Beware of scammers impersonating Crystal Intelligence

Thought Leadership | June 22, 2023

Why enforcement agencies need blockchain analytics tools

By Nick Smart
Chief Intelligence Officer

Share via:

Key findings

  • Blockchain analytics tools are not new to law enforcement. Early adopters have been using them for five to ten years. What has changed is the complexity of criminal techniques and the scrutiny courts now apply to this form of evidence.

  • Transparency is only useful if you can connect it to real-world identities. The quality of off-chain research and entity attribution determines whether your investigation produces court-ready evidence or circumstantial data.

  • Criminals now routinely move funds across multiple blockchains using bridge protocols and decentralised exchanges. If your tools can only trace activity on a single chain, you will hit dead ends at exactly the points where the money matters most.

  • Speed determines outcomes. The gap between a theft and funds reaching an exit point is shrinking. Investigation tools that require hours of manual graph building lose cases that automated path discovery would catch.

  • Evidence precision matters in court. Proving which exchange was involved is not enough. Prosecutors increasingly need proof of which specific wallet within an exchange handled the funds.

  • Running multiple concurrent crypto investigations creates operational risk. Without a way to detect when the same addresses appear across different cases, teams duplicate work and miss connections.

In our report Digital Asset, Blockchain Industry and Crime Trend Predictions 2023, we assessed that blockchain analytics tools would face increasing scrutiny for the credibility and reliability of their data as prosecutions grew. That prediction has played out. Courts are asking harder questions about the evidence behind blockchain analysis, defence counsel are challenging attribution methodologies, and investigation teams are under pressure to deliver results faster while maintaining the evidentiary standard that prosecutors need.

If you lead a team handling crypto-related crime, the question is no longer whether to use blockchain analytics. It is whether the tools you have are credible enough to withstand legal challenge, fast enough to act before funds are cashed out, and capable enough to handle how criminals actually operate today.

1. Blockchain analytics tools are not new to enforcement

Law enforcement agencies in the US, Europe, and Asia-Pacific have been using blockchain analytics for five to ten years. Early adopters builtexpertise and case law as the technology matured. Agencies like the IRS Criminal Investigation division, the FBI, Europol, and national police forces in the UK, Germany, and South Korea were tracing Bitcoin transactions long before blockchain analytics became a mainstream procurement conversation.

What brought wider attention was a handful of landmark public cases. The Colonial Pipeline case in 2021 is the most cited. The Department of Justice seized 63.7 bitcoins, valued at approximately $2.3 million, representing the proceeds of a ransom payment to the DarkSide group, which had taken critical infrastructure offline.

Colonial Pipeline Crystal

The Colonial Pipeline case proved that skilled and suitably equipped investigators could identify the anonymous perpetrators using blockchain analytics, combining tools and techniques to trace the ransom payments and undermine the goal of the criminal’s operation.

But Colonial Pipeline was a relatively straightforward Bitcoin trace. The criminal landscape has moved on. Today’s cases involve funds moving across multiple blockchains via bridge protocols, through mixers and privacy-enhancing services, and into decentralised exchanges that operate without KYC. The tools need to have kept pace. Many have not.

2. The evidence is only as good as the attribution behind it

Investigators often use data available on the blockchain to provide evidence in criminal or civil law courts. Often the focus is on analyzing transaction activities and how these link to wallets, and ultimately real-world entities.

But it is important to understand that the data about real-world entities is the product of highly skilled and diligent off-chain research teams, that scour both open, public channels and closed, sensitive sources for intelligence, applying tradecraft to messaging apps, social media, and the darknet to piece together information about the entity who is behind an exchange or a wallet.

Collecting, processing, and analyzing this information is a painstaking and critical process. It is not sufficient to simply accept any claim of ownership that is made.

It is therefore crucial for investigators joining the dots that the information is reliable and accurate.

Excellent blockchain analytics tools are made even better by the team of analysts who stand behind them, working hard to verify connections and identities. This can only be achieved through transparency of the collection and verification, a methodology that should be shareable with clients and defensible in court.

This matters practically for your team. When your investigator runs a trace and the tool returns “unknown” at a critical node, the investigation stalls. The breadth and accuracy of entity attribution directly determines how often that happens. When you are evaluating tools, ask how the vendor attributes entities: is it purely algorithmic, or is there a human verification layer? Can they explain their methodology to a defence counsel under cross-examination? Can they tell you the confidence level of a specific attribution?

