Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.
The analytical methods investigators use to follow cryptocurrency through a blockchain, from address clustering and transaction-graph analysis to exchange de-anonymisation, with landmark cases including Silk Road and the Bitfinex hack.
Last updated:
The Bitcoin ledger contains every transaction ever made since January 2009. That is a complete, permanent, publicly readable financial record of a parallel economy that has processed trillions of dollars in value. For investigators, this is either a gift or a maze, depending on whether they know how to navigate it. The techniques in this topic are the navigational tools.
Tracing cryptocurrency is not fundamentally different from following money through a series of bank accounts, except that the records are public, the accounts are pseudonyms rather than names, and the analysis happens on a transaction graph rather than a series of statements. The core problem is the same: map the flow of funds, identify the chokepoints where pseudonymous addresses touch real-world identities, and obtain the records that name the people behind those identities.
This topic walks through the main analytical methods in sequence: how address clusters are built from on-chain heuristics, how transaction-graph analysis traces funds across multiple hops, how exchanges serve as de-anonymisation bottlenecks, what mixing and tumbling do to disrupt the trail, and what landmark cases show about what is and is not achievable. It ends with the main commercial tools and how they are used in practice.
Bitcoin addresses are pseudonyms, but they leave patterns that group themselves.
The foundation of cryptocurrency tracing is the observation that Bitcoin wallets rarely use a single address. For privacy and for practical key-management reasons, wallets generate new addresses constantly. But the UTXO accounting model forces wallets to combine addresses whenever their separate balances need to be aggregated for a single payment. When multiple addresses appear as inputs in the same transaction, every one of those addresses had to provide a valid signature. Only a party controlling the private keys for all of them could have built the transaction.
This is the co-spend heuristic, and it is the most reliable clustering signal. It is not perfect: collaborative transactions (CoinJoin) deliberately break it by having multiple independent parties combine inputs. But outside of deliberate mixing, a co-spend strongly implies shared control. Commercial tools run this heuristic across the entire blockchain history and produce clusters containing thousands or millions of addresses that all appear to belong to one wallet.
The change-address heuristic adds a second signal. When a Bitcoin transaction has two outputs, one of which goes to a fresh address never seen before and one to an established address, the fresh one is likely change returning to the sender. Following the change address extends the cluster one more hop. Combining co-spend and change-address analysis across millions of transactions produces clusters that closely approximate actual wallet entities.
Following value across multiple hops is graph traversal, not accounting.
Once clusters are built, the investigator traces fund flows by walking the transaction graph. Each cluster is a node; each transaction connecting them is an edge. The question changes from "which address received this?" to "which entity received this and what did they do with it next?" This reframing is important because it matches the money-laundering framework: placement, layering, and integration correspond to identifiable patterns in the graph.
Commercial tools render this as a visual graph where known entities (exchanges, darknet markets, sanctioned wallets) appear as labelled nodes. An investigator can start from a crime-related address, expand the graph forward (where did the money go?) and backward (where did it come from?), and look for nodes that touch labelled entities. When a path from crime proceeds to an exchange's deposit cluster is found, that exchange becomes the target for legal process.
Every pseudonymous trail eventually needs to touch the real world, and exchanges are where that happens.
A cryptocurrency holder who wants to convert to fiat currency, pay for real-world goods, or interact with regulated services must pass through an exchange or equivalent service that collects identity documents. This is the de-anonymisation bottleneck: however long the layering chain on-chain, if the funds eventually enter an exchange that complies with AML regulations, the investigator can obtain the account holder's name, address, identity document, and IP address by serving legal process on that exchange.
The practical process is: trace funds to an exchange deposit address (identified through the attribution database), preserve the blockchain evidence, then serve a subpoena or court order on the exchange for account records associated with that deposit address. Large exchanges in the US, EU, UK, and many Asia-Pacific jurisdictions respond to legal process with account records. Exchanges in uncooperative jurisdictions require mutual legal assistance requests, which are slower but not impossible.
