What is blockchain forensics?

Blockchain forensics is the process of analyzing blockchain transactions to trace cryptocurrency movements, identify suspicious patterns, and gather evidence for legal proceedings. It combines data analysis, pattern recognition, and investigative techniques.

Is ForensicBlock evidence court-admissible?

ForensicBlock provides court-ready reports with cryptographic verification and chain-of-custody tracking designed for evidentiary workflows. Evidence quality and admissibility depend on proper handling, jurisdictional rules, case facts, and expert testimony in each proceeding.

Which blockchains does ForensicBlock support?

ForensicBlock supports 30+ live blockchain networks including Bitcoin, Ethereum, Solana, TRON, XRP Ledger, Polygon, Arbitrum, Optimism, Base, BNB Smart Chain, Avalanche, Cardano, Polkadot, TON, Litecoin, and more. Coverage expansion toward 30+ networks is on our active roadmap.

How does ForensicBlock compare to Chainalysis?

ForensicBlock is an AI-first alternative to Chainalysis. While Chainalysis uses rule-based tools requiring trained analysts and costs $37,000+/year, ForensicBlock uses autonomous AI agents that conduct investigations independently — starting at just $19. Our AI analyzes behavioral patterns rather than relying solely on labeled address databases, enabling detection of novel threats.

Can ForensicBlock trace stolen cryptocurrency?

Yes. ForensicBlock's AI agents trace stolen cryptocurrency across supported networks, following funds through mixers, bridges, DeFi protocols, and cross-chain swaps. Our workflows generate defensible evidence packages with chain-of-custody documentation to support asset recovery and law enforcement investigations.

Does ForensicBlock support AML compliance and sanctions screening?

Yes. ForensicBlock provides comprehensive AML compliance tools including OFAC sanctions screening, Know Your Transaction (KYT) monitoring, Suspicious Activity Report (SAR) support, and continuous address monitoring. Our risk scoring engine combines 13 ML models for accurate threat detection across all supported blockchains.

Risk Scoring Methodology

ForensicBlock's risk scoring model is designed to be transparent, reproducible, and legally defensible. Every score can be traced back to specific on-chain data and verifiable risk factors.

Model version: risk-v2.0.0 | Last updated: March 2026

Model Overview

The ForensicBlock risk score is a weighted composite of multiple independent risk signals. Each signal is scored individually on a 0–100 scale, then combined using fixed weights to produce a final score between 0 and 100. The model uses no black-box components — every factor, weight, and threshold is documented here.

Independent risk factors

200+

Curated entity labels

100%

Deterministic scoring

Risk Factors & Weights

Each factor contributes proportionally to the final score based on its assigned weight. Weights are normalized so that the available factors always sum to 100% of the score, regardless of which signals are available for a given address.

Sanctions Screening

30%

Checks the address against the OFAC Specially Designated Nationals (SDN) list and other sanctions databases. A confirmed match results in a maximum score of 100 for this factor.

Data source: OFAC SDN list, ForensicBlock Intelligence Database

Entity Classification

18%

Identifies the address as belonging to a known entity type (exchange, DeFi protocol, mixer, scam, etc.) using a curated database of 200+ labeled addresses. Risk scores vary by entity type: mixers and scams score highest (90-95), bridges and DeFi score moderate (35-45), exchanges score lower (25).

Data source: ForensicBlock Entity Database, on-chain heuristics

Exposure Analysis

15%

Measures the proportion of funds flowing to or from sanctioned addresses (60% weight), mixer/privacy protocols (25% weight), and darknet markets (15% weight). The composite exposure score reflects indirect risk through counterparty relationships.

Data source: Multi-hop transaction tracing via Alchemy Asset Transfers API

Transaction Volume

12%

Evaluates the total number of on-chain transactions. Uses a logarithmic scale (log10) to normalize across different activity levels. Higher transaction counts can indicate commercial activity or layering patterns depending on context.

