Crypto Forensics Lexicon
🚧 Warning: Eternal Work in Progress! 🚧
Welcome to this ever-expanding lexicon! Like a fine wine (or a never-ending software update), it’s always improving, always growing, and probably never truly “finished.” New entries will pop up, old ones might get refined, and who knows—maybe even a typo or two will sneak in just to keep things interesting.
So grab your metaphorical hard hat, explore at your own risk, and check back often… because the work is never really done! 😄
A
Address
A unique identifier for a wallet or account on a blockchain.
Address Clustering
Identifying linked addresses controlled by the same entity using behavioral heuristics
Address Spoofing
The act of making a wallet address look similar to a trusted one to trick users into sending funds to the wrong account.
Air-Gapped Wallet
A cold storage method where a wallet is never connected to the internet, preventing remote hacking.
Algorithmic Laundering
The use of AI and machine learning to generate complex laundering strategies across multiple blockchains.
Anonymity Set
A measure of how private a transaction is by determining how many potential senders or recipients could be involved.
AML (Anti-Money Laundering)
Regulations and procedures designed to prevent illicit financial activity.
API (Application Programming Interface)
A tool for accessing blockchain data programmatically.
AOPP (Address Ownership Proof Protocol)
A method to verify ownership of a cryptocurrency address.
Asset Freezing
The process of preventing the movement of funds linked to criminal activity.
B
Blockchain Explorer
A tool that allows users to track transactions and wallet balances on a blockchain.
Blockchain Fork
A divergence in a blockchain’s transaction history, either soft or hard, which can affect tracking illicit transactions.
Blockchain Time Analysis
A forensic technique that examines timestamps of transactions to detect coordinated criminal activity.
Blockchain Reorganization (Reorg)
When a blockchain temporarily reverts blocks due to a chain split, which can impact forensic investigations.
Burn Address
An address with no known private key, used to remove tokens from circulation.
Burn and Reissue
A laundering technique where illicit tokens are burned and newly minted ones are issued to break the trace.
Bitcoin Mixing (Tumbling)
A method to obfuscate transaction history by blending coins with others.
Bridges
Protocols that facilitate the transfer of assets between different blockchains, often exploited in hacks.
Binance Smart Chain (BSC)
A blockchain platform that runs parallel to Binance Chain, used for DeFi applications.
C
Chain Analysis
The process of tracing transactions and addresses on a blockchain.
Chain-Hopping Detection
Identifying transactions that convert for instance from Bitcoin to Monero, then back to Bitcoin or other assets.
Ciphertext
Encrypted data used to secure blockchain transactions and communications.
Coin Control
A feature allowing users to choose which specific UTXOs to spend, potentially aiding forensic tracking.
CoinJoin Analysis & Ring Signature
Detecting patterns in privacy-focused transactions.
Cold Wallet
A cryptocurrency wallet that is offline and not connected to the internet, enhancing security.
CoinJoin
A technique used to enhance privacy by mixing multiple transactions together.
Collateralized Laundering
Using crypto as collateral in DeFi lending to disguise the origins of illicit funds.
Confiscation Orders
Legal orders to seize illicit digital assets.
Counterparty Risk
The risk associated with engaging in transactions with an unknown or unverified entity.
Covert Channels
Hidden ways of transmitting information in blockchain metadata to evade detection.
Cross-chain Transactions
Transfers of assets between different blockchain networks.
D
Darknet Markets
Online black markets often used for illicit crypto transactions.
De-anonymization
The process of identifying real-world individuals behind blockchain addresses.
Decoy Transactions
Fake transactions designed to mislead forensic analysts.
Decoy Addressing
The use of multiple dummy wallet addresses to confuse forensic tracking.
Deep Web Transactions
Crypto transactions taking place on hidden or private web services beyond standard indexing.
Delayed Transactions
Holding transactions in a mempool for extended periods to obscure timing analysis.
DEX (Decentralized Exchange)
A peer-to-peer exchange that allows for direct crypto trading without intermediaries.
Digital Footprint
A record of all digital activities, including blockchain transactions.
Denial-of-Service (DoS) Attack
An attack flooding a blockchain or network with excessive transactions to disrupt services.
Dusting Attack
When an attacker sends tiny amounts of cryptocurrency to multiple addresses to track user activity.
Dust Tracking
Monitoring small “test” transactions used by criminals to check traceability.
E
Electrum Phishing Attack
A type of attack targeting users of Electrum wallets through malicious pop-ups prompting fake updates.
Elliptic Curve Cryptography (ECC)
A cryptographic method used in blockchain security.
