GHOST TRACES - THE GLOBAL HUNT FOR THE CRYPTO CURRENCE CRIMINALS

OSINT techniques used

Drugged and robbed in Santa Marta

Following the Ghosts: The OSINT Behind the Hunt

The people who emptied the accounts were counting on one thing: anonymity. A first name on a dating app. A throwaway phone number. A crypto wallet with no name attached. On paper, untraceable. In practice, every one of those “anonymous” choices left an open-source trail — and open-source intelligence, OSINT, is the craft of reading the trails people forgot they were leaving.

It started with a face. The woman from the dating profile had no surname, but she had photos — and photos are biometric data. Reverse-image and facial-recognition search engines compare a single face against billions of publicly posted images and return every other place that face has surfaced online. Within seconds, the same woman appeared again and again across the web.

That led to the most important principle in this investigation: identification by convergence. No single profile proves anything. But when one face appears independently on a mainstream social network, an adult-cam platform, and two escort directories — each with overlapping details, cities, and timelines — the chance that they belong to different people collapses to near zero. Four independent public sources, one natural person. Not courtroom-proof on its own, but far past the threshold to justify a real investigation. Reused usernames, recycled bio text, and the same handful of photos stitched the profiles together — people rebuild their anonymity from the same spare parts every time.

The phone came next. A number captured during the crime, run through open telecom registries and the residue people leave on social media, resolved to a registered identity — a connection the official investigation somehow never got around to making.

Then came the money, where OSINT meets blockchain forensics. Cryptocurrency feels anonymous, but a public blockchain is the most complete paper trail ever invented. Following the stolen funds transaction by transaction, we mapped roughly 1.92 million USDT moving through a chain of intermediary wallets — complete with a tell-tale test transaction, suspiciously round amounts, and a skimmed fee — before it landed at deposit addresses on regulated, KYC-verified exchanges.

The instant dirty crypto touches a compliant exchange, it acquires a name: passport, photo, address.

The trail didn’t vanish. It checked in.

The digital infrastructure told its own story. Three login sessions — bank, crypto account, withdrawal — fired from consecutive IP addresses inside a single datacenter VPN subnet within forty hours: a fingerprint of coordination no street thief leaves behind.

Finally, the physical world filled the gaps. Apple Pay receipts mapped a shopping spree across luxury stores in a neighbouring city. CCTV footage, secured before it could be overwritten, caught faces in motion. Merchant logs, timestamps, and location data reconstructed the route the perpetrators took, hour by hour.

None of these techniques is exotic. Reverse image search, public-record lookups, on-chain tracing, IP correlation, camera canvassing — each is available to anyone patient enough to use it. That is the quiet lesson of Ghost Traces: the tools to find these people existed the entire time. Someone just had to pick them up.

The traces were always there. We simply read them.

Must Read

Scroll to Top