Challenge Faced with Blockchain Analysis (Case Study)

[blockutta]

I am performing research and practicing blockchain forensics. I am not able to make any sense of following wallet:

https://www.blockchain.com/btc/address/bc1qyq03ld3kmwja8c2sjfvjkw2vg2ma9jq79jp0g9

It has 178 transactions and over all volume of ~500 dollar
All input transactions have following patter:

• Wallets starting with bc1 .... BECH32 (P2WPKH) Wallets
  
• Wallets Starting with 3 .... BASE58 (P2SH)

I wonder following:

1. Is this wallet some donation wallet?
2. Is so who is processing the donation of the wallet as all input transactions have similarity?
3. If not donation wallet, then what kind of wallet it can be as size of each transactions is small?

Any thoughts?

[Upgrade00]

1. Is this wallet some donation wallet?

You can not completely ascertain the purpose of a wallet by watching the transactions made through it.

2. Is so who is processing the donation of the wallet as all input transactions have similarity?

Bitcoin is a pseudo anonymous network, you cannot know who is processing the transactions.

3. If not donation wallet, then what kind of wallet it can be as size of each transactions is small?

By size, do you mean amount being transacted or the size of the transaction?
Judging by the address it's a native segwit wallet.

[blockutta]

I have been practicing forensics since last 5 years and beg to differ your claims. Lots of information can be extracted from transaction time, amount and associated information. Its all about pattern recognition and hypothesis can be build.

Yes, I am aware that its segwit wallet but I have a question. What is different betwen native segwit wallet and segwit wallet? I have limited knowledge of techology.

I came across a transaction which had 2 input one of BECH32 (P2WPKH) and other was BASE58 (P2SH). Both input transaction combined to send  X amount to BASE58 wallet.

Example: https://www.blockchain.com/btc/tx/d85c24ac2e083d2bc6d453e9b0a1274b94911e73defca7713b283810d4b0e5e6

Is it possible? If so, I assume both have common private key and legacy and segwit wallet was derived from same private key? Look forward to your comment.

[o_e_l_e_o]

What is different betwen native segwit wallet and segwit wallet? I have limited knowledge of techology.

The terms can be a bit ambiguous at times.

Native segwit refers to P2WPKH addresses, which are in bech32 format and begin with bc1. Nested segwit refers to P2WPKH wrapped in P2SH addresses, which are in base58 format and begin with 3. "Segwit" can refer to either of these two subsets, or both of the subsets combined, depending on the context.

Is it possible? If so, I assume both have common private key and legacy and segwit wallet was derived from same private key?

Maybe, but not necessarily. It is entirely possible to create a transaction with multiple different types of input. All it requires is either importing all the relevant private keys in to a single wallet to sign, or passing a partially signed transaction around for all the private key holders to sign their relevant inputs. The addresses may share a private key, but there is absolutely no requirement for them to do so.

[NotATether]

It could be a service's payment processor that consolidates the payments made to its bech32 addresses, possibly unique per user, into one larger output near a predefined size. This one looks like it tries to consolidate up to 0.01BTC at once.

By analyzing the varieties and amounts of addresses in each input and the address/amount of the output, you can make a signature of each different payment processor which can later be identified using other clues.

[dkbit98]

I have been practicing forensics since last 5 years and beg to differ your claims.

Imagine practicing forensics for 5 years and not knowing the difference between old segwit and native segwit... must be ''crypto forensic expert''  
Try using this three Bitcoin explorers to improve your tracking super powers:
https://www.walletexplorer.com/
https://blockpath.com/
https://www.breadcrumbs.app/

[DannyHamilton]

I am not able to make any sense of following wallet:

https://www.blockchain.com/btc/address/bc1qyq03ld3kmwja8c2sjfvjkw2vg2ma9jq79jp0g9

You are confused. That's not a wallet. That's an address.

All input transactions have following patter:

What is an "input transaction"?  Do you mean a transaction inputs?  Transactions have inputs and outputs.  Inputs spend previously unspent transaction outputs (UTXO). Outputs create new unspent transaction outputs (UTXO).

[Upgrade00]

Lots of information can be extracted from transaction time, amount and associated information. Its all about pattern recognition and hypothesis can be build.

I never said one cannot extract information from a transaction, but as you said you can only form a hypothesis or an informed guess. Determining the exact purpose of an address with 100% assurance is very unlikely.

[ABCbits]

1. Is this wallet some donation wallet?

Unlikely, if they use single static address, usually it's shown on website which can be accessed by everyone. That means you can found the owner by simply copy the address on google search.

3. If not donation wallet, then what kind of wallet it can be as size of each transactions is small?

There are few possibility such as people who use faucet or do micro-task.

P.S. One wallet might have more than an address, please use the term correctly.