Encrypted Wallet
A crypto wallet that requires decryption (password/passphrase) to access funds.
Entropy Manipulation
Generating wallet keys with low randomness to later exploit them.
Ephemeral Address
A one-time-use address generated for enhanced privacy in crypto transactions.
Ethereum Name Service (ENS)
A domain name system for Ethereum wallet addresses.
Exchange Freezing Request
A request sent to a crypto exchange to halt illicit transactions.
Exchange Wallet Mapping
Using known exchange deposit addresses to flag illicit transfers.
Exfiltration
The act of transferring stolen cryptocurrency funds.
Exit Scam
A fraudulent practice where a project or exchange suddenly disappears with users' funds.
F
Fake ICO Laundering
Using fraudulent Initial Coin Offerings (ICOs) to launder funds under the guise of legitimate fundraising.
FATF Travel Rule
A regulation requiring exchanges to share sender and receiver information for large transactions.
Fiat On-Ramp
A service that converts fiat currency into cryptocurrency.
Flashbots
A tool used to mitigate MEV (Maximal Extractable Value) exploitation on Ethereum but sometimes misused in frontrunning.
Flash Loan Attack
A type of exploit where attackers manipulate DeFi protocols using uncollateralized loans.
Forensic Analysis
The systematic investigation of blockchain transactions to trace illicit activities.
Fraudulent Chargeback
A scam where a user purchases crypto with a credit card and then disputes the charge to reverse the transaction.
Frontrunning-as-a-Service
A black-market service where attackers manipulate transaction orders on DeFi platforms.
Fungibility
The property of crypto assets being interchangeable (e.g., 1 BTC = 1 BTC).
G
Gas Fees
The transaction fees required for processing operations on Ethereum and other blockchains.
Gas Fee Laundering
Obscuring transaction sources by deliberately overpaying gas fees to untraceable addresses.
Ghosting
When a suspect disappears, abandoning crypto accounts and assets to avoid investigation.
Ghost Miners
Miners operating in unregistered pools to avoid blockchain monitoring.
Governance Attack
When an attacker gains control over a DAO (Decentralized Autonomous Organization) and manipulates governance decisions.
Graph Analysis
A method used in blockchain forensics to map transaction relationships.
Greylisting
Marking suspicious addresses for enhanced scrutiny but not outright banning them.
Governance Tokens
Tokens that give holders voting rights in decentralized organizations.
GHOST Transactions
Transactions designed to deceive forensic analysis by creating fake trails.
H
Hash
A cryptographic fingerprint of data, used in transactions and blocks.
Heuristic Analysis
Examining transaction patterns (e.g., common input ownership heuristic).
Hidden Inputs
A laundering technique that obscures the inputs of a transaction to break transaction lineage.
Hidden Services
Darknet websites that operate anonymously, often transacting in crypto.
High-Frequency Microtransactions
Making thousands of tiny transactions to flood forensic tools with noise.
Honeypot
A deceptive smart contract designed to trap hackers.
Hop Activity
The practice of transferring crypto through multiple wallets to obfuscate the origin of funds.
Hot Wallet
A cryptocurrency wallet connected to the internet, making it more vulnerable to hacks.
I
ICO (Initial Coin Offering)
A method of fundraising using cryptocurrencies, sometimes used fraudulently.
Identity Spoofing
When a cybercriminal impersonates a legitimate entity to receive payments.
Illicit Addresses
Wallet addresses identified as being linked to illegal activities.
Illicit Mining Pools
Mining pools that are known for facilitating criminal activity or money laundering.
Imposter Smart Contracts
Fraudulent smart contracts mimicking legitimate ones to lure victims.
Insider Threats
Employees or insiders misusing access to siphon funds.
Invisible Burn
A technique where tokens are "burned" in a way that keeps them recoverable for criminals.
Interoperability
The ability of different blockchain networks to communicate and share assets.
Invisible Transactions
Privacy-enhanced transactions that obfuscate sender, receiver, or amounts.
J
Jamming Attacks
Deliberately slowing down a network to manipulate transaction processing speeds.
Jigsawing
A forensic technique where investigators piece together fragmented transaction data from multiple sources.
Jump Chains
The movement of assets between multiple blockchains to evade detection.
Junk Transactions
Flooding a blockchain with meaningless transactions to hide real illicit activity.
Jurisdictional Risk
The legal uncertainty when tracking illicit funds across international boundaries.
K
Key Leakage
The accidental or intentional exposure of private keys.
