Last year I got hit by an impersonation scam. Someone I thought I was talking to wasn't who they said they were, and a few thousand dollars in crypto moved to a wallet I didn't control before I realized what had happened.
I did what everyone does next: I opened a block explorer, stared at a string of transactions I didn't understand, and started Googling.
Here's what I found.
Option 1: Pay a professional blockchain forensics firm. Quotes started at $500 and went up to $5,000 for anything useful. For someone who'd just lost money, that's a second gut-punch.
Option 2: Free block explorers like Etherscan. They show you raw transactions, but they don't tell you that the wallet on hop #4 is a Binance deposit address, or that the contract on hop #2 is Tornado Cash. You can see everything and understand nothing.
Option 3: Post on r/CryptoScams and hope a kind stranger helps.
There's a gap in the middle, and that gap is where most victims actually live. People who've lost enough money to care, but not enough to justify a $2,000 forensics bill.
So I built ChainTracing.
The technical problem
The interesting problem was cross-chain. Most consumer-facing tools handle one ecosystem well. Following funds from an EVM chain through a bridge into Solana, then to a Tron USDT address, then to a Binance deposit, is where they fall apart.
What I ended up building is a breadth-first search that runs across 8 chains in parallel: Ethereum, BSC, Polygon, Arbitrum, Base, Solana, Tron, and Bitcoin. Four separate tracer engines, one for each architectural family (EVM, Solana, Tron UTXO-style, Bitcoin UTXO), feeding into a unified hop graph.
At every node in the BFS, the trace cross-checks against:
Known CEX hot wallet databases (Binance, Coinbase, Kraken, OKX, Bybit)
Mixer contracts (Tornado Cash, Blender, etc.)
Cross-chain bridges
OFAC and EU/UK sanctions lists
A database of 4,700+ reported scam wallets
A "beyond-CEX" reliability flag: once funds hit an exchange, on-chain tracing becomes unreliable, so we explicitly flag that horizon instead of pretending we can still follow
A few things that were harder than expected
Cross-chain bridge detection. Bridges don't all behave the same way. Some lock-and-mint, some burn-and-mint, some just send to a custody wallet. Getting reliable "funds went from chain A to chain B via bridge X" signal required hand-tuning per bridge.
Solana. Nobody tells you this until you try, but Solana's data model is so different from EVM that 70% of the EVM tracer code was useless. Solana tracing ended up being a completely separate implementation.
CEX attribution confidence. Telling someone "your funds reached Binance" is useless if it's wrong. The entire value of the tool collapses. I ended up with a confidence-scored attribution system rather than a binary yes/no, and surface the confidence in the PDF so investigators can judge.
Scam database deduplication. Scam wallet lists from different sources overlap, disagree on case (checksummed vs lowercase Ethereum addresses are the same address), and sometimes include false positives. Normalizing across 10+ sources took longer than building the tracer.
Stack
Next.js 16, Supabase, Vercel. Free tier runs on public RPC endpoints; paid tiers use dedicated providers for throughput. PDF generation is server-side with a custom template because none of the off-the-shelf libraries produced output that looked like something a police officer would actually accept as evidence.
Where I'm at
Soft-launched at chaintracing-app.vercel.app. Free tier is a risk score and scam database check. Paid tiers ($9.99 and $29.99) generate PDF reports. Some early users, no paying ones yet. SEO restructure just shipped.
A question for the dev.to crowd
If you've built in a trust-sensitive vertical (security, healthcare, finance, crypto): how did you get past the credibility problem when you're a small team with a product that solves a problem big firms charge 50x more for? "Why so cheap?" is the #1 question I get, and I suspect my answer ("because the underlying compute cost is low and I'd rather have 1,000 users at $10 than 10 at $1,000") isn't as reassuring to readers as it is to me.
Also genuinely interested: if you've ever been scammed or helped someone who was, what would have made the difference at that moment?
