With the rise of cryptocurrencies, the risks associated with illicit activities are multiplying. Theft, fraud, money laundering and ransomware are now threats not only to users but also to the wider stability of the financial system.
According to analysis firm Chainalysis, three major trends are marking the evolution of the criminal landscape.
operations by organised actors now span multiple blockchains robbed funds remain a major problem state-sponsored attacks are growing in sophistication criminals are increasingly exploiting cross-chain bridges and mixers to cover their tracks, while stablecoins now account for 63% of illicit transaction volume. Another worrying trend is the compromise of personal wallets, which already account for 23.35% of stolen funds. Investigative capabilities are improving, but the sophistication of criminal methods means that we need to focus more on prevention.
It is in this context that blockchain intelligence tools are becoming essential. They make it possible not only to speed up the recovery of stolen assets, but also to play a preventive role by detecting weak signals before a crime occurs.
Several specialist companies now offer these solutions, which strengthen risk management and generate alerts on suspicious transactions, portfolios or entities.
Among the most prominent players are TRM Labs, Chainalysis and Elliptic.
TRM Labs combines blockchain data and advanced analytics to support institutions and governments. Chainalysis powers investigations, compliance efforts and market intelligence, and has helped solve several high-profile criminal cases. Elliptic, founded in 2013, is one of the pioneers of blockchain analytics applied to the fight against financial crime.
For Ari Redbord, head of public and regulatory affairs at TRM Labs, the approach has changed: "It's no longer just about tracing flows after the fact. We need to monitor upstream typologies such as penalty evasion, flows from darknets or misuse of stablecoins, and integrate these signals into day-to-day decisions."
A logic that reflects the shift from a reactive approach to a strategy focused on prevention.
Same observation on the Chainalysis side. Salih Altuntas, director of investigations for the CEMEA zone (Central and Eastern Europe, Middle East and Africa), observes that "blockchain intelligence is becoming a fundamental pillar of investigations".
He already notes the creation of specialist positions and formal procedures within government agencies and compliance teams. And points out that while legitimate users are attracted by the efficiency of cryptos, so are malicious actors. Hence the importance of considering these tools not just as investigative tools, but as an essential line of defence.
Crypto crime, a paradox One question regularly comes up when cryptocurrency-related crime is discussed: does the blockchain facilitate these illicit activities or, on the contrary, does it help to counter them? On the one hand, its use can offer a degree of anonymity. On the other, it is based on radical transparency since every transaction is recorded in a public register.
Ari Redbord (TRM Labs) talks of a real "paradox": "Malicious actors can transfer large sums of money across borders in a matter of seconds, evading conventional controls. But at the same time, every movement is visible and recorded on a blockchain."
It is this traceability that justifies the growing role of analysis tools such as those developed by TRM. They offer investigators the ability to track financial flows, map criminal networks and, ultimately, bring greater transparency to on-chain financial activity. A level of visibility that is difficult to achieve with cash.
Salih Altuntas (Chainalysis) also highlights this paradox. "The transparency of blockchain means that each transaction leaves an immutable footprint. A transfer dating back several years can be traced as easily as a transaction carried out yesterday, without leaving his office", he explains.
In contrast, in traditional banking, it often takes months, court orders and international cooperation to hope to obtain statements (when they still exist). But this visibility has also encouraged a race for sophistication on the part of criminals, who are resorting to increasingly complex obfuscation techniques.
"Blockchain never forgets, but malicious actors are working harder than ever to hide their tracks," sums up Salih Altuntas.
Compliance tools Faced with growing compliance requirements, TRM Labs, Chainalysis and Elliptic offer solutions covering risk management, transaction monitoring and regulatory obligations.
While their offerings share essential building blocks such as portfolio screening, flow monitoring and digital asset service provider (DASP) due diligence, each retains specific features that reinforce a broader compliance strategy.
At TRM Labs, the focus is on risk mitigation. The Entity Screening tool, for example, provides detailed reports on specific companies, facilitating prior analysis.
Transaction monitoring solutions offer users the ability to define custom risk thresholds and rules to identify suspicious behaviour. Alerts are based on a proprietary database and provide context for compliance teams. TRM also offers portfolio screening, used from the pre-authorisation phase onwards, which combines alert history and adjustable tolerances.
These building blocks cover both Know Your Transaction (KYT) type procedures and ongoing monitoring, with counterparty summaries, sector comparisons and dynamic risk indicators.
