Chainalysis Reveals Top 3 Mistakes Made By On-Chain Investigators
Image courtesy of 123rf.

Chainalysis Reveals Top 3 Mistakes Made By On-Chain Investigators

Common pitfalls of investigators are revealed, such as mixing platforms and failing to identify exchange addresses.
Neither the author, Kingsley Alo, nor this website, The Tokenist, provide financial advice. Please consult our website policy prior to making financial decisions.

Analytics firm Chainalysis has released a report that gives insight into the common mistakes made by blockchain investigators. These analysts usually rely on the on-chain data provided on the blockchain— a publicly distributed ledger— to track the movement of funds between crypto addresses. 

The public nature of the blockchain makes crypto investigations easy for law enforcement and finance investigators. However, the pseudonymous nature of wallet addresses requires them to use best-in-class tools to avoid mistakes in their analysis. The report highlights three common errors that investigators make with blockchain data that quickly lead them astray.

Not Identifying Mixers

Mixers are tools used to disguise the path of funds by aggregating cryptocurrency from several users. An equal amount of the users’ pool funds is returned to their address with a small fee charged. The mixer service is popular among money launderers for “cleaning” their crypto tokens and throwing investigators off the trail.

Although analysts can still follow the money despite the use of a mixer, they must be aware of its potential use. Making use of a blockchain analysis tool allows them to mark out addresses used in a pool.

Chainalysis Reactor graph showing fund transfer in the ransomware attack.
Source: Chainalysis

An example of this is the ransomware attack on the Colonial pipeline in May. As seen in the chart above, the Darkside administrator moved ransomed funds into a wallet labeled ‘Darkside dormant funds’ immediately after the attack. The money remained there until October when it was moved to a second wallet (Darkside consolidation). Shortly after, the money was transferred into a known mixing service. This trace was made possible because of the Chainalysis Reactor Tool, which identified that the last address in the chain belonged to a mixing service.

Join our Telegram group and never miss a breaking digital asset story.

Tracing Funds Through a Service

Investigation of funds moved into an exchange is virtually impossible to trace and poses a challenge to investigators. In this instance, it is counterintuitive to rely on blockchain data alone.

When deposits are made into an exchange, the money gets mixed up with the funds of other exchange users and their wallets. Investigators should therefore seek to cooperate with exchanges to work out which funds are associated with specific addresses.

Chainalysis Reactor does not display the outbound transaction history for specific service deposit addresses. This prevents investigators from erroneously pursuing funds after they are deposited in an exchange, which can be a drain on both time and resources.

Chainalysis Reactor identifies money sent to an exchange. Source: Chainalysis

Failing To Identify Nested Services and Merchant Service Providers

Nested services, such as over-the-counter (OTC) exchanges that use the addresses of larger platforms, need to be appropriately labelled. Failure to identify merchant services can lead to erroneous investigations.

An example of this surfaced in June 2021, where a ransomware strain called Ever101 transferred cash to the adult entertainment site, RubRatings.  This conclusion proved to be false, and it turned out that RubRating used the same merchant service Ever101 wired payments to.

Chainalysis Reactor graph showing Ever101 ransomware money transfer into merchant service. Source: Chainalysis

Investigators can be easily led astray if they fail to identify the uses of merchant services, as seen in the example above. Failure to use proper analysis tools can lead to false news reports and false accusations of innocent parties.

Growing Importance of On-Chain Literacy

With the gradual increase in ransomware attacks, there is a growing need for prospective investors to evaluate cryptocurrencies as suitable investments. This need has been highlighted in a report by ARK invest, an analytic investment firm.

ARK covered this topic in a three-part series:

Ark invest illustrates how investors can evaluate investment opportunities available in Bitcoin. This appraisal is done in the context of the cost together with profit and loss metrics.

Bitcoin and crypto assets differ significantly from traditional financial assets. This difference, coupled with the difficulty in analyzing the fundamentals, makes understanding on-chain data essential to give investors an edge.

Finance is changing.
Learn how, with Five Minute Finance.
A weekly newsletter that covers the big trends in FinTech and Decentralized Finance.

Is there any need for more understanding of On-chain metrics for cryptocurrencies? Let us know your thoughts in the comments below.