Top comments (9)
the $500 minimum quote just to understand your own funds is brutal. most people give up there. does it handle newer scam patterns or is it tuned more for the transaction types you specifically encountered?
Fair call on the $500 floor. For the new scam patterns question: the scam DB is the tuned part (4,700+ addrs I've curated from zachxbt threads, rekt.news, and reported cases), so anything logged there gets an instant match. The tracing logic itself is pattern-agnostic though, it just follows value flow hop by hop regardless of what the scam was. Where it falls behind is novel obfuscation, specifically new bridge routes I haven't mapped yet, approval-drain contracts with odd call patterns, and rotating intermediary wallets used for a single scam then abandoned. I add those as I find them but I'm sure I miss some. Pig butchering and approval phishing are the patterns it handles cleanest right now because those were the cases I was closest to.
pattern-agnostic tracing is the right call — DB becomes a pure data problem, not a logic one. one gap worth flagging: zachxbt coverage can lag live rugs by 24-48h on fast-moving cases. live webhook feed on the roadmap or is batch an acceptable trade-off for your use case?
Makes sense. Being clear on where tracing actually stops (CEX, cross-chain, attribution confidence) is the right move. Most tools fall down by over-claiming certainty, especially once funds hit exchanges. In practice, that transparency is what builds trust.
Thanks for sharing.
Appreciate it. Over-claiming is the real failure mode in this space, especially with marketing pressure to sound omniscient. The CEX-hit flag is actionable, everything past it is speculation, and separating those two cleanly is most of the work.
The pricing skepticism is a real signal you're reading correctly. It's not about the dollars, it's about trust transference. People don't have a mental model for what blockchain forensics should cost, so they use price as a proxy for legitimacy. The firm charging $2,000 must know something you don't. Your $10 report must be missing something.
What's interesting is you're actually solving the inverse problem of most security tools. Usually you're trying to convince someone there's a threat they can't see. Here, the victim already knows they've been hit—they just want to know where the money went. The value isn't prevention, it's closure. Or maybe evidence. That's a different emotional register. People will pay to feel less helpless.
Your answer about compute cost is honest but maybe not what they need to hear. The version that might land better is something like: "The expensive firms are priced for insurance claims and law enforcement budgets. I'm priced for the person who just lost two months of rent and wants to know if their funds hit an exchange before they file a police report that might actually get taken seriously." That reframes the pricing as appropriate to the user rather than low because I'm nice.
The confidence scoring on CEX attribution is the quiet feature that probably matters most. A wrong "funds reached Binance" could send someone on a wild goose chase with a support ticket that goes nowhere. Curious how you've tuned that threshold in practice—is there a confidence floor where you just say "inconclusive" rather than risk misleading someone?
The reframe you wrote is better than mine, stealing it. You're right that "low because compute is cheap" sounds apologetic, and the real pitch is that the pricing fits the person who actually needs it, not the one with an insurance claim.
On the confidence floor question: yes, there's one. CEX attribution uses a two-signal check. The deposit address has to match a labeled CEX cluster (maintained list, updated weekly) AND the flow pattern has to match deposit heuristics (single-direction, typical batching intervals, etc.). If only one signal hits, the report says "likely CEX deposit, unverified" rather than naming the exchange. If neither hits confidently, it just says "destination wallet, unclassified." The worst outcome is exactly what you described, someone filing a Binance ticket when funds actually went to a private wallet or a different CEX, so I was deliberately conservative on naming.
Where the floor is weakest is newer or smaller exchanges. I have strong coverage on Binance, Coinbase, Kraken, OKX, Bybit, Bitstamp, Gemini. Regional ones I'm still building out, and those get the unverified tag more often than I'd like.
So sorry to hear about the scam! Hope your tool helps others avoid this 💪
Really appreciate you bro,currently it's in soft launch phase.
chaintracing.org
If you can check it out and provide feedback i would really appreciate it