On-Chain Forensics
The discipline of investigating and attributing cryptocurrency transactions - clustering addresses, tracing flows and producing evidentiary outputs for regulators, courts and counterparties.
What it is
On-chain forensics is the practice of analysing public blockchain data - transactions, addresses, smart-contract interactions - to reconstruct the flow of value, attribute activity to real-world actors and produce evidence suitable for compliance reporting, civil litigation or criminal proceedings.
Core techniques
- Address clustering - common-input heuristic, change-address detection, behavioural fingerprints.
- Attribution - labelling clusters as exchanges, mixers, ransomware operators, sanctioned entities.
- Tracing - forward and backward flow analysis, including across bridges and swaps.
- Smart-contract analysis - decoding token transfers, DEX swaps, lending positions.
- Tumbler de-mixing - statistical and timing-based attempts to reconnect pre- and post-mixer flows.
Evidentiary standards
For investigations destined for court or supervisory action, the report must document the data source (node, indexer, chain reorganisation handling), the clustering methodology, the confidence level of each attribution and the chain-of-custody for any preserved evidence. Most jurisdictions now accept on-chain evidence subject to expert-witness testimony.
Regulatory anchor
On-chain forensics is implicitly required by FATF VASP guidance, MiCA market-abuse surveillance obligations, EU AMLR risk-assessment requirements, and OFAC sanctions compliance.