Glass box attribution

Table of contents

Glass box attribution is a feature of TRM's blockchain intelligence platform that provides full transparency into how attributions are derived — surfacing underlying sources, confidence levels, and reasoning behind each attribution. This is in contrast to black box approaches that produce conclusions without explaining how they were reached.

‍

What is glass box attribution?

Glass box attribution is a core feature of TRM's blockchain intelligence platform that makes every attribution transparent and verifiable. When TRM attributes a wallet address to an entity — whether a cryptocurrency exchange, a sanctioned actor, or a darknet marketplace — that attribution comes with a visible evidentiary chain: the data inputs, the analytical signals, the confidence scores, and the reasoning that support the conclusion.

This stands in contrast to black box attribution models, where an algorithm assigns ownership without surfacing the logic behind it. With black box methods, investigators and compliance teams must accept a finding on faith, with no way to independently verify it, challenge it, or present it to a court or regulator.

Glass box attribution is designed for environments where accountability matters. In law enforcement investigations, compliance reviews, and sanctions screening, the defensibility of a conclusion is as important as the conclusion itself. TRM is the only blockchain intelligence platform that surfaces the attribution source and confidence score for every attribution, enabling parallel reconstruction of investigations for use as evidence in court.

Why glass box attribution matters

For crypto businesses and VASPs

Virtual asset service providers (VASPs) — exchanges, wallets, and other crypto businesses — are required to screen counterparties and monitor transactions for exposure to illicit activity. When a compliance team flags a wallet address as high-risk, or clears one as low-risk, that decision needs to hold up to regulatory scrutiny.

With black box attribution, a compliance officer can tell a regulator "our system flagged this wallet." With glass box attribution, they can show exactly why — which data sources were consulted, which signals were weighed, and what confidence level was assigned. That's a meaningful difference when a regulator asks you to justify your risk assessment methodology, or when an auditor reviews a compliance decision after the fact.

Glass box attribution also reduces the risk of acting on erroneous data. Because the evidentiary basis is visible, compliance teams can identify and correct attribution errors rather than propagating incorrect conclusions through their screening workflows.

For financial institutions

Banks and other financial institutions increasingly operate in markets where crypto exposure is unavoidable — whether through customer transactions, correspondent banking relationships, or their own digital asset programs. Regulators expect these institutions to apply the same rigor to crypto-related risk as they do to traditional financial crime risk.

That expectation extends to the tools they use. An institution that relies on opaque attribution data to make AML decisions has limited ability to explain those decisions to examiners, defend them in enforcement proceedings, or respond when a decision is challenged. Glass box attribution provides the audit trail that financial institutions' compliance programs require — not just a risk score, but the basis for that score.

For law enforcement and government agencies

In criminal investigations, attribution findings often need to withstand legal challenge. Prosecutors presenting blockchain evidence must be able to explain how a wallet was linked to a suspect — and that explanation needs to be coherent, reproducible, and independently verifiable.

Glass box attribution is built with this standard in mind. Because the evidence and reasoning behind each attribution is transparent and reviewed, investigators can present their findings with confidence and explain the basis in terms that hold up in court. TRM's attribution is designed to support courtroom-grade defensibility — a requirement for any intelligence that will be used as evidence in criminal proceedings.

Glass box vs. black box attribution

Criteria	Glass box	Black box
Evidence visibility	Full — sources and signals are surfaced	None — conclusions produced without explanation
Auditability	High — attribution evidence and sources can be parallel reconstructed	Low — no basis for independent verification
Legal defensibility	Strong	Weak or untested
Error correction	Possible — errors can be traced and corrected	Difficult — no visibility into what went wrong
Regulatory suitability	Well-suited for regulated compliance programs	Limits ability to justify decisions to examiners

Related terms

Attribution: The process of linking a blockchain address or cluster of addresses to a real-world entity or actor
Address clustering: A technique that groups blockchain addresses likely controlled by the same entity based on behavioral and on-chain signals
Behavioral intelligence: TRM's approach to identifying risky activity based on transaction patterns and counterparty behavior, not just known bad actors
Blockchain intelligence: The discipline of analyzing blockchain data to detect financial crime, support investigations, and manage risk
Blockchain forensics: The practice of tracing, analyzing, and attributing blockchain transactions to support investigations and legal proceedings
Know Your Transaction (KYT): The continuous monitoring of blockchain transactions to detect exposure to illicit activity or high-risk counterparties

‍

Frequently asked questions

1. What is the difference between glass box and black box attribution in blockchain analytics?

Glass box attribution surfaces the evidence, data sources, and reasoning behind every attribution conclusion — so teams can see exactly why an address was linked to a particular entity. Black box attribution delivers a result without any explanation of how it was derived. For compliance and investigative use cases, the distinction matters because decisions need to be auditable, defensible, and correctable.

2. How does blockchain address attribution work?

Attribution starts with the observation that blockchain addresses are pseudonymous, not anonymous. Analysis platforms identify clusters of addresses likely controlled by the same entity — using on-chain behavioral signals — and then link those clusters to real-world entities using a combination of data sources, including direct observation, open-source intelligence, and proprietary research. The quality and transparency of that process determine how defensible the resulting attribution is.

3. What is address clustering in cryptocurrency?

Address clustering is the process of grouping blockchain addresses that are likely controlled by the same entity. Because many blockchain transactions involve multiple inputs from different addresses, analysts can infer that those addresses share a common owner. Clustering turns a fragmented set of pseudonymous addresses into a coherent picture of an entity's on-chain footprint.

4. Can blockchain attribution be wrong — and how would you know?

Yes. Attribution errors can occur when data is incomplete, when heuristics are applied incorrectly, or when an entity reuses address patterns in ways that resemble a different entity. With black box attribution, there's no way to identify or correct errors after the fact. Glass box attribution makes errors detectable by exposing the evidentiary basis — if an attribution is incorrect, investigators and compliance teams can identify the specific data point or signal that led to the wrong conclusion and correct it.

5. How is blockchain attribution used in law enforcement investigations?

Law enforcement agencies use attribution to trace the flow of funds from a crime through a network of blockchain transactions to an identifiable actor or service. That trace — connecting illicit funds to a suspect — is often a central element of the prosecution's case. Because that evidence may be challenged in court, the attribution behind it needs to be transparent, independently verifiable, and consistent with legal standards.

6. What makes blockchain attribution legally defensible?

Defensible attribution rests on reliability. Glass box attribution establishes reliability by providing investigators the evidence, data sources, and reasoning behind every attribution conclusion, making it the standard for investigations that may proceed to criminal or civil proceedings.

7. How do crypto compliance teams use attribution in their screening programs?

Compliance teams at exchanges and VASPs use attribution to understand the counterparties involved in a transaction. When a customer deposits or withdraws funds, screening tools check whether those funds have passed through addresses associated with sanctioned entities, darknet marketplaces, or other high-risk actors. The reliability of that screening depends entirely on the quality of the underlying attribution — how accurately addresses have been linked to the entities they represent.

8. Why do regulators care about attribution?

Regulators increasingly expect crypto businesses to demonstrate not just that they have screening tools, but that those tools are accurate, auditable, and appropriate for their risk environment. An institution that can't explain how its attribution data was generated — or verify that it's correct — has a weaker compliance program than one that can. Glass box attribution supports the kind of documented, explainable compliance decision-making that regulators look for in examinations.