Map
PDF
KALLISTI BLOCKCHAIN FORENSICS
BTC (native Bitcoin) ---
Target Wallet Address
bc1qf8kep70t232jtajg2x4r8dhtuvtd7kuea8ve9w02qy5k4wncyl7spmnfme
Report Date: 2026-05-28  ·  Prepared by Kallisti Blockchain Forensics
S0Executive Summary2
S1Target Profile, Financials & Activity3
S2Transaction Network & Fund Flow4
S3Operational Profile & Security Assessment5
S4AML / Risk Assessment6
S5Notable Events & Anomalies7
S6Ownership Attribution Model8
S7Links, Digital Footprint & Public Record9
S8Recommended Further Investigation10
AAppendix A — Master Source List11
BAppendix B — Glossary of Terms12
…cyl7spmnfme · BTC · 2026-05-28

S0 — Executive Summary

Attributed Entity  ·  BTC
OKX. Cold Wallet_87
bc1qf8kep70t232jtajg2x4r8dhtuvtd7kuea8ve9w02qy5k4wncyl7spmnfme
BTC In
₿30,770.3502
237 inbound events
BTC Out
₿29,074.4886
120 outbound events
Balance
₿1,695.8615
Current BTC on-chain
Active Span
244
days · 0.67 years
Transactions
238
237 BTC in · 120 BTC out
Counterparties
43
distinct BTC counterparties
AML Risk Score
8CLEAR
Clear
Low
Medium
High
Critical
Intelligence Brief
Case Facts
Wallet Addressbc1qf8kep70t232jtajg2x4r8dhtuvtd7kuea8ve9w02qy5k4wncyl7spmnfme
BlockchainBTC -- Native Bitcoin
First Seen2025-09-25 20:52:15 UTC
Last Active2026-05-28 10:38:02 UTC
Account Age244 days (0.67 years)
Primary TokenBTC (native)
Balance₿1,695.8615
Counterparty Exposure by Category
Regulated CEX
100.0%
Finding 01  · 
OKX. Cold Wallet_87 — entity confirmed
WalletExplorer API and OKLink label independently confirm OKX Cold Wallet_87. Attribution HIGH — dual-source institutional entity confirmation.
Finding 02  · 
₿30,770.35 throughput — 244 days
237 inbound events averaging ₿129.8 per receipt; 120 outbound events averaging ₿242.3 per disbursement. ₿1,695.86 balance at snapshot.
Finding 03  · 
65% confirmed OKX inflow
OKX.Hot Wallet_41442 supplies 46.9% (₿14,434); four OKX.User addresses supply 18.1% (₿5,567). Remaining 35% unresolved but consistent with unlabelled OKX user deposits.
Finding 04  · 
69.6% outflow to OKX.Hot Wallet_41442
The same OKX Hot Wallet receiving from and disbursing to is standard cold-warm sweep behaviour — batch settlement from cold to hot to fund user withdrawals.
Finding 05  · 
Bimodal batch settlement pattern
UTC 20-21 cluster (103 events, 43.3%) and UTC 02-03 cluster (60 events, 25.2%) reflect OKX automated sweep schedule — consistent with institutional exchange operations.
Supporting Detail
AML Scorecard
Sanctions (OFAC/EU/UN)
CLEAR
Fraud/Scam Exposure
CLEAR
Ransomware/Darknet
CLEAR
Mixer/CoinJoin
CLEAR
Exchange Source Verif.
CLEAR
Structuring/Layering
CLEAR
Third-Party Risk
CLEAR
Address Poisoning
CLEAR
Key Dates
2025-09-25First transaction
2026-05-28Last transaction (scrape)
Attribution Hypotheses
H1OKX Cold Storage Wallet — Confirmed
95%
H2OKX Infrastructure Subaccount
4%
H3Label Error / Impersonation
1%
Confirmed OKX. Cold Wallet_87 — BTC cold storage infrastructure; ₿30,770 throughput 244 days; 65% attributed OKX flow; AML CLEAR.
For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 2
…cyl7spmnfme · BTC · 2026-05-28

