Chapter 33 — Quiz

14 questions: 10 multiple choice, 2 true/false, 2 short answer. Answers and rationale at the bottom. Decide before you scroll — crypto tracing is a discipline of committing to a reading of the chain and then defending it.


Multiple choice

Q1. Bitcoin is most accurately described as: - A) Anonymous — transactions cannot be linked to each other or to a person - B) Pseudonymous — every transaction is public and permanently linked to an address, and the only secret is the link between address and identity - C) Encrypted — the amounts and parties of a transaction are hidden from the public - D) Private — only the sender and receiver can ever see a transaction

Q2. A Bitcoin transaction's inputs total 0.82000000 BTC and its outputs total 0.81994000 BTC. The 0.00006000 BTC (6,000 satoshis) difference is: - A) The change returning to the sender - B) A protocol "burn" that destroys the coins - C) The miner fee - D) An error — inputs must always equal outputs exactly

Q3. A single transaction spends three different input addresses. The common-input-ownership heuristic concludes that: - A) Three different people are splitting one bill - B) The same entity almost certainly controls all three, because each input must be signed by the key that holds it - C) The transaction must be a CoinJoin - D) All three addresses are exchange hot wallets

Q4. Of a transaction's two outputs, the one more likely to be the change returning to the sender is the output that is: - A) A previously used legacy address receiving a round 0.75000000 BTC - B) A brand-new address receiving a non-round 0.06994000 BTC of the same script type as the inputs - C) Always the larger of the two outputs - D) The output with the most confirmations

Q5. The common-input-ownership heuristic is deliberately defeated by: - A) A peeling chain - B) Address reuse - C) A CoinJoin, in which many unrelated users co-sign one transaction so co-spending no longer implies common ownership - D) Using bech32 (SegWit) addresses

Q6. In a cryptocurrency trace, the point at which a pseudonymous address most reliably becomes a real-world identity is: - A) The mixer, which keeps a public record of every depositor's name - B) The miner who confirmed the transaction - C) The on-ramp/off-ramp chokepoint — a regulated exchange that holds KYC identity for the account - D) The blockchain itself, which lists the legal owner of each address

Q7. You carve the first bytes of a file found under %APPDATA%\Bitcoin\ and they decode to the ASCII SQLite format 3\0. This indicates: - A) A legacy Berkeley DB wallet.dat - B) A modern Bitcoin Core descriptor wallet (SQLite) - C) A MetaMask LevelDB vault - D) A corrupted file containing no wallet data

Q8. The single most decisive artifact an examiner can recover from a seized device in a cryptocurrency case is: - A) The public address, because it reveals the balance - B) A BIP39 seed phrase (12 or 24 words), because the seed deterministically controls every key and address the wallet will ever have, on every chain it supports - C) The locally cached transaction history, because it is not on the blockchain - D) The exchange's published hot-wallet address

Q9. A seized hardware wallet (e.g., Ledger) is locked, but its companion application (Ledger Live) is present on the suspect's laptop. From the companion app you can typically obtain: - A) The private keys, exported in plaintext - B) Nothing useful — the companion app stores no meaningful data - C) The extended public keys (xpubs), letting you derive and monitor every address watch-only — but not the private keys - D) The device PIN

Q10. On Ethereum, the common-input-ownership heuristic does not apply because: - A) Ethereum transactions are encrypted - B) Ethereum uses an account model in which each transaction has exactly one sender — there is no multi-input co-spend to cluster on, and no change output - C) Ethereum has no addresses - D) Ethereum transactions are not public


True/False

Q11. A blockchain address, on its own, is sufficient legal authority to compel an exchange to produce a customer's account records. (True / False)

Q12. Present-day Monero — with mandatory RingCT and a minimum ring size — is not reliably traceable on-chain using current public methods. (True / False)


Short answer

Q13. In one or two sentences, explain why "the seed phrase is the wallet," and name two places — beyond an obvious plaintext file — you would search for one on a seized device.

Q14. A trace reaches a custodial mixer and roughly 0.30 BTC goes dark there. State (a) why you still report the mixer hop in your findings, and (b) the honest way to characterize the obscured value.

---

Answer key

Q1 — B. Pseudonymity means your identity is replaced by a pseudonym (an address) whose every action is recorded forever and is linkable; anonymity (A) would mean actions cannot be linked to each other or to you. Nothing in Bitcoin is encrypted from the public (C/D) — the entire ledger is readable by anyone.

