July 1, 2026

at

11:00 am

EST

(Updated:

)

MIN READ

OSINT Explained: The Role of Open-Source Intelligence in Crypto

OSINT has an outsized role to play in blockchain intelligence and forensics. This is our guide to what it is, what it’s used for, and why it is controversial
No items found.
Arkham Intelligence logo white
C
Arkham
Article
Guides
News
Insights
Reports
Trading

Contents

    OSINT (Open-source intelligence) refers to the process of collecting and analyzing publicly available information with the objective of actionable insights or useful answers to important questions, commonly about other people or organizations.

    OSINT has become a controversial topic within the crypto space, as many members of the crypto industry believe in privacy as a right. While OSINT has proven itself as a capable tool for law enforcement and investigators to expose fraud and track hacked funds on-chain, many crypto privacy advocates have raised concerns about on-chain anonymity being compromised as a result.

    SUMMARY

    • OSINT stands for open-source intelligence, and refers to information gathered from public sources.
    • OSINT can help link pseudonymous blockchain addresses to real-world identities, which is very useful for investigating on-chain crime.
    • Platforms like Arkham help combine off-chain OSINT with on-chain analysis, serving as a useful tool for investigators.
    • Privacy advocates in crypto argue that OSINT creates legitimate concerns regarding surveillance and misidentification, and also weakens the financial privacy that blockchains help enable. 

    WHAT IS OSINT?

    OSINT stands for open-source intelligence. OSINT consists of a wide range of information sources such as social media, forum posts, news articles, online domain registration data, property records, satellite imagery, and more. Any information that is used to build an understanding of a target or intelligence objective, and doesn’t require bypassing security measures, can be classified as OSINT.

    USE CASES FOR OSINT

    Hacks, theft, and fraud are the biggest use cases of OSINT within crypto. When a protocol or exchange is compromised, blockchain sleuths have a public on-chain trail of transactions that they can look at for clues. OSINT helps fill in the gaps between the perpetrator and what occurred on the blockchain. Prominent crypto investigator ZachXBT has built his reputation almost exclusively on wallet analysis and off-chain OSINT (Discord screenshots, forum posts, public email addresses, LinkedIn profiles, etc) to help identify the criminals who commit high-profile crypto hacks and thefts.

    Sanctions and compliance monitoring is another use case of OSINT that has been gaining traction over time. As crypto continues to grow, different platforms emerge and new jurisdictions are onboarded. Establishing attribution that connects on-chain activity from the many different platforms and jurisdictions that exist to real actors has become a core objective for many compliance teams, law enforcement officers, and financial intelligence units. Exchanges and financial institutions utilize OSINT techniques to ensure that their counterparties haven’t been placed on sanctions lists and flag suspicious activity.

    Market intelligence is another established use case of OSINT. Savvy traders can scour the blockchain for useful insights about wallet owners and token distribution. Discovering that a wallet that belongs to a major fund or known insider is accumulating token supply is information which can help traders decide whether to enter/exit a position. Institutional traders and researchers frequently combine on-chain data with OSINT in order to follow smart money on-chain, anticipate large movements, and contextualize unusual transaction patterns. 

    Investigative journalism is yet another use case of OSINT. Journalists rely on OSINT to verify claims, document underground wrongdoing, cross-reference public corporate filings and exchange records. The FTX and Terraform Labs collapses were both extensively covered by sleuths and newsrooms with investigators/journalists trawling through financial documents that linked FTX with Alameda, showed balance sheets padded with illiquid FTT tokens, and a misuse of customer deposits. 

    IS OSINT LEGAL?

    OSINT is legal when obtaining information from publicly available systems and sources without bypassing any security measures that might exist. Things get more legally complex regarding how that information and data is processed, stored, or used. Under the EU’s General Data Protection Regulation law, organizations are required to have a legitimate reason to process personal data, even if the data is public. 

    OSINT AND BLOCKCHAIN FORENSICS

    Because blockchains are inherently public and permanent ledgers that contain records of every transaction ever performed on a chain, OSINT is especially useful in the blockchain environment. Anyone can see what actions a wallet has performed, but the identity of the wallet owner is not public.

    Blockchain forensics helps uncover the true identity of a wallet’s owner. A suspicious wallet address might be initially highlighted through an on-chain incident, pattern, or community tip. Investigators can analyze transaction flows and determine connected wallets to help figure out who’s behind the wallet. A single mistake such as a publicly posted wallet address, social media post, or exchange deposit linked to a KYC account might be enough to catch a criminal.

    The permanent nature of a blockchain ledger is the biggest strength for an on-chain OSINT investigation. Bad actors can delete posts and messages, but their on-chain records are forever visible. Once on-chain and off-chain data points are properly linked together, that connection will be valid forever.

