Tagging bad addresses
Open-source analytics similarly allows for the identification and tagging of crypto addresses relating
to diverse illegitimate and illegal purposes. Using automated or manual open-source analytics tools,
investigators can covertly collect valuable information from an extremely wide variety of sources including
the surface web, Deep and Dark Web, social networks, apps, Deep and Dark Web forums, and more.
Illicit actors turn to these platforms, as they provide a sense of anonymity. Indeed, Deep and Dark Web
monitoring has been one of the major challenges for law enforcement due to the risk of exposure, yet
dedicated and unique tools, provide a window to these deeper web layers.
collected and analyzed data can be used to identify and tag illicit activities and addresses. Some examples
include crypto addresses published by drug dealers on the darknet or terror-related addresses linked to
terror financing campaigns that are promoted via terror groups’ websites or social media. It should be noted
that similar information can also be collected via cyber security analytics and collaboration with cyber
security vendors, including ransomware addresses and reports of hacking incidents or stolen coins, or via
collaboration with other law enforcement agencies around the world.
Limitations with this methodology
Investigators should keep in mind that while this methodology is valuable, it is mainly used to identify
illicit crypto addresses, and in most cases won’t lead to the real identity of the person owning those
crypto addresses.
Linking an illicit tagged address to its owner is a challenging task, and the techniques used by
advanced actors make it even harder. Ordinary transaction makers may reuse their crypto addresses
and often publish them alongside their name or other identifiers, such as email addresses. However,
advanced illicit actors avoid these practices in an attempt to maintain their anonymity.
Open-source Methodologies