Published in


Top 5 Crypto crimes that leave breadcrumbs on the blockchain

As a digital system, a blockchain is highly secure. However, in most cases, it doesn’t offer a lot of privacy. All the transactions, since the very beginning, are publicly registered one by one, along with their dates, hours, amounts, and related addresses (sent and received funds). This could be seen as something bad, but it can be useful when investigating crypto crimes.

Attribution data is crucial in following the digital breadcrumbs on the blockchain to discover the funds’ whereabouts. So, if some malicious actor is deceiving people to send funds to a specific address (for example), we can see the fund movements in detail. They won’t be able to trade easily on exchanges with this address reported as a scam, even if we don’t know their identity.

Let’s check the most relevant crypto crimes that leave traces on the blockchain.


This one is a classic crypto crime. It’s a type of malware that infects devices and websites in different ways. Once installed on the target, it encrypts all the files, posts, and even the entire disk. The victim can’t access these files and/or functions anymore. The only thing left behind is an announcement by the hackers, asking for a ransom in cryptocurrencies (mostly) in order to “release” the files.

WannaCry ransomware announcement. Source: Emisoft

The victims can get this malware from spammy emails, unofficial downloads, exploits in not up-to-date operative systems (like Windows or macOS), or simply from targeted attacks which is very common in companies and enterprises. Fortunately hackers provide a crypto address (usually in Bitcoin) for the victim to send the funds so we can follow the activity of this address on the blockchain and report it.

Hackers use tactics such as mixers (software to obscure the source of funds), but these are never 100% effective. We can still follow them on the blockchain. As an example, let’s follow the breadcrumbs of one of the addresses associated with the pandemic ransomware WannaCry from 2017:


It received over 20 BTC from more than 100 crypto addresses. Then, the hacker sent this amount to three different addresses. The hacker tried to hide the origin of the funds, splitting them and sending them numerous times to numerous addresses. After all that journey, we can see that some of the funds ended up in the exchanges Poloniex, HitBTC, and Bittrex.

WannaCry ransomware. Follow the graph here

It’s been calculated that the losses caused by ransomware surpassed $7.5 billion in 2019. Besides, the average cost to recover from a ransomware attack (for a company) surrounds $1.85 million. In every case, the best it’s to track down the hackers.

DeFi and exchanges hacks

The Decentralized Finance (DeFi) platforms offer new financial tools open for everyone. But they’re a novel thing, and smart contracts might have vulnerabilities that can be exploited. White hackers who get to spot them, often report these bugs. Although, in most cases, bad actors exploit the issues and conduct massive crypto heists. Sadly, the victims of this type of crypto crime can do little to prevent it.

Centralized exchanges generally have better risk mitigation and security mechanisms in place given their structure. If something goes wrong, they are responsible in addressing these issues. But centralized exchange hacks (or the hacking attempts) are still common. According to SelfKey, around 48 crypto exchanges have been hacked up until 2020.

Probably the largest (and worst) one of them was the hack against the now-defunct exchange, Mt. Gox in 2014. The victims are still waiting for compensation. Funny enough, one of the addresses related to this hacker never spent a single satoshi.

Mt Gox Hacker on Breadcrumbs. Follow the graph here

On the other hand, the largest DeFi hack in history was the one against Poly Network. Luckily for everyone, the hacker did it just “to make a point” and eventually returned all the funds.

Fake ICOs

What can we say? Breadcrumbs was born because of this. The Initial Coin Offerings (ICOs) are an easy way to raise funds for new projects, by selling related tokens that will (or won’t) have a higher value in the future. Nevertheless, according to Statis Group, around 80% of 2017 ICOs were “identified as scams”. That percentage is probably fewer by now (because of worldwide regulations), but never inexistent.

The methodology is always similar. Some (likely anonymous) team offers to develop a new project (inside or outside crypto). They make generic promises, which can include an incredible return on investment. The people buy their newly-minted tokens, and, suddenly, the team disappears with the money and without developing anything.