Chainalysis, for its part, relies on its KYT API for monitoring, with personalised alerts, address list management and real-time dashboards. One of its special features is VASP scoring, which enables institutions to assess the risk levels of service providers using behavioural analysis and on-chain relationship mapping.
His Sentinel tool is aimed at token issuers: it detects suspicious addresses in real time and enables rapid responses, such as automated freezing or collaboration with the authorities.
Chainalysis has also developed two specialist solutions: Alterya , an AI-powered fraud detection platform that monitors both on-chain flows and off-chain payments (bank transfers, P2P applications), and Hexagate , a security tool that protects in real time against blockchain exploits, phishing or governance attacks. According to the company, more than $70 billion in assets are now covered by Hexagate.
Elliptic, finally, offers a comprehensive risk analysis framework.
Elliptic Discovery provides visibility into VASP exposure by cross-referencing comparative metrics across multiple blockchains. Its Elliptic Lens tool focuses on portfolio screening, covering more than 50 blockchains and 250 bridges, with configurable alerts and activity history information.
For transaction monitoring, Elliptic Navigator enables in-depth visualisation and analysis of on-chain behaviour, identifying links to illicit activity (hacks, ransomware, fraud) and creating targeted alerts. The company also offers entity analysis and address clustering capabilities, with tools for data visualisation, transaction exploration and the ability to build custom datasets tailored to customers' needs.
Blockchain investigation tools In the field of cryptocurrency-related investigations, TRM Labs, Chainalysis and Elliptic provide advanced tools that support public authorities and specialist teams in tracking down illicit activity. While their services overlap in some respects, each has developed its own unique features that shape their approach.
TRM Labs offers an investigative framework focused on tracing financial flows. Its tools enable transactions to be tracked across several blockchains and their paths to be visualised. The investigation graphs provide a clear reading of the links between addresses and on-chain players. The use of machine learning facilitates the detection of patterns, including those passing through mixers. Investigators benefit from case management functions, transactional signature recognition and digital fingerprinting to speed up the identification of suspicious behaviour.
The Triage tool completes this feature by providing a quick overview of the risk associated with an address, useful for example when executing a warrant. It also enables crypto-related items (QR codes, receipts, address fragments) to be detected in the field using a simple mobile phone. All of TRM's investigation and compliance solutions are bundled into the BlockINT API, which centralises intelligence tools for law enforcement and regulators.
Chainalysis leverages Reactor , an analytics platform designed to track blockchain activity and link flows to real-world entities. The tool covers complex DeFi transactions (swaps, loans, bridges, mixers) and even integrates geolocation data. Developed by Chainalysis Labs , Reactor is continually enhanced to anticipate new threats and accelerate graphical analysis.
The company has already helped European investigators seize $270 million from ransomware using its Wallet Scan feature, which quickly identifies balances, portfolio links and illicit exposures.
Wallet Scan is designed to work offline to preserve confidentiality. Investigators can derive public keys from seed phrases without ever storing or sharing this sensitive information.
Chainalysis has also developed Signal , which ranks risky addresses according to their behaviour, and Rapid , an AI-powered tool that translates raw data into actionable information from a simple QR code or address. Here, AI is designed as a relay for teams that are often overworked, capable of automating the simplest cases and filling in technical gaps on new protocols.
Chainalysis' strength also lies in the reliability of its data, built from billions of transactions and validated by strict attribution standards. The company emphasises its careful clustering and labelling methods, to avoid false positives. Its data comes from complete nodes on multiple blockchains, heuristic analyses, public sources and customer feedback. This modular architecture facilitates the integration of new protocols and guarantees regular coverage, whether of fungible or non-fungible tokens.
For its part, Elliptic emphasises ease of use and the ability to manage large-scale surveys. Its Investigator tool visualises the flow of illicit funds across blockchains, bridges and assets within a unified graph. This mapping makes it easier to identify practices such as peel chains, pig butchering scams or the use of mixers. The tool is designed to be accessible, including to agents with limited blockchain expertise.
Elliptic also supports massive data ingestion, with up to 20,000 portfolios or transactions processed at any one time. Users can configure risk scores on addresses and transactions, enhancing triage capabilities and targeted behavioural detection. This flexibility allows investigations to be adapted to different volumes and levels of complexity.
Case studies Several examples help to illustrate the practical use of blockchain analysis tools.