Countermeasures complicate tracing but rarely defeat it entirely.
Mixing services accept bitcoin from multiple users, shuffle the inputs and outputs, and return equivalent amounts (minus a fee) to designated output addresses. The goal is to break the direct link between input and output. CoinJoin is the most common Bitcoin mixing protocol: multiple parties co-sign a single transaction combining their inputs and directing outputs to independent fresh addresses. Because all the outputs are equal amounts, distinguishing which input funded which output requires guessing.
But mixing is not as opaque as it appears. Large amounts entering a mixer and equal large amounts leaving create timing and volume correlations. The mixer itself is a cluster; if its deposit addresses are known (and they frequently are, because law enforcement has seized mixing services and published their address datasets), then tracing shows funds entering the mixer even if the specific output cannot be pinpointed. Investigators often argue that willful use of a known mixing service is itself evidence of intent to conceal, which is probative even without a complete flow reconstruction.
Privacy coins present a harder challenge. Monero uses ring signatures, which blend a real input among decoy inputs, and stealth addresses, which prevent linking a transaction to a public address. Zcash's shielded transactions use zero-knowledge proofs (zk-SNARKs) to hide sender, receiver, and amount. These protocols significantly degrade the on-chain tracing signal. However, most Monero users still convert to fiat through exchanges with KYC, and the on-ramp and off-ramp transactions that convert between transparent Bitcoin and private Monero can be identified and timed.
Two cases that defined what blockchain tracing can achieve in court.
The 2013 prosecution of Ross Ulbricht, operator of the Silk Road darknet market, was the first major test of blockchain evidence in a US federal criminal case. IRS Criminal Investigation agent Gary Alford used public blockchain data to trace Bitcoin flows from Silk Road vendor wallets to withdrawal addresses and then to exchange accounts in Ulbricht's name. Crucially, the seizure of Ulbricht's running laptop preserved the wallet file with private keys, allowing agents to verify that the on-chain addresses matched the wallet on his device. The court accepted the blockchain analysis and the case established that Bitcoin's public ledger is admissible as documentary evidence.
The 2016 Bitfinex exchange hack saw 119,754 Bitcoin stolen in a single event. For five years the funds sat largely dormant. In February 2022, the US Department of Justice announced the arrest of Ilya Lichtenstein and Heather Morgan and the seizure of approximately 94,000 Bitcoin, the largest financial seizure in DOJ history at that point. The investigation used transaction-graph analysis across thousands of hops, including through AlphaBay market, chain-hopping to Monero and back, and several exchange accounts linked by KYC. The case demonstrated that large-scale, multi-year layering operations can be reconstructed from on-chain data when investigators are patient enough to follow the full graph.
| Case | Year | Key technique | Outcome |
|---|---|---|---|
| Silk Road (Ulbricht) | 2013 | On-chain flow analysis + wallet seizure | Conviction; Bitcoin evidence accepted in federal court |
| Bitfinex hack (Lichtenstein/Morgan) | 2016/2022 | Multi-year graph analysis; chain-hop tracing; exchange KYC | 94,000 BTC seized; largest DOJ financial seizure at time |
The attribution database is the tool's real value; the graph interface makes it navigable.
Chainalysis, Elliptic, and CipherTrace (now Mastercard) are the three dominant commercial platforms used by law-enforcement agencies, financial intelligence units, and compliance teams worldwide. All three operate on the same fundamental model: they maintain large attribution databases mapping address clusters to known entities, and they provide graph-visualisation interfaces that allow investigators to trace fund flows and identify when those flows touch labelled entities.
What is the co-spend heuristic and what does it infer?
Test yourself on Forensic Accounting and Financial Forensics with free, timed mocks.
Practice Forensic Accounting and Financial Forensics questionsSpotted an error in this page? Report a correction or read our editorial standards.