We cover the main blockchain analytics tools and techniques used to fight cryptocurrency crime, including investigating money laundering schemes. She describes the advantages and disadvantages of tools such as Maltego, CipherTrace, Breadcrumbs, MetaSluth, and SlowMist, and provides practical tips for using them.
Before diving into the technical complexities of blockchain forensics, it is necessary to understand what tools are at our disposal. The effectiveness of the investigation often depends on the functionality of tools for analyzing various criminal schemes.
Maltego and its limitations Maltego plays an important role in the visualization of OSINT investigations, providing a graphical representation that helps understand complex patterns. However, when studying the blockchain, the tool faces limitations such as the lack of specialized transformers and an interface not designed for detailed cryptographic investigations. For better performance, you can use the CipherTrace transformer, which offers advanced capabilities, albeit at a higher price ($999/year at the base level, according to recent reports).
The power of free tools Breadcrumbs, MetaSluth, and SlowMist are becoming essential resources for independent researchers who don’t need enterprise systems. These tools offer free versions or relatively inexpensive subscriptions, making advanced blockchain analysis accessible to a wide range of people. Note that MetaSluth is my favorite tool, but I have used and will use all the platforms mentioned in this article, except for CipherTrace.
Paid tools: While we focused on free tools, it’s important to note that there are also enterprise solutions such as Chainalysis, TRM Labs, Elliptic, and Blockchain Intelligence Group. While these platforms offer a wide range of features for resource-rich organizations, most researchers agree that MetaSluth and Breadcrumbs offer the functionality needed to effectively investigate money laundering without spending significant money.
In the complex world of cryptocurrencies, money launderers use various legalization methods to hide the source of illicit funds Main methods such as CoinJoins, mixers and bridges are responsible for making transactions difficult to track CoinJoins merge transactions of multiple users into one merge transactions of multiple users into one, which makes it difficult to track individual transactions.
Mixers, meanwhile, combine and mix cryptocurrency from multiple addresses, making it difficult to link to the original sources.
However, with increased scrutiny and sanctions on mixers, attackers are turning to more sophisticated methods, such as cross-blockchain bridges.
How this technique works: It involves cross-chain transfers, where cryptocurrencies move seamlessly between different blockchains, for example, from blockchain “A” to blockchain “B”. This technique creates additional difficulties for investigative agencies that track laundered assets.
The process usually looks like this:
A user initiates a transfer through the bridge interface by sending cryptocurrency from blockchain “A” to blockchain “B”.
The cryptocurrency is then locked into storage on the “A” blockchain.
Validators record this block and transmit the information to blockchain “B”.
Validators on blockchain “B” confirm the validity of the block.
Blockchain “B” issues proxy tokens backed 1:1 by blocked means, which are then credited to the user’s wallet.
Red Flags The use of CoinJoins and mixers is not illegal in itself, and many cryptocurrency users use these methods, but caution should be exercised if they are associated with services that have been sanctioned by the US Department of Justice or other authorities (such as Tornado Cash and Samurai Wallet). Tools like OpenSanctions and OFAC publish news about new sanctions.
Suspicious activity that may indicate illegal use includes:
Transactions involving mixers, authorized entities and high-risk jurisdictions.
Recurring transactions are just below reporting thresholds.
Activity that deviates from a typical user profile.
Extensive multi-layered distribution through multiple wallets, chains and translations.
Using nested exchanges to withdraw funds.
These signs, especially when considered in aggregate, may require a comprehensive investigation into the history of operations of a subject of possible money laundering activity.
Example In the center of this graphic is the wallet of Ivan Kondratiev, a person under OFAC sanctions. As seen from the flow of funds, this wallet shows activity on eight different blockchains, indicating that it is being used for mining With MetaSluth, users can examine transactions in any wallet. It can also be seen that one person’s main wallet is transferring funds to another wallet that is actively using the cross-chain.
Navigating the maze of cryptocurrency transactions requires precision and clarity, and MetaSluth is an essential and powerful tool for tracking funds across blockchains. Here we show you how to prepare and organize an investigation with MetaSluth:
Initialization: Begin by setting up the MetaSluth control panel and entering your target cryptocurrency addresses or transaction IDs.
Transaction Tracking: Use MetaSluth to track the movement of funds. The tool visualizes the path of transactions through different blockchains, clearly highlighting nodes and connections.
Analysis: Deeply examine each transaction, identify wallets. Analytical functions of MetaSluth allow you to consider in detail every step of the transfer of funds on the blockchain.
Labels and Notes: Label and add notes to key findings and suspicious transactions for further investigation.
Orientation: Arrange the graphs from right to left. Place the wallet (WoI) of interest in the center, inflows on the left and outflows on the right to visualize the flow of transactions.
Color coding: Color coding of elements improves the readability of the graph. For example, make WoI red and corresponding transactions light red. Central exchanges can be highlighted in blue, decentralized exchanges in orange, and authorized organizations in dark red. The color scheme can be customized to suit your analysis needs.
After completing the research with MetaSluth, I import the final results into Maltego and attach the overall graph of the MetaSluth research as an “Exhibit”. Thus, any person viewing my report can easily refer to a specific chart and see the reasons for associating a specific wallet with the object of interest.
At the conclusion of our in-depth study of the field of blockchain forensics, it is clear that the financial crime landscape is changing rapidly and our investigative methods must evolve as well. The tools and methods described so far are not just modern technologies, they are indispensable allies in the fight against cryptocurrency money laundering.
Each tool – from the basic use of OSINT technology for money laundering to the advanced application of MetaSluth and Maltego – plays an important role in uncovering the hidden paths of illicit funds. The practical guide presented here is intended to train and assist investigators and analysts. Step-by-step instructions and advanced tips help you navigate complex blockchain transactions with confidence.
When applying these techniques, remember that understanding the technical mechanisms and behavioral patterns underlying cryptocurrency money laundering is the key to a successful investigation. Whether analyzing chains of transactions or investigating cash transactions in tornadoes, the ability to interpret and act on this data can provide insight into criminal patterns.
It is recommended to constantly improve your toolkit and stay up to date with the latest developments in blockchain forensics. This will contribute to the creation of a more transparent and secure financial environment. If used to their full potential, these tools will enable us to track our digital footprint and play an active role in the fight to prevent future financial crimes.
Disclaimer: This article is intended for educational purposes. It examines cryptocurrency money laundering schemes to help readers understand their mechanisms and risks, and to highlight the importance of implementing measures to combat financial crime.