Key Stamping
Embedding cryptographic keys into blockchain transactions to facilitate secret communications.
Keystore File
A file containing an encrypted private key, often targeted in wallet hacking attempts.
Kill Switch Exploit
Malicious contracts programmed to self-destruct after completing an exploit.
KYC (Know Your Customer)
The process of verifying a user’s identity on exchanges and financial platforms.
KYT (Know Your Transaction)
A method for monitoring blockchain transactions to detect suspicious activity.
L
Laundering
The process of making illicit crypto funds appear legitimate.
Laundering via Oracles
Manipulating blockchain oracles to create fake price data for money laundering.
Layer 0 Hopping
Using cross-chain relay nodes at the protocol level to obscure transaction origins.
Layer 2 Solutions
Technologies that enhance scalability, such as the Lightning Network.
Layered Transactions – A laundering method where funds are split into multiple smaller transactions across various addresses.
Ledger Analysis
The forensic study of blockchain transaction histories.
Liquidity Pool
A decentralized pool of funds used in DeFi trading.
Lightning Network
A second-layer solution for Bitcoin that enables faster and cheaper transactions.
M
Malicious Smart Contract
A contract designed to exploit users or protocols.
Mempool Sniping
Watching pending transactions in the mempool to execute fraudulent frontrunning.
Metadata Analysis
Studying transaction metadata to uncover patterns.
Metadata Poisoning
Injecting misleading metadata into blockchain transactions to mislead forensic tools.
MEV (Maximal Extractable Value) Manipulation
The practice of reordering blockchain transactions for financial gain.
Mixer (Tumbler)
A service used to obfuscate transaction history by mixing funds.
Monero (XMR)
A privacy-focused cryptocurrency that is often used to evade tracking.
Money Mule
A person who transfers illicit funds on behalf of criminals.
Multi-Hop Payments
Transactions that pass through multiple intermediaries to obscure the origin of funds.
N
Nested Exchange
An unregulated exchange that operates within a larger, legitimate exchange to evade detection.
Network Analysis
A method of analyzing blockchain transactions through relationships between wallets.
NFT (Non-Fungible Token)
A unique digital asset that can be tracked but often used in laundering.
Node
A computer that maintains a copy of a blockchain and processes transactions.
Node Hijacking
Taking over blockchain nodes to intercept transaction data.
Nonce Reuse Attack
A vulnerability where reusing a nonce in cryptographic signatures can expose private keys.
Nonce Trickery
Manipulating nonce values in smart contracts to create replay vulnerabilities.
Non-Custodial Wallet
A wallet where the user retains full control of private keys.
O
Obfuscated Nodes
Blockchain nodes designed to hide transaction origins and destinations.
Obfuscation Techniques
Methods used to hide the origin of transactions.
Off-Ramping
The process of converting cryptocurrency into fiat money.
Off-Ramp Tracing
Identifying cash-out points to fiat currency.
On-Chain Analysis
The forensic study of transactions recorded on a blockchain.
Onion Routing
A privacy-enhancing technique used to obfuscate transaction paths.
Orphan Chain Laundering
Moving illicit funds onto short-lived blockchain forks to disappear from the main ledger.
Overcollateralized Hiding
Using overcollateralized loans in DeFi to make dirty funds look legitimate.
P
P2P Laundering
The use of peer-to-peer (P2P) marketplaces to launder illicit funds.
Paper Wallet Compromise
When a supposedly secure offline wallet is exposed due to improper handling.
Phantom Transactions
Fake transactions used to create misleading blockchain activity.
Phishing Attack
A cyberattack that tricks users into revealing private keys.
Ponzi Scheme
A fraudulent investment scheme promising unrealistic returns.
Privacy Coins
Cryptocurrencies designed to enhance transaction anonymity.
Privacy Pools
Advanced mixing services that operate across multiple chains to make laundering harder to track.
Private Key
The cryptographic key used to access and control a cryptocurrency wallet.
Public Ledger
A transparent, immutable record of blockchain transactions.
Q
Quantum Computing Threats
The potential risk quantum computers pose to blockchain security.
Quantum-Resistant Cryptography
Cryptographic techniques designed to resist quantum computing attacks.
Quantum Resistant Mixing
Using quantum-safe cryptographic techniques to create a next-gen crypto tumbler.
Quorum Sniffing
Attacking a blockchain’s consensus mechanism to identify and target validators involved in an investigation.
R
Ransomware
A type of malware that demands payment in cryptocurrency.
Regulatory Arbitrage
Exploiting differences in crypto regulations across jurisdictions.
