Best Tools for Blockchain Explorers

5 Dec 2023 | Updated 7 Dec 2023

Ready to learn more about blockchain sleuthing? Learn from the best; while Boring Security’s Feld dives into the tools a crypto-detective might need to catch criminals on the chain.

Although only an amateur aspiring sleuth myself, one thing I’ve learned from talking to other Sleuths in this space is that there is no shortage of tools employed to quickly uncover information for certain circumstances. The ability to use tools together is essential for investigations into all the different types of scams, hacks or other interesting on- and off-chain events that may occur. Let’s look at some of the most popular tools in use today, with a special emphasis on free, and how you can use some of them yourself as part of your own DYOR process and investigations.

What Tools Do Crypto Detectives Use?

Tools generally fall into a few broad categories. First, you need a block explorer like Etherscan (although some Sleuthers prefer others, or need to use others when scammers bridge to other blockchains). Some tools allow you to analyze affiliations and visually track movements. Then some tools add data enrichment to addresses and protocols, adding metadata such as names, suspicious activity levels, or simply descriptive context to a dataset.

Block explorers

The first place most of us go to start looking around for any given story is the on-chain data. Even experienced Sleuthers start by going to the block explorer for a specific chain. Each blockchain has its version of a block explorer that communities tend to rally around. Below is a list of some of the major EVM chains’ block explorers.

Of course, there are also Bitcoin, Solana, Cardano and other blockchain explorers, so the full list can get pretty extensive. However, bad actors often move funds across blockchains using bridges, so this can make these tools a bit limited, as they can only track funds on their own chain!

Transaction Visualizers

It is difficult to assign a categorical name for these tools as they all focus on different features. Metasleuth, Misttrack, Breadcrumbs and Arkham are all relatively popular tools used to visualize blockchain data. At a high level, however, each helps to uncover a few things at a glance about an address:

Which protocols and addresses they interact with the most How many of and which tokens pass through the address under investigation Risk scores, which can be useful for those with compliance needs

Figure 1-1: An example of Breadcrumbs’ initial search results when looking up address mrbayc.eth.

Clicking on one of these addresses ends the interactions of that address with it, like so:

Figure 1-2: An example of Breadcrumbs’ expanded view of activity between a protocol and address.

These tools also allow you to track funds on a time-based scale. You can examine addresses to discover:

transactions of interest, how they connect to other addresses, what kind of transactions they are doing when they do

Often when you see screenshots of these apps on Twitter, you’ll see long chains of addresses, in different colors like this:

Figure 1-3: A Metasleuth visual of one of Quit’s addresses showing transactions to and from crypto exchanges.

Tools like these allow you to uncover correlations and patterns at a glance, while giving you new clues to search through. As you learn more about individual addresses, you can add tags and notes to them to continue building your investigation. Making good use of these tools is unfortunately beyond the scope of this article. The features vary slightly between each one, and many of the Sleuthers we spoke to in our interviews prefer different tools from each other and still produce great results!

Data enrichment

Data enrichment is the name of the game for almost all detective tools to some extent. Enrichment adds context, makes the data more usable, easier to organize, and easier to visualize. Probably every tool mentioned so far is a “data enrichment tool”.

However, some focus on adding context within existing applications, making existing tools even better. Similar to extensions that show more about an NFT’s rarity or stats, these tools add context to websites or data types in the same way.

Metadock

Metadock is a worthy mention in this category, especially when it comes to enriching data on the block explorers. It’s a browser extension that adds context to sites like Etherscan, Opensea and a growing list of sites to add a little more context to each one. Let’s see Metadock in action:

Figure 1-4: An example view of the Boring Security Deployer address transaction history page with Metadock installed.

Notice above how it has added contract names which makes it a bit more friendly to read, compared to pure Etherscan below, where only the approved Etherscan names are present:

Figure 1-5: An example of the Boring Security Deployer address transaction history page without Metadock.

Another cool feature of Metadock is that it can learn more about the address you’re investigating, making it easy to link to other tools with just a simple click:

Figure 1-6: Etherscan address header with Metadock installed link to other tools.

Some of these additional tools are useful for Sleuthing, but others may just be useful for getting context about that particular address, such as the actual dollar value contained within it, accounting for NFTs and DeFi positions, as well as what approvals it may have .

Understanding approvals as an NFT user is essential to staying safe in the space. Check out the article on Boring Security Clearances if you’re not familiar with contract clearances.

Debank (Portfolio Viewers)

While Metadock adds reputation and readability context, Debank provides financial and value context. Debank, as well as similar services Zapper and Zerion show someone’s portfolio balance.

Some people don’t realize that they can be extremely helpful during Sleuthing, or just locating funds as well.

They are often used in scenarios where someone has bridged funds from one blockchain to another, perhaps multiple times. Using these portfolio visualization and management tools, Sleuthers don’t have five different block explorers as they track an address’s bridging activity. They can simply view the address in DeBank.

See how simple a bridge transaction is when displayed in Debank below:

Figure 1-7: A view of a user bridging funds from Arbitrum to Optimism using the SynapseProtocol Bridge as shown by DeBank.

Not only did it include cross-chain context all in one place, but it also included financial (dollar value) context. An incredible tool to add to the toolbox when trying to better understand a transaction chain!

Social media

Social media and information that can link addresses to users’ real identities are extremely important. Knowing the real identities of addresses that have interacted with bad actors in the chain can go a long way in finding the real identity of the bad actor(s).

For example, let’s imagine that we are looking for an address that has stolen money. Using Etherscan it shows that the address has done some transactions on NFTTrader with an address that has an ENS name. Upon further investigation, it appears that ENS name is linked to an Opensea profile that has an associated Twitter account. Using Twitter/X and Discord search can reveal information about addresses that have transacted with the thief address in question. In this example, you might search a community Discord for any of the assets contained in the trade and Discord a Discord username for the initial scammer’s address.

Negative users often double down on covering their tracks by deleting tweets, but the WayBack machine can recover that deleted information. These returning tweets may provide additional clues to the thief’s identity! The example above can be a bit confusing, so let’s look at the graphic below:

Figure 1-8: A figure showing a scammer’s address interacting with a known address by NFTTrader, which is then used to find out more information about the scammer.

Final Thoughts on a Crypto Detective’s Toolbox

Even if you don’t have a huge interest in trying to track down bad guys, understanding these tools can give you deeper insights into how the blockchain works. Knowing how this can be explored can add some new perspectives and methods for you to use when you DYOR (Do Your Own Research). These tools make it possible to build a timeline of events, add context to those events, and uncover connections to identities on other platforms. You get more information than you ever would by simply clicking endlessly on Etherscan, and faster too.

This article simply introduces the tools some Sleuthers use to catch bad guys. We couldn’t possibly go into every nuance of how to use them, but if you’re reading this from the Ledger Classroom, the next article in the series covers more of HOW these Professional Sleuthers catch bad actors.

Have any questions or want to learn more about web3 security and stay up-to-date on the latest security information, scams and tactics? Join Boring Security in its official Discord server and check out some more of the Boring Security classes you can take!