    ARKHAM’S CONTRIBUTION TO OSINT

    The OSINT layer is also where the Arkham community makes significant direct contributions. Through Arkham’s Intel Marketplace, sleuths can submit their findings as either bounty completions or DATA program entries. A submission can be as simple as a screenshot of a tweet where someone published a wallet address belonging to them. However, a submission could also be as complex as a multi-source analysis that links a cluster of wallets to a person through a combination of corporate records and on-chain behavior.

    THE CASE AGAINST OSINT IN CRYPTO

    A large number of the cryptocurrency industry’s builders - like the team behind Zcash - are people who believe in financial privacy as a human right. Bitcoin for example, by design can be used pseudonymously, although transactions are publicly recorded and can sometimes be linked to identities. In the eyes of these privacy supporters, OSINT works to strip away the right of privacy from users.

    BEST OSINT TOOLS

    Arkham is the more comprehensive platform for on-chain attribution due to its AI-powered wallet labeling, multi-chain capabilities, interactive visualizer, and community submitted information from the Intel Marketplace.

    The Arkham Tags Leaderboard is where users can leverage all the OSINT that has been found, sorted, and synthesized with on-chain data by our in-house sleuths.

    Maltego is the go-to tool for relationship mapping. Users are able to query external data sources and view results as visual nodes on a graph, helping connect entities across a large number of data sources. Maltego also allows users to pivot between on-chain wallet addresses and off-chain points.

    Etherscan and other chain-specific block explorers continue to be important tools for viewing raw on-chain data.

    SpiderFoot is an OSINT automation tool that makes gathering information from public sources off-chain easier for users. By giving it a starting point of information (IP address, email address, username, etc), the tool automatically searches hundreds of data sources to find everything that has been publicly associated with the provided starting point. 

    IntelligenceX is a search engine that indexes data leaks, breaches, and historical internet records. Searches can be run by email, IP address, domain, Bitcoin address, and more. The Bitcoin address search feature allows the tool to surface address mentions across leaked databases and dark web sources that wouldn’t appear elsewhere.

    WHAT IS THE OSINT FRAMEWORK?

    The OSINT Framework is a community-maintained directory where users can find OSINT tools that suit their needs. The directory was originally created by Justin Nordine with a focus on information security, but has evolved to include many other investigation categories.

    The framework features a large number of category nodes such as Username, Email Address, Social Networks, Cryptocurrency, Archives, Dark Web, AI Tools, and more. Each of these category nodes can be clicked into, branching into subcategories and specific tools linked for one to use. The cryptocurrency category contains blockchain explorers, wallet analysis tools, mixer tracking, wallet clustering tools, and more. 

    It is important to note that the OSINT Framework is not a tool in itself, it merely guides users towards the specific tools that they need. It doesn’t collect any sort of data or run any type of analysis. Entries are tagged to let users know if a tool needs to be installed locally or require a registration, which is important to know for legal compliance and operational security.

    HISTORY OF THE TERM

    The term originated from WWII military operations, primarily the US Foreign Broadcast Monitoring Service and the BBC Monitoring Service. US law officially defines OSINT as intelligence "produced from publicly available information that is collected, exploited, and disseminated in a timely manner to an appropriate audience for the purpose of addressing a specific intelligence requirement." 

    CONCLUSION

    The case for OSINT is simple: law enforcement and investigators can use OSINT to trace stolen funds and catch on-chain criminals. The public ledger feature of blockchains is especially suited for this use case. 

    The case against OSINT is equally straightforward. The same tools and infrastructure being used to unmask anonymous criminals can also be used against those who have done nothing wrong. 

    OSINT in crypto is not inherently good or bad, it’s a tool that reflects the intentions of those who are using it.

    C

    C is a writer who has been in crypto since 2020. He previously worked with InfoToken DAO. When he’s not trading crypto, he’s trading on Old School RuneScape.

    Arkham Intelligence logo white
    Arkham
    The Arkham Research Team comprises analysts and engineers who worked at Tesla, Meta, and Apple, alongside alumni from the University of Cambridge, Imperial College London, UC Berkeley, and other institutions.
    No items found.
    Information provided herein is for general educational purposes only and is not intended to constitute investment or other advice on financial products. Such information is not, and should not be read as, an offer or recommendation to buy or sell or a solicitation of an offer or recommendation to buy or sell any particular digital asset or to use any particular investment strategy. Arkham makes no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information on this website and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Digital assets, including stablecoins and NFTs, are subject to market volatility, involve a high degree of risk, can lose value, and can even become worthless; additionally, digital assets are not covered by insurance against potential losses and are not subject to FDIC or SIPC protections. Historical returns are not indicative of future returns.