What is blockchain forensics?

Blockchain forensics is the process of analyzing blockchain transactions to trace cryptocurrency movements, identify suspicious patterns, and gather evidence for legal proceedings. It combines data analysis, pattern recognition, and investigative techniques.

Is ForensicBlock evidence court-admissible?

ForensicBlock provides court-ready reports with cryptographic verification and chain-of-custody tracking designed for evidentiary workflows. Evidence quality and admissibility depend on proper handling, jurisdictional rules, case facts, and expert testimony in each proceeding.

Which blockchains does ForensicBlock support?

ForensicBlock supports 7 live blockchain networks including Bitcoin, Ethereum, Solana, TRON, XRP Ledger, Polygon, Arbitrum, Optimism, Base, BNB Smart Chain, Avalanche, Cardano, Polkadot, TON, Litecoin, and more. Coverage expansion toward 30+ networks is on our active roadmap.

How does ForensicBlock compare to Chainalysis?

ForensicBlock is an AI-first alternative to Chainalysis. While Chainalysis uses rule-based tools requiring trained analysts and costs $37,000+/year, ForensicBlock uses autonomous AI agents that conduct investigations independently — starting at just $19. Our AI analyzes behavioral patterns rather than relying solely on labeled address databases, enabling detection of novel threats.

Can ForensicBlock trace stolen cryptocurrency?

Yes. ForensicBlock's AI agents trace stolen cryptocurrency across supported networks, following funds through mixers, bridges, DeFi protocols, and cross-chain swaps. Our workflows generate defensible evidence packages with chain-of-custody documentation to support asset recovery and law enforcement investigations.

Does ForensicBlock support AML compliance and sanctions screening?

Yes. ForensicBlock provides comprehensive AML compliance tools including OFAC sanctions screening, Know Your Transaction (KYT) monitoring, Suspicious Activity Report (SAR) support, and continuous address monitoring. Our risk scoring engine combines 13 ML models for accurate threat detection across all supported blockchains.

Risk Scoring Methodology

ForensicBlock's risk scoring model is designed to be transparent, reproducible, and legally defensible. Every score can be traced back to specific on-chain data and verifiable risk factors.

Model version: risk-v2.0.0 | Last updated: March 2026

Model Overview

The ForensicBlock risk score is a weighted composite of multiple independent risk signals. Each signal is scored individually on a 0–100 scale, then combined using fixed weights to produce a final score between 0 and 100. The model uses no black-box components — every factor, weight, and threshold is documented here.

Independent risk factors

200+

Curated entity labels

100%

Deterministic scoring

Risk Factors & Weights

Each factor contributes proportionally to the final score based on its assigned weight. Weights are normalized so that the available factors always sum to 100% of the score, regardless of which signals are available for a given address.

Entity Attribution (Tier 1)

Override

Verified ground-truth entity match. When an address matches a known entity in our curated database (159+ entities including OFAC SDN, state actors, known hackers), the entity's risk score is used directly. Entity attribution always overrides all other scoring methods. Confidence: ≥99%. False-positive rate: <0.1%.

Data source: ForensicBlock Intelligence Database, OFAC SDN List

Counterparty Exposure Analysis (Tier 2)

Primary

Deterministic scoring based on counterparty transaction exposure. For each transaction, the counterparty address is categorized (sanctions, darknet, mixer, fraud, exchange, DeFi, unknown). The risk score is the weighted sum of exposure percentages × category risk weights. Formula: Σ(categoryWeight × exposurePct × confidence), capped at 100. Auto-CRITICAL if any sanctioned exposure detected. False-positive rate: ~5%.

Data source: Graph analysis, pre-computed exposure_analysis, entity database lookups

Graph Risk Score (Tier 3)

Supplementary

Risk derived from the full transaction graph traversal — node-level risk aggregation, high-risk path detection, and cluster analysis. Used when exposure analysis data is not yet available or as supplementary context.

Data source: ForensicBlock Graph Engine, Alchemy Asset Transfers API

Behavioral Analysis (Tier 4)

Supplementary

AI agent-based behavioral scoring — transaction velocity, pattern detection, anomaly analysis. Used as supplementary context when entity and exposure data are unavailable. The MAX of all tiers is used as the final score — behavioral analysis never dilutes a higher-tier score.

