Cryptocurrency — OSINT challenge (with solutions)

 

Cryptocurrency — OSINT challenge (with solutions)

By OSINTtrainee 
Medium
3 min
September 8, 2023
View Original

    Cryptocurrency — OSINT challenge (with solutions)

    ·
    4 min read

    --

    Listen

    Share

    In this write up I will be using a real world scenario to solve cryptocurrency-based OSINT challenges.

    Everyone is welcome to solve these, don’t worry if you are stuck I will help along the way.

    There will be challenges for newbies and intermediate users as well.

    The challenge:

    Beginner:

    1. Find smart contract address for “BAYC” NFT collection
    2. Find smart contract deployer address for “BAYC” NFT collection
    3. Find website and twitter handle

    Intermediate:

    1. Find the token IDs for the 5 stolen items
    2. Find the scammer’s wallet address used to collect these NFTs
    3. Find the victim’s wallet address
    4. Where did most of the Ethereum end up after selling the NFTs?

    If you would like to solve it yourself, do not scroll down from here…

    but if you need help, keep scrolling…

    Solution:

    Let me explain set by step how you can get the answers.

    Beginner

    1. Smart contract address for “BAYC” collection:

    It is very easy, you can just type in “smart contract address bayc” into google.

    Answer: 0xBC4CA0EdA7647A8aB7C2061c2E118A18a936f13D

    2. Smart contract deployer address:

    If you are new to Crypto-OSINT and haven’t used “etherscan”, you might be better to familiarize yourself with it. It is the pillar of the Ethereum chain. You can read, check transactions, blocks, smart contracts, etc.

    So back to the solution, recently we found the smart contract address so finding the deployer is just a second away.

    Go to etherscan.io and paste the smart contract address (found above) to the search bar.

    Next step is to click on the “contract creator” in this case Bored Ape Yacht Club and it will take you to a new page where the address is shown on the top of the page.

    Answer: 0xaBA7161A7fb69c88e16ED9f455CE62B791EE4D03

    3. Find website and twitter handle

    It is probably the second easiest to find, you can just search it by google

    Answers: boredapeyachtclub.com — @BoredApeYC

    Intermediate

    1. Find the token IDs for the 5 stolen items

    Now this is where it gets interesting. You need to find the exact tokens. I will be using opensea.io to find the collection. In the search bar you can type in the sender or recipient or the name of the collection.

    In this case I will choose to type in “MrNostrand” to find one of the tokens quicker (which will lead me to the other tokens much easier rather than searching for the collection first).

    You can try to search for other names as well it will give you the same end results

    On the user’s profile click on “Activity” to see previous transfers. In here you just need to filter for sales and scroll down to find the “monkey picture” transfer that happened a year ago.

    Now we have the first token ID which is 2758

    Since we need to find all the 5 token IDs, just click on the blue arrow on the right side. It will take you to etherscan.io where you can see the transfers. You can try clicking on “C22A94”, but the profile is deleted so it will lead you nowhere.

    Here you can see the transaction “From” is the scammer “C22A94”. MrNostrand (8248) is the new recipient of the token.

    Click on the From address (07d3) to see the scammer’s previous transactions: https://etherscan.io/address/0xc22a948593e46b6600db669cc92f5bde828f07d3

    Choose “NFT Transfers” in the middle of the page to see the transfers.

    Now we have all the 5 IDs

    Answer: 166 , 2758, 4009, 4270, 7613

    2. Scammer’s wallet address

    You can see the transfer to “07d3” which is the scammer.

    Answer: 0xC22a948593E46b6600dB669CC92f5BDE828F07d3

    3. Victim’s wallet address

    Stay on the same page and see the transfer from “502CE” who was the victim.

    Answer: 0x2CE05594Dce29fd077786E68B015c9456be502CE

    4. Where did most of the Ethereum end up after selling the NFTs?

    Still, stay on the same page (https://etherscan.io/address/0xc22a948593e46b6600db669cc92f5bde828f07d3) and look at the outgoing Ethereum transactions.

    There are two notable, 1st 200 eth and 2nd 177.5 eth. Click on the “To” wallet address marked with blue colour which is “8831”.

    You will be directed to this page: https://etherscan.io/address/0x34ec68c66e1721cf489cc3acd66cdd49bb198831

    Here you can find the answer to the riddle.

    370 eth transferred to “Tornado Cash Router”

    Answer: Tornado Cash Router

    This is it, hopefully it was an enjoyable challenge.

    Просмотры:

    Коментарі

    Дописати коментар

    Олег Мічман в X: «Donations and support for media resources, bloggers, projects, and individuals. https://t.co/HPKsNRd4Uo https://t.co/R6NXVPK62M» / X
    https://twitter.com/olukawy/status/1703876551505309973

    Популярні публікації