Q2 — C. In the UTXO model the inputs must be at least the sum of the outputs; the surplus is the miner fee. Change (A) is already one of the outputs and is therefore counted in the 0.81994000 total. There is no burn (B), and inputs need not equal outputs (D) — the gap is precisely the fee.

Q3 — B. To spend each input you must produce a signature from the key controlling it, so multiple inputs in one transaction almost always share one key-holder. This is the strongest clustering heuristic — its only common defeat is CoinJoin (Q5), which you must rule out before relying on it.

Q4 — B. Modern HD wallets derive a fresh address for change, compute it to the satoshi (non-round), and keep it the same script type as the inputs — all three signals point at output B. The round amount paid to a reused address (A) reads as the payment. Size (C) and confirmations (D) say nothing about which output is change.

Q5 — C. CoinJoin exists specifically so that co-spending no longer implies common ownership; cluster a CoinJoin naively and you merge unrelated strangers — a serious, impeachable error. A peeling chain (A) is followed by the change heuristic, address reuse (B) and address type (D) are unrelated to this defeat.

Q6 — C. Value must enter from and exit to the regulated world, and at those on-ramp/off-ramp exchanges KYC ties the account to a name, ID, bank link, and device history. Mixers (A) are built to break the link, miners (B) record nothing about identity, and the blockchain (D) names only addresses.

Q7 — B. SQLite format 3\0 is the SQLite file magic; recent Bitcoin Core defaults to descriptor wallets stored in SQLite. A legacy wallet.dat is a Berkeley DB B-tree carrying the BDB magic 0x00053162 (A). A MetaMask vault lives in LevelDB .ldb/.log files, not a single SQLite file (C).

Q8 — B. The seed is the wallet: from those 12 or 24 words the entire key tree (every address, every chain) is derived, so recovering them is complete control. The public address (A) and a cached history (C) are useful leads but grant no spending power, and the exchange's hot-wallet (D) is not the suspect's.

Q9 — C. The device guards the private keys behind a PIN with a wipe-on-failure policy, so you generally cannot extract keys from it — but the companion app stores xpubs, account labels, and history, and an xpub lets you derive and monitor every address watch-only. You get full visibility for tracing without ever holding a key (and without risking a wipe).

Q10 — B. Ethereum's account model gives each transaction a single sender and a running balance, so there is no co-spend of multiple inputs to cluster on and no change output to detect. Clustering on Ethereum relies on different signals (deposit-address reuse, funding/gas patterns, behavior). Ethereum is fully public (D) and unencrypted (A).

Q11 — False. An address is public data and authorizes no demand on anyone. Authority attaches at the chokepoint, against a specific provider, for specific account records tied to specific deposit TXIDs and dates, under a specific instrument (subpoena, order, warrant, or MLAT). "All accounts associated with this address" invites a motion to quash.

Q12 — True. Ring signatures (sender), stealth addresses (recipient), and RingCT (amount), with a mandatory minimum ring size, mean the basic Bitcoin moves — read the inputs, follow the outputs, cluster co-spends — do not work on modern Monero. The honest report says so and pivots off-chain (exchange records, the traceable side of a swap, seized-device artifacts). Note that early Monero leaked and may be partially traceable.

Q13 — The seed is the wallet. A BIP39 mnemonic is the entropy from which BIP32 deterministically derives every private key and address the wallet will ever use, across every chain it supports — so the 12/24 words alone are total control of the funds. Search (any two): photographs of a recovery sheet (run OCR), notes/cloud-notes app stores, a password manager export, browser-saved data, chat logs or self-sent email, and unallocated space / slack, where a deleted note or screenshot may survive (theme: deleted ≠ destroyed).

Q14 — The mixer hop. (a) The deliberate transfer into a known mixer cluster is itself evidence — a flashing indicator of intent to obscure (every action leaves a trace), and commercial tools flag it instantly; you report it as a finding, not omit it. (b) State the portion that entered the mixer as obscured / untraced: do not pretend it was followed, and do not "reconnect" it on weak timing coincidences you could not defend on cross-examination. The remainder that reached an exchange is reported separately, with its TXIDs.

Scoring: 13–14 correct — you can run a crypto trace and defend it on the stand. 10–12 — solid; revisit change detection vs. common-input (Q3–Q5) and the chokepoint logic (Q6, Q11). 7–9 — re-read "Address clustering" and "Exchange cooperation." 6 or fewer — work the chapter again before the Progressive Project; in this domain the wrong reading of the chain either accuses a stranger or lets the offender walk.