What's Included in Your Forensic Report

A LedgerHound forensic report is a blockchain analysis of a cryptocurrency wallet involved in fraud, delivered as a PDF document for $49 USD. It is built for use with law enforcement, exchange compliance teams, and legal counsel. This page describes every section of the report and how it is intended to be used.

The report is typically 18–22 pages, depending on case complexity. Several sections appear only when they are relevant to your specific case, so the exact length varies from wallet to wallet.

Quick Answer

A LedgerHound $49 forensic report contains:

• Forensic blockchain analysis as a PDF, typically 18–22 pages
• Risk score and recovery-probability assessments, each with an honest disclaimer
• Attack-technique documentation — address poisoning, Unicode spoofing, vanity-cluster detection (included when such attacks are detected)
• Entity identification — exchanges, mixers, DeFi protocols, and known scam addresses
• Transaction history and a fund-flow diagram
• Country-specific legal guidance (currently full Peru support)
• Three ready-to-use email templates for DIVINDAT, Binance compliance, and Tether legal
• A SHA-256 chain-of-custody hash embedded in the PDF

Reports are available in English and Spanish. Supported blockchains: Ethereum, Bitcoin, Solana, TRON, BNB Chain, Base, Arbitrum, and Optimism.

Who Uses These Reports

• Cryptocurrency-fraud victims filing police complaints and exchange escalations
• Law firms building blockchain evidence for civil-recovery cases
• Exchange compliance teams responding to preservation requests
• Law-enforcement agencies receiving forensic documentation from victims
• Insurance adjusters evaluating cryptocurrency-fraud claims

What’s in the Report

The report flows in the order below. To keep page references accurate as the document length changes per case, we describe where each section appears rather than a fixed page number.

Executive Summary

An at-a-glance case overview at the front of the report, for prosecutors, lawyers, and compliance officers. It contains the risk score (0–100) with a verifiable factor breakdown, a recovery-probability estimate with an honest disclaimer, the confirmed economic loss kept clearly separate from worthless spoof tokens, and 3–5 key findings. For supported countries, a documents checklist (which authority to contact first, and in what order) appears within this summary. The risk-factor rows sum mathematically to the displayed total — an invariant by construction — so any reader can verify the score.

Recovery Readiness Assessment

A rating of how complete your evidence package is — deliberately separate from recovery probability. Recovery readiness measures how strong your documentation is; recovery probability measures how likely you are to get money back. A case can have excellent evidence (high readiness) but low recovery probability if no scammer KYC exit point is identified. Includes an evidence inventory and an investigation-difficulty rating.

Investigation Summary

A behavioral classification of the analyzed wallet (victim, scammer, aggregator, transit) with a confidence percentage and the specific data points behind it, plus a flow-of-funds visualization (source → analyzed wallet → destination) and an evidence-strength score. This section explicitly classifies victim wallets as victims, with supporting reasoning — it protects victims from being mischaracterized as perpetrators.

Asset Summary & Activity Timeline

A combined section that accounts for assets token by token and lays out the key event chronology. Real cryptocurrency and worthless spoof tokens are never aggregated: the reported economic loss uses real-value assets only, so claims are never inflated with zero-value tokens. The timeline labels recipient roles (e.g. MAIN COLLECTOR, SPOOF ADDRESS) and, when address poisoning is present, highlights the look-alike address collision (shared prefix/suffix). It is an abbreviated, selected-events timeline, with a note pointing to the full transaction history.

Behavioral Pattern Analysis

Fraud-pattern detection — rapid forwarding (the scam-funnel signature, reported with both volume-based and deposit-count metrics), round-amount preferences, time-of-day clustering, and counterparty-diversity analysis. Each pattern includes a methodology note and a confidence rating.

Wallet Analytics

A statistical overview: transaction counts, unique counterparties, and asset-diversity metrics, plus the top counterparties with IN/OUT direction indicators and aggregated per-destination volumes (cumulative totals, not single-transaction maximums).

Entity Identification & Exit Points

A combined section that tags known entities for subpoena targeting — exchange wallets (with KYC-subpoena availability), mixer/tumbler contracts, DeFi protocols, and bridge contracts — alongside the destinations that received real outflows, aggregated per destination.

Address Verification & External Intelligence (included when matches are found)

Cross-source verification of suspicious addresses against the LedgerHound Scam Database, the OFAC SDN list, Chainabuse community reports, GoPlus Security risk indicators, and Etherscan’s official Fake_Phishing tags (independent third-party verification). Each address shows how many sources confirm it — agreement across sources increases evidentiary weight.

