De-mystifying cryptocurrency data

How to find stories on ransoms, scams and betting markets

​

https://bit.ly/nicar25-cryptocurrency

Caitlin Ostroff, The Wall Street Journal

Jeremy Merrill, The Washington Post

Some Kinds of Crypto Stories

• Straight Crypto News:
• new coins (e.g. $TRUMP, $DJT, Hawk Tuah coin)— and rugpulls
• market moves
• Financial regulation:
• regulation, evasion and sanctions enforcement
• investigating big pieces of crypto-based financial infrastructure, like Tether
• Scam stories
• investors who lost money in rugpulls or pig butchering
• companies whose product doesn't do what they say it does
• Lifestyle stuff:
• people who bet on elections or buy meme coins or try to only buy things with bitcoin
• internecine beeves between aficionados of one coin or another
• Politics:
• the crypto lobby, and crypto aficionados' philosophical view (e.g. Prospera)
• Trump coin, etc.
• predictive markets

Our goal: give you the tools to cover this when it intersects your beat.

A Lot Has Happened

• Bitcoin topped $100,000 (and then dropped again)
• Congress got its most crypto-friendly group of politicians yet
• Trump is making money off of two cryptocurrencies, $WLFI and $TRUMP
• Trump is creating a U.S. reserve filled with crypto
• Financial regulators who took a hard line on crypto are being replaced and regulatory lawsuits dropped.
• Billions have been bet on prediction market futures contracts, mostly on the US election (prop bets!)
• Americans have lost billions of dollars to pig-butchering scams which mostly (but not always) use crypto as a money-transfer mechanism
• Crypto people are cozying up to the Trump administration for favors

Jargon: Silly words that explain crypto

Blockchain: Immutable ledger that records transactions and tracks assets in a network. It’s really just a distributed database. Some examples: Bitcoin, Ethereum, Tron, Stellar, Solana.

Token: Digital representations of assets or interests on a blockchain. Some high-level types include payment tokens (like bitcoin), utility tokens and security tokens.

Stablecoin: A type of token that is pegged to a real-world asset, like the U.S. dollar or a nugget of gold.

​

The jargon gets worse. You don't have to learn it all.

A blockchain is just a database

More Jargon (Sorry)

• Blockchain wallets are where people store their cryptocurrencies
• Think of this like a bank account number. It’s the account ID where crypto is stored
• Similar to how bank accounts work, you can have multiple accounts in one bank, like how you can have a checking and a savings account, so some people have multiple wallets. Some accounts only allow you to have one cryptocurrency in them. Others allow you to have many.
• You can sometimes figure out what types of coins a wallet has based off of the prefix they start with

Where to find wallet addresses

• Sanctioned wallets: The Treasury Department publishes a list of wallets that have been sanctioned. They label them as “Digital Currency Address”
• Public trading rooms: Crypto’s go-to messenger platform is Telegram, where you can often export the content of the channel and see addresses people are requesting funds be sent to
• Twitter: Similar to telegram, the crypto community also heavily uses this to promote new projects and pull in money
• Researchers: Often have their own troves of wallets and who owns what. Occasionally they can also point you to ransomware gangs that will lead you to wallets. (More on that later)

Examples from the Wild: Sanctions

Full list here: https://github.com/ultrasoundmoney/ofac-ethereum-addresses

Link to Treasury release: https://ofac.treasury.gov/recent-actions/20220808

​

Examples from the Wild: Sanctions

Examples from the Wild: Sanctions

These hacks are still happening and are likely to proliferate as crypto’s value grows. A crypto exchange called Bybit was hacked for $1.5 billion, which an analytics firm Elliptic tied to Lazarus Group.

Examples from the Wild: Trading Rooms

Examples from the Wild: Trading Rooms

All sorts of things happen in public in the crypto world if you know where to look.

​

Telegram and Discord are often filled with interactions between investors and cryptocurrency developers.

​

It’s possible to extract these messages in bulk.

There are other tools and libraries for interacting with Telegram and Discord.

• Telegram-export
• Telethon
• python-telegram-bot
• DiscordChatExporter

Examples from the Wild: Social Media

• The breed of cryptocurrencies currently proliferating are called meme coins
• They get this name because there’s no utility to them. They aren’t made for payments or to power new technologies.
• Just before inauguration, Trump launched his own called…you guessed it…$TRUMP.

