Chainalysis, a leading blockchain research firm, says that the best way to assess or determine the risk of a virtual currency address or group of associated addresses (e.g., like a wallet) is to analyze all the other addresses with which it has conducted transactions.
According to Chainalysis, if many of these crypto addresses are themselves connected or linked in some way to illicit activities, then we might be able to conclude that the initial address “carries more risk.” Chainalysis explains that we call this “concept exposure, meaning the types of addresses and services to which the target address has been exposed.”
The blockchain analysis firm’s Chainalysis Reactor tool aggregates this data for individual cryptocurrency addresses, wallets, and services, and “displays it in exposure wheels, which express the address’ total exposure as an explanatory pie chart.”
Exposure categories in Reactor include services such as digital asset exchanges – which may include subcategories like peer to peer exchanges such as LocalBitcoins or Paxful. Categories may also include merchant services providers, and illicit categories such as darknet markets, or even crypto-asset wallets we know to be linked with damaging exchange hacks and other types of illegal or criminal activity.
Chainalysis Reactor can measure both direct and indirect exposure. As explained by the blockchain firm, direct exposure “represents services or other entities that are direct counterparties of the target address across any of its transactions.” Meanwhile, indirect exposure aims to measure “the services and entities that make up the origins or destinations of funds in the target address’ transactions in cases where there are non-service addresses between the target address and those services or entities.”
Chainalysis further explained what indirect exposure means:
“Imagine a target address sends funds to another address that isn’t attributed to a service or other identified entity in Chainalysis’ dataset. In that case, Reactor automatically follows the funds until they reach an attributed service or entity, and counts that service or entity in the target address’ indirect exposure. We use services as the ‘stopping point’ for when to include an address in indirect exposure because tracing funds through a service usually isn’t possible using blockchain analysis. Once a user deposits funds at a service like an exchange, the service itself moves the funds between its internal wallets, so we can no longer use blockchain analysis to track them as if the user is controlling them.”
As noted by Chainalysis, indirect exposure’s importance is “unique” to cryptocurrency because of the nature of distributed ledger technology (DLT). These concepts are quite new and investigators and compliance officials might not know how to effectively track these types of transactions since they’ve mostly worked with fiat currencies in the past.
Chainalysis provides an example of a Wells Fargo account receiving funds from a Citibank account, In these traditional bank transfers, Wells Fargo would know that Citibank’s compliance team has actually screened (or should have) the original source of these funds for links or connections to illicit activities.
But with virtual currencies, users are able to move funds directly to digital asset exchanges or other services from their self-hosted online wallets, where they might not be subject to the standard compliance checks and are directly under the user’s control.
Chainalysis further notes that it’s relatively easy for users to create many different self-hosted wallets, which can then serve as a sort of buffer between their wallet or exchange account, and any illegal services they might decide to interact with.
According to Chainalysis, this is “a common tactic that cybercriminals often use in an effort to obfuscate their activity and make tracing harder.” The blockchain firm adds that this is why Reactor’s indirect exposure calculations “account for all services and entities that ultimately receive or send funds to or from the target address, no matter how many intermediary non-service addresses— or ‘hops,’ as they’re colloquially known — are in between.”
Chainalysis further explains that peel chains show why it’s important to keep track of each hop.
The blockchain company notes:
“A peel chain is a transaction pattern commonly seen in blockchain analysis, in which there appear to be many intermediary addresses between a target cluster and another cluster of interest, such as a service or illicit entity. In reality though, those intermediary addresses are part of the user’s original wallet, and are created automatically to receive the leftover change that results from certain transactions. Indirect exposure is crucial here, as it can alert investigators to examine a wallet or address’ transactions more closely, allowing them to spot peel chains that would otherwise conceal illicit activity.”
According to Chainalysis, analyzing direct counterparties is “the best way to assess the risk of a cryptocurrency address, but it won’t tell you the whole story.” The blockchain firm adds that the “unique infrastructure” of cryptocurrency means we need to carefully look at those counterparties’ exposure. The firm also mentions that indirect exposure measurements allow them to warn authorities and investigators of target address’ potential connections to illicit activity “as specifically as possible, but with enough context for them to know how to investigate further.”