Data source: ForensicBlock AI Agent Pipeline (6 agents)

Risk Categories (18 FATF-aligned)

Varies

Sanctions/OFAC (weight 1.0), Terrorist Financing (1.0), State Actor (1.0), Darknet Market (0.85), Ransomware (0.85), Stolen Funds (0.85), Mixer/Tumbler (0.80), Fraud/Scam (0.80), Cybercrime (0.80), High-Risk Exchange (0.55), P2P Exchange (0.45), Gambling (0.35), Unregulated Service (0.40), Cross-chain Bridge (0.30), Regulated Exchange (0.05), DeFi Protocol (0.10), NFT Marketplace (0.05), Unknown (0.15).

Data source: lib/risk-categories.ts — FATF typology framework

Score Thresholds

—

CRITICAL: ≥75/100. HIGH: 50–74. MEDIUM: 25–49. LOW: <25. Same address + same blockchain state = identical score every time. Methodology version: 2.1.

Data source: Deterministic computation — reproducible and court-defensible

Token Footprint

Number of distinct token types held or transacted. Unusually high token diversity may indicate DeFi farming, airdrop harvesting, or wash trading.

Data source: Alchemy getTokenBalances

Address Age

Time since the address's first on-chain activity. Addresses less than 30 days old receive elevated risk scores (up to 70 for brand-new addresses) as they are more likely to be disposable addresses used in laundering schemes.

Data source: First transaction timestamp

Score Calculation

finalScore = round( sum(factor_score[i] * weight[i]) / sum(weight[i]) )

Where factor_score[i] is the 0-100 score for each available factor and weight[i] is the fixed weight. The denominator normalizes for available signals — if only 4 of 9 factors are computable for an address, the weights of those 4 factors are re-normalized to sum to 1.0.

Confidence Score

Every risk assessment includes a confidence score (0.20–0.95) reflecting the completeness and quality of available data:

Base confidence starts at 0.30 and increases with each available signal (up to 8 signals = +0.60)
Addresses with fewer than 3 transactions receive a -0.10 confidence penalty
During multi-agent investigations, confidence is further adjusted by the verification rate of findings

Risk Level Thresholds

0–34

Low

No significant risk indicators. Standard due diligence sufficient.

35–59

Medium

Some risk indicators present. Enhanced due diligence recommended.

60–79

High

Multiple risk indicators. Investigation and compliance review required.

80–100

Critical

Severe risk. Likely sanctions match, mixer usage, or confirmed illicit activity.

Multi-Agent Validation

During full investigations, ForensicBlock employs nine specialized AI agents. Each agent produces independent findings that are cross-validated by the orchestrator:

TRACER — Multi-hop transaction tracing with bridge and mixer detection
SENTINEL — OFAC/SDN screening and per-factor risk scoring
ANALYST — Behavioral pattern recognition (peel chains, fan-out, round-trips, etc.)
REPORTER — Evidence compilation and court-ready report generation
WATCHER — Real-time address monitoring via blockchain webhooks
HUNTER — Recovery probability assessment and exchange identification

Findings must be verified against on-chain evidence before being included in the final report. The overall confidence score is reduced proportionally to unverified findings: adjusted = confidence * (0.5 + 0.5 * verificationRate)

Data Sources

Alchemy

Primary blockchain data provider. Real-time transaction data, asset transfers, token balances, and webhook-based monitoring across EVM chains.

Etherscan V2

Secondary provider for historical transaction data. Multi-chain support via chain ID parameter.

OFAC SDN List

Official U.S. Treasury Specially Designated Nationals list. Updated regularly and cached locally with 5-minute refresh cycles.

ForensicBlock Intelligence

Curated database of 200+ labeled addresses covering exchanges, DeFi protocols, bridges, mixers, scams, and sanctioned entities.

Reproducibility & Defensibility

ForensicBlock is designed for legal proceedings:

Deterministic scoring — The same inputs always produce the same score. No randomness in the risk model.
Evidence citations — Every risk factor cites specific transaction hashes, block numbers, or data source references.
SHA-256 integrity — Generated PDF reports include a SHA-256 hash of the complete document stored on record for tamper detection.
Audit trail — Every agent action, finding, and decision is logged with timestamps for full investigative chain of custody.
Model versioning — Risk scores include the model version used, enabling reproduction of historical assessments.

