Fundamentals of Navigating Cryptocurrency: Post-Course Guide

Introduction and Course Context

This webinar session by Zero Abuse Project provides a high-level overview of cryptocurrency with a focus on practical investigative awareness for ICAC (Internet Crimes Against Children) investigators. The speakers, Dan Barry (Zero Abuse Project, ICAC Investigations Specialist) and Nithin Jilla (Excelsior Creative) emphasize that the content is a surface-level primer designed to introduce core concepts, terminology, and open-source investigative techniques.

Zero Abuse Project also offers more in-depth, live two- to three-day trainings, a self-paced cryptocurrency course, and an advanced crypto course (coming in 2026). The presenters encourage participants to coordinate with local prosecutors to ensure that investigative actions align with jurisdictional preferences and legal frameworks. Funding for the project comes from an award via the OJJDP (Office of Juvenile Justice and Delinquency Prevention), reflecting their status as an ICAC (Internet Crimes Against Crimes) task force provider.

What is cryptocurrency? (Definitions and core ideas)

Cryptocurrency is a digital, non-tangible form of money that relies on cryptography to secure transactions and manage the transfer of assets on a public ledger called the blockchain. Fiat currency (e.g., the U.S. dollar) is tangible and spends in the real world, whereas cryptocurrency exists in a digital wallet and can be spent without being physically touched. In their analogy, fiat money is like cash you can hold, while cryptocurrency is like digital cash stored in a wallet that you can spend similarly, but you cannot physically hold the coin in your hand. The blockchain records all transactions in a way that is public and accessible to anyone with internet access. A transaction is tied to sender and recipient wallet addresses rather than to individuals by name, which is why exchanges (digital marketplaces) play a crucial role for converting crypto to fiat money or other currencies.

This unique aspect of cryptocurrencies enhances privacy, but also poses challenges regarding regulation and security. Understanding these foundational differences is essential for navigating the cryptocurrency landscape effectively.

Key definitions and ideas:

• Fiat currency: traditional government-backed money that is tangible and widely accepted for goods and services. Example: the U.S. dollar.

• Cryptocurrency: a digital, centralized-less or decentralized form of money that uses cryptography and blockchain technology to secure and record transactions.

• Public ledger: the blockchain, a transparent, distributed record of all transactions on the network.

• Wallet address: a long alphanumeric string (usually shown as a QR code or a string like a Bitcoin address) that represents a crypto wallet on the blockchain. You can scan a recipient’s address to send funds or share your own public address to receive funds.

• Private key vs public key: the private key is the secret password that grants access to your holdings; the public key is the address used to receive funds. Losing the private key typically means losing access to the funds.

• Exchanges: online platforms where crypto can be converted to fiat or other crypto; they require Know Your Customer (KYC) information to operate in many jurisdictions.

• Public vs private information: the blockchain is public, so wallet movements are traceable in principle, but identifying the real-world owner requires additional investigative steps (often involving exchanges and legal processes).

  • Example: A wallet can be linked to a blockchain explorer, which lets investigators trace funds by following transaction histories along addresses.

  • Digital wallets do not store the cryptocurrency per se; they store the private keys needed to access the cryptocurrency on the blockchain.

The blockchain and decentralization

A blockchain is a decentralized ledger that records every and all transactions across a distributed network of computers. A “block” is a collection of transactions; a “blockchain” is a sequence of blocks linked together. For example, a Bitcoin block can be described as:

$\text{Block } 788144:\text{ BTC} = 25{,}415.4124,\text{block value} \approx \$737{,}000{,}000,\text{avg tx} \approx 7.18\,\text{BTC},\text{txs} \approx 3{,}500.$ 

The blockchain is public, and real-time transaction data is accessible via explorers that show sender and recipient wallets and transaction IDs. The talk emphasizes that thousands of different cryptocurrencies exist, with Bitcoin as the best known, followed by Ethereum, Solana, and others. The blockchain’s security lies in the distributed consensus of many nodes; altering it would require controlling a majority of nodes, which is designed to be computationally impractical for established networks.

• The value of crypto emerges from trust and adoption rather than a gold-backed peg; fiat dollars derive value from government backing and broad acceptance, while crypto derives value from network security, utility, and community trust.

• The blockchain’s decentralization reduces reliance on a central authority, enabling peer-to-peer transfers and transparent, auditable ledgers.