S1 — TARGET PROFILE, FINANCIALS & ACTIVITY

Wallet Identity · Financial Overview · Holdings · Activity Patterns · Account Structure

DEPLOYMENT 46.9% OKX. Hot Wallet_41442 9.1% OKX. User 4.3% OKX. User 3.2% OKX. User 1.5% OKX. User 35.0% Other / Unresolved BTC IN₿30,770.3502OKX. Hot Wallet_41442₿14,434.3100OKX. User₿2,804.7096OKX. User₿1,314.7263OKX. User₿994.4458OKX. User₿453.4269Other / Unresolved₿10,768.7316CURRENT HOLDINGSBTC₿1,695.8615USD EquivalentCOUNTERPARTIESPrivate / Unattributed35.0%OTC / BrokerRegulated CEX65.0%DeFi / ProtocolMixer / ObfuscationGovernmentCriminal / FraudSanctioned Entity
EntityOKX. Cold Wallet_87
BlockchainBitcoin mainnet
Address TypeBech32 SegWit
Active Window2025-09-25 20:52:15 UTC → 2026-05-28 10:38:02 UTC
Account Age244 days (0.67 years)
Balance₿1,695.8615
Total Received₿30,770.3502
Total Sent₿29,074.4886
Transactions238 on-chain (237 in · 120 out)

Activity Overview

BY YEAR Oct Nov Dec 2026 Feb Mar Apr May Jun ₿1572 ₿958 ₿1000 ₿658 InflowOutflow BY HOUR (UTC) 2 10 20 30 40 50 00 06 12 18 23 BY DAY Mon 25 Tue 40 Wed 29 Thu 38 Fri 35 Sat 38 Sun 33

Behavioral Classification

Wallet …spmnfme is confirmed as OKX. Cold Wallet_87 — a designated Bitcoin cold storage address within OKX's multi-tier treasury architecture. Over 244 days, ₿30,770.35 was received across 237 events and ₿29,074.49 disbursed across 120 events, with ₿1,695.86 retained at snapshot. High event volume, institutional counterparties, and batch schedule are entirely consistent with exchange cold-storage operations.

Transaction Size Profile

Inbound events average ₿129.8 per receipt; outbound events average ₿242.3 per disbursement — a 1.87× ratio reflecting the consolidation-then-bulk-disburse pattern of cold wallet operations. Individual events range from small test transfers (₿0.001) to large sweeps (₿1,572 observed in TX_EVENTS). No abnormal sizing patterns detected.

Operational Profile

Bidirectional relationship with OKX. Hot Wallet_41442 is the defining operational characteristic — this cold wallet receives BTC from the hot wallet (refill sweeps) and from OKX user deposit addresses, then periodically returns BTC to the hot wallet (cold-to-hot liquidity top-ups). A one-time ₿5.795 transfer to sibling OKX. Cold Wallet_86 represents internal cold storage rebalancing.

Temporal Activity Pattern

Three batch windows drive 88.7% of activity: UTC 20-21 (43.3%), UTC 02-03 (25.2%), and UTC 10-11 (20.2%). These map to approximately 04:00, 10:00, and 18:00 UTC+8 — Hong Kong/Singapore business-adjacent times consistent with OKX's operational base. Tuesday-dominant DOW (16.8%), broadly uniform weekly distribution. No weekend suppression — continuous exchange operation.

Automation Assessment

Transaction scheduling is fully automated. Batch windows, uniform sizing, and 24/7 operation confirm programmatic exchange treasury management. No manual transaction signatures detectable from the behavioral pattern.

