Blockchain Analysis Tools: A Complete Guide
Blockchain is often called anonymous. It isn't. Every transaction is permanently recorded on a public ledger, visible to anyone who knows how to read it. The question isn't whether your transactions can be traced — it's whether the person looking has the right tools.
This guide covers everything from free OSINT tools anyone can use to the enterprise platforms powering FBI investigations. Whether you're a researcher, compliance professional, or just trying to understand how crypto forensics actually works, this is your starting point.
Level 1: Understanding What You're Looking At
Before you touch any tool, you need to understand the data model.
Bitcoin vs. Ethereum: Two Different Beasts
Bitcoin uses a UTXO model (Unspent Transaction Output)
- Think of it like physical cash. Each "coin" has a history.
- A transaction consumes previous outputs and creates new ones.
- This makes clustering (linking addresses to one owner) very powerful.
Ethereum uses an Account/Balance model
- Think of it like a bank account. Addresses have balances.
- Contracts, tokens, and DeFi protocols all add complexity.
- Traces can cross tokens, protocols, and chains in seconds.
What's Actually Traceable
Every on-chain transaction contains:
- Sender and receiver addresses — pseudonymous, not anonymous
- Transaction hash — unique ID, permanent and public
- Amount — exact value transferred
- Timestamp — block time, permanent record
- Fee — can reveal wallet software behaviour
What it doesn't contain: your name, IP address, or identity. The investigator's job is building the bridge between the address and the person.
Level 2: Free Tools — The OSINT Stack
These cost nothing and can get you surprisingly far on straightforward cases.
Block Explorers (Your Starting Point)
Etherscan (etherscan.io)
- Full transaction history for any Ethereum address
- Contract interactions, token transfers, internal transactions
- Essential for Ethereum and ERC-20 token investigations
Blockchain.com
- Bitcoin, Ethereum, and Bitcoin Cash
- Clean interface for wallet lookups and tx tracing
- Good starting point for absolute beginners
Mempool.space
- Bitcoin-specific, but far more powerful than most explorers
- Shows UTXO breakdown, fee rates, mempool congestion
- Useful for understanding transaction structure in depth
What they do well: show you the raw data. What they can't do: tell you who owns the wallet.
Abuse & Threat Intel Databases
Chainabuse (chainabuse.com)
- Crowdsourced reports across BTC, ETH, SOL, and ADA
- Check if an address is linked to scams, ransomware, or fraud
- Free, no account required for basic lookups
BitcoinAbuse / RansomWatch
- Databases of addresses used by ransomware operators and blackmailers
- Useful for rapid triage: is this address already flagged?
Bitcoinwhoswho.com
- Checks if an address has appeared on any indexed websites
- Can surface forum posts, paste sites, or marketplace listings tied to a wallet
- One of the more underrated free tools for scam investigations
Visualisation Tools
Breadcrumbs (breadcrumbs.app)
- Visual transaction graph — plot wallet hops without code
- Some basic clustering and entity labelling
- Free tier is genuinely useful for simple cases
Metasleuth
- Cross-chain tracing with a visual interface
- Covers Ethereum, BSC, Polygon, Arbitrum and more
- Free tier available — one of the best free options right now
OSINT Integration
Maltego (free tier)
- Industry-standard OSINT investigation platform
- Native BTC and ETH address entities
- Build investigation graphs linking on-chain and off-chain data
- Where blockchain forensics meets traditional OSINT
The Sleeper Pick: GraphSense
GraphSense (graphsense.info)
- Fully open-source cryptoasset analytics platform
- Self-hostable — you own your data, no vendor dependency
- Built for researchers who want algorithmic transparency
- Steep learning curve, but no ceiling on what you can do
Level 3: Mid-Tier Tools (The Gap Nobody Talks About)
The enterprise platforms aren't available to individuals. But this middle tier is accessible and increasingly powerful.
Arkham Intelligence (arkhamintelligence.com)
One of the most significant developments in accessible blockchain intelligence.
- Entity labelling: links wallets to known organisations, exchanges, and individuals
- Intel Exchange: crowd-sourced attribution with bounty incentives
- Cross-chain coverage across major networks
- Free tier gives meaningful access
What it does well: bringing institutional-grade attribution to independent researchers.
What to watch: data quality varies and some attributions are community-sourced, not verified.
Breadcrumbs (paid tier)
The free tier is useful. The paid tier adds:
- Bulk address investigation
- Report generation for legal proceedings
- More granular clustering
Good fit for: independent investigators, small compliance teams, journalists.
Level 4: Enterprise Platforms — The Full Picture
These are the tools powering law enforcement investigations, exchange compliance teams, and government agencies. They're not available to individuals — expect six-figure annual contracts.