Centralized vs decentralized networks

Nitin explains the distinction between centralized networks (e.g., traditional banks, major social platforms) and decentralized networks (e.g., many blockchain ecosystems). In a centralized system, a single authority controls data and decisions. In a decentralized system, control is distributed across many nodes, providing greater transparency and fewer intermediaries. Crypto, by design, is decentralized; verification and recording of transactions are distributed across many participants in the network. Decentralization improves checks and balances and reduces reliance on a single point of failure.

Wallets, private/public keys, and access

Crypto wallets store private keys, not the actual coins, which are stored on the blockchain. The private key provides access to the crypto; the public key (or wallet address) is used to receive funds. Losing the private key means losing access to the assets stored on the blockchain. Wallets can be backed by various authentication methods, including:

• A Google or email login (not recommended due to email account security risks).

• A passphrase of 13–15 words (a “seed phrase” or recovery phrase) that you must safeguard offline and securely backup.

• A public key (address) that you share to receive funds.

Backups are critical. People historically stored private keys on paper or thumb drives, but those can be physically lost or damaged. Today, best practices emphasize offline backups and secure storage. If you lose private keys, recovery is often impossible, which can mean permanent loss of access to crypto assets.

Common wallets and interoperability

• MetaMask (Ethereum ecosystem)

• Coinbase Wallet (exchange-integrated wallet)

• Phantom (Solana ecosystem)

• Layering and interoperability: wallets now often hold multiple kinds of crypto across different blockchains, reflecting a trend toward interoperable, multi-chain wallets. In practice, a wallet can hold Bitcoin, Ethereum, Solana, and tokens on various networks, despite some networks having separate native wallets.

• Wallet architecture: private keys, public keys, and optional recovery seeds are central to wallet design. Users can rename wallet addresses using domain-style services (e.g., Ethereum Name Service-like names) to create friendlier identifiers for addresses, such as hooks.eth, which map to a wallet address and can be associated with social profiles.

Coins, tokens, and NFTs; fungible vs non-fungible tokens

• Coins have their own blockchains (Bitcoin, Ethereum, Solana have their own networks) and are native currencies on those networks.

• Tokens are built on established networks and do not require their own blockchain; they are created via minting on existing networks.

• Fungible tokens are interchangeable: one unit equals another unit of the same value (e.g., USDC is pegged to the USD, so $1 \text{ USDC} \approx 1 \text{ USD}$). A representative example is USDC, where $1 \text{ USDC} = 1 \text{ USD}$. A token can represent other real-world assets; for instance, Paxos Gold (PAXG) is a gold-backed token where $1 \text{ PAXG}$ token corresponds to one ounce of gold held in a vault.

• Non-fungible tokens (NFTs) are unique and not interchangeable on a one-to-one basis.

NFTs and ownership concepts

• Each NFT is unique (nonfungible) whereas fungible tokens are interchangeable (e.g., $10 is always $10).

• NFT value is driven by rarity, demand, and community/societal signals (e.g., status among collectors, affiliation with creators or brands).

• Examples from the talk include:

  • Weird Whales: a collection of $3{,}350$ unique pieces; individual pieces can trade for fractions of an ETH and significantly higher prices when the market demands them.

  • Bored Ape Yacht Club and CryptoPunks: celebrity endorsements (e.g., Snoop Dogg) and prominent figures driving interest, which creates exclusivity and community around ownership.

  • The price of ETH affects NFT prices, as exemplified by NFTs priced in ETH (e.g., $12 \text{ ETH}$ or $12.5 \text{ ETH}$) and their USD values depending on the ETH price at the time of sale.

• Minting: creating a new NFT or token on an existing network; minting a token is typically quicker than launching a new coin because it operates on a pre-existing blockchain infrastructure.

Tokens and governance

• Tokens can represent governance rights, incentives, or utilities within a project (e.g., Compound or Aave governance tokens used for voting on protocol changes).

• Tokens enable cross-network interoperability, supporting asset transfers across networks and wallets, sometimes including fractional ownership or shared ownership of real-world assets.

Interoperability, wallets, and networks

• Wallets like MetaMask (Ethereum), Coinbase Wallet, and Phantom (Solana) now support multiple networks and multiple token types, promoting cross-chain interactions.

• Layer concepts: Layer $1$ refers to the base blockchain (e.g., Bitcoin, Ethereum, Solana). Layer $2$ solutions build on top of Layer $1$ to improve scalability and speed (e.g., various scaling solutions), though not all wallets require knowledge of Layer $2$ specifics for investigative purposes.