Examples from the Wild: Social Media

https://solscan.io/token/6p6xgHyF7AeE6TZkSmFsko444wqoP15icUSqi2jfGiPN#analytics

Examples from the Wild: Social Media

Examples from the Wild: Social Media

• When crypto prices go up, scams go up
• It is incredibly easy to make a coin and therefore incredibly easy to make a scam
• Even if something seems like it may be legit, question if it is

Examples from the Wild: Researchers

• Illicit bitcoin transactions are still traceable on blockchain. If you can find out the wallet ID the hackers are using, you can find trace illicit funds
• There are a bunch of crypto analytics firms: Chainalysis, Elliptic, TRM Labs and independent researchers too
• They are sometimes willing to share API keys to their own databases that label wallets. These agencies are always surprised when a reporter asks for an API key and will often share it.

​

Examples from the Wild: Researchers

In 2019, a U.K. tourism currency-exchange company got hit by a ransomware attack

We wanted to know if they paid (or were going to pay) the ransom

Researchers suspected the ransomware gang was called Sodinokibi (there are loads of them) and they used an exploit in the company VPN. I asked them if there was a (safeish) way we could get in touch.

​

Examples from the Wild: Researchers

With the help of the researcher, we got Sodinokibi ransomware files and instructions on how to safely deploy them (air gapped computer not connected to any network)

Basically we intentionally infected a computer with ransomware.

The reasoning: Infected users get a chat line to the hackers.

​

Examples from the Wild: Researchers

Yes, we identified ourselves as WSJ reporters. Even sent them my author page.

And you’ll see the hackers gave us the payment bitcoin address, which we later confirmed with government sources.

Prediction markets

• Polymarket is the largest prediction market
• U.S. users are officially banned from trading on it
• Bets are funded using stablecoins
• Concerns over ethics of some bets and its ability to influence public opinion

Prediction markets

Prediction markets

• Figuring out who holds coins and the person behind the username can be hard but leads to really interesting stories
• Sometimes you can piece identities together from the internet, other times it’s chance and sometimes you need to get creative

Prediction markets

• These prediction markets have also proven to be controversial, particularly when it comes to disasters

Let's learn about a new project or coin via Dune

​

Suppose our editor assigns us to learn about predictive betting on the 2024 election. (This literally happened to me.)

1. Search for it on Dune.com. Literally just google, e.g. polymarket dune
2. And look at a few dashboards of people's charts.
3. These are generally reliable-ish, but you should dig deep (or try to contact the creator wizard if you want to use the numbers in a story).

​

Literally, go do it. Right now.

Let's learn about a new project or coin via Dune

​

Suppose our editor assigns us to learn about predictive betting on the 2024 election. (This literally happened to me.)

1. Search for it on Dune.com. Literally just google, e.g. polymarket dune
2. And look at a few dashboards of people's charts.
3. These are generally reliable-ish, but you should dig deep (or try to contact the creator wizard if you want to use the numbers in a story).

​

Literally, go do it. Right now.

E.g. https://dune.com/filarm/polymarket-activity or https://dune.com/rchen8/polymarket

Let's learn about a new project or coin via Dune

​

https://dune.com/filarm/polymarket-activity

E.g. Monthly volume on Polymarket… someone already did it.

Let's learn about a new project or coin via Dune

​

https://dune.com/queries/3995178 / @rchen8

Somebody else had non-election volume.

Let's learn about a new project or coin via Dune

​

​

So I used their methodology.

With modifications.

Let's learn about a new project or coin via Dune

​

https://dune.com/filarm/polymarket-activity

With SQL available.

Let's learn about a new project or coin via Dune

​

https://dune.com/filarm/polymarket-activity

With SQL available.

So you need to check what's election related!

Let's learn about a new project or coin via Dune

​

https://dune.com/filarm/polymarket-activity

With SQL available.

So you need to check what's election related!

​

(But it is just a database.)

Let's learn about a new project or coin via Dune

​

https://dune.com/filarm/polymarket-activity

And they answered my next question. What are the top post-election bets?

Is it right?

Databases usually don't always reflect reality:

• 150 year olds getting social security?!?!
• Property records that list all old houses as having been built in 1920 because that's when the records all burned or were lost in a flood.
• Timestamps on security cameras (always wrong, like, always)

Crypto is different. If the blockchain says you have 10 BTC, then you do.

​

​

Questions? Need a sense check?

Feel free to contact us:

​

• caitlin.ostroff@wsj.com
• jeremy.merrill@washpost.com