2025 Crypto Crime Report: See the key trends that shaped the illicit crypto market over the past year. Read the report

Solutions
RESOURCES
Customers
Company
Request a demo
en
Search
Search
Back to Glossary

Blockchain forensics

Table of contents
Blockchain forensics

What is blockchain forensics?

Blockchain forensics — sometimes also known as blockchain tracing or blockchain investigation — is the practice of analyzing blockchain transactions to uncover patterns, trace the flow of funds, and attribute activity to real-world actors. Unlike traditional financial forensics — which rely on centralized records — blockchain forensics examines activity on decentralized, pseudonymous ledgers like Bitcoin, Ethereum, and others.

At its core, blockchain forensics combines on-chain data (transaction history, addresses, smart contracts, etc.) with off-chain intelligence (entity data, open-source intelligence, sanctioned entities, etc.) to reveal the origin, destination, and context of digital asset transfers.

This process is fundamental to detecting fraud, tracing stolen assets, investigating hacks, and assessing the risk of counterparties in the crypto ecosystem.

{{horizontal-line}}

Why is blockchain forensics critical in crypto investigations?

The pseudonymous nature of cryptocurrency has attracted bad actors who seek to exploit digital assets for money laundering, scams, ransomware payments, sanctions evasion, and other illicit uses. In 2024, TRM saw USD 45 billion in illicit crypto transaction volume (0.4% of overall crypto volume). While crypto usage remains predominantly lawful, effective blockchain forensics is critical in fighting back against its illicit use.

Investigators use blockchain forensics tools to:

  • Trace illicit proceeds across wallets and blockchains
  • Unmask relationships between entities through behavioral heuristics
  • Attribute wallets to known services or threat actors
  • Identify mixers, obfuscation tactics, and high-risk patterns

Blockchain forensics also enables real-time detection of threats and helps create audit trails that are admissible in court — making it indispensable for both detection and prosecution.

{{horizontal-line}}

Why is TRM the best blockchain forensics platform?

TRM Labs is the leading provider of blockchain forensics solutions in 2025, trusted by law enforcement agencies, regulators, and crypto platforms around the world.

TRM Forensics enables criminal investigators and compliance teams to effectively trace and act on crypto linked to crime, with unique features like:

  • Broad blockchain coverage: TRM Forensics supports 40+ blockchains, including major networks such as Bitcoin, Ethereum, Solana, TON, and TRON
  • Universal tracing: Trace between entities and addresses on the same graph, allowing for both rapid decision making at a macro level and the ability to drill into specific fund movements — essential for legal process
  • Signatures®: TRM goes beyond basic attribution by analyzing behavioral patterns to surface suspicious patterns across transactions
  • Glass box attribution: TRM has no secrets and shows the source and confidence score in the UI for every attribution
  • Secure deployment: TRM is dedicated to safeguarding customer data with industry-leading security measures, including the option to access our platform in a FedRAMP® High authorized cloud environment

These capabilities, combined with our leading support and team of industry and investigative experts, make TRM the most comprehensive and effective blockchain forensics platform available.

{{horizontal-line}}

What are the primary use cases for blockchain forensics for law enforcement, crypto businesses, financial institutions, and global regulators?

How law enforcement agencies use blockchain forensics

  • Trace the flow of illicit funds across wallets and exchanges
  • Attribute activity to threat actors or criminal networks
  • Build evidentiary case files with on-chain transaction histories
  • Identify the use of mixers or obfuscation tools like Wasabi and Tornado Cash

How crypto businesses use blockchain forensics

  • Screen wallets for potential links to illicit activity
  • Maintain exchange integrity by flagging and investigating high-risk transactions
  • Collaborate with forensics vendors to support compliance and incident response

How financial institutions use blockchain forensics

  • Assess the risk of customers or counterparties engaging in crypto transactions
  • Support anti-money laundering (AML) investigations with forensic tracing
  • Understand exposure to illicit crypto flows (e.g. ransomware payments)
  • Conduct due diligence when evaluating new fintech or crypto partnerships

How regulators use blockchain forensics

  • Monitor systemic risks tied to illicit crypto flows
  • Analyze cases of cross-border money laundering
  • Oversee the effectiveness of Virtual Asset Service Provider (VASP) compliance programs
  • Coordinate with law enforcement on high-impact investigations

{{horizontal-line}}

What are the key considerations for evaluating or using blockchain forensics tools?

When choosing a blockchain forensics tool, it’s important to consider solutions that will meet — and continue to grow with — your agency or organization’s unique investigative, compliance, and operational needs. Here are five critical factors to evaluate:

1. Blockchain coverage

Does the platform support all relevant blockchains? Make sure the platform supports the full range of blockchains relevant to your investigations and compliance program — including Bitcoin, Ethereum, TRON, and newer DeFi or cross-chain protocols. A tool with limited coverage may cause blind spots in critical cases.