• Solana is highlighted for its fast transaction times (sub-second), Ethereum for programmable money (smart contracts), and Bitcoin for its established security and largest market presence, with transaction times and fees varying across networks.

• As an example, Solana’s fast transactions make it attractive for quick experiments and mini-transactions during trainings, whereas Bitcoin and Ethereum illustrate different trade-offs in speed, fees, and smart-contract capabilities.

Real-world use cases and future utility of blockchain (ID, deeds, etc.)

The presenters discuss potential real-world uses for blockchain technology beyond currency:

• Real estate and ownership records: blockchain-based deeds and fractional ownership tokens can theoretically simplify and secure property records.

• Real IDs and government records: some jurisdictions (e.g., California REAL ID initiatives) consider moving identity records onto the blockchain to improve verification and reduce fraud.

• Real estate portability and immutable ownership proofs: blockchain-stored ownership records could offer a single source of truth for asset ownership.

The overarching point is that as blockchain-based applications mature, there will be broader adoption for verifying and recording ownership and identity, which will influence how investigators approach assets and digital footprints.

Exploring blockchain explorers and investigating techniques (open-source tools)

Investigators can use open sources to explore blockchain transactions and trace activity:

• $1\text{BlockChain}$ (a widely used explorer for Bitcoin): shows price, number of transactions, total value sent per day, blocks, hash rate, etc. It also displays real-time blocks and transactions.

• Etherscan (Ethereum) and Solscan (Solana) for their respective networks; both provide transaction histories, wallet balances, token holdings, and analytics.

• Tools let you trace a transaction: start with a transaction ID, view the from/to wallets, and follow the chain backward to identify origin wallets and intermediate hops.

• Typical process: identify an address, determine its network (e.g., starts with 0x for Ethereum), search on the appropriate explorer, examine wallet activity, and follow the trail across blocks and transactions.

• Open-source intelligence (OSINT) strategies include using Google to cross-reference wallet addresses with social profiles, renaming domains, and identifying associated social media accounts, Discords, and NFT holdings. Renaming wallets (e.g., via domain services like hookus.eth) can reveal connections to social identities and communities.

Investigative workflow example (high level)

1. Input a wallet address and determine the chain (Ethereum, Bitcoin, Solana, etc.).

2. Use the appropriate explorer to view the wallet’s balance, assets, and transaction history.

3. Trace inflows and outflows to identify exchanges involved and potentially unmask the owner via KYC data supplied by the exchange under lawful process (subpoenas, search warrants).

4. Look for associated public-facing identities (social media, Discord handles, OpenSea/NFT accounts, etc.).

The speakers stress that open-source explorers can yield a large portion of relevant data (often $\approx 90\%$ of what investigators need) and that paid tools (e.g., Chainalysis, TRM Labs, etc.) exist but come with higher costs and training requirements.

NFTs, tokens, and market dynamics (value, rarity, and crowds)

NFTs are discussed with emphasis on how value is established and perceived. Key ideas include:

• Rarity and demand drive value: the value of an NFT is not intrinsic to the image itself but to the social and market dynamics surrounding ownership and identity.

• Examples from the talk include:

  • Weird Whales: a collection of $3{,}350$ unique pieces; individual pieces can trade for fractions of an ETH and significantly higher prices when the market demands them.

  • Bored Ape Yacht Club and CryptoPunks: celebrity endorsements (e.g., Snoop Dogg) and prominent figures driving interest, which creates exclusivity and community around ownership.

  • The price of ETH affects NFT prices, as exemplified by NFTs priced in ETH (e.g., $12 \text{ ETH}$ or $12.5 \text{ ETH}$) and their USD values depending on the ETH price at the time of sale.

• Minting and ownership: minting is the process of creating a new NFT on an existing blockchain network; it is faster and cheaper than creating a new standalone coin.

• Real-world utility: NFTs could extend to digital representations of real-world assets (e.g., property deeds or REAL IDs). In the future, NFTs could provide immutable ownership records for homes or identities, enabling more efficient record-keeping and verification.

Tokens as governance and incentives

• Governance tokens give holders voting rights on protocol changes.

• Tokens enable cross-network interoperability, ownership representation (e.g., fractional ownership of assets), and programmatic incentives (e.g., loyalty or rewards programs).

