New tech streamlines investigations into illicit crypto use

Law enforcement agencies in the US have been rapidly onboarding cryptocurrency investigative tools.

A new offering on the market aims to condense chains of crypto transactions into easily viewable timelines — perfect for showing to a jury, for example.

On May 18, at a conference in New York City, Jacob Illum, a chief scientist for blockchain sleuthing firm Chainalysis, announced a new investigative technology dubbed Storyline.

Launched in 2014 and with a recent funding round valuing the firm at $8.6 billion, Chainalysis is the current market leader in crypto investigations. Chainalysis’ flagship investigation tool has historically been Reactor, which visualizes crypto wallets and their transactions in extensive webs.

While Reactor aims to improve upon publicly available block explorers, in cases of more intricate transaction histories, those webs can be hard to examine. For someone less familiar with blockchains, they are difficult to decipher. This is especially true when it comes to smart contract interactions, which can involve a number of intermediary wallets that are not at the core of the transaction.

“The solution to obfuscation is simplicity,” Illum told The Block. Illum, who colleague and investigator Erin Plante described as “James Bond’s Q,” led the development of Storyline, which has been in beta testing within the company for the past eight months.

The Block reviewed a demonstration of Storyline, which was led by Illum. It draws on the same blockchains — mostly Ethereum Virtual Machine-compatible chains — and data sources as Reactor but filters out “what’s noise and what is real,” as Illum put it. Storyline identifies a number of intermediary wallets that are not core parties to a transaction.

Illum pulled up a case of wash trading in NFTs that went through aggregators. The aggregators allowed the NFTs to change hands for steadily increasing valuations, after which trades they returned to the original wallet which would sell it again. It’s a project that Illum has worked on for some time.

The Reactor imagery is comprehensive but is a veritable Christmas tree of multicolor types of transactions and various intermediaries which, in addition to being opaque, does not clearly illustrate that those NFTs were going back to the original wallet that was selling them.

Source: Source: Chainalysis Reactor; wallet addresses blurred


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Storyline condenses these wallets into chronological transactions, as shown below.

Source: Chainalysis Storyline

This was, however, a prepared project. For a more live demonstration, The Block requested an address from the Ronin hack, which the US Treasury has tied to the North Korean Lazarus Group and subsequently sanctioned a series of linked wallets.

With a transaction hash inputted, Storyline pulled up several wallets associated with the Ronin hack. It noted the wallets were sanctioned and, conveniently, put the date of their sanctions designation on a timeline.

After a couple of minutes of clicking, Illum found a series of outgoing transactions to other Ethereum wallets beginning post-sanctioning, on May 14 — to wallets that have not yet ended up on the US sanctions list. Several of those transactions ultimately led to Tornado Cash.

Source: Chainalysis Storyline

Illum demonstrated further outgoing transactions from Tornado Cash that happened shortly after those deposits and contained similar sums but noted that those required more research to confirm as affiliated.

The value is particularly valuable for presenting investigations to people who don’t know and don’t necessarily need to know the broader details of the blockchain. For criminal investigations, that can include prosecutors and juries.

“There is a flow to it that is followable and is fact. And I think that’s something we should explain more to juries,” said Santa Clara County cybercrime prosecutor Erin West of blockchain tracing during a panel. Of Storyline, she praised the value of “[h]aving that kind of timeline to tell a story and show to a jury.”

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Kollen Post is a senior reporter at The Block, covering all things policy and geopolitics from Washington, DC. That includes legislation and regulation, securities law and money laundering, cyber warfare, corruption, CBDCs, and blockchain’s role in the developing world. He speaks Russian and Arabic. You can send him leads at [email protected].