Ready to investigate?

Try a free risk check on any blockchain address, or sign up to run full forensic investigations with all nine AI agents.

Loading ForensicBlock

Preparing your blockchain forensics platform...

Risk Scoring Methodology

ForensicBlock's risk scoring model is designed to be transparent, reproducible, and legally defensible. Every score can be traced back to specific on-chain data and verifiable risk factors.

Model version: risk-v2.0.0 | Last updated: March 2026

Model Overview

Independent risk factors

200+

Curated entity labels

100%

Deterministic scoring

Risk Factors & Weights

Entity Attribution (Tier 1)

Override

Data source: ForensicBlock Intelligence Database, OFAC SDN List

Counterparty Exposure Analysis (Tier 2)

Primary

Data source: Graph analysis, pre-computed exposure_analysis, entity database lookups

Graph Risk Score (Tier 3)

Supplementary

Data source: ForensicBlock Graph Engine, Alchemy Asset Transfers API

Behavioral Analysis (Tier 4)

Supplementary

Data source: ForensicBlock AI Agent Pipeline (6 agents)

Risk Categories (18 FATF-aligned)

Varies

Data source: lib/risk-categories.ts — FATF typology framework

Score Thresholds

—

CRITICAL: ≥75/100. HIGH: 50–74. MEDIUM: 25–49. LOW: <25. Same address + same blockchain state = identical score every time. Methodology version: 2.1.

Data source: Deterministic computation — reproducible and court-defensible

Token Footprint

Number of distinct token types held or transacted. Unusually high token diversity may indicate DeFi farming, airdrop harvesting, or wash trading.

Data source: Alchemy getTokenBalances

Address Age

Data source: First transaction timestamp

Score Calculation

finalScore = round( sum(factor_score[i] * weight[i]) / sum(weight[i]) )

Confidence Score

Every risk assessment includes a confidence score (0.20–0.95) reflecting the completeness and quality of available data:

Base confidence starts at 0.30 and increases with each available signal (up to 8 signals = +0.60)
Addresses with fewer than 3 transactions receive a -0.10 confidence penalty
During multi-agent investigations, confidence is further adjusted by the verification rate of findings

Risk Level Thresholds

0–34

Low

No significant risk indicators. Standard due diligence sufficient.

35–59

Medium

Some risk indicators present. Enhanced due diligence recommended.

60–79

High

Multiple risk indicators. Investigation and compliance review required.

80–100

Critical

Severe risk. Likely sanctions match, mixer usage, or confirmed illicit activity.

Multi-Agent Validation

During full investigations, ForensicBlock employs nine specialized AI agents. Each agent produces independent findings that are cross-validated by the orchestrator:

TRACER — Multi-hop transaction tracing with bridge and mixer detection
SENTINEL — OFAC/SDN screening and per-factor risk scoring
ANALYST — Behavioral pattern recognition (peel chains, fan-out, round-trips, etc.)
REPORTER — Evidence compilation and court-ready report generation
WATCHER — Real-time address monitoring via blockchain webhooks
HUNTER — Recovery probability assessment and exchange identification

Data Sources

Alchemy

Primary blockchain data provider. Real-time transaction data, asset transfers, token balances, and webhook-based monitoring across EVM chains.

Etherscan V2

Secondary provider for historical transaction data. Multi-chain support via chain ID parameter.

OFAC SDN List

Official U.S. Treasury Specially Designated Nationals list. Updated regularly and cached locally with 5-minute refresh cycles.

ForensicBlock Intelligence

Curated database of 200+ labeled addresses covering exchanges, DeFi protocols, bridges, mixers, scams, and sanctioned entities.

Reproducibility & Defensibility

ForensicBlock is designed for legal proceedings:

Deterministic scoring — The same inputs always produce the same score. No randomness in the risk model.
Evidence citations — Every risk factor cites specific transaction hashes, block numbers, or data source references.
SHA-256 integrity — Generated PDF reports include a SHA-256 hash of the complete document stored on record for tamper detection.
Audit trail — Every agent action, finding, and decision is logged with timestamps for full investigative chain of custody.
Model versioning — Risk scores include the model version used, enabling reproduction of historical assessments.

Ready to investigate?

Try a free risk check on any blockchain address, or sign up to run full forensic investigations with all nine AI agents.