Victim-reported intelligence as an investigation source

On-chain data shows you where funds moved. It does not tell you who the victim is, what they were told, or how the scamoperated. Off-chain intelligence from victim reports fills that gap. When victims report scam addresses along with details about how they were targeted, that intelligence enriches your investigation in ways that blockchain data alone cannot.

For law enforcement teams working scam cases, the ability to cross-reference addresses against victim-reported data, and to see whether the same addresses have been reported by multiple victims across different jurisdictions, can surface patterns and connections that accelerate the investigation.

3. Evidence needs to work for non-technical audiences

Blockchain visualization tools provide an efficient way of understanding on-chain activity and uncovering hidden relationships, anomalies, and trends from blockchain data. With these visualization tools, investigators reap the benefit of enhanced transparency across blockchain networks and can quickly generate meaningful insights to further their investigations.

They help to:

  • Easily connect the dots while tracing the trail of funds across blockchain entities.

  • Illustrate red flags and anomalies across blockchain networks to facilitate further investigation.

  • Show a clear view of activity across multiple entities alongside detailed transactional information.

Additionally, visualizations are vital for providing evidence in court to judges and juries who have limited technical knowledge of blockchain technology and cryptocurrencies. Visualizations make it easy to see patterns drawn from numerical or textual data. Consider how difficult it is to trawl through a spreadsheet to see an emerging pattern versus looking at a visualization. An illustration showing a pattern speeds up the analytical process, saving the courts time and money.

The precision courts now expect

As blockchain evidence becomes more common in prosecutions, courts are raising the bar on what they accept. Showing that funds moved to “an exchange” is no longer sufficient in many jurisdictions. Prosecutors increasingly need to demonstrate which specific wallet within an exchange received the funds, and the full path those funds took to get there.

This means your analytics tool needs address-level granularity, not just entity-level attribution. Your investigator needs to be able to drill from a high-level fund flow down to individual wallet-level proof, and export that in a format a judge can follow. If your current tool only shows entity-level connections, you may find your evidence challenged as insufficiently precise.

4. Criminals have gone cross-chain. Your tools need to follow

Multichain visualizations are even more powerful.

cross-chain workflow Crystal

When this article was first published in 2023, cross-chain movement was an emerging concern. Today it is standard criminal practice. Stolen funds move from Ethereum to Tron via a bridge protocol, get swapped on a decentralised exchange, and arrive at an off-ramp on a third chain, all within hours. If your analytics tool only traces activity on a single chain, you lose the trail at exactly the point where the money is being laundered.

The challenge is that bridge transactions create a break in the on-chain record. Funds appear to stop on one blockchain. Without bridge detection, that looks like a dead end. In reality, the funds continued on a different chain. Your investigators need tools that automatically identify bridge transactions and connect the source and destination addresses across chains.

Similarly, when funds pass through swap operations on decentralised exchanges, the token changes but the value continues. Automatic swap tracing, where the tool follows the value through the swap without manual intervention, determines whether your investigator can trace a complete path or has to reconstruct each step by hand.

When evaluating tools, test this specifically: give the vendor a real cross-chain case and ask them to trace it in front of you. If they can follow funds across chains automatically, that saves your team hours per case. If they cannot, your investigators are doing manual work that the tool should be handling.

5. Speed determines whether you catch funds or write reports about them

An automated tracking solution allows law enforcement agents to trace the flow of digital funds through dozens of intermediate wallets before reaching their destination, which is typically a fiat-bearing exchange.

But the window is shrinking. In major theft cases, funds now move through bridge protocols and reach exit points within hours, not days. Every hour your investigator spends manually building a transaction graph is an hour the criminal uses to cash out.

The difference between automated path discovery, where the tool builds all paths between two entities in seconds, and manual graph construction, where your investigator adds nodes one at a time, is not a minor efficiency gain. It can be the difference between freezing funds and filing a report about funds that have already left the ecosystem.

This is especially true for resource-constrained teams. Most law enforcement crypto units are small. If each investigation requires hours of manual tracing, your team’s caseload is capped by the tools’ speed, not the investigators’ skill.

6. Multiple concurrent cases create hidden operational risk

If your unit runs more than a handful of crypto investigations at any time, you face an operational problem that individual case tools do not solve: connections between cases.

Address A appears in your ransomware investigation. The same address also appears in a colleague’s fraud case. Neither investigator knows about the overlap. They work the same addresses independently, duplicating effort and missing the connection that might link both cases to a common laundering network.

