Chainalysis: How Crypto Blockchain Tracing Works
Most people still think crypto is anonymous. It isn't. And no company has done more to prove that than Chainalysis. Send Bitcoin from one wallet to another and you haven't whispered a secret; you've published a permanent line in a public ledger that anyone can read, including a firm built specifically to read it. Chainalysis turns that raw data into names, criminal cases, and courtroom evidence, then sells the result to tax agencies, the FBI, and a long list of the crypto exchanges you already use. What it actually is, how the tracing works, who pays for it, and how far to trust its crime numbers, is what the rest of this is about.
What Chainalysis Is and Where It Came From
Chainalysis is, at bottom, a blockchain analysis company. What does that mean once you strip the marketing? It links the anonymous-looking addresses on public blockchains to actual people and businesses, then sells that blockchain intelligence to whoever needs to follow the money. Governments, mostly.
Born from the Mt. Gox hack
The origin story matters here. Chainalysis started in 2014, when its three founders, Michael Gronager, Jan Møller, and Jonathan Levin, set out to make sense of the Mt. Gox disaster, the Tokyo exchange that somehow lost hundreds of thousands of bitcoins. Someone had to trace where those coins went. No tool existed for the job, so they built one. That first case became the template for everything after. A crisis hits, money moves on-chain, Chainalysis follows.
From startup to $8.6 billion
From that niche, growth came fast. A 2022 round of $170 million valued it at $8.6 billion, led by Singapore's sovereign fund GIC. These days the firm claims 1,400-plus customers and more than 800 government agencies in about 70 countries, and Fortune put it at the top of its 2026 crypto-services ranking. One caveat on that valuation. No public round has tested it since 2022, and there's no IPO on file, so $8.6 billion is a three-year-old sticker price, not today's number. The corner office changed hands too, with co-founder Gronager leaving for good in December 2024 and fellow founder Jonathan Levin stepping up.
What protects all of this is not a secret algorithm. It is the label database. Anyone can cluster addresses; almost no one else has spent a decade tagging which cluster is which exchange, which mixer, which scam. That accumulated attribution is the moat, and it is why a newer rival cannot simply copy the tool overnight.
How Chainalysis Does Blockchain Analysis
Here is the counterintuitive part. The hard problem in crypto tracing is not reading the blockchain. The blockchain is public; anyone can download it. The hard problem is that the addresses on it are just strings of characters, not names. Chainalysis makes its money closing that gap.
Clustering and address attribution
The main technique is clustering. When you spend crypto, the way the transaction is built often leaks clues that several addresses belong to the same owner. Spend coins from two addresses in one transaction and you have probably just told the world they share a wallet. Chainalysis runs heuristics like this across the entire blockchain data set, grouping thousands of scattered addresses into single entities. Then it attaches labels. This cluster is Binance. That one is a sanctioned mixer. This one matches a scam reported last month. The blockchain analysis is only as good as those labels, and building them is the real work, gathered from exchange data, undercover purchases, leaks, and years of investigation.
From pseudonymous to identified
Clustering tells you which addresses move together. It does not, on its own, tell you who the human is. That last step usually happens where crypto touches the regulated world. The moment funds pass through an exchange that did KYC checks, there is a name attached to an address, and a subpoena can pull it. Your web3 footprint does the rest: a reused address, a tip to a known wallet, an NFT bought with traceable coins. Stitch enough of these together and "anonymous" quietly becomes "identified."
| Tracing step | What Chainalysis does | What it reveals |
|---|---|---|
| Clustering | Groups addresses that move together | One wallet behind many addresses |
| Attribution | Labels clusters as exchange, mixer, scam | What kind of entity you are looking at |
| Fund-flow tracing | Follows money hop by hop | Where stolen or illicit funds went |
| Off-ramp match | Links a cluster to a KYC exchange | A real name a court can subpoena |
Reactor, KYT, and the Data Solutions
Two products carry most of the weight. Reactor is the investigation tool: a visual graph where an analyst starts from one address and clicks outward, watching the flow of funds branch across wallets, exchanges, and borders. It is what an FBI agent or a fraud investigator actually stares at.
KYT, short for Know Your Transaction, is the compliance product. Instead of investigating after the fact, it screens wallets in real time so an exchange can flag a deposit coming from a sanctioned address before it lands. Financial institutions and crypto businesses buy KYT to stay on the right side of anti-money-laundering rules. On top of these sits a data-solutions business that sells market and risk intelligence. Chainalysis has also been buying its way wider: it picked up Hexagate in December 2024 for on-chain threat prevention, then Alterya in January 2025, a fraud-detection firm that was already monitoring around $8 billion in transactions a month. The logic behind the shopping is coverage. Every new data source and every monitored chain makes the core graph harder to evade, and a wider graph is simply a better product to sell to the next exchange or agency.
Who Pays Chainalysis: Governments and Crypto
Want to understand Chainalysis? Follow its own money. The biggest single source of revenue has long been government. As of 2023, agencies accounted for roughly 70% of sales, and the client roster reads like a law-enforcement phone book: the FBI, the DEA, IRS Criminal Investigation, the UK's National Crime Agency, and plenty more overseas.
