Cryptocurrency — OSINT challenge (with solutions)
Cryptocurrency — OSINT challenge (with solutions)
In this write up I will be using a real world scenario to solve cryptocurrency-based OSINT challenges.
Everyone is welcome to solve these, don’t worry if you are stuck I will help along the way.
There will be challenges for newbies and intermediate users as well.
The challenge:
Beginner:
- Find smart contract address for “BAYC” NFT collection
- Find smart contract deployer address for “BAYC” NFT collection
- Find website and twitter handle
Intermediate:
- Find the token IDs for the 5 stolen items
- Find the scammer’s wallet address used to collect these NFTs
- Find the victim’s wallet address
- Where did most of the Ethereum end up after selling the NFTs?
If you would like to solve it yourself, do not scroll down from here…
but if you need help, keep scrolling…
Solution:
Let me explain set by step how you can get the answers.
Beginner
- Smart contract address for “BAYC” collection:
It is very easy, you can just type in “smart contract address bayc” into google.
Answer: 0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D
2. Smart contract deployer address:
If you are new to Crypto-OSINT and haven’t used “etherscan”, you might be better to familiarize yourself with it. It is the pillar of the Ethereum chain. You can read, check transactions, blocks, smart contracts, etc.
So back to the solution, recently we found the smart contract address so finding the deployer is just a second away.
Go to etherscan.io and paste the smart contract address (found above) to the search bar.
Next step is to click on the “contract creator” in this case Bored Ape Yacht Club and it will take you to a new page where the address is shown on the top of the page.
Answer: 0xaBA7161A7fb69c88e16ED9f455CE62B791EE4D03
3. Find website and twitter handle
It is probably the second easiest to find, you can just search it by google
Answers: boredapeyachtclub.com — @BoredApeYC
Intermediate
- Find the token IDs for the 5 stolen items
Now this is where it gets interesting. You need to find the exact tokens. I will be using opensea.io to find the collection. In the search bar you can type in the sender or recipient or the name of the collection.
In this case I will choose to type in “MrNostrand” to find one of the tokens quicker (which will lead me to the other tokens much easier rather than searching for the collection first).
On the user’s profile click on “Activity” to see previous transfers. In here you just need to filter for sales and scroll down to find the “monkey picture” transfer that happened a year ago.
Since we need to find all the 5 token IDs, just click on the blue arrow on the right side. It will take you to etherscan.io where you can see the transfers. You can try clicking on “C22A94”, but the profile is deleted so it will lead you nowhere.
Here you can see the transaction “From” is the scammer “C22A94”. MrNostrand (8248) is the new recipient of the token.
Click on the From address (07d3) to see the scammer’s previous transactions: https://etherscan.io/address/0xc22a948593e46b6600db669cc92f5bde828f07d3
Choose “NFT Transfers” in the middle of the page to see the transfers.
Answer: 166 , 2758, 4009, 4270, 7613
2. Scammer’s wallet address
You can see the transfer to “07d3” which is the scammer.
Answer: 0xC22a948593E46b6600dB669CC92f5BDE828F07d3
3. Victim’s wallet address
Stay on the same page and see the transfer from “502CE” who was the victim.
Answer: 0x2CE05594Dce29fd077786E68B015c9456be502CE
4. Where did most of the Ethereum end up after selling the NFTs?
Still, stay on the same page (https://etherscan.io/address/0xc22a948593e46b6600db669cc92f5bde828f07d3) and look at the outgoing Ethereum transactions.
There are two notable, 1st 200 eth and 2nd 177.5 eth. Click on the “To” wallet address marked with blue colour which is “8831”.
You will be directed to this page: https://etherscan.io/address/0x34ec68c66e1721cf489cc3acd66cdd49bb198831
Here you can find the answer to the riddle.
Answer: Tornado Cash Router
This is it, hopefully it was an enjoyable challenge.
Коментарі
Дописати коментар
Олег Мічман в X: «Donations and support for media resources, bloggers, projects, and individuals. https://t.co/HPKsNRd4Uo https://t.co/R6NXVPK62M» / X
https://twitter.com/olukawy/status/1703876551505309973