Some other scammers can also pretend they’re from legitimate and popular ICOs to deceive people into investing. For this, they use fake websites, fake social media accounts, or even fake emails. But, probably, the ones who make everything from scratch are the worst. For example, we had the infamous Plus Token from Asia.

These scammers sold the homonymous token in a fake ICO, promising earnings up to 20% per month. As a result, they robbed around $3 billion in ETH, EOS, and BTC from investors. Some of the BTC ended up in exchanges like Huobi and Bittrex. Meanwhile, after a very long journey through numerous addresses, the stolen ETH ended up in exchanges like MXC, Kucoin, Huobi, and Binance.

Fake crypto giveaways

Ever saw a message like this?

“Good news! We’ve decided to give back to the community and donate 1 BTC to the first 20 addresses registered. To participate, you only need to send 0.001 BTC to 17Wexm8ENeTqModAuSFBkbyBvFbAzTrdfU as proof of address”.

This is a classic format of a fake crypto giveaway (you can still donate to that address, though, since it’s from the NGO Save the Children).

A lot of scammers on Twitter, Facebook, Reddit, Discord, and other social media do this to deceive people into sending them cryptocurrencies. Sometimes they slightly change the methodology, pretending to be crypto exchanges and making people deposit money into fake websites, in order to participate in the “giveaway”.

For some reason, Elon Musk is very popular among scammers. So, we’ll use an example with a fake giveaway by Elon Musk (spoiler: it’s not Elon Musk). One of the addresses still holds over $3,300 in BTC, but it’s now marked as a scam. That’s probably the reason why the owner hasn’t yet dared to cash out their ill-gotten gains. You can follow this address and subscribe to the alerts in our Monitoring Tool.

Elon Musk fake giveaway on Breadcrumbs. Follow the graph here

Fake trading and mining services

All over the web, numerous services are offering automated trading with crypto and cloud mining. They usually have several “investment plans” with guaranteed earnings, including attractive daily and monthly percentages. All you need to do is give them your crypto, and wait for the returns. Or for the scam disclosure, whichever happens first.

The auto trading platforms claim that they use the investments to conduct crypto trading, but this is often not the case. To gain new users, they use fake information, promoted through ads on different platforms, and even attract people in physical meetings. The changes of names/domains are also common for these scammers.

A good example of this is Bitcoin Evolution, also known as Bitcoin Time, Bitcoin Trader, Bitcoin Future, Bitcoin Billionaire, Bitcoin Revolution, and many more. They offer a return in “millions” with a starting investment of only $250. Claims that politicians use this platform to legitimize it, were proven to be untrue. These scams are difficult to track since they offer disposable crypto addresses like this one. But you can always report these addresses to improve their visibility on the blockchain. You can suggest a new label for Breadcrumbs here.

Bitcoin Evolution on Breadcrumbs. Follow the graph here

Conversely, cloud mining promises to take the users’ investments to buy crypto mining machines and put them to work. There are some legitimate services out there, but there are also a lot of scams. A famous one was BitClub Network, which managed to steal over $722 million.

BitClub Network Scam on Breadcrumbs. Follow the graph here

Its founders are now sentenced, and some of the addresses related to it are marked as scams. For some reason, the official webpage still exists, so please, don’t send them funds!

What can you do against crypto crimes?

Preventing crypto crimes is always better than addressing crypto crimes. So, below are some tips you can incorporate in your crypto routine to make sure you aren’t going to be the next victim:

  • Keep up to date your operating systems, webpages, and antivirus software and app.
  • Never download software/files from non-authorized sources.
  • Don’t open emails, and let alone attached files, if you don’t know for sure who sent them.
  • Double check the URL on websites and the handles on social media. Especially if you’re transferring funds.
  • Be critical about information you see on social media.
  • Secure your private keys.
  • Do your own research (DYOR) and due diligence by using blockchain analytics platforms such as Breadcrumbs.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Breadcrumbs Español

Breadcrumbs Español


Breadcrumbs es una herramienta de análisis que permite a las personas darle sentido a la blockchain.