Attack Technique Analysis (included when sophisticated attacks are detected)

Detailed documentation of sophisticated attacks: address-poisoning campaigns with vanity-cluster detection and a mathematical-improbability calculation; Unicode token spoofing(fake tokens built from non-Latin scripts such as Cyrillic or Lisu) documented in U+XXXX codepoint notation with the normalization methodology for independent verification; and an explanation of the dust-transaction mechanism — how zero-value transfers planted in the victim’s history enable later address-confusion. This section makes sophisticated attacks understandable to non-technical investigators and judges.

Cross-Chain Analysis (included when cross-chain activity is detected)

When funds move across chains through bridge contracts, this section identifies the bridges involved and recommends tracing on the connected chains.

Fund-Flow Graph

A visual diagram of cryptocurrency movement. Real fund flows are drawn as solid edges (red outgoing, green incoming); spoof-token flows are dashed grey edges with “no value” labels. A legend distinguishes real from spoof flows, and connections to exchanges, mixers, and known entities are clearly labeled.

Transaction History

A chronologically sorted, representative transaction list — up to three transactions per asset to avoid document bloat, sorted oldest-first for investigative narrative flow, with spoof-token rows highlighted and a reference to the total transaction count.

Recovery Assessment & Legal Recommendations

A combined section with a three-scenario recovery analysis — (A) funds reached an identifiable KYC exchange exit, (B) funds in unidentified wallets, (C) funds mixed or bridged cross-chain — each with a probability and difficulty rating, followed by actionable next steps: KYC entry-point preservation, counterparty exit tracing, an FBI IC3 or local-police filing referencing the case ID, exchange-compliance notification with preservation-request language, token-issuer coordination, and the optional certified investigation for court testimony.

Country-Specific Resources (included when localized guidance is available)

Localized authority contacts and procedures. Currently available for Peru: DIVINDAT (the cybercrime division) contact and filing procedure, the Public Ministry online complaint portal, SBS escalation, INDECOPI consumer-protection procedures, Lima Bar Association lawyer verification, and the RENIEC identity-alert system. Mexico, Colombia, Argentina, and Chile are planned.

Concrete Recovery Steps

A step-by-step checklist: (1) preserve KYC records at your funding exchange, (2) file with authorities (IC3, local police, FTC), (3) legal procedures (subpoena strategy, asset recovery), and (4) evidence-preservation best practices.

Legal Disclaimer & Methodology

Professional disclaimers and methodology references — the report is explicit about its own scope and limitations.

Chain of Custody — SHA-256 Verification

Cryptographic evidence-integrity verification on the final page. A SHA-256 hash is computed over the report content (excluding the verification field itself) and embedded in the PDF; any alteration changes the hash. The same hash appears in the delivery email and in all three email templates, and can be verified with standard tools (sha256sum). This supports formal court evidence chains, expert-witness testimony, and regulatory compliance.

Email Templates Included (3 Attachments)

Beyond the PDF, the $49 package includes three ready-to-use email templates in Markdown.

DIVINDAT Denuncia (Peru cases)

A pre-written formal complaint for the Peruvian cybercrime division. Includes verified legal references (Articles 196° and 196-A° of the Peruvian Penal Code, and Law 30096), current DIVINDAT contact details, a loss-computation explanation justifying the total as patrimonial loss, anti-confusion guardrails separating real funds from spoof tokens, and the SHA-256 chain-of-custody reference.

Binance Compliance Request

A template for Binance’s “Report fraud/scam” support category (the correct, verified channel — not a general compliance email). Includes the UID-field clarification (Binance requires the account UID, not just an email), vanity-cluster documentation that also flags dust-only poisoners, compliance-safe preservation wording, and anti-bait protection separating real losses from worthless tokens.

Tether Legal Notification

A template for Tether Operations Limited’s legal team. Includes an honest disclaimer that Tether processes freezes primarily on law-enforcement request, a recommendation to send it after obtaining a police case number, the full contract addresses for the USDT spoof tokens, and an evidence-package presentation format.

Frequently Asked Questions

Ready to Get Started?

Generate your forensic report — $49 →

What you’ll need:

• The wallet address that sent funds to the fraud
• An email address for report delivery
• A payment method (credit card via Stripe)

Supported blockchains: Ethereum, Bitcoin, Solana, TRON, BNB Chain, Base, Arbitrum, Optimism.