fatcousin
// case comparison

crypto theft vs pig butchering

both end in a drained wallet — but crypto theft is approve-for-all phishing or sweeper bots; pig butchering is weeks of chat grooming through a fake exchange.

primary tools · side by side

ordered entry points from the case-type taxonomy. highlighted rows appear in both case types' editorial tool lists.

case a

crypto theft / wallet drain

approve-for-all phishing, sweeper bots, malicious dapps, drained hot wallets. evidence is a tx graph + the malicious contract bytecode + browser history.

  1. 01ethereum transaction decoderpaste raw ethereum transaction hex · rlp decode · from to value gas · erc20 calldata · runs locally
  2. 02bitcoin transaction decoderpaste raw transaction hex · decode inputs outputs scripts · fees · locktime · segwit · p2pkh p2sh p2wpkh · runs locally
  3. 03crypto tx graphpaste json csv btc hex · directed graph · hub peel fan patterns · ascii viz · stats · csv json export · runs locally
  4. 04crypto transaction graphdrop tx list csv · build adjacency · node edge counts · export nodes edges csv · runs locally
  5. 05smart contract bytecode analyzerpaste evm hex · disassemble push pop · flag delegatecall selfdestruct · opcode table · runs locally
  6. 06cryptocurrency mixer and tumbler detectordrop bitcoin transaction csv · apply statistical analysis to detect mixing service patterns · equal output detection · timing patterns · coinjoin identification · peel chain vs mixed funds · estimate mixing confidence · runs locally
  7. 07bitcoin address clusteringpaste or drop csv · extract btc addresses · common-input heuristic clustering · cluster table · export csv · runs locally
  8. 08private key format detectorpaste or drop a key file · identify WIF · hex · PEM · PKCS8 · BIP32 xprv/xpub · Ethereum keystore · validate format only · never derives · runs locally
case b

pig butchering / long-con investment scam

weeks-to-months of chat grooming → fake crypto exchange → drained wallet. evidence spans messaging apps, crypto wallets, and screenshots.

  1. 01iOS WhatsApp artifact forensic extractordrop iOS WhatsApp ChatStorage.sqlite and Contacts.sqlite · parse all chats, messages, groups, and media references · reconstruct conversation timelines with delivery status · surface location shares, contact cards, and deleted message placeholders · runs locally
  2. 02ethereum transaction decoderpaste raw ethereum transaction hex · rlp decode · from to value gas · erc20 calldata · runs locally
  3. 03bitcoin transaction decoderpaste raw transaction hex · decode inputs outputs scripts · fees · locktime · segwit · p2pkh p2sh p2wpkh · runs locally
  4. 04crypto tx graphpaste json csv btc hex · directed graph · hub peel fan patterns · ascii viz · stats · csv json export · runs locally
  5. 05ios dating app artifact forensic extractor (Tinder, Bumble, Hinge)drop iOS dating app database files (Tinder, Bumble, or Hinge) · auto-detect app · parse match records, messages, and profile metadata · surface match timestamps, screenshot alerts, and own location from account plist · detect confirmed real-world meetings (Hinge We Met) · runs locally
  6. 06ios screenshot burst forensic analyzerdrop photos.sqlite · screenshot detection · burst clustering · rapid capture flags · runs locally
  7. 07cryptocurrency mixer and tumbler detectordrop bitcoin transaction csv · apply statistical analysis to detect mixing service patterns · equal output detection · timing patterns · coinjoin identification · peel chain vs mixed funds · estimate mixing confidence · runs locally
  8. 08crypto wallet classifierpaste any crypto address · identify blockchain · validate checksum · address type · derivation format · runs locally

editorial overlap

7 tools mapped to both case types in the editorial taxonomy — useful when the investigation spans both surfaces.
bitcoin address clusteringbitcoin transaction decodercryptocurrency mixer and tumbler detectorcrypto tx graphethereum transaction decoderfatcousin cross export ioc hash correlatorfatcousin multi tool super timeline correlator

lean toward…

disambiguation signals derived from case-type descriptions and common practitioner confusion points.

lean toward crypto theft if you see…

  • approve-for-all or unlimited token approval in a single on-chain tx — no prior chat grooming timeline
  • sweeper bot or malicious dapp contract bytecode in browser history
  • wallet drain triggered by a phishing signature or malicious contract interaction, not a fake exchange portal

lean toward pig butchering if you see…

  • weeks-to-months of messaging-app chat grooming before any wallet activity
  • fake crypto exchange portal or investment platform linked from dating or social chat
  • screenshot bursts and dating-app artifacts alongside wallet deposits to a scam-controlled address
ready