Data source: On-chain transaction history

Recent Activity (24h)

10%

Measures the number of transactions in the last 24 hours. Sudden spikes in activity can indicate fund movement campaigns or automated behavior. Scored on a logarithmic scale.

Data source: Real-time blockchain data

On-Chain Balance

Current native currency balance. Large balances in newly created addresses or addresses with sanctioned exposure increase risk. Scored logarithmically.

Data source: Alchemy eth_getBalance

Counterparty Diversity

The number of unique addresses this address has transacted with. Low counterparty diversity combined with high volume can indicate peel chain or fan-out patterns.

Data source: Transaction graph analysis

Token Footprint

Number of distinct token types held or transacted. Unusually high token diversity may indicate DeFi farming, airdrop harvesting, or wash trading.

Data source: Alchemy getTokenBalances

Address Age

Time since the address's first on-chain activity. Addresses less than 30 days old receive elevated risk scores (up to 70 for brand-new addresses) as they are more likely to be disposable addresses used in laundering schemes.

Data source: First transaction timestamp

Score Calculation

finalScore = round( sum(factor_score[i] * weight[i]) / sum(weight[i]) )

Where factor_score[i] is the 0-100 score for each available factor and weight[i] is the fixed weight. The denominator normalizes for available signals — if only 4 of 9 factors are computable for an address, the weights of those 4 factors are re-normalized to sum to 1.0.

Confidence Score

Every risk assessment includes a confidence score (0.20–0.95) reflecting the completeness and quality of available data:

Base confidence starts at 0.30 and increases with each available signal (up to 8 signals = +0.60)
Addresses with fewer than 3 transactions receive a -0.10 confidence penalty
During multi-agent investigations, confidence is further adjusted by the verification rate of findings

Risk Level Thresholds

0–34

Low

No significant risk indicators. Standard due diligence sufficient.

35–59

Medium

Some risk indicators present. Enhanced due diligence recommended.

60–79

High

Multiple risk indicators. Investigation and compliance review required.

80–100

Critical

Severe risk. Likely sanctions match, mixer usage, or confirmed illicit activity.

Multi-Agent Validation

During full investigations, ForensicBlock employs six specialized AI agents. Each agent produces independent findings that are cross-validated by the orchestrator:

TRACER — Multi-hop transaction tracing with bridge and mixer detection
SENTINEL — OFAC/SDN screening and per-factor risk scoring
ANALYST — Behavioral pattern recognition (peel chains, fan-out, round-trips, etc.)
REPORTER — Evidence compilation and court-ready report generation
WATCHER — Real-time address monitoring via blockchain webhooks
HUNTER — Recovery probability assessment and exchange identification

Findings must be verified against on-chain evidence before being included in the final report. The overall confidence score is reduced proportionally to unverified findings: adjusted = confidence * (0.5 + 0.5 * verificationRate)

Data Sources

Alchemy

Primary blockchain data provider. Real-time transaction data, asset transfers, token balances, and webhook-based monitoring across EVM chains.

Etherscan V2

Secondary provider for historical transaction data. Multi-chain support via chain ID parameter.

OFAC SDN List

Official U.S. Treasury Specially Designated Nationals list. Updated regularly and cached locally with 5-minute refresh cycles.

ForensicBlock Intelligence

Curated database of 200+ labeled addresses covering exchanges, DeFi protocols, bridges, mixers, scams, and sanctioned entities.

Reproducibility & Defensibility

ForensicBlock is designed for legal proceedings:

Deterministic scoring — The same inputs always produce the same score. No randomness in the risk model.
Evidence citations — Every risk factor cites specific transaction hashes, block numbers, or data source references.
SHA-256 integrity — Generated PDF reports include a SHA-256 hash of the complete document stored on record for tamper detection.
Audit trail — Every agent action, finding, and decision is logged with timestamps for full investigative chain of custody.
Model versioning — Risk scores include the model version used, enabling reproduction of historical assessments.

Ready to investigate?

Try a free risk check on any blockchain address, or sign up to run full forensic investigations with all six AI agents.

Loading ForensicBlock

Preparing your blockchain forensics platform...