Chainalysis
The market leader. Two core products:
Reactor — investigation and visualisation
- Follow funds across wallets, exchanges, and mixers
- Visual graph that clusters addresses by entity
- Used to trace the Colonial Pipeline ransomware payment and recover $2.3M
KYT (Know Your Transaction) — real-time monitoring
- Exchange-facing compliance tool
- Screens deposits and withdrawals against risk scores
- Real-time alerts on suspicious activity
What makes it the standard: a decade of attribution data. They've labelled more wallets than anyone else.
TRM Labs
Strong with law enforcement and national security use cases.
- Covers 190 blockchains and 1.9 billion assets
- Cross-chain tracing as a core feature, not an add-on
- Native DeFi and NFT coverage
- Used by agencies to trace ransomware, human trafficking proceeds, and sanctions evasion
The differentiator: TRM Academy provides training alongside the platform — investigators learn methodology, not just software.
Elliptic
Strong cross-chain and DeFi forensics. Favoured by banks and exchanges.
- Holistic blockchain intelligence across chains, tokens, and DeFi
- 99% market coverage for crypto assets
- Used for transaction monitoring and forensic investigation
- API-first for compliance automation at scale
Merkle Science
Predictive risk rather than reactive tracing.
- AI-powered analytics for proactive threat detection
- Noted for best-in-class sanctions attribution for Russian and Iranian exchanges
- Good fit for compliance teams that need to stay ahead of regulatory changes
CipherTrace (now part of Mastercard)
- Long-standing platform with strong AML compliance tooling
- Used by banks and financial institutions alongside crypto businesses
- Acquisition by Mastercard brought traditional finance integration
Coinbase Tracer
- Built on Coinbase's attribution database
- Used by government agencies and financial institutions
- Connects blockchain addresses to real-world entities via exchange KYC data
Level 5: The Methodology (More Important Than the Tools)
The tools are only as good as the investigator using them.
Core Techniques
Address Clustering
Multiple addresses often belong to the same wallet or entity. Clustering heuristics — co-spend analysis, change address detection — group them. Paid platforms do this automatically. Manual clustering is possible but slow.
The Peel Chain
A common money laundering pattern: funds move through dozens of wallets in sequence, peeling off small amounts at each hop to obscure the trail. Learn to recognise it visually.
Exchange Identification
Most illicit funds eventually hit an exchange to be cashed out. Identifying that exchange is often the key investigative milestone — because exchanges have KYC data. Once you trace funds to a known exchange, law enforcement can subpoena records.
Cross-Chain Bridges
The hardest part of modern blockchain tracing. Funds can jump from Bitcoin to Ethereum, into a DeFi protocol, across to another chain — and free tools lose the thread. This is where enterprise platforms earn their price tag.
Mixer and Tumbler Detection
Bitcoin mixers and Ethereum tumblers (like Tornado Cash) are specifically designed to break the transaction trail. Paid platforms have heuristics to flag mixer usage and sometimes trace post-mix outputs. Free tools cannot.
OPSEC for Investigators
Your investigation has a footprint too.
- Use Tor or a VPN when querying public explorers — your lookups can reveal your investigative interest
- Don't query enterprise APIs from your personal network
- Be careful about attribution: labelling an address incorrectly and publishing it has caused real harm
- Understand legal jurisdiction before acting on intelligence
Quick Reference: Choosing the Right Tool
| Situation | Tool |
|---|---|
| Quick wallet check | Etherscan / Blockchain.com |
| Is this address flagged? | Chainabuse / BitcoinAbuse |
| Visualise a transaction chain | Breadcrumbs / Metasleuth |
| Connect on-chain and off-chain data | Maltego |
| Entity attribution (free) | Arkham Intelligence |
| Full cross-chain forensics | TRM Labs / Chainalysis |
| AML compliance | Elliptic / CipherTrace |
| Open-source, self-hosted | GraphSense |
What Free Tools Can and Can't Do
Free tools can:
- Show you the complete transaction history of any public address
- Flag addresses against crowd-sourced abuse databases
- Visualise simple transaction chains
- Surface web mentions of wallet addresses
- Get you 80% of the way on straightforward cases
Free tools cannot:
- Tell you who owns an unlabelled wallet
- Automatically cluster addresses by entity at scale
- Follow funds across chains without manual effort
- Access the proprietary attribution databases that link addresses to real-world entities
- Provide court-admissible reporting
The line between free and paid is essentially this: free tools show you the map, paid tools tell you who lives there.
Final Thoughts
The idea that blockchain is anonymous persists because most people never look closely at the data. Every transaction is a permanent public record. The question has never been whether the trail exists — it's always been whether the investigator has the skills and tools to follow it.
Start with the free stack. Learn to read transaction graphs. Understand clustering. Practice on publicly documented cases — the Colonial Pipeline payment, the Bitfinex hack recovery, the Silk Road seizure — all of it is public data you can trace yourself.
Then you'll understand exactly what the enterprise platforms add on top, and why law enforcement is closing cases that were once considered unsolvable.
The blockchain never forgets. Learn to read it.
Want to go deeper? Check out our Crypto Foundations course covering cryptographic fundamentals, transaction anatomy, and hands-on blockchain analysis labs.