The decentralised world is no longer as autonomous as it was a decade ago. Trends point to tighter regulation, closer identification of users and even individual wallets. In parallel, transaction-tracking tools are evolving — useful to some for crafting trading strategies, to others for exposing illicit activity, and to a third group for manipulating markets.
ForkLog spoke with Grigory Osipov, director of investigations at “SHARD”, about how analytics systems work, where they help — and where they harm.
Pro-government analytics firms (Chainalysis, Crystal, Elliptic, TRM Labs) monitor cryptocurrencies, declaring clear and benign aims: preventing the use of digital assets to launder illicit proceeds.
Yet such activity can be bent to manipulation and abuse. Any service that, for one reason or another, has been used to move fiat through crypto while bypassing US‑regulated exchanges risks landing on the watchlist of the American firm Chainalysis.
At the same time, many genuinely useful analytics services have emerged, offering insight into asset flows — for instance, movements by “whale” addresses.
Tracking is also used for investment, focusing on exchange metrics and market trends. A simple example is copy trading: analysing and mirroring the actions of large players, studying their portfolios to inform one’s own strategy.
Questions of crypto tracking sit alongside those of user privacy. On the one hand, anonymous transactions confer freedom and safety, helping avoid unnecessary oversight and interference by third parties.
On the other, state agencies seek to prevent illicit use of crypto. They push policies that require users to disclose information about their wallets, including mandatory AML/KYC procedures for centralised services. Such rules significantly constrain privacy, a stark contrast to the days when it was easy to stay under the radar.
Anonymity in payments, then, is a balance between protecting private life and safeguarding society.
Although transactions on public blockchains are open, transparent and immutable, the identities of people or organisations behind specific addresses are not recorded. That preserves the confidentiality of operations while keeping deal structures transparent.
As cryptocurrencies appeared, analytics firms began studying asset flows over long periods and from multiple angles. They use advanced visualisation tools and maintain carefully assembled databases mapping addresses to specific services and even individuals. This information is called labelling.
Knowing a few addresses belonging to a given service, analytics systems can infer an entire group of wallets used by it — sometimes numbering in the thousands. The value of such systems depends heavily on the quality and accuracy of the labelling, which can contain inaccuracies and errors.
Depending on the entities involved, labelling can cover exchanges, crypto funds, mining pools, bridges and other segments. Of particular importance is “criminal” labelling, which links addresses to darknet markets, casinos and mixers, as well as ransomware, hackers and financial pyramids.
Ties between analytics systems and government agencies have turned these tools into instruments of market manipulation. If a blockchain address is flagged as linked to criminal activity, it effectively blocks cashing out through centralised venues that comply with anti‑money‑laundering rules.
Beyond labelling, these systems classify addresses by risk levels based on their characteristics. Addresses can be “coloured” according to alleged illicit activity or sanctions evasion. A key factor in such risk scoring is the presence of “criminal” labelling.
Alongside the big analytics suites, there are free or freemium services (Whale Alert, Cryptocurrency Alerting, BTC-parsing). They track a limited set of metrics — for example, only whale transactions.
The main methods include:
For example, on 11 August 2024 on Ethereum, 0.8776 ETH was sent from one address to another, while the fee totalled 34.62 ETH (~$87,500 at publication) — nearly 35 times the amount sent. Such an operation is possible only with a manually set fee and only in wallets that allow that option. The sender’s address is itself a validator on the Ethereum network.
Immediately after the high‑fee transaction, the sender received a transfer from a phishing address that closely resembles the destination address at the beginning and end. There may be some link between the events, as the gap between the transactions was just a minute.
As for refunding the overpaid fee, the funds went to the validator’s address. Such funds are often returned to the unlucky sender for reputational reasons.
With blockchain‑analytics methods and tools, one can investigate cases, gather data for informed trading decisions, and analyse competitors and counterparties.
