The OSINT Guide

This post is to show what crypto transactions look like on blockchain explorers versus what the user sees in their personal device.

This is the first of several on this topic.

Getting Started

So I bought and sold some crypto as examples.

After getting an account on Coinbase there appears to be 3 separate locations for your funds, there is a kind of initial/default account that is labelled “primary balance”, and then there is you Coinbase Wallet. and Finally there is your Web3 Wallet

According to Coinbase.com, once you make a purchase on Coinbase.com, your crypto is stored securely by the platform (identified as “Primary balance”). Coinbase Wallet, on the other hand, is a self-custody wallet. This means that the private keys, which represent ownership of your crypto, are stored directly on your device.

See here, opening coinbase it shows my primary balance and my web3 wallet:

Interestingly, when I send funds from my primary balance to anywhere else, it appears on the blockchain as one of several hundred transfers that are grouped together into a single transaction.

All of the funds are sent from an address owned by Coinbase. Therefore if you were viewing the transaction you would not see anything directly linked to me.

Here are the specifics from one transfer:

On March 3rd 2023 I sent $6.99 / 0.00019779 BTC from my Coinbase Primary Balance to the address bc1qlwcchp4vjj8ezhglr8k4ef02s8gh5hhghxr3pr (hxr3pr) (which is actually to my Coinbase Wallet).

The transfer had the trx hash 4aaeb8418f7ff104566b65dd7a61d8e4de65f6b8fe42bacb066579595cddbe43 and a trx fee of 0.00003621 ВТС.

Here is how the trx appears in Coinbase App

In my Coinbase Wallet App I see:

On Blockchain.com the trx appears as follows 

(URL for trx: https://www.blockchain.com/explorer/transactions/btc/4aaeb8418f7ff104566b65dd7a61d8e4de65f6b8fe42bacb066579595cddbe43)

We see that while I sent the funds on March 3rd, the website says “This transaction was first broadcasted on the Bitcoin network on March 06, 2023 at 05:03 AM GMT-5.“

This explains why the Coinbase App and Coinbase Wallet App show the funds being sent on the 3rd and received on the 6th.

Coinbase combined my transfer with several others that combined into a single transaction.

The one Coinbase address sent 10.00 BTC (over $400,000) to several hundred separate addresses is one transaction.

If you did not know better it would appear like one person was sending all of the funds, when in reality one person (me) made one transfer.

Using a visualization tool like Breadcrumbs, it looks like this:

That’s it for now!