Cryptocurrency has evolved from a niche digital experiment into a global financial phenomenon — and with that growth, its role in crime, corruption, and illicit finance has intensified. For investigative journalists, understanding how to track and analyze cryptocurrency transactions is no longer optional; it's essential. At the 13th Global Investigative Journalism Conference (#GIJC23), financial crime expert Federico Paesano from the Basel Institute on Governance shared crucial insights on decoding the world of digital assets.
Hosted by Paul Radu, co-founder of the Organized Crime and Corruption Reporting Project (OCCRP), the session offered reporters practical tools, foundational knowledge, and strategic approaches to investigating cryptocurrency. Whether you're covering money laundering, terrorist financing, or public corruption involving crypto, this guide breaks down what you need to know.
Understanding the Basics: Core Concepts Every Investigator Should Know
Before diving into investigations, journalists must grasp fundamental concepts that underpin cryptocurrency systems.
What Is Cryptocurrency?
Think of cryptocurrency as digital money secured by cryptography. Federico Paesano uses an intriguing analogy: the people of Yap in Micronesia used massive stone disks — too heavy to move — to represent wealth. Ownership wasn’t tied to physical possession but recorded collectively in community memory.
Similarly, owning cryptocurrency means having your ownership recorded on a decentralized ledger — accessible only through cryptographic keys. These ledgers are distributed across networks, making them tamper-resistant and transactions irreversible.
👉 Discover how blockchain analytics can uncover hidden financial trails.
What Is a Blockchain?
A blockchain is a chronological, public record of all transactions made with a specific cryptocurrency. Each type of crypto has its own blockchain — for example, Bitcoin’s blockchain exceeds 500GB in size and grows daily. Because every transaction is permanently logged, blockchains offer a goldmine for investigators.
You don’t need to download the entire chain to investigate. Instead, use blockchain explorers (more on those later) to trace fund flows between wallets.
What Is a Cryptocurrency Wallet?
A wallet doesn’t store coins like a physical purse. Instead, it holds private keys — long strings of characters that prove ownership and authorize transactions. Losing access to your private key means losing your funds permanently.
Wallets come in many forms: hardware devices, mobile apps, paper backups, or even cloud storage. Journalists should be aware that suspects may hide keys in unconventional places — written on paper, stored in USB drives, or encrypted in personal devices.
What Is a Cryptocurrency Cluster?
A cluster groups multiple wallet addresses believed to belong to the same individual or entity. While each address appears anonymous, patterns in transaction behavior can link them together. Clusters often appear when services like exchanges or darknet markets receive payments — and they’re critical for mapping out larger financial networks.
Why Criminals Favor Cryptocurrency (And Why It Matters)
While most crypto activity is legitimate, its unique features make it attractive for illicit use:
- Irreversible transactions: Once sent, funds cannot be clawed back — ideal for ransomware payments.
- Decentralization: No central authority controls the network, limiting government intervention.
- Pseudonymity: Addresses aren’t directly tied to identities, offering privacy (though not full anonymity).
- Permissionless access: Anyone can transact without approval from banks or regulators.
- Inflation hedge potential: In unstable economies, some see crypto as protection against currency collapse — despite its own volatility.
Despite misconceptions about total anonymity, most blockchains are transparent. Every transaction is visible — the challenge lies in connecting addresses to real-world identities.
While crypto-related crime still represents a fraction of overall usage, the volume of illicit funds is rising sharply. According to Chainalysis, over $20 billion in cryptocurrency was linked to criminal activity in 2023 alone. More alarmingly, extremist groups increasingly rely on crypto for fundraising and cross-border transfers.
Practical Tips for Investigating Cryptocurrency
Investigating crypto doesn’t require a computer science degree — but it does demand curiosity, persistence, and the right tools.
1. Recognize Private Keys and Recovery Phrases
Private keys look like random alphanumeric strings (e.g., 5KJbs5...). So do seed phrases — usually 12 or 24-word combinations used to restore wallets. These might appear in emails, notes, cloud files, or even taped inside drawers. Finding one could unlock access to millions in digital assets.
