skip to Main Content

Financial Investigations and Blockchain Forensics

De-anonymize Cryptocurrency Transactions and Wallets

Most cryptocurrency users are law-abiding people with a variety of legitimate reasons for wanting an anonymous, decentralized method of payment and storing wealth. Nonetheless, the anonymity of a cryptocurrency like Bitcoin makes it an attractive tool for criminals who want to keep shady business and illicit funds transfers secret. The catch-22 is that cryptocurrencies like Bitcoin and their associated data create a cyber trail that can make a criminal’s entire financial history public information. CipherTrace delivers a solution for Financial Investigation Units that capitalizes on this pseudo-anonymous aspect of Bitcoin. Investigators can trace the movement of money through the Bitcoin economy to identify, investigate, apprehend and convict criminals.

De-anonymization Tools Enable Successful Investigations and Prosecutions

CipherTrace provides powerful and easy-to-use de-anonymization tools for law enforcement investigators to obtain solid evidence on individuals who are using Bitcoin to launder money, finance terrorism, or hide other illicit activities such as drug dealing. Using the intuitive CipherTrace visual environment, even non-technical agents and analysts can easily identify and trace criminals who attempt to use virtual currencies on the Internet to conceal their activities. Support for more cryptocurrencies is coming soon.

Superior Attribution and More Accurate Risk Assessment

Despite the public perception, Bitcoin transactions are not entirely anonymous. The details of these numbered transactions are a matter of permanent public record in the Bitcoin blockchain. However, identifying risky attributes of the entities participating in Bitcoin and their locations requires applying sophisticated analytics and data science.

CipherTrace advanced analytics leverages machine learning algorithms to cluster data points and integrate both open and closed-source intelligence to create a broad, high-resolution view of the cryptocurrency transaction landscape. As a result, this active attribution platform can rapidly aggregate and correlate a variety of indicators and then provide users with rapid risk assessments and actionable intelligence. Superior attribution capabilities also help investigators gather implicating evidence more quickly.

Cryptocurrency Forensics for Law Enforcement
* Financial investigations units
* Intelligence agencies
* Immigrations and Customs
* Computer task forces
* Auditors and lawyers
* Regulators

Easy-to-Use And Powerful Investigation Tools

The CipherTrace platform puts state-of-the-art investigation tools in the hands of both technical and non-technical users. Investigators access these tools through an intuitive graphical environment. By far the most easy-to-use solution available, the interface allows users to access a variety of powerful investigation tools and analysis capabilities simply by entering Bitcoin addresses or transaction IDs in an intuitive search bar that auto-completes long addresses and transaction IDs.
The CipherTrace case manager gives investigators a convenient way to save research, come back to investigations, and collaborate with other agents. This system also allows agents to perform bulk uploads of large quantities of cryptocurrency addresses for investigation.


Search Blockchain for Transactions and Wallets

Search Blockchain for Transactions and Wallets

Simple Search Using the CipherTrace Crypto Search Engine

Algorithms Calculate Risk Levels
CipherTrace machine learning algorithms comprise an expert system that performs the cryptocurrency intelligence footwork and analysis—so investigators can focus on investigating. Advanced CipherTrace algorithms cluster associated suspicious addresses and calculate risk levels based on prior relationships. CipherTrace profiles hundreds of global exchanges, ATMs, mixers, money laundering systems, gambling services and known criminal addresses to score transactions and asses risk. It then assigns risk levels to transactions based on known associations with suspicious addresses and nefarious locations.

Active Attribution

Profile types and Attribution collection methods include:
1. CipherTrace Labs Malware & Ransomware Analysis
2. Active profiling of many ecosystem entities — exchanges, mixers/tumblers, ATMs, & gambling payments by maintaining live accounts
3. CipherTrace Labs managed honey pots
4. Dark Market and targeted sites crawling
5. Full Bitcoin/Ethereum/BitcoinCash Nodes operation collect IP address and Geo-location information
6. Investment scams and fraudulent ICOs
7. De-centralized exchanges without Know Your Customer (KYC) rules
8. Stolen cryptocurrencies – CipherTrace operates a global Crypto Recovery Network
9. CipherTrace also collects attribution directly from trusted users including law enforcement
10. APWG eCrime Exchange (eCX) – a data feed collected from 1,500+ sources


Profile Types of Suspicious Addresses

CipherTrace helps law enforcement follow digital money trails for crimes such as:
• Data extortion
• Ransomware
• Online drug sales
• Dark market transactions
• Money laundering
• Terrorist financing
• Child exploitation
• Human trafficking

Wallet Risk Scoring & Transaction Profiling Speed Assessments and Investigations

CipherTrace has developed three simple-yet-powerful methods to access Application Programming Interfaces (API) that delivers real-time assessments of cryptocurrency transaction risk and analysis of risky transactions. This interface can be rapidly integrated with existing infrastructure and analysis tools. The high-performance API quickly returns actionable risk scores for each transaction.
Alternatively, users can query individual cryptocurrency transactions simply by entering an address in the easy-to-use CipherTrace Crypto Search Engine.

CipherTrace calculates a risk score for transactions and wallets

Investigate Potential Risks More Deeply
The CipherTrace environment’s interactive user interface allows non-technical users to perform deeper investigation and visually trace cryptocurrency tracing addresses and suspects simply by clicking on a transaction. In addition, this capability enables non-technical investigators to able to follow the virtual money trail without having to become cryptocurrency experts.
Interact with Live Transaction Databases to See Relationships
CipherTrace Active Attribution allows users to take advantage of live interactions with a powerful graph database to trace the flow of funds over time and through the cryptocurrency ecosystem. A graph database visually displays data with relationships to an anchor data item such as a specific bitcoin transaction or wallet.

Interactive Graph Database helps investigators to identify and visualize related transactions

This capability is important because attributing bitcoin transactions to specific entities requires looking at related data to essentially create a composite photo of the suspect transaction history.
CipherTrace enables users to step backward and forward through the transaction history to discover if and where the funds have been tainted. Smaller organizations, larger entities, and power users can use this interactive graph view to investigate suspicious activity.

By aggregating and correlating a variety of indicators, CipherTrace algorithms create confidence scores for attribution. The platform then overlays this active attribution to geo-locate the source and destination of the funds with a high degree of accuracy.

Active Investigative Community and Collaboration

CipherTrace has created a community of trusted investigators to assist in expanding cryptocurrency attribution and investigation. The CipherTrace system enables investigators to not only maintain private records but also to deconflict investigations with others around the world. Strict controls within the CipherTrace platform assure the confidentiality.


* Easily detect large-scale fraud and money laundering
* Reduce work for analysts and researchers
* Rapidly track criminals, drug traffickers, terrorists, and arms dealers
* Identify subpoenable entities
* Assign jurisdiction and packages evidence
* Save searches and investigation results in the case manager
* Share cases and enables joint investigations
* Quickly produce reports and extract data extracts
* Integrate with third-party SEIM tools, including IBM, Maltego, Palantir and Splunk


Back To Top