Reading Reports
Understanding investigation output and findings
Report Structure
Every Blockchain Detective investigation produces a comprehensive report with consistent sections.
1. Executive Summary
High-level overview appears first:
- Target Address: The investigated Bitcoin address
- Investigation Methods: Which analysis modes were used
- Key Findings Summary: Exchanges found, mixers detected, etc.
2. Address Statistics
Basic blockchain data:
- Total Received (lifetime)
- Total Sent (lifetime)
- Current Balance
- Transaction Count
3. Key Findings
Most important discoveries with status indicators:
- 🎯 Exchange deposits found (highest priority)
- ⚠️ Mixer activity detected
- ✅ Clean paths (no obfuscation)
- 🔴 No exchanges identified
4. Detailed Analysis
Two sub-sections:
- Part 1: Fund Flow Analysis - Largest incoming transaction trail
- Part 2: Multi-Path Analysis - All major outflows
5. Actionable Recommendations
Specific next steps for:
- Law enforcement (subpoena targets)
- Victims (reporting procedures)
6. Investigation Assessment
Recovery likelihood and complexity evaluation.
Status Indicators Explained
🎯 Exchange Deposit (Green Light)
Found via: Fund Flow Tracking
Exchange: Coinbase
Address: bc1q...xyz
Hop: 4
Meaning: Funds reached a KYC exchange
Action: Subpoena or contact compliance team
Priority: HIGHEST
⚠️ Mixer Detected (Yellow Flag)
Hop 2: Transaction abc123...
Pattern: CoinJoin mixing
Confidence: HIGH (score 9/13)
Indicators:
- 127 inputs
- 128 outputs
- 125 equal-value outputs
Meaning: Suspect used obfuscation
Action: Track outputs within time window
Priority: HIGH (complicating factor)
🟢 Clean Path (Neutral)
Path 3: Direct transfers
Hops: 3
No mixers detected
No exchanges found
Meaning: Straightforward movement, no obfuscation
Action: Continue monitoring
Priority: MEDIUM
🔴 No Exchange (Requires Monitoring)
Trail ends at: 1ABC...xyz
Reason: No matching outgoing found
Total TX: 23
Meaning: Funds stopped or dispersed
Action: Set up monitoring alerts
Priority: ONGOING
Confidence Score Interpretation
Mixer Detection Scores
| Score | Confidence | Interpretation | Trust Level |
|---|---|---|---|
| 10-13/13 | Very High | Definitely a mixer | Act with certainty |
| 7-9/13 | High | Almost certainly a mixer | High confidence |
| 4-6/13 | Medium | Possible mixer, investigate | Verify further |
| 0-3/13 | Low | Not a mixer | Disregard |
Exchange Behavior Scores
| Score | Likelihood | Interpretation | Action |
|---|---|---|---|
| Confirmed | 100% | In verified database | Proceed immediately |
| 7-10/10 | High | Very likely exchange | Verify with tools |
| 4-6/10 | Medium | Possible exchange | Further investigation |
| 0-3/10 | Low | Unlikely exchange | Not actionable |
Reading Fund Flow Visualization
Target: 1ABC...xyz (2.5 BTC received)
│
├── Hop 1: 1DEF... = (2.49 BTC) [transfer]
├── Hop 2: 1GHI... = (2.48 BTC) [⚠️ MIXER]
└── Hop 3: 1JKL... = (2.47 BTC) [🎯 Coinbase]
How to read:
- Indentation: Shows progression through hops
- Amounts: Tracked value (decreases due to fees)
- Icons: Important detections (mixer, exchange, etc.)
- Endpoints: Where trail stopped or succeeded
Common Report Patterns
Pattern 1: Direct to Exchange (Best Case)
Fund Flow: Target → 1 hop → Coinbase ✅
Multi-Path: 3 of 5 paths reached exchanges ✅
Mixers: None detected ✅
Recovery Likelihood: 🟢 HIGH
Recommendation: Immediate subpoena to Coinbase
Pattern 2: Mixed Then Exchange (Moderate)
Fund Flow: Target → mixer → 3 hops → Binance
Multi-Path: 1 of 6 paths reached exchange
Mixers: 2 detected
Recovery Likelihood: 🟡 MEDIUM-HIGH
Recommendation: Subpoena + mixer analysis
Pattern 3: No Exchange Yet (Monitoring)
Fund Flow: Target → 5 hops → trail cold
Multi-Path: All paths ended without exchange
Mixers: 1 detected
Recovery Likelihood: 🟡 MEDIUM
Recommendation: Set up alerts, monitor for movement
Pattern 4: Sophisticated Laundering (Complex)
Fund Flow: Target → split → 6 mixers → dispersed
Multi-Path: Multiple splits, all mixed
Mixers: 8 detected across paths
Recovery Likelihood: 🟡 MEDIUM-LOW
Recommendation: Professional forensics required
Quick Reference Guide
If You See This → Do This
| Finding | Meaning | Immediate Action |
|---|---|---|
| 🎯 Confirmed Exchange | Funds at KYC platform | Contact exchange/file subpoena NOW |
| ⚠️ Mixer (High confidence) | Deliberate obfuscation | Document for case file, track outputs |
| 🛑 Trail End | Stopped moving | Set up monitoring alerts |
| 💠 Split Detected | Funds divided | Investigate multiple paths |
| 📊 Consolidation | Funds combined | Follow output (main destination) |
Understanding Limitations
What Reports CAN Tell You
- ✅ Where funds moved on blockchain
- ✅ If mixers were used
- ✅ Which exchanges received deposits
- ✅ Transaction patterns and behaviors
- ✅ Confidence levels for detections
What Reports CANNOT Tell You
- ❌ Identity of suspects (need exchange KYC)
- ❌ Which mixer output is "yours" (probabilistic)
- ❌ Future movements (only historical)
- ❌ Off-chain transactions (Lightning, exchanges)
- ❌ Legal jurisdiction or prosecutability
Next Steps After Reading Report
For Law Enforcement
- Document all exchange findings
- Draft subpoenas with specific addresses and dates
- Preserve blockchain evidence
- Consider commercial forensics for mixer analysis
- Monitor addresses for future activity
For Victims
- File police report with investigation attached
- Contact identified exchanges' fraud departments
- Submit FBI IC3 complaint
- Preserve all evidence (emails, transactions, etc.)
- Consider hiring blockchain forensics firm if high value
Related Documentation
- Confidence Scores - Deep dive into scoring methodology
- Law Enforcement Guide - Using reports for legal action
- Limitations - Understanding what can't be determined