Blockchain Address Clustering

Overview#

The Blockchain Address Clustering module employs advanced heuristic algorithms and machine learning techniques to group cryptocurrency addresses into entities, revealing the real-world identities and relationships behind blockchain transactions. By processing hundreds of millions of addresses across multiple blockchain networks, the system achieves high clustering accuracy and delivers real-time entity resolution in seconds rather than weeks of manual analysis.

Key Features#

• Multi-Heuristic Clustering - Implements seven proven clustering heuristics including common input ownership, change address detection, and co-spending analysis for high-accuracy entity resolution
• Real-Time Entity Resolution - Delivers instant clustering results, maintaining current entity profiles as new transactions are confirmed on-chain
• Cross-Chain Entity Detection - Identifies entities operating across multiple blockchain networks through behavioral correlation and address linking
• Advanced Graph Algorithms - Processes wallet networks with millions of connected addresses, identifying entity boundaries through community detection and structural analysis
• Change Address Detection - Proprietary algorithms identify change outputs with high precision, critical for UTXO-based blockchain analysis
• Confidence-Scored Results - Every cluster relationship includes a confidence score enabling risk-based decision-making
• Cluster Evolution Tracking - Monitors how entity clusters grow, merge, and split over time, maintaining historical context for investigations

Supported Networks#

• UTXO Chains: Bitcoin, Bitcoin Cash, Litecoin, Dogecoin, Zcash, Dash
• EVM-Compatible Chains: Ethereum, Polygon, BNB Chain, Arbitrum, Optimism, Base, Avalanche, Fantom, Cronos, Moonbeam, and more
• Alternative Networks: Solana, Cardano, Tron, Ripple, Polkadot, Cosmos, Near, Algorand, Tezos
• Layer 2 Solutions: Arbitrum, Optimism, Base, zkSync Era, Polygon zkEVM, Starknet, Linea

Investigation Use Cases#

Law Enforcement Investigations#

• Rapidly expand from a single known address to the full set of addresses controlled by a suspect entity
• Map criminal organization financial infrastructure by clustering payment, operational, and cash-out wallets
• Generate court-admissible evidence packages showing entity-level fund flows rather than individual transactions

Ransomware Attribution#

• Cluster ransomware payment wallets to identify operator infrastructure
• Connect apparently unrelated ransom payments to the same criminal organization
• Track proceeds from multiple victims through consolidation and cash-out patterns

Exchange Compliance#

• Identify when multiple customer accounts are controlled by the same entity
• Detect structuring attempts using multiple addresses to circumvent reporting thresholds
• Enhance Know Your Customer (KYC) processes through entity-level risk assessment

Darknet Market Analysis#

• Group vendor wallets to estimate total illicit revenue per marketplace seller
• Map marketplace operational wallets including escrow, hot wallets, and administrator funds
• Track entity activity across marketplace shutdowns and migrations

Sanctions Enforcement#

• Expand sanctioned address lists by identifying additional wallets controlled by designated entities
• Detect sanctions evasion through address rotation and entity restructuring
• Quantify total asset exposure to sanctioned entities across clustered wallet networks

Compliance#

• Clustering intelligence supports AML/CTF program requirements for virtual asset service providers
• Entity-level risk assessment aligns with FATF Recommendation 16 (Travel Rule) obligations
• Audit trail documentation for all clustering decisions and confidence scores
• Results suitable for regulatory reporting and Suspicious Activity Report (SAR) preparation
• Data handling compliant with GDPR requirements for public blockchain data analysis

Last Reviewed: 2026-02-05