Knogin
[Developers]

Blockchain Domain

A financial crime investigator traces suspect funds through a series of cryptocurrency wallet transfers. The money moves from Ethereum to Polygon, passes through a DeFi mixer, gets split across four wallets, and eventual

Back to All Modules
Category: Api DomainsLast Updated: Feb 5, 2026
api-domainsaireal-timecomplianceblockchain

Overview#

A financial crime investigator traces suspect funds through a series of cryptocurrency wallet transfers. The money moves from Ethereum to Polygon, passes through a DeFi mixer, gets split across four wallets, and eventually reaches a wallet linked to a sanctioned entity. Manual tracing across chains would take days and produce a report that no court would find credible. The Blockchain domain traces that entire flow in minutes, generates a cryptographically verified forensic report, and links the destination wallet directly to the sanctions record.

This is cryptocurrency investigation at the pace that financial crime actually moves.

Key Features#

  • Multi-chain transaction analysis across Ethereum, Polygon, BSC, Arbitrum, Optimism, Base, and more.
  • Wallet attribution and entity identification using AI and heuristics.
  • Fund flow tracing and graph visualisation with risk scoring.
  • DeFi protocol detection across 20+ protocols.
  • Pattern matching engine for detecting money laundering, mixing, and fraud patterns.
  • Court-ready forensic reports with cryptographic verification.
  • Real-time blockchain monitoring with priority queue system.
  • Multi-tenant isolation with organisation-scoped data access.

Use Cases#

Financial crime investigators at banks and asset recovery firms trace cryptocurrency fraud across multiple chains, producing court-ready forensic reports with complete transaction graphs and evidence chains that meet legal admissibility standards.

Sanctions compliance teams screen wallet addresses and transactions against sanctions lists in real time, identifying prohibited entities before processing any transaction that touches a potentially flagged wallet.

Law enforcement agencies use fund flow tracing to follow criminal proceeds from theft or ransomware through obfuscation layers to exchange accounts, building the evidence base for asset seizure applications.

DeFi protocol monitoring teams detect unusual activity patterns across decentralised exchanges and liquidity pools, identifying potential flash loan attacks, front-running schemes, and wash trading before they cause material harm.

Integration#

Integrates with investigation, evidence, and case domains for end-to-end blockchain forensic workflows. Supports graph-based relationship analysis and links to threat intelligence feeds for enriched attribution.

Open Standards#

  • Ethereum ERC-20 / ERC-721 / ERC-1155: Token transfer events for fungible tokens, non-fungible tokens, and multi-token contracts are decoded and tracked across all supported chains using these Ethereum Improvement Proposal standards.
  • JSON-RPC 2.0: Direct access to blockchain nodes uses the Ethereum JSON-RPC specification via eth_* methods (e.g. eth_getTransactionReceipt, eth_getBalance, eth_chainId) for real-time chain queries.
  • EIP-155 (Chain ID replay protection): Multi-chain support assigns a numeric chain identifier to every transaction and node call, following the EIP-155 standard to distinguish networks such as Ethereum (1), Polygon (137), Arbitrum (42161), and BNB Smart Chain (56).
  • OFAC SDN / UN Security Council / EU and HM Treasury Consolidated Sanctions Lists: Wallet addresses are screened in real time against these authoritative sanctions designations to detect Specially Designated Nationals and other prohibited entities.
  • FATF Recommendations (AML/CFT): The pattern-detection engine identifies layering, structuring, and mixing behaviours aligned with FATF typologies, and the financial transaction models include Suspicious Activity Report (SAR) structures consistent with FATF Recommendation 16 obligations for virtual asset service providers.
  • SHA-256 (FIPS 180-4): Forensic reports are hashed with SHA-256 at generation time and the digest stored alongside the report, enabling cryptographic tamper detection for court-admissibility.
  • GraphQL: All blockchain intelligence queries and mutations are exposed through a GraphQL API, providing typed, introspectable access to transaction graphs, clustering results, sanctions screening, and forensic report generation.
  • ISO 8601: All transaction timestamps, report generation dates, and activity windows are serialised as ISO 8601 UTC datetime strings throughout the domain.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.