocaine. The target wanted          to be paid in Bitcoin. The target provided the following address, and the undercover officer sent a $6.00 test                          transaction.

                  bc1qyqplled5djehv86lkazlrw47vnht3q65la4927

•  Using the Tracer feature of CT PRO, identify if the target address is associated with an exchange. If so, what is the name of the exchange?
   
•  Identify the Transaction Hash for the outgoing transaction and document the last four
  
  CLICK THE BELOW LINK TO VIEW A VIDEO DEMONSTRATION OF THE TRACE IF NEEDED. https://vimeo.com/1123057972

 4. On 2021-04-16 21:56:25, the scam address listed below engaged in a wallet hop:

              bc1qcygs9dl4pqw6atc4yqudrzd76p3r9cp6xp2kny

         Based on the above information, use the Tracer feature of CT PRO to answer the following questions:

• Identify the last four of the transaction hash for the transaction that occurred on 2021-04-16 21:56:25. 

          (Note: Use the Tracer Feature and add filter April 16-19, 2021)

• Identify the change address? What two indicators did you base your assumption on.
   
• Track the transaction to attempt to identify an exchange used to liquidate the cryptocurrency.
  
  (NOTE: Track 3-5 Hops)
   
• Document the exchange name, last four of the transaction hash, the target address, and the exchange deposit address that you would use to prepare a legal process to the exchange for account information. Ensure that you can articulate exactly why you believe there is probable cause that the victim's cryptocurrency was sent to the exchange that you identified.
  
   CLICK THE BELOW LINK TO VIEW A VIDEO DEMONSTRATION OF THE TRACE IF NEEDED. https://vimeo.com/1123056176?share=copy