Tracking cryptocurrency transactions is a powerful skill for investigators, security analysts, and blockchain enthusiasts. Whether you're uncovering phishing scams, monitoring suspicious transfers, or simply learning how funds move across blockchains, tools like MetaSleuth provide deep visibility into on-chain activity. In this guide, we’ll walk through the process of tracing stolen funds from a real phishing transaction on the Ethereum network—step by step—using MetaSleuth’s intuitive interface and advanced tracking capabilities.
By the end of this tutorial, you’ll understand how to analyze transactions, trace specific assets like MATIC and ETH, filter relevant data, and monitor unspent funds—all critical skills in today’s decentralized ecosystem.
Getting Started: Input the Target Transaction
To begin your investigation, navigate to the MetaSleuth platform. Select Ethereum as the blockchain network and enter the transaction hash: 0x2893fcabb8ed99e9c27a0a442783cf943318b1f6268f9a54a557e8d00ec11f69.
👉 Discover how blockchain analysis tools can help trace digital footprints instantly.
Press Enter and wait for MetaSleuth to retrieve and visualize the transaction data. Once processed, you’ll be directed to the analysis page, where a visual representation of all asset movements within that transaction is displayed.
This particular transaction involves a phishing attack in which a victim (address 0xbcd131) sent 2,586 MATIC to a malicious address labeled Fake_Phishing180627. Our goal? Trace where those stolen funds went—and ultimately identify where they settled.
Understanding the Core Interface Components
The MetaSleuth analysis dashboard is designed for clarity and depth. At its center lies an interactive asset flow graph, showing every transfer linked to the input transaction. Additional components include:
- Node controls: Interact with addresses and contracts.
- Edge details panel: View precise transfer amounts, timestamps, and associated transactions.
- Filtering tools: Isolate specific tokens, time ranges, or transaction types.
- Expand functions: Dive deeper into outgoing transfers from any address.
While analyzing individual addresses offers even richer insights (covered in separate guides), this tutorial focuses on transaction-level tracing—a foundational technique for tracking illicit flows.
Tracing Stolen Funds: Expanding Outputs
Our first step is to follow the path of the stolen MATIC. Click on the Fake_Phishing180627 node in the graph and press the "+" button on its right side. This action triggers the "Expand Outputs" feature, revealing all outgoing transactions from this address.
You’ll notice multiple ETH transfers—but no immediate sign of the original MATIC tokens. Why? Because MetaSleuth prioritizes clean visualization over raw data density. Not all token movements appear by default.
That’s where filtering comes in.
Filtering the Canvas: Isolating MATIC Transfers
To locate the missing MATIC, use the Token Filter tool. This allows you to selectively display transfers involving specific tokens—in this case, MATIC.
After applying the filter, a new edge appears: a transfer of 2,586 MATIC from Fake_Phishing180627 to Uniswap V3: MATIC. This confirms our suspicion—the attacker swapped the stolen MATIC for another cryptocurrency.
But what did they receive in return?
Investigating the Swap: What Did the Attacker Get?
To uncover the details of this swap, click on the MATIC transfer edge and access the Edge Details panel. From there, open the Transaction List and copy the transaction hash responsible for the Uniswap interaction.
Next, use the Add Address/Transaction function in the top-left corner of the canvas to import this new transaction into your view. Once added, MetaSleuth visualizes all asset movements within it—including the output of the swap.
Here’s what we find:
The attacker exchanged 2,586 MATIC for 0.944 ETH via Uniswap V3.
Now our focus shifts: we must trace this 0.944 ETH, which represents the converted value of the stolen funds.
Tracking Specific Assets: Timing Is Key
With several ETH transfers leaving Fake_Phishing180627, how do we identify which one carries our target amount?
Return to the address panel and examine its transaction history. The Uniswap swap occurred at 2023-06-18 14:57:11. Any relevant ETH transfer should happen shortly afterward—likely within minutes.
Use MetaSleuth’s time-based filtering to narrow down transfers post-swap. One stands out:
Approximately 6 minutes later, Fake_Phishing180627 sent 1.4 ETH to a new address: 0x8bae70.
Although slightly more than 0.944 ETH, this transfer likely includes additional funds or fees—and almost certainly contains our traced amount.
Mark this transfer and expand outputs from 0x8bae70. Continue following the trail until you reach final destination address 0x8de345, where the funds appear to settle with no further movement.
👉 Learn how real-time blockchain monitoring helps detect suspicious activity early.
Monitoring Dormant Funds: Stay Ahead of Movement
Even when funds appear inactive, they can move at any moment. To stay informed, MetaSleuth offers a monitoring feature that sends email alerts when monitored assets are transferred.
Enable monitoring on key addresses like 0x8de345 to receive instant notifications if funds leave. For full control over your alerts and tracking rules, visit MetaSleuth’s monitoring dashboard (functionality available within the platform).
This proactive approach is essential for long-term investigations, compliance teams, or anyone tracking high-risk addresses.
Frequently Asked Questions
How accurate is MetaSleuth in tracing stolen crypto?
MetaSleuth pulls data directly from on-chain sources, ensuring high accuracy in visualizing real transaction paths. While it cannot decrypt private keys or identify real-world identities, it provides reliable asset flow mapping across public blockchains.
Can I trace tokens across different blockchains?
Currently, MetaSleuth supports per-chain analysis (e.g., Ethereum only). Cross-chain tracing requires manual correlation using bridge contract data or multi-network tools.
Why doesn’t all transaction data show up on the canvas by default?
To maintain readability, MetaSleuth filters low-relevance transfers initially. Use filters like Token Type, Time Range, or Amount Threshold to reveal hidden data.
What happens if funds go through mixers or privacy tools?
Tracing becomes significantly harder when funds enter mixers (e.g., Tornado Cash). While some patterns may still be detectable, full anonymity often breaks traceability.
How fast can I trace a transaction after it occurs?
Analysis is near real-time. Once a transaction is confirmed on-chain, MetaSleuth processes it within seconds to minutes, depending on network load.
Is technical knowledge required to use MetaSleuth?
No. The interface is designed for both beginners and experts. Basic understanding of blockchain concepts helps, but step-by-step exploration is intuitive.
Final Thoughts
Tracing cryptocurrency doesn’t require magic—just the right tools and methodology. With MetaSleuth, you can turn a single transaction into a complete financial timeline, uncovering how stolen assets move through swaps, wallets, and exchanges.
From identifying phishing payouts to monitoring dormant hacker wallets, these techniques empower security researchers, auditors, and crypto professionals alike.
Whether you're protecting user funds or investigating fraud patterns, mastering blockchain forensics is no longer optional—it's essential.
👉 Explore how leading platforms support secure crypto transactions and analytics today.
Core Keywords: cryptocurrency tracking, blockchain analysis, trace stolen funds, Ethereum transaction, phishing scam investigation, MATIC to ETH swap, on-chain monitoring