Global crypto-asset forensics-vendor layer — Chainalysis / Elliptic / TRM / Crystal comparison
On this page
Wiki route
This entry sits under exchanges index. Read it against Domestic VASP Act on Prevention of Transfer of Criminal Proceeds + FATF Travel Rule Domestic Implementation (2023-) for peer / contrast context and FSA crypto-asset exchange registration system — number system / Local Finance Bureau jurisdiction / registration requirements for the broader system / regulatory boundary.
Overview
CEXs + banks + law-enforcement agencies depend on specialized forensics vendors for AML/CFT monitoring, sanctions screening, and illicit-fund tracing of crypto-asset transactions. Chainalysis (US) reigns as the industry standard, with Elliptic / TRM Labs / Crystal Intelligence forming the competitive top tier. They are the core infrastructure for OFAC freezes + the Travel Rule + sanctions monitoring + Lazarus/North-Korea tracing, and modern crypto-asset regulation effectively presupposes the existence of these vendors. Domestic VASPs also all hold advisory contracts with overseas vendors.
Top 4 vendor comparison
- Chainalysis(NY · founded 2014 )— the industry standard. Reactor(investigation tool)+ KYT(real-time transaction monitoring)+ Crypto Crime Report(annual, public; the industry bible). Customers = US Treasury / FBI / IRS / National Tax Agency / numerous CEXs. Valuation $8.6B(2022 round)
- Elliptic(London · founded 2013 )— founded by Tom Robinson(ex-BAML). KYC + transaction monitoring + sanction screening. A customer base centered on institutional investors + banks. Gained fame for a freeze within 30 minutes in the Lazarus / Bybit hack
- TRM Labs(San Francisco · founded 2018 )— risk score + crypto-native API-first. Fast iteration + broad support for emerging chains. Issues a Crypto Crime Report(a Chainalysis competitor)
- Crystal Intelligence(a Bitfury subsidiary, Estonia → Switzerland)— European + Russian origin(now trending toward contraction due to regulatory issues). Strength toward law-enforcement agencies
Major services
- Transaction monitoring(KYT): real-time on-chain analysis. Instant risk-score responses on CEX deposit/withdrawal(tagged with mixer / sanctioned wallet / darknet market)
- Wallet labeling / clustering: a clustering DB of known wallets(Lazarus / Tornado Cash / Hydra Market / Garantex / Bitzlato)
- Sanction screening: automated OFAC SDN-list checks + integration of EU/UK/UN sanctions lists
- Investigation tools: fund-flow tracing UIs for law-enforcement agencies(Reactor / Investigator / Forensics)
Roles in major incidents
- 2022-02 Wormhole hack($325M): Chainalysis traced and publicly monitored the fund movements
- 2024-05 DMM Bitcoin Lazarus hack($305M): joint attribution announcement by Chainalysis + FBI + DC3
- 2025-02 Bybit hack($1.46B): Elliptic + ZachXBT coordinated a freeze within 30 minutes — the fastest-scale tracing response in history
- 2022-08 Tornado Cash OFAC sanctions: all vendors immediately handled the SDN expansion, tagging the contract addresses
- 2023-04 Bitzlato takedown: data provided by Chainalysis became core evidence for the prosecution
Relationship with domestic VASPs
All domestic VASPs(bitFlyer / Coincheck / GMO Coin / SBI VC Trade / bitbank / DMM Bitcoin)hold advisory contracts with Chainalysis or Elliptic. JVCEA Travel-Rule implementation also presupposes vendor APIs. TRM Labs is centered on B2C2 Japan / institutions. Crystal is limited. There is no domestic in-house vendor — an overseas-dependence structure(sovereignty risk = US OFAC policy changes directly affect domestic VASP operations).
Cross-links
- jp-vasp-aml-travel-rule-implementation
- jp-vasp-security-audit-certification
- bybit-lazarus-hack-detailed-analysis
- dmm-bitcoin-lazarus-hack-detailed-analysis
- cross-chain-bridge-cex-deposit-withdrawal
- jp-crypto-market-maker-otc-layer
- chain-level-ofac-freeze-precedent
- carf-1099da-end-of-crypto-anonymity
- forensic identity anchor chain
- bytecode forensic 3-tier verify
- wayback machine as forensic tool
Discovery
Keep reading
Read next
- Global DEX major 5 社 comparison This entry sits under exchanges index. Read it against グローバル CEX top 10 ランキング比較 (2025-2026) for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regulat... exchanges/global-dex-major-five-comparison
- Global institutional custody five pillars — Coinbase Custody / Fidelity / Anchorage / BitGo / Komainu This entry sits under exchanges index. Read it against グローバル CEX top 10 ランキング比較 (2025-2026) for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regulat... exchanges/global-institutional-custody-five-pillars
- Global perp DEX competitive deep-dive matrix Perpetual-futures DEXs sit on three structurally distinct liquidity models — CLOB (central limit order book on-chain or hybrid), vAMM / pool-counterparty (single multi-asset LP pool serves a... exchanges/global-perp-dex-competitive-deep-dive-matrix
Links here
- Bybit Lazarus $14.6 億 hack detailed analysis (2025-02) — largest crypto-asset outflow in history This entry sits under exchanges index. Read it against DMM Bitcoin 流出事件 詳細分析 (2024-05) — Lazarus 帰属 4,502.9 BTC for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broa... exchanges/bybit-lazarus-hack-detailed-analysis
- CoinDCX — India's largest CEX / FIU-IND PMLA registered overview This entry sits under exchanges index. Read it against WazirX for the closest India peer / contrast context, global CEX top 10 comparison for the broader global benchmark, and global VASP re... exchanges/cex-coindcx-india
- WazirX — India CEX / 2024-07 Liminal hack ~$235M loss overview This entry sits under exchanges index. Read it against CoinDCX for the closest India peer / contrast context, Bybit Lazarus hack for parallel North Korean attribution pattern, and グローバル CEX... exchanges/cex-wazirx-india
- DMM Bitcoin outflow incident detailed analysis(2024-05)— 4,502.9 BTC attributed to Lazarus This entry sits under exchanges index. Read it against Coincheck NEM 580 億円流出事件 詳細分析 (2018-01) for peer / contrast context and FSA 暗号資産交換業登録制度 — 番号体系・財務局管轄・登録要件 for the broader system / regu... exchanges/dmm-bitcoin-lazarus-hack-detailed-analysis
- Japan crypto audit-firm landscape — Big4 + Grant Thornton Taiyo + BDO Sanyu crypto-practice comparison This entry sits under exchanges index. Read it against 国内 VASP セキュリティ監査・認証取得状況 for peer / contrast context and FSA 暗号資産交換業登録制度 for the broader system / regulatory boundary. exchanges/japan-crypto-audit-firm-landscape