TRM advantage: TRM Forensics supports 40+ blockchains, including emerging and high-risk ecosystems, with continuous updates that ensure investigators have full visibility into the crypto landscape.

2. Attribution accuracy

Are wallet labels and heuristics vetted, up to date, and defensible? Reliable wallet attribution is essential for effective investigations. Ensure the platform’s labels, attributed entities , and clustering heuristics are continuously updated, verifiable, and supported by a clear methodology.

TRM advantage: TRM’s attribution is powered by transparent attribution and modeling that has been independently reviewed, giving teams confidence in their conclusions and courtroom-grade accuracy.

3. Automatic cross-chain tracing and indirect exposure

Can the platform trace assets across chains and reveal indirect exposure? With the rise of bridges and complex laundering techniques, it’s critical that investigators can follow funds across chains and identify not just direct counterparties but also indirect exposure. Manual methods can introduce delays or errors.

TRM advantage: TRM automatically traces assets across chains — even through bridges and swaps — and identifies indirect exposure to Virtual Asset Service Providers (VASPs), threat actors, and threat categories such as fraud, terrorist financing, and ransomware. This enables deeper insights and faster resolution of complex, cross-chain cases.

4. End-to-end fund flow visualization

Can you see the full picture, including off-chain context? Investigators need the ability to visualize the entire flow of funds — from origin to destination — and incorporate critical off-chain context like suspect profiles, exchange accounts, or case annotations.

TRM advantage: TRM’s custom graph elements allow you to enrich on-chain traces with off-chain context by adding custom nodes to the graph. This gives teams a truly end-to-end view of how funds moved, who was involved, and how each node fits into the broader investigative narrative.

5. Ease of use

Is the interface accessible to non-technical users like compliance officers or field agents? Investigative teams may include both technical analysts and non-technical users. The tool should offer an intuitive interface, simple workflow capabilities, and a low learning curve to ensure it delivers value across teams.

TRM advantage: TRM’s user interface is designed for accessibility and speed, making it easy for everyone from field agents to compliance officers to conduct complex investigations without friction. Our solutions also enable seamless investigative coordination. For example, with TRM Triage, an officer can search crypto artifacts identified in the field and escalate evidence or cases to tracing specialists in TRM Forensics if needed — all from their mobile device.

{{horizontal-line}}

Frequently asked questions about blockchain forensics

What is blockchain forensics used for?

Blockchain forensics is used to trace the movement of cryptocurrencies across wallets and exchanges, identify illicit activity, and attribute transactions to real-world actors. It's essential for investigations, compliance, and risk assessment.

What tools are used in blockchain forensics?

Specialized solutions like TRM Forensics are commonly used by investigative teams. These tools combine blockchain data, attribution models, and visualizations.

How does TRM Labs support blockchain forensics?

TRM Labs offers advanced blockchain forensics capabilities through its TRM Forensics solution, which provides tracing at the entity and address level, behavioral intelligence, glass box attribution, and leading blockchain coverage.

Who uses blockchain forensics tools?

Law enforcement agencies, crypto exchanges, financial institutions, regulators, and risk teams use blockchain forensics tools to investigate crimes, meet compliance requirements, and detect threats.

Can blockchain forensics trace stolen crypto?

Yes. Blockchain forensics tools enable investigators to trace stolen or hacked crypto assets through wallets, mixers, and exchanges. TRM Forensics enables investigators to follow complex transaction flows, even across multiple chains.

For more on how blockchain forensics supports global investigations, check out our TRM Forensics page.

Keep learning

Blockchain intelligence

Explore blockchain intelligence, the advanced practice of analyzing on-chain and off-chain data to detect risks, trace illicit funds, and ensure compliance. Learn how it enhances crypto compliance, aids law enforcement, and supports regulatory oversight. Discover its future with AI integration, cross-chain analytics, and global regulatory applications.

Learn more

Crypto tracing

Discover what crypto tracing / blockchain tracing is, and how blockchain intelligence is used to track cryptocurrency transactions. Learn its applications for law enforcement, defense agencies, regulators, and businesses in combating illicit activities and ensuring compliance.

Learn more

Crypto assets

Learn about crypto assets—digital representations of value powered by blockchain technology. Discover how they revolutionize finance with decentralization, transparency, and innovation. Explore opportunities and challenges for compliance teams, including KYC/AML evolution, risk assessment, and global regulatory strategies.

Learn more
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.