That is exactly why the company sits in an awkward spot. To a fraud victim, Chainalysis is the firm that might claw back stolen funds. To a privacy advocate, it is surveillance infrastructure with a friendly dashboard, mapping ordinary people's financial lives without their consent. Both views are fair, and the heavy government skew is why the second one will not go away. The private side is real too, exchanges and banks paying for KYT, but it has grown more slowly. In October 2023 the firm cut about 150 jobs, roughly 15% of its staff, a reminder that even the category leader is not immune to a down market.
The compliance side leans on one blunt fact: regulated firms have to screen digital assets for sanctioned and illicit funds or risk fines, so KYT is less a luxury than a checkbox auditors expect. That regulatory pressure, more than any sales pitch, is what keeps the private revenue growing at all.
The Crypto Crime Report and Illicit Data
Once a year Chainalysis publishes its Crypto Crime Report, and it lands everywhere: news headlines, regulator speeches, congressional hearings. It is the most-cited crime data in the industry. It is also a moving target, and the movement is the story.
Start with the headline figure, because it never sits still. Chainalysis first pegged 2024 illicit volume near $40.9 billion. Then it bumped the number to $57.2 billion once more addresses were identified, which still works out to a tiny 0.14% of all crypto activity. The 2025 estimate is where eyes widen: a lower bound that jumped to roughly $154 billion. Scary, right? Now read the footnote. Most of that leap traces to a single sanctioned Russian token called A7A5, worth around $93 billion on its own. Strip it out and the panic deflates. The figure that should actually worry you is North Korean theft, which hit a record $2.02 billion in 2025. One heist did the bulk of the damage: the $1.5 billion Bybit hack, the biggest single crypto theft ever recorded.
The revisions are not a scandal; they are how the method works, since illicit addresses keep getting identified months or years after the fact. But it does mean a fresh headline number is always an underestimate that will later climb, and that nuance rarely survives the trip into a news story.
| Metric | 2024 | 2025 |
|---|---|---|
| Illicit volume (Chainalysis) | $57.2B (revised from $40.9B) | ~$154B (lower bound) |
| Skewed by | — | A7A5 sanctioned token (~$93B) |
| North Korea theft | — | $2.02B (record) |
Crypto Crime Cases Chainalysis Helped Crack
Governments keep paying because the wins are real, and some are jaw-dropping. When the FBI unwound Silk Road, more than $1 billion in Bitcoin was eventually clawed back. The coins stolen in the 2016 Bitfinex hack sat on-chain for years until investigators traced them to a couple in New York and seized $3.6 billion in February 2022, the biggest financial seizure the US had ever made. After the 2021 Colonial Pipeline attack froze a fuel artery across the East Coast, part of the ransom was recovered by following the DarkSide ransomware crew's wallets. And in the case nobody likes to discuss, payment tracing helped shut down Welcome to Video, a child-abuse site funded in Bitcoin, and identify the people behind it. That track record is the entire sales pitch, and it works.
The Chainalysis Difference and Its Critics
So far this reads like a success story. It mostly is. But the part the company's own marketing skips is that its tools are powerful but far from infallible, and that gap matters most in exactly the place Chainalysis is used most: a courtroom.
Is the clustering actually proven?
The sharpest test came in the Bitcoin Fog trial of Roman Sterlingov, accused of running a Bitcoin mixer. Under questioning, the limits showed. There was no published, peer-reviewed study validating how accurate the Reactor clustering really is. Rivals have been blunter: analysts at CipherTrace once estimated that some behavioral-clustering heuristics could be wrong as much as 64% of the time. Chainalysis's methods survived the legal challenge and were allowed as evidence, but admissibility is not the same as proven accuracy. Sterlingov was convicted in 2024, yet the underlying worry stands: a heuristic that looks authoritative on a screen is still a probability, not a fingerprint. Good investigators treat its output as a lead to confirm, not a verdict.
There is a subtler critique too. Because Chainalysis both defines what counts as illicit and measures how much of it there is, some researchers argue its crime totals run high by construction. When the same firm writes the ruler and reads it, a little skepticism is healthy.
The privacy and surveillance cost
Then there is the bigger question of what it means for everyone else. Chainalysis does not need a warrant to watch a public blockchain, and it sells the resulting map of who-paid-whom to governments at scale. For catching thieves and scammers, that is a feature. For the ordinary user who assumed crypto offered some financial privacy, it is a quiet erosion. There is no easy resolution here, only a trade-off that the industry has mostly made without asking the people on the ledger.
Is Crypto Really Anonymous Anymore?
Short answer: no. And it never really was. Bitcoin and most coins are pseudonymous, which means your name isn't stamped on-chain, but every move you make is recorded forever. Mixers and privacy coins make you harder to follow, though they don't guarantee cover, and reaching for them now invites its own scrutiny; the US went so far as to sanction the Tornado Cash mixer. The honest takeaway for a normal user is short. The chain remembers, and there are companies whose whole job is to read it.
What Chainalysis Really Means for Crypto
Chainalysis took the myth of anonymous internet money and swapped in a quieter truth: a public ledger that the right software reads like a roadmap. Good news when the target is a North Korean hacking crew or a child-abuse ring. Less comfortable when the lens swings toward ordinary wallets. And less certain than it looks, because the same numbers get revised and the same heuristics get picked apart in court. So, two practical lessons. Assume the chain remembers everything you do. And read those widely quoted crime stats with the footnotes, and the revisions, kept firmly in view.