Case management that detects when addresses appear across multiple investigations, automatically, is not a nice-to-have feature. For agencies running dozens of concurrent crypto cases, it is an operational requirement. It prevents duplicate work, surfaces connections between seemingly unrelated cases, and helps your team allocate resources to the highest-value leads.

When evaluating tools, ask: if the same wallet address appears in two different investigations run by two different analysts, does the system flag that? If it does not, your team is operating with a blind spot.

7. Evaluating tools: what to ask for

If you are evaluating blockchain analytics tools for your team, the critical questions are practical, not theoretical:

  • Can the tool trace funds across multiple blockchains automatically, including through bridge protocols and swap operations? Test this with a real case.

  • How does the vendor attribute entities? Is the methodology defensible in court? Can they explain it to defence counsel?

  • Does the tool provide address-level precision, or only entity-level? Will the evidence be granular enough for your prosecutor?

  • How fast can your investigator build a complete path between two entities? Seconds, minutes, or hours?

  • Does the case management detect overlapping addresses across your team’s investigations?

  • Where does the data sit? Is the infrastructure in a jurisdiction that aligns with your agency’s data handling requirements?

  • What training and expert support is available when your team hits a complex case?

For a detailed evaluation framework covering seven capabilities to assess during procurement, see our guide: How to choose a blockchain analytics provider

Trusted by law enforcement internationally

Erin West, Deputy District Attorney in Santa Clara County, California, led Operation Shamrock, which equipped 41 US law enforcement teams with blockchain analytics to trace funds, support victims, and take action against transnational scams. The European Central Bank is also a Crystal partner. These partnerships reflect the standard that credible blockchain analytics has become an operational requirement for agencies handling crypto-related crime.

8. How Crystal supports law enforcement investigations

Crystal Expert is used by law enforcement agencies internationally for crypto investigation and fund tracing. The platform covers 330+ blockchains with attribution data on 100,000+ entities. Bridge detection tracks 75+ protocols automatically. Automated path discovery builds complete fund flow paths in seconds. Address-level path analysis provides the granularity courts require. Case management with cross-investigation address detection helps teams working multiple concurrent cases.

Crystal also offers dedicated investigation training (UTXO and EVM investigator courses) and professional investigation services for agencies that need expert support on complex cases.

Frequently asked questions

Why do law enforcement agencies need dedicated blockchain analytics tools?

Blockchain data is publicly available, but raw transaction records do not reveal who controls a wallet or where funds end up. Analytics tools combine on-chain data with off-chain intelligence to connect transactions to real-world identities. Without them, investigators face manual processes that are too slow to keep pace with how quickly criminals move funds.

Can blockchain evidence hold up in court?

Yes, provided the attribution methodology is transparent and defensible. Courts are asking increasingly detailed questions about how wallets were linked to real-world entities. The quality of the off-chain research behind the attribution and the ability to explain that methodology under cross-examination determine whether the evidence holds.

What happens when criminals move funds across multiple blockchains?

Criminals use bridge protocols to move funds between blockchains, creating breaks in the on-chain trail. Without bridge detection, these appear as dead ends. Tools that automatically identify bridge transactions and connect source and destination addresses across chains allow investigators to follow the full path. Tools that do not leave investigators tracing manually or losing the trail entirely.

How do investigation teams avoid duplicating work across cases?

Case management systems that automatically detect when the same addresses appear in multiple investigations prevent duplicate work and surface connections between cases. Without this, investigators working different cases may unknowingly be tracing the same wallets, wasting resources and missing links to common laundering networks.

What training is available for law enforcement investigators?

Dedicated blockchain investigation training builds crypto-specific skills alongside platform proficiency. Courses cover UTXO-based chains (like Bitcoin) and EVM-based chains (like Ethereum) separately, since the investigation techniques differ. Professional investigation services are also available for agencies that need expert support on complex cases.

To see how Crystal can support your team’s investigations, book a demo.

Summarize with AI
On this page

Be the first to get news from Crystal

Stablecoin | July 1, 2026

Who actually trades stablecoins on a DEX

On-chain analysis of 18 months of stablecoin DEX trading shows automated systems run 65% of volume - and why that changes how you read the market.

Stablecoin | June 25, 2026

Stablecoins exceeded $300B. Who grew and who shrank in Q2?

Q2 2026 stablecoin data: USDG led on exchange rewards, USDe reversed on yield compression, and RLUSD built the healthiest genuine-use profile.

Crypto Regulations | June 24, 2026

Florida’s crypto market: regulation and crime

Florida ranks third in US crypto crime losses. Here’s what the regulation framework means for your business.