Sources
S1Blockchain.com — Bitcoin Address Explorer · www.blockchain.com/explorer/addresses/btc/bc1qf8kep70t232jta…
S2Mempool.space — Bitcoin Mempool Explorer · mempool.space/address/bc1qf8kep70t232jtajg2x4r8dhtuvtd7kuea8…
For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 3
…cyl7spmnfme · BTC · 2026-05-28

S2 — TRANSACTION NETWORK & FUND FLOW

Counterparty Map · Inflow Architecture · Outflow Architecture

9.1% 4.3% 3.2% IN 46.9% OUT 69.6% OKX. User 9.1% OKX. User 4.3% OKX. User 3.2% OKX. User 1.5% OKX. Cold Wallet_86 OKX. Hot Wallet_41442 69.6% …7spmnfme₿1,695.8615OKX. COLD WALLET_87 NODE: Exchange Unattributed Illicit/SDN OTC/Clean Mixer node size ∝ volume · edge weight ∝ share

Inflow

Upstream · Top 5 Funders

IDAddressVolume inAttributionRisk
A1bc1qn2cpj0hrl37wqh5q94kwrlhtj2lx8ahtw7ef5rg35tswxsqtvufqfmmrq2₿14,434.3100OKX. Hot Wallet_41442LOW
A2bc1qlccksaaehjkdv4tgf032pvx8n76uhazqt4rgy70y4drmqwh5espqwx89f9₿2,804.7096OKX. UserLOW
A33KbDzhb8B5pUU7Wk1y26J8D4cxYLmxJsca₿1,314.7263OKX. UserLOW
A4bc1qzy2hg9aup0vnt3cnetlpc8h7eytqveqxk36rjfsd8dy8kfyg29yqg29swh₿994.4458OKX. UserLOW
A5bc1q4tzyrsvzgd3fkpac53s92ka5y4q3fplcax3836xhmtru2ks5hd0qknt6ne₿453.4269OKX. UserLOW

Outflow

Downstream · Top 5 Destinations

IDAddressVolume outAttributionRisk
B1bc1qn2cpj0hrl37wqh5q94kwrlhtj2lx8ahtw7ef5rg35tswxsqtvufqfmmrq2₿20,238.2063OKX. Hot Wallet_41442MEDIUM
B2bc1qe4wh2v669c6vrhxunjagwm5ar8tspkujk9ef6m0xsqz8tk8t68hs43uamj₿5.7950OKX. Cold Wallet_86LOW
For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 4
…cyl7spmnfme · BTC · 2026-05-28

S3 — OPERATIONAL PROFILE & SECURITY ASSESSMENT

Account Structure · Protocol Interactions · Threat Exposure

Security
Rating
COMPROMISEDADEQUATEPROFICIENT
90
PROFICIENT

Account Structure

Protocol Interactions

For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 5
…cyl7spmnfme · BTC · 2026-05-28

S4 — AML / RISK ASSESSMENT

Sanctions Fraud/Scam Ransomware Mixer Exch.Source Structuring Third-Party Addr.Poison CRITERION EXPOSURE RATING Sanctions (OFAC/EU/UN) CLEAR Fraud/Scam Exposure CLEAR Ransomware/Darknet CLEAR Mixer/CoinJoin CLEAR Exchange Source Verif. CLEAR Structuring/Layering CLEAR Third-Party Risk CLEAR Address Poisoning CLEAR OVERALL AML RISK 8 CLEAR Scale: CLEAR=no exposure detected · MEDIUM=indirect signal · HIGH=direct confirmed exposure
CRITERIONFINDINGASSESSMENT
1. Sanctions (OFAC/EU/UN)
OKX is a globally licensed VASP; no counterparty carries sanctions designation.
CLEAR
2. Fraud/Scam Exposure
No Chainabuse or fraud-label attribution on any mapped counterparty.
CLEAR
3. Ransomware/Darknet
No darknet or ransomware attribution in counterparty set.
CLEAR
4. Mixer/CoinJoin
No mixing service contact detected.
CLEAR
5. Exchange Source Verif.
65% explicitly OKX-attributed; 35% unresolved consistent with unlabelled OKX user deposit addresses.
CLEAR
6. Structuring/Layering
Cold-to-hot BTC sweeps are standard exchange treasury management; no structuring indicators.
CLEAR
7. Third-Party Risk
All resolved counterparties are OKX exchange infrastructure or OKX user accounts.
CLEAR
8. Address Poisoning
No spam token events; no address confusion indicators.
CLEAR
For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 6
…cyl7spmnfme · BTC · 2026-05-28

