11 October 2023

AML due diligence for virtual assets using blockchain analysis

  • Articles
  • Compliance
  • Legal
  • Banking / Insurance
  • Blockchain / Digital Assets
  • Regulatory Compliance

Blockchain analytics involves examining blockchain data to uncover patterns and connections in virtual asset transactions. This makes it an important AML due diligence tool for VAs. It has many elements and requires expertise in this area.

Data sources

Data plays a pivotal role in the battle against money laundering, serving as a crucial tool for financial intermediaries and various stakeholders to construct a comprehensive overview, draw conclusions regarding money laundering activities, and ensure compliance with their obligations. These datasets also find application in blockchain analysis.

Individuals and businesses subject to money laundering regulations rely on a variety of sources. Databases on the implementation of international money laundering regulations are an important source of data. These are lists of states or supranational organizations that have sanctioned individuals and companies for certain actions or affiliations. Assets from such sources represent the highest risk category. One such database is that of the Office of Foreign Assets Control (OFAC), which contains various lists that are constantly updated. Financial intermediaries and other players can then automatically feed this data into their monitoring systems. If there is a transaction with a person on a list, the system reacts. Finally, data from publicly available sources (open-source intelligence) provides important insights for monitoring in the fight against money laundering. It can provide background information on clients or transactions.

Blockchain analysis

Blockchain analysis is the process of examining blockchain data to gain insights into transactions, addresses, and the flow of virtual assets (VA) like Bitcoin and Ethereum. With blockchain analysis, the movement of each transaction of VA between wallet addresses can be tracked to uncover patterns and connections with exchanges, other wallet addresses, etc. In addition, it can be used to identify unusual or suspicious activity on the blockchain, such as money laundering or illegal transactions.

This endeavor harnesses an array of techniques, tools, and algorithms to extract valuable insights from the publicly accessible ledger. New technologies have emerged to support the assessment of risks tied to VA transactions and wallet addresses by scrutinizing historical blockchain transactions for signs of money laundering, terrorist financing, fraud, or other forms of criminal activity. The resulting VA risk score represents a comprehensive evaluation of hundreds of suspicious activity indicators and pattern assessments, as evaluated by blockchain analytics service providers, leveraging their expertise and data sources.

These analyses are made possible through the services of providers that employ artificial intelligence, web crawling, algorithms, and identity mapping to gauge the overall risk associated with a specific VA or wallet address. For instance, blockchain explorers, which are web-based utilities enabling users to search, visualize, and dissect blockchain data, play a pivotal role. Prominent examples include Blockchain.info, Blockchair, and Etherscan. Today, numerous third-party entities offer advanced analytics tools that leverage blockchain data, encompassing transaction details, timestamps, and more, to piece together the intricate puzzle of blockchain transactions.

Use cases of blockchain analysis

Blockchain analysis holds significant implications across diverse domains. Primarily, it serves a crucial role in cryptocurrency investigations, empowering law enforcement agencies to trace and apprehend criminals engaged in illegal activities utilizing cryptocurrencies. This aspect becomes particularly relevant in the context of cyber security, especially addressing issues like ransomware.

Additionally, blockchain analysis plays a vital role in compliance and regulation within the financial sector and government operations. It enables institutions to ensure compliance with anti-money laundering (AML) and know your customer (KYC) regulations. The data generated through blockchain analysis is instrumental in producing detailed reports, aiding in regulatory adherence (DLA Reports).

Furthermore, this analytical approach is a pivotal tool in enhancing security within blockchain networks. By identifying vulnerabilities and weaknesses, stakeholders can bolster the overall security infrastructure, ensuring a more resilient system against potential threats.

Overall, blockchain analysis is indispensable for both investors and financial intermediaries, serving as a means to mitigate risks tied to illicit activities. Particularly for virtual asset service providers (VASPs), adhering to a risk-based approach as outlined by the Financial Action Task Force (FATF) is crucial, enabling them to effectively manage and mitigate risks associated with their engagement in such activities.

Transaction tracking (on chain)

Based on data from transactions and their analysis, the path of assets can be traced in detail. Transactions are largely public via the blockchain, and every single step of digital assets can be traced. What is not identifiable, however, is the user himself. Users appear with pseudonyms called public keys or blockchain addresses. To identify the users, additional data is needed to establish a link to the users. This can be done by aggregating blockchain analytics providers, such as the Crypto Defenders Alliance.

By looking at the individual hops, it can be determined whether the assets were transferred via anonymization techniques (e.g. coin mixers, privacy coins) or via a so-called tainted wallet address, and reported according to the respective risk category. A wallet, and therefore the assets transferred through it, is contaminated if it is directly or indirectly associated with prohibited activities. In ransomware attacks, for example, victims are blackmailed into transferring a certain amount of money to a wallet. By specifying the wallet address in the ransom note, all subsequent transactions can be tracked from that wallet. Ultimately, this makes it more difficult for the perpetrators to smuggle the money back into the normal cash cycle. This is also the case if the assets come from a darknet marketplace. When it comes to the issue of asset contamination, it is not necessary for every hop to identify the owners of the respective hop wallet addresses. Depending on the mix of assets, it is then possible to calculate how much of the assets originate from money laundering relevant activities.

Furthermore, algorithms, especially artificial intelligence, can be used to analyze, process, and compare large amounts of data from multiple sources in real time. This makes it possible to identify patterns and verify information. In addition, semantic search can be used to identify money laundering-related behavior from large amounts of data - even preventively.

Enlightening information can even be extracted from transactional data: For example, it can provide clues as to how the transaction was executed - whether it was based on human execution or automated based on algorithms, or whether algorithmic trading is present, and the assets originated from the fictitious system. For example, time intervals, the size of the difference in the transactions, and the senders and receivers provide clues about algorithms.

If, during onboarding process, a bank's clients indicate that they have received funds from algorithmic trading, data analytics can not only reveal money laundering behaviour, but also the opposite: it can show that no such behaviour exists, the pattern of algorithmic trading and its plausibility and that the new client is not at risk. In this way, data analytics also serves to invalidate suspicious cases.


Nevertheless, even when transactions can be meticulously tracked using an array of tools, there exist mechanisms that can obscure the original source of funds. One of the most common methods is to combine transactions from many anonymous entities, splitting values and adding as much volume as possible to reduce traceability (e.g., Coinjoin). Another identified approach is the redirection of a user's VA to destination addresses from newly created or distinct wallets, as opposed to traditional mixing. Moreover, mixing into a freshly minted 'clean' coins offers users the opportunity to obliterate transaction history. Nevertheless, it is crucial to note that designating a wallet address as risky should not solely hinge on the presence of a transaction involving a portion of tainted VA marked as such on the blockchain. The evaluation ultimately hinges on a comprehensive assessment.

Furthermore, privacy coins like Monero, Zcash, and Dash offer enhanced anonymity and transaction privacy in the world of cryptocurrency. They use advanced cryptographic techniques to obscure transaction details, making it difficult for blockchain analysts and authorities to trace and identify users. Thus, tracking privacy coins in blockchain analysis involves various technical and investigative methods to detect potentially suspicious or unlawful activities involving these cryptocurrencies. However, the strong privacy features of these coins make complete tracking and identification challenging.

To conduct a dependable assessment, it is imperative that experts possess a deep understanding of AML principles coupled with a technical proficiency in blockchain technologies.

Your Team