In the private sector, Visa has used TRM Labs' Know-Your-Entity solution to assess the risks associated with digital asset service providers (VASPs) as part of its co-branded card programmes. In two years, more than 200 VASPs were screened using a scalable, data-centric process, strengthening the reliability of crypto-related partnerships and reducing risk.
On the public sector side, the FBI relied on TRM Forensics' tools to dismantle Qakbot , a botnet active since 2008 and implicated in numerous financial attacks. The operation, carried out with the support of public and private partners, removed the malware from infected systems and seized $8.6 million in ransoms, putting an end to a long-lasting threat.
Chainalysis is also involved in a number of cases. Web3 infrastructure company MoonPay has integrated its platform to improve its compliance operations. By streamlining its monitoring processes, it has reduced the number of false positives, increased the productivity of its teams fivefold and strengthened its cooperation with regulators.
In June 2023, the Israeli authorities also used Chainalysis to seize $1.7 million in cryptocurrencies linked to Hezbollah and the Iranian al-Quds Force. The funds were in transit via a hawala operator based in Syria. This unprecedented operation marked the first seizure of cryptos from these groups, revealing their use of this funding channel.
Another illustration: the fight against tax evasion. In December 2024, Frank Ahlgren was convicted of concealing more than $1 million in Bitcoin earnings via mixers, false declarations and complex transactions. The IRS, with the help of Chainalysis, traced his activities and obtained a conviction. This is the first major case of tax fraud based solely on cryptos, confirming the growing ability of the authorities to prosecute this type of crime.
Public-private partnerships For Ari Redbord (TRM Labs), collaboration between public and private players "is not a luxury, but a necessity". He points out that "cryptos are evolving at the speed of the Internet, and so are the threats". In such a context, partnerships appear to be a central lever for countering illicit activities.
Companies specialising in blockchain intelligence regularly work alongside public institutions. Their tools have helped to block ransomware payments, identify scam networks and trace flows linked to government threats. Recent collaborations include the Scottsdale and Houston police forces, Homeland Security Investigations (HSI) teams, the IRS-CI (criminal branch of the US tax authorities), the FBI, the Department of Justice, the Spanish National Police, the DCIS (US Defence) and the Israeli Office for Combating the Financing of Terrorism. These concrete cases illustrate the increasingly strategic role played by these companies in the digital financial ecosystem.
Salih Altuntas (Chainalysis) also highlights the value of this cooperation: "Public-private partnerships create a virtuous loop: public agencies benefit from cutting-edge technological tools, while suppliers refine their solutions in the face of real threats."
He cites the example of Operation Spincaster, launched in July 2024. This Chainalysis-led initiative brought together authorities and private players from six countries (USA, Canada, UK, Spain, Netherlands, Australia) to tackle crypto scam networks. The results have been significant: more than 7,000 investigative leads generated, $162 million in scam-related losses identified, and numerous fraudulent accounts closed.
The effects have also been felt locally. In Delta, Canada, a single operation identified 1,100 victims and $25 million in losses. Investigators were able to freeze $1.2 million on a blacklisted address and prevent $800,000 in fraudulent transactions on local platforms. A concrete illustration of what cooperation between the private sector and public authorities can produce.
Blockchain analysis and privacy An issue often overlooked in debates around blockchain intelligence tools concerns the tension between their usefulness and the risks they pose to privacy. These technologies have proved their effectiveness in tracing illicit transactions, identifying criminal networks and helping the authorities to dismantle threats ranging from ransomware to terrorist financing. But their rise raises ethical questions: while blockchain is pseudonymous rather than anonymous, the combination of aggregation algorithms, off-chain data and KYC integrations can effectively erase any notion of financial privacy in decentralised systems.
For Ari Redbord (TRM Labs), the answer lies in more innovation: "We need more and better technologies. Zero-disclosure knowledge proofs (zero-knowledge proofs ), digital identity frameworks and privacy-enhancing protocols can help us strike a balance." These approaches could reconcile two imperatives: the traceability needed to fight crime and the protection of users' privacy.
Salih Altuntas (Chainalysis), however, insists on an important distinction: "Blockchain analytics should not be confused with intrusive surveillance. The tools simply interpret the public and permanent data already recorded in the register. In his view, the aim is to enable authorities and compliance teams to meet their legal obligations, by improving accuracy and reducing false positives. Rather than undermining decentralisation, this approach would strengthen confidence in the ecosystem, limiting criminal exploitation and providing a safer environment for legitimate users.
>> Crypto blenders: exclusive report on their use and contribution to money laundering