Investigative techniques: wallets, domains, and domains-as-identifiers

• Wallets are addresses on the blockchain; users can rename addresses using domain-like services (e.g., hookus.eth) to create human-friendly identifiers that can link to social profiles (Twitter, Discord, etc.).

• The combination of wallet analysis and OSINT allows investigators to identify social media handles and other public information associated with a wallet’s activity.

• Open-source tools can connect a wallet to exchanges via KYC requirements, enabling witnesses or prosecutors to subpoena exchanges for user identity data when legally permissible.

Real-world fraud, money laundering, and dark web considerations

• Crypto has been used in money laundering (moving value through crypto to obscure origin). The talk notes that criminals commonly convert funds to crypto, move them through exchanges, and then convert to fiat or other assets, often seeking to exploit gaps in monitoring or jurisdictional cooperation.

• The dark web is a significant driver of crypto activity for illicit markets (CSAM, illegal goods, etc.). Crypto is often the preferred payment method due to perceived anonymity; however, the blockchain remains traceable, particularly when funds move through exchanges or are eventually cashed out.

• Privacy-focused coins (e.g., Monero) claim stronger anonymity; exchanges and investigators increasingly scrutinize such assets, though Monero’s on-chain privacy makes tracing more challenging.

• Crypto mixers attempt to obscure transaction trails by combining funds from many users, then dispersing them to new wallets. The talk notes that mixers are often regulated (KYC-compliant) in the U.S., but some participants still use them to launder funds. In practice, mixers add complexity to tracing but do not render funds completely untraceable in all jurisdictions.

• The talk emphasizes that legitimate uses of mixers exist but that, in many cases, misuse for money laundering is prevalent.

The dark web, CSAM, and investigative collaborations

• The speakers highlight how CSAM and other illegal content are sold or distributed on the dark web, often via crypto payments. Law enforcement collaborates with analytics firms and exchanges to identify users involved in such networks.

• There are ongoing efforts to develop protocols and templates for cyber tips to streamline investigations, including templates for subpoenas and warrants and better integration with exchanges to reveal user identities when warranted.

• High-profile cases show how investigators track crypto flows back to exchanges and use KYC data to identify suspects (e.g., Homeland Security operations leading to arrests and prosecutions).

Ethical, philosophical, and practical implications

• The public nature of the blockchain means investigators can trace transactions, but identifying real-world individuals requires careful legal process and collaboration with prosecutors and exchanges.

• The balance between privacy and accountability is central: while blockchain transparency enables traceability, privacy-enhancing tools (Monero, mixers) complicate investigations and require sophisticated methods and inter-agency cooperation.

• As the technology matures, regulations and enforcement practices evolve. Investigators must stay compliant with jurisdictional rules and ensure that actions respect civil liberties and due process.

Investigative workflow: from wallet address to identity

1. Start with a wallet address or transaction.

2. Identify the chain (Bitcoin, Ethereum, Solana, etc.) using explorers ($1\text{BlockChain}$ for Bitcoin, Etherscan for Ethereum, Solscan for Solana).

3. Trace the transaction: transaction ID -> from wallet -> to wallet -> follow to origin wallets through multiple hops if needed.

4. Identify the exchange involved in converting crypto to fiat or another asset. Submit a subpoena or search warrant to obtain KYC information on the account holder when applicable and legally permissible.

5. Cross-reference with OSINT to find social media accounts, domain names, NFT holdings, or other identifiers connected to the wallet.

6. If possible, correlate with other data (for example, Arkham, an analytics tool that aggregates wallet holdings and exchange usage) to detect potential exchange usage and cross-network activity.

7. Use social and digital footprints to build a broader picture of the suspect’s online presence and potential real-world identity.

The presenters stress that Google can be a powerful ally for connecting wallet addresses to public information (e.g., social profiles, NFT holdings, domain aliases) due to the blockchain’s public nature and the ubiquity of online mentions.

Real case example and legal processes

A concrete case from April $2023$: an Oklahoma resident, Austin Peppers, pled guilty to distributing and advertising CSAM materials via a dark web platform. Authorities monitored his crypto-enabled transactions, followed money flows to exchanges, provided information to the exchange under lawful process (likely a subpoena or court order), and served a search warrant at his residence. He faced a sentence of $21$ years and $10$ months in prison followed by $15$ years of supervised release.

The example illustrates how investigators leverage crypto traces to identify suspects, then use legal channels to obtain identity information from exchanges and link digital footprints to physical addresses.

