The end of anonymity: who tracks crypto transactions, how, and why

The decentralised world is no longer as autonomous as it was a decade ago. Trends point to tighter regulation, closer identification of users and even individual wallets. In parallel, transaction-tracking tools are evolving—useful to some for crafting trading strategies, to others for exposing illicit activity, and to a third group for manipulating markets.

ForkLog spoke with Grigory Osipov, director of investigations at “SHARD”, about how analytics systems work, where they help—and where they harm.

Who tracks cryptocurrencies—and why

Pro-government analytics firms (Chainalysis, Crystal, Elliptic, TRM Labs) monitor cryptocurrencies, declaring clear and benign aims: preventing the use of digital assets to launder illicit proceeds.

Yet such activity can be bent to manipulation and abuse. Any service that, for one reason or another, has been used to move fiat through crypto while bypassing US‑regulated exchanges risks landing on the watchlist of the American firm Chainalysis.

At the same time, many genuinely useful analytics services have emerged, offering insight into asset flows—for instance, movements by “whale” addresses.

Tracking is also used for investment, focusing on exchange metrics and market trends. A simple example is copy trading: analysing and mirroring the actions of large players, studying their portfolios to inform one’s own strategy.

The problem of transaction anonymity

Questions of crypto tracking sit alongside those of user privacy. On the one hand, anonymous transactions confer freedom and safety, helping avoid unnecessary oversight and interference by third parties.

On the other, state agencies seek to prevent illicit use of crypto. They push policies that require users to disclose information about their wallets, including mandatory AML/KYC procedures for centralised services. Such rules significantly constrain privacy, a stark contrast to the days when it was easy to stay under the radar.

Anonymity in payments, then, is a balance between protecting private life and safeguarding society.

What is cryptocurrency labelling

Although transactions on public blockchains are open, transparent and immutable, the identities of people or organisations behind specific addresses are not recorded. That preserves the confidentiality of operations while keeping deal structures transparent.

As cryptocurrencies appeared, analytics firms began studying asset flows over long periods and from multiple angles. They use advanced visualisation tools and maintain carefully assembled databases mapping addresses to specific services and even individuals. This information is called labelling.

Knowing a few addresses belonging to a given service, analytics systems can infer an entire group of wallets used by it—sometimes numbering in the thousands. The value of such systems depends heavily on the quality and accuracy of the labelling, which can contain inaccuracies and errors.

Types of cryptocurrency labelling

Depending on the entities involved, labelling can cover exchanges, crypto funds, mining pools, bridges and other segments. Of particular importance is “criminal” labelling, which links addresses to darknet markets, casinos and mixers, as well as ransomware, hackers and financial pyramids.

Ties between analytics systems and government agencies have turned these tools into instruments of market manipulation. If a blockchain address is flagged as linked to criminal activity, it effectively blocks cashing out through centralised venues that comply with anti‑money‑laundering rules.

Beyond labelling, these systems classify addresses by risk levels based on their characteristics. Addresses can be “coloured” according to alleged illicit activity or sanctions evasion. A key factor in such risk scoring is the presence of “criminal” labelling.

Ways to track cryptocurrency movements

Alongside the big analytics suites, there are free or freemium services (Whale Alert, Cryptocurrency Alerting, BTC-parsing). They track a limited set of metrics—for example, only whale transactions.

The main methods include:

1. Monitoring wallets that move large sums. Whale activity can be tracked via block explorers (Etherscan, Solscan and BscScan), which let users view transaction histories and balances for specific wallets—surfacing significant fund movements. On 25 July 2024, an anonymous holder of 750 BTC stirred after 11 years of dormancy: the address moved the funds to a new address for storage. The previous activity on the first address was on 4 June 2013, when bitcoin traded at $120. An analysis of the deposit chain to the address via SHARD’s tooling suggests the funds are not entirely clean: they show activity on darknet markets, and part of the money came from addresses of the shuttered BTC‑e exchange. The transaction may indicate that new market participants have gained access to stolen funds and plan to move them soon amid bitcoin’s rising price. It may also have been done for security, moving coins from the old Legacy (P2PKH) format to the more modern, less vulnerable SegWit (P2WPKH) format.
2. Analysing transaction structure and on-chain volumes. Sudden surges in transaction volume or large transfers can signal whale activity. Trading terminals and charting platforms help visualise such patterns, allowing traders to anticipate potential market moves.
3. Monitoring exchange activity. Whales often trade on major venues. Order‑book flows and block trades can be watched on exchanges and via specialist dashboards. These data are useful for building strategies and forecasting market trends.
4. Tracking crypto portfolios. Trackers such as CoinStats and Blockpit let investors monitor all their assets in one place, offering a view of market trends and the performance of specific coins. They can aggregate data from multiple exchanges and wallets to provide a comprehensive picture of a user’s holdings.
5. Advanced crypto‑analytics tools—cluster analysis, heuristic analysis and other methods—offer deeper insight into links between entities or groups on the network to tackle complex tasks.

For example, on 11 August 2024 on Ethereum, 0.8776 ETH was sent from one address to another, while the fee totalled 34.62 ETH (~$87,500 at publication)—nearly 35 times the amount sent. Such an operation is possible only with a manually set fee and only in wallets that allow that option. The sender’s address is itself a validator on the Ethereum network.

Immediately after the high‑fee transaction, the sender received a transfer from a phishing address that closely resembles the destination address at the beginning and end. There may be some link between the events, as the gap between the transactions was just a minute.

As for refunding the overpaid fee, the funds went to the validator’s address. Such funds are often returned to the unlucky sender for reputational reasons.

With blockchain‑analytics methods and tools, one can investigate cases, gather data for informed trading decisions, and analyse competitors and counterparties.