Leaked documents identified the walletexplorer.com block explorer as a tool, owned by the blockchain analytics company Chainalysis, that made it possible to identify the IPs of potential cybercriminals. This, as it became known, was used to provide clues to the security forces, allowing them to track the whereabouts of these criminals.
The documents were exposed by the CoinDesk news portal on September 21. Originally, the leaked documentation consists of some slides in Italian, in which information regarding the way this block explorer operates is shown, and it is noted that said portal was the property of Chainalysis.
According to the documentation presented, the portal would serve as Honey pot (honey pot) which is an analogy used in the hacking world, which refers to a kind of digital bait to attract victims. In this the web portal is presented as an innocent block explorer.
Once inside, the web page detected the person’s IP, which can be considered as nothing strange, since many web portals tend to do so. However, according to the document, in case of a search of some of the addresses marked as suspicious by different security departments of the world, the web captured and recorded all the information.
Walletexplorer.com in addition to serving as a particular block explorer, such as mempool.space, offers particular tools such as tracking transactions from different exchanges and platforms of the Bitcoin and cryptocurrency ecosystem.
Chainalysis is a company that is dedicated to the forensic analysis of data within the different cryptocurrency networks. In this case, its secret website, WalletExplorer.com, serves as both an analysis and a tracking tool. Since you are talking about information of high interest, It is unknown if the company was able to sell this data to law enforcement.
Criminals Using Monero Were Also Tracked
Monero (XMR) is considered a private cryptocurrency. Within its blockchain it is not possible to track the origin or destination of funds within a transaction. However, in the leaked documentation, Chainalysis is reported to have provided clues about criminals who have used XMR.
However, because such a statement can be seen as a privacy breach within Monero, Justin Ehrenhofer, a member of the Monero Space task force, wrote for CoinDesk, claiming that the interpretation may be due to many factors that allow users to be tracked. within the Monero network. The tracking, according to Ehrenhofer, may be due to circumstances external to the cryptocurrency, such as IP traces directly on people’s devices, and not within the Monero network.
Bitcoin nodes also leave a trail
Mobile wallets need to connect to an external Bitcoin node that allows them to confirm and verify transactions, as well as to transmit transactions on the network. In certain cases these nodes belong to third parties. As it was known in the document, Chainalysis has been capturing information through public nodes within the Bitcoin network. If someone connects with said node, it will be able to know both the IP and the public address of the portfolio.
This type of interceptor node scenarios, or fraudulent ones, has been on the discussion table of the Bitcoin Core developers. That is why, as reported by CriptoNoticias at the time, the new version of Bitcoin Core 22.0 includes compatibility with privacy networks such as I2P and TOR.