2. Track Down Crypto Exchange Kiosks
Physical crypto ATMs or exchange kiosks allow users to convert cash into digital currency. Paul Radu suggests buying small amounts from these machines to identify their receiving wallet addresses. From there, use open-source tools to trace where those funds move.
3. Use Open-Source Intelligence (OSINT)
Criminals sometimes publicly share wallet addresses — for donations, product sales, or ransom demands. Search forums, marketplaces, and dark web platforms using tools like:
- Google Dorks
- The Hidden Wiki
- Dark web crawlers (with proper security measures)
Always use protective browsing practices: avoid direct IP exposure, use secure VMs, and never log in with personal accounts.
👉 Learn how advanced tracing tools reveal hidden transaction paths.
4. Understand Transaction Structure: Inputs and Outputs
Crypto transactions work differently than bank transfers. If you want to send 0.5 BTC from a wallet holding 1 BTC, the system treats the entire 1 BTC as an input. The outputs include:
- 0.5 BTC to the recipient
- 0.5 BTC returned to you as "change" (sent to a new address)
This “change address” pattern helps cluster related wallets — a technique known as heuristics analysis.
5. Follow the Trail: From One Address to a Network
One wallet address can lead to dozens more through heuristic clustering. By analyzing transaction timing, input combinations, and reuse patterns, investigators can map entire ecosystems — identifying exchanges, mixers, or high-value targets.
6. Master Blockchain Explorers
These free tools let you search transactions by wallet address or hash ID. Popular options include:
- Blockchair
- Blockchain.com Explorer
- WalletExplorer (used by Paesano in the presentation)
Enter any Bitcoin address and see every incoming and outgoing transaction — often going back years.
7. Decode Obfuscation Techniques
Sophisticated actors use methods to hide their tracks:
- Mixing services (e.g., Tornado Cash): Pool funds from multiple users to break traceability.
- Chain hopping: Swap one cryptocurrency for another across exchanges.
- CoinJoin: Combine multiple payments into one transaction.
- Stealth addresses: Generate one-time addresses for enhanced privacy.
- Lightning Network: Off-chain transactions not visible on main blockchain.
- Zk-SNARKs / Ring Signatures: Used in privacy coins like Zcash and Monero.
While these aren’t exclusively criminal tools, spotting them should raise red flags during investigations.
Building Expertise: Resources and Networks
Stay updated through conferences such as the Global Conference on Financial Crime and Cryptocurrency, hosted by the Basel Institute. These events connect journalists with law enforcement, compliance officers, and forensic analysts.
Additionally:
- Reach out to firms like Elliptic, which specialize in tracking illicit crypto flows.
- Study the Basel Institute’s Quick Guide: Cryptocurrencies and Money Laundering Investigations.
- Join investigative communities like GIJN or OCCRP for peer support and training.
Frequently Asked Questions (FAQ)
Q: Can cryptocurrency be truly anonymous?
A: No. Most blockchains are transparent ledgers. While user identities aren't directly shown, transaction patterns and external data can de-anonymize users.
Q: How do I trace stolen funds?
A: Use blockchain explorers to follow the flow from the theft address. Look for movement into exchanges — which may freeze assets if reported.
Q: Are all cryptocurrencies equally traceable?
A: No. Bitcoin and Ethereum are highly traceable; privacy-focused coins like Monero or Zcash are much harder to track.
Q: Can I recover lost cryptocurrency?
A: Only if you have your private key or seed phrase. There’s no central authority to reset passwords.
Q: Do governments regulate cryptocurrency?
A: Increasingly yes — many countries require exchanges to verify user identities (KYC), helping link addresses to real people.
Q: Is investigating crypto dangerous?
A: Only if done carelessly. Always use secure devices, avoid clicking unknown links, and never reveal your identity on sensitive platforms.
Final Thoughts: Start Small, Think Big
Investigating cryptocurrency may seem daunting at first — but every expert started where you are now. Begin with one wallet address. Trace one transaction. Learn one tool.
As Paesano emphasized: “The blockchain never forgets.” Every transfer leaves a footprint. Your job is to follow it — all the way to the truth.
👉 Explore powerful tools that help visualize complex crypto networks.