Relay Node Spoofing
Falsifying transaction relays to mislead forensic analysts.
Replay Attack
An attack where a transaction is maliciously repeated or delayed in a different context.
Ring Signatures
A privacy-enhancing method used in Monero (XMR) that makes it difficult to trace transaction origins.
Ring Signature & CoinJoin Analysis
Detecting patterns in privacy-focused transactions.
Rogue Validator Attack
When a compromised validator node selectively approves or denies transactions.
S
Sanctioned Wallets
Wallets flagged by governments for illicit activity.
Shadow Transactions
Transactions designed to appear valid but are actually fraudulent or deceptive.
Sidechains
Blockchain extensions that facilitate off-chain transactions, sometimes exploited for laundering.
Smart Contract Exploits
Vulnerabilities in blockchain contracts that allow hackers to drain funds.
Social Graph Analysis
Using AI to map blockchain user relationships and detect fraud rings.
State Poisoning
Injecting false smart contract states into a blockchain to create forensic dead ends.
Steganographic Transactions
Hiding data within blockchain transactions to communicate covertly.
T
Temporal Analysis
A forensic method that studies the timing patterns of blockchain transactions to detect links between wallets.
Timestamp Spoofing
Manipulating transaction timestamps to break forensic tracking timelines.
Token Cloning
Creating fake versions of legitimate tokens to scam users.
Token Swap
Exchanging one cryptocurrency for another, often used to hide illicit funds.
Tornado Cash
A decentralized mixer used to anonymize Ethereum transactions.
Tracing Tools
Software used to investigate blockchain transactions.
Transaction Graph Analysis
Mapping out the flow of ransom payments to detect laundering routes.
Transaction Timing Analysis
Comparing inputs and outputs across multiple transactions to identify mixing behavior.
Trusted Node Exploit
Compromising blockchain nodes inside regulated exchanges to manipulate fund flow data.
U
Unbacked Token Laundering
Creating valueless tokens, trading them for "clean" crypto, then cashing out.
Underground Staking Pools
Staking illicit funds in private validator nodes to obscure origin.
Unspent Outputs Scraping
A forensic method of tracking leftover UTXOs linked to illicit addresses.
UTXO (Unspent Transaction Output)
The unspent output from Bitcoin transactions.
UTXO Consolidation
The process of merging multiple unspent transaction outputs, which can indicate an attempt to obscure funds.
V
Validator Buyout Scam
Bribing blockchain validators to approve suspect transactions.
Vanity Address Leak
When an attacker exploits a vulnerability in a user-generated "vanity" blockchain address.
Volatility Manipulation
The act of creating artificial price swings to enable wash trading or money laundering.
Volatility Spoofing
Artificially creating volatility in low-cap tokens to manipulate forensic tracking.
W
Wallet Clustering
A forensic technique that groups related wallet addresses to identify a common owner.
Wash Trading
A deceptive practice where a trader sells and buys the same asset to inflate prices.
Waterfall Transactions
Sending funds through multiple transactions across blockchains in a cascading pattern to evade tracking.
Whale Impersonation
Creating fake high-value transactions to mimic legitimate investors and distract forensic tools.
Whale Tracking
Monitoring large cryptocurrency holders for suspicious activity.
Whirlpool Mixing
A privacy tool used in Bitcoin to obfuscate transaction trails.
X
X-Chain Hopping
Exploiting new and obscure blockchains to hide fund movements.
XOR Encryption in Transactions
A technique used to encode blockchain metadata for security or obfuscation.
XOR Mixing – A transaction obfuscation technique that blends multiple transactions using XOR operations. Designed to make forensic tracking more difficult by creating non-traceable output values. Often used in crypto tumblers and mixing services to enhance anonymity.
Y
Yield Disguising
Using high-yield DeFi protocols to cycle illicit funds until they appear legitimate.
Yield Farming Exploits
Manipulating DeFi yield farming protocols to generate fraudulent profits.
Yield Farming Ponzi
A scam where early investors get high returns from new deposits in DeFi yield farming.
Z
Zero-Day Blockchain Exploit
A newly discovered vulnerability that hackers use before forensic tools catch up.
Zero-Knowledge Proofs (ZKPs)
A cryptographic method that allows users to prove ownership of information without revealing the details.
ZK-Snarks
A specific type of zero-knowledge proof used for anonymous transactions.
Zombie Accounts
Dormant cryptocurrency addresses that suddenly become active, often linked to illicit transactions.
Zombie Smart Contracts
Abandoned contracts still holding funds, sometimes exploited by attackers.