Practical guidance for investigators (takeaways and cautions)

• Crypto is real and increasingly mainstream; crypto traces can reveal much about financial flows and connections to individuals, but investigators must use a combination of OSINT and legal processes to identify real-world owners.

• Start with open-source tools for initial reconnaissance; consider paid analytics tools if available, but be mindful of cost and training requirements.

• Coordinate with prosecutors and DA offices to ensure actions align with legal strategies in your jurisdiction.

• When in doubt, reach out for mentorship or guidance (the presenters provide direct contact information and emphasize collaboration with Zero Abuse Project).

• Training opportunities exist (self-paced and live) to deepen skills, including a future crypto course and an advanced track.

Resources, templates, and next steps

• Zero Abuse Project provides a law enforcement portal with preservation letters, search warrant templates, and other vetted materials for law enforcement. These resources are accessible after sign-up with a department email.

• The speakers offer ongoing support for crypto investigations and propose developing additional templates and protocols (e.g., a standardized workflow for tracing wallet addresses and submitting warrants).

Contacts

• Dan Berry: dan.berry@0abuseproject.org

• Nithin (Nithin) / Excelsior Creative: n@exct.io

• The portal and courses are designed to equip investigators with practical tools to pursue crypto-related investigations and to build a library of resources that can be shared across agencies.

Ethical and practical implications for ongoing practice

• Investigators must consider jurisdictional rules and the need for prosecutor coordination when pursuing crypto-related investigations.

• Public blockchain transparency is a double-edged sword: it enables traceability and accountability but also creates new privacy and rights considerations for individuals.

• As crypto ecosystems evolve, investigators should anticipate more sophisticated methods used by criminals (e.g., privacy coins, mixers, cross-border flows) and should pursue training and cross-agency collaboration to stay effective.

• The training emphasizes practical, actionable steps and emphasizes that while the content is introductory, a deeper, hands-on course will be offered to build proficiency.

Quick reference: key numbers, concepts, and formulas (summary)

• Fiat vs crypto:

  • $1 \text{ USDC} = 1 \text{ USD}$ (USDC is a USD-pegged token).

• Public blockchain example statistics (Bitcoin):

  • Block $788144$ details: $\text{Block } 788144:\text{ BTC} = 25{,}415.4124,\text{block value} \approx \$737{,}000{,}000,\text{avg tx} \approx 7.18\,\text{BTC},\text{txs} \approx 3{,}500.$

  • Current rough price cited: $\text{BTC price} \approx \$107{,}006.20 \text{ per BTC}.$

• Other networks:

  • ETH price cited: $\approx \$2{,}700/\text{ETH}$ (note: prices fluctuate; the talk shows a snapshot around this level).

  • SOL price cited: $\approx \$158/\text{SOL}$.

• NFT price examples (illustrative, from the slides):

  • A whale NFT example: $0.0154 \text{ ETH} \approx \$42$ (ETH price around the $2,700 area at that moment).

  • A high-value NFT example: $12 \text{ ETH} \approx \$32{,}400$ (at $2,700/ETH).

  • A later slide shows $12.5 \text{ ETH} \approx \$34$ (the USD value varies with ETH price in that snapshot).

• Governance and utility concepts (non-numeric but important):

  • Tokens can represent governance rights, incentives, fractional ownership, and cross-network interoperability.

• Privacy and compliance references:

  • Privacy-focused coins (e.g., Monero) offer stronger on-chain privacy, challenging tracing efforts.

  • KYC/AML obligations exist for exchanges and can yield identity data through legal processes when warranted.

• Real-world case metrics:

  • The Oklahoma case (April $2023$) shows a conviction and lengthy sentence ($21$ years $10$ months, plus $15$ years supervised release).

• Market dynamics and social signals:

  • NFT value often hinges on rarity, community demand, celebrity endorsements, and perceived exclusivity.

  • Popular NFT ecosystems include CryptoPunks, Bored Ape Yacht Club, and Weird Whales, illustrating how social processes shape asset valuations within crypto communities.

End-of-note reminder

This summary condenses the material from a live, high-level crypto primer intended for investigators. It emphasizes the core concepts, practical investigative steps using public blockchain tools, and the importance of working with prosecutors and using open-source or legal avenues to identify real-world identities linked to crypto wallets. For deeper, hands-on proficiency, enroll in the upcoming self-paced crypto course and the advanced crypto course, and leverage the Zero Abuse Project portal for templates, preservation letters, and course access.