S5 — NOTABLE EVENTS & ANOMALIES

Flagged Patterns & Significant Observations

For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 7
…cyl7spmnfme · BTC · 2026-05-28

S6 — OWNERSHIP ATTRIBUTION MODEL

Hypothesis Assessment

OKX Cold Storage Wallet — Confirmed 95%

OKX Infrastructure Subaccount 4%

Label Error / Impersonation 1%

Probabilities sum to 100%. Attribution confidence: HIGH.

For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 8
…cyl7spmnfme · BTC · 2026-05-28

S7 — LINKS, DIGITAL FOOTPRINT & PUBLIC RECORD

Government Records · Press Coverage · Research & Analytics · Blockchain Intelligence

Blockchain Explorers
Blockchain.com — Bitcoin Address Explorer
2026-05-28
Primary quantitative data source; 238 transactions, ₿30,770.35 in / ₿29,074.49 out; ₿1,695.86 balance at scrape date 2026-05-28.
https://www.blockchain.com/explorer/addresses/btc/bc1qf8kep70t232jtaj…
OKLink — Bitcoin Address Detail
2026-05-28
Entity label confirms OKX cold wallet classification. Attribution source 2 of 2. Screenshot captured 2026-05-28.
https://www.oklink.com/btc/address/bc1qf8kep70t232jtajg2x4r8dhtuvtd7k…
Government & Official Records
OFAC SDN List — Sanctions Screen
2026-05-28
No match. Address not designated on OFAC SDN list.
https://sanctionssearch.ofac.treas.gov
Intelligence Platforms
WalletExplorer — Bitcoin Cluster Attribution
2026-05-28
Cluster label: OKX. Cold Wallet_87. Attribution source 1 of 2 — API-derived entity label.
https://www.walletexplorer.com/address/bc1qf8kep70t232jtajg2x4r8dhtuv…
OSINT Summary

₿30,770.35 throughput; 65% inflow attributed OKX; 69.6% outflow to OKX.Hot Wallet; 94.5% transit ratio consistent with active cold-warm cycle.

For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 9
…cyl7spmnfme · BTC · 2026-05-28

S8 — RECOMMENDED FURTHER INVESTIGATION

Priority Actions & Engagement Opportunities

For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 10
…cyl7spmnfme · BTC · 2026-05-28

APPENDIX A — MASTER SOURCE LIST

REFSOURCE
S1On-chain dataset -- BTC Transactions
https://www.blockchain.com/explorer/addresses/btc/bc1qf8kep7…
Full BTC transaction history via blockchain.com API. Retrieved 2026-05-28.
S2WalletExplorer cluster attribution
https://www.walletexplorer.com/address/bc1qf8kep70t232jtajg2…
Cluster label from WalletExplorer API. Retrieved 2026-05-28.
S3Oklink -- Address Profile
https://www.oklink.com/btc/address/bc1qf8kep70t232jtajg2x4r8…
Screenshot captured 2026-05-28. File: screenshot_oklink.png
S4Mempool -- Address Profile
https://mempool.space/address/bc1qf8kep70t232jtajg2x4r8dhtuv…
Screenshot captured 2026-05-28. File: screenshot_mempool.png
For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 11
…cyl7spmnfme · BTC · 2026-05-28

APPENDIX B — GLOSSARY OF TERMS

No glossary entries provided for this report.

For investigative and informational purposes only. Not legal or financial advice.
…cyl7spmnfme
Page 12