Using CEXs (centralized crypto exchanges) is a bad idea in 2023. It carries many risks, including social, political and economic. Why? I’ll explain now.

So, let’s imagine that smiling men in white suits (or women, if you prefer) decided to find your crypto accounts and generally “calculate by IP” everything that is needed. Is this possible in 2023? Yes, it is quite.

Step zero. “Who are you, warrior?”

We need to find a connection between the wallet and, in fact, you. This is easier to do than it seems, because… digital traces most of us simply forget, or worse, pretend they don’t mean anything. They mean a lot.

In addition, it can be calculated in another way.

  1. Order on the darknet: this, of course, is not a fairy tale, but it will only affect you in the case of some clear, large volumes (from 100-1000 BTC), so I’m writing this option here more for formality.
  2. Arkham and similar services where “firemen are looking, police are looking” for everyone: from J. Sun to FTX wallets and more.
  3. A banal and advanced Google search will also help, and don’t forget about Shodanespecially if you are a miner (see below).
  4. There are many forums and chats (including Telegram), where there is often more data than is completely open access.
  5. There are other ways, much less naive…

But be that as it may, for the purposes of this article I will assume that your wallets are known. What’s next?

Step one. Here you are!

So, let’s take menaskop.eth, because this address is public and no one but me will be offended by its analysis. And it definitely won’t offend me. Let’s go to (or similar resource). You can choose different networks. Let’s start with Polygon:

See full image at

We see something like this graph. What’s next? And then everything is simple: we look for exchange wallets.

  1. You can visually (upper right corner – zoom in).
  2. You can use search (Ctrl+F/Cmd+F/etc).
  3. It is possible in another way (at least with a script).

And we find:

  • Binance;
  • Huobi;
  • Bybit;

And at the same time, services such as ShapeShift. The search ultimately took 15 seconds in this case. But in reality, everything can be more complicated, especially if CEX were used in a pool of wallets and with a large number of transactions.

Another question: is my account on these exchanges now?

Step two. Too much is not too much?

The simplest thing you can do is accompany your search with the good old hacking guide for housewives from “Xakep” – go and check public emails for registration in the specified services.

Fortunately, there are almost always forms for recovery. Here is an example from a large exchange:

Where and how to look for public addresses is a question that is beyond the scope of this particular article. But here are a number of obvious vectors:

  1. Brute force: Full name, year of birth, city and other obvious data (don’t forget that officials will be looking, that is, those who have access to the data, and the email itself is primary, most likely too).
  2. Bases of hacked social networks. networks and other services: see the selection on Forklogbut there are many more such examples.
  3. Phone connection: since mobile authorization is still often found as two-factor authorization and works in conjunction with email.
  4. Interaction with one or another messenger: works when confidential data is configured incorrectly or is intentionally decrypted (see one of the links above).
  5. Websites of once open companiesprojects, services: recently we managed to find one Belarusian entrepreneur who quite carefully observes digital hygiene, but did not do this in his youth, leaving personal data on work resources.
  6. Other.

As for Shodan, you can try a variety of approaches, from half-joking ones (as shown below) to serious and in-depth searches:

Full image: see

In any case, after the search there is a much more important step.

Step three. Request – response

Neither sanctions, nor bad diplomatic relations, nor the status of the state where you are, much less investments – nothing will help you hide from Interpol or much more effective organizations (CIA, FSB, SBU, Mossad and the like).

In the sense that if states put pressure on each other even with harsh sanctions, as a rule, the extradition of citizens, especially not their own, is a question of a different order: remember the story of Julian Assange or at least Edward Snowden.

Therefore, hoping for such a cover is the same as hiding behind a multi-piece and thinking: this is a sufficient replacement for standard clothing.

Why such reasoning? Moreover, all exchanges, absolutely all – American, Ukrainian, Chinese, Russian, Korean, Japanese and others – provide data about users to law enforcement agencies of various countries (jurisdictions).

Therefore, a lower-ranking official, having meticulously collected information about you and your wallets, will transfer it to CEX, which will reveal it in the form of standard, that is, the simplest, requests. And if you carefully read the agreements of these very exchanges, then examples will not keep you waiting:

  1. Coinbase.
  2. Binance.
  3. Huobi.
  4. Gate.

All data will certainly reach the authorities. Including how much, what and when you sold/bought. And since there are no tax payment methods in most jurisdictions or they are indecently vague, this in itself is a problem.

Don’t expect the opposite situation. If something is missing on a foreign exchange, it is unlikely that anyone will look for your funds. And certainly no one will find it. This is the (un)fairness of life. And the practice of the last ten years. Even if a miracle happens, then – as with payments from FTX or even Mt.Gox – you will have to wait a long time. Often – several years. In the case of Mt.Gox – it’s already almost ten, with FTX – it’s already the second year.

At the same time, with the help Shardfor example, you can calculate the volume of incoming and outgoing transactions for different currencies: ETH, USDt, USDc, DAI, etc:

Full size image: see

If you suddenly become interested in this resource for research work, I recommend studying the selection:

But all this is just the beginning of your possible troubles.

Step four. What else can they find out about you?

If you study Metamask (if you don’t know where to start, you can read first And second part of the study), then it turns out: he uses API OpenSea, and for quite some time. And that means?.. This means that even different accounts imported and/or created in one Metamask from under one account (in the OS or browser – it doesn’t matter) can be physically linked.

My post-lockdown experiment with OpenSea proved this. In short, the essence comes down to the fact that MetaMask takes data from OpenSea, and OpenSea takes data from MetaMask.

Therefore, using a VPN is not just a necessity. It’s like air: no air – nothing to breathe, nothing to breathe – no person, that is, you.

And even more so, you shouldn’t think that much more centralized structures store less data. Therefore, periodic cleaning of mail, OS, accounts and other storage should be added to the VPN. And everything that is taken offline must be skillfully encrypted.

Step five. Pay your taxes and sleep well?

Many people think this way – it’s their right. Moreover, I am not advocating not to pay taxes, fees, fines, and so on. But even the whitest payment of taxes will not be a 100% panacea for you. And that’s why:

  1. Yes, the same methodology for calculating and calculating those same taxes: it is crude at best, and it is not a fact that in a year or two someone will not come to you and ask for an additional N amount.
  2. Having funds in your wallet (account) does not mean managing them: the thesis “not your keys, not your money” also works in the opposite direction, that is, you may no longer have access to the money (it’s trivial – you forgot your password). And taxes are charged because there was access previously.
  3. And finally, no one will insure you from collusion, especially from corrupt states and departments of various kinds: and this, disclosure of data, class very dangerous.

So it turns out that paying taxes is the beginning, not the end, of a headache. Therefore, my advice is simple: optimize everything so that tomorrow you don’t regret what you did today. And yes, learn the laws: ignorance of them does not exempt you from responsibility, but knowledge…


Web 3.0 and blockchain, respectively, is the confinement of the principles of D.A.O.: openness, anonymity and decentralization. That’s why it’s like this here few criminal means: you need to maneuver between constant publicity and forced security.

Of course, you can bury your head in the sand and, like an ostrich indulged in escapism in the hot savannah, not see what is happening around you. But it’s better to understand the situation and understand the real risks.

For what? To develop the industry further. And that’s all I have