.png){kind=small}
The blockchain compliance landscape has long been dominated by two approaches: attribution (knowing who owns an address) and direct and indirect exposure (measuring how much contact a wallet has had with illicit funds). Both have their place. But as the threat environment grows more sophisticated, they share a critical flaw: they tell you what already happened.
At Merkle Science, we believe the industry needs to move beyond reactive compliance. The question isn't just "was this wallet involved in something bad?" It's "is this wallet likely to be involved in something bad next?" That shift from reactive to predictive is the difference between chasing fires and preventing them.
Attribution and Exposure Only Catch Risk After the Damage Is Done
Attribution maps wallet addresses to known entities: exchanges, mixers, darknet markets, sanctioned individuals. Exposure scores how much of a wallet's transaction volume touched illicit sources. Both are genuinely useful. But they share the same foundational problem: they only fire after harmful activity has already been recorded.
By the time a wallet shows up in an attribution database, the damage is often done. Funds have moved. Obfuscation has begun. The attacker is already three bridges ahead of you.
Exposure-based approaches compound this problem. Taint calculations depend on historical transaction graphs. They can penalize legitimate users for indirect contact with bad actors they had no knowledge of, while simultaneously missing novel threat actors who haven't yet appeared in any watchlist. The result is a system that generates false positives, frustrates users, and still lets sophisticated illicit actors slip through.
How Predictive Analytics Detects Crypto Threats in Real Time
Predictive analytics doesn't replace attribution or exposure. It elevates them. Instead of only asking "has this address been seen doing something bad?" a predictive platform asks: "based on behavioral patterns, transaction signatures, and network relationships, what is the probability this address is involved in illicit activity right now or in the near future?"
Where reactive tools are event-driven and limited to documenting past hacks, predictive analytics is proactive, assessing wallet risk based on the likelihood of future scam involvement before a transaction is even confirmed.
The behavioral rule engine powering this approach catches anomalies that no watchlist has ever seen: rapid movements of funds, abnormally large single transactions, address dormancy followed by sudden activity. These signals matter before a hack is confirmed, before a wallet appears in a sanctions list, before the funds are gone.
Predictive Crypto Compliance at Scale: A 150M-User Wallet Case Study
One of the world's largest self-custody crypto wallets serves over 100+ million users. At that scale, manual review is impossible and even the best attribution database will always lag behind real threats. Implementing Merkle Science's Compass at this scale illustrates what predictive analytics looks like in practice.
The integration combines three layers of protection.
Pre-transaction wallet prescreening via API. Wallets are assessed before transactions are even broadcast to the blockchain. In four months alone, this approach blocked 28 high-risk wallets before a single transaction cleared, stopping approximately $3 million in illicit activity in 3 months after going live. A majority of these were associated with the Bybit hack and attribution came confirmed as far as 1 - 2 weeks later.
Post-transaction monitoring. Illicit and sanctioned transactions detected after settlement are flagged automatically, enabling reporting on revenue writeoffs and Suspicious Activity Reports (SARs).
Behavioral rule engine. Scenario-based rules look for rapid fund movements, abnormally large single transactions, and patterns like address dormancy that often precede exploit activity. The system doesn't wait for an attack to be catalogued. It responds to behavioral signals in real time.
The business outcome was striking. Because of the reduction in taints, institutional actors were able to rely on the swapping, bridging and staking far beyond the historic usage. Swapping volume grew 107% between July and September 2025. Trading fees increased 135%. Protecting $42M in annual revenue from a potential $458,000 four-day loss isn't just a compliance win. It's a commercial one.
How Predictive Risk Detection Unlocks Institutional Adoption for Protocols
The predictive case isn't just for wallets and exchanges. Blockchain protocols themselves face existential reputational and adoption risk if illicit activity runs unchecked on their networks. As outlined by intergovernmental organizations and regulator agencies, public blockchain networks enable complex transaction flows involving multiple wallets, decentralized exchanges, bridges, mixers, and smart contracts without consistent identity linkage. These features significantly enhance layering, allowing rapid asset movement that obscures transaction origins, complicating transaction monitoring and AML compliance (Financial Action Task Force, 2023; Bank for International Settlements, 2023; Financial Crimes Enforcement Network, 2021, Olivier Wyman 2025, FATF 2021).
One leading layer-one protocol deployed Merkle Science's Tracker to investigate scams and flag malicious actors across its ecosystem. The results speak to what proactive, predictive-style compliance can unlock at a network level: scams reduced by 50%, blacklisted addresses grew from 200 to 14,000 in a single year, 5,524 malicious sites identified in eight months, and TVL growth from $4 million to $12.7 billion over two years. Attribution was part of the story. But the clustering heuristics and behavioral detection that identified patterns across the ecosystem were what made the difference.
A second high-growth layer-one protocol saw similarly significant results. Merkle Science delivered over 1.5 million unique attributions across 80+ typologies in eight months. The security suite blocked a nation-state-linked exploit and a major DeFi hack, protecting $2.2 billion in TVL. Beyond the blocks themselves, $918 million in stablecoin transactions were enabled through compliance-driven infrastructure, and active users grew to 1.4 million. When compliance works predictively, it doesn't just stop bad actors. It creates the conditions for institutional capital and user adoption to flow in.
Why Blockchain Exploits Are Outpacing Reactive Compliance Tools
The risk vectors are expanding. Bridges, DeFi protocols, and wallets are all active attack surfaces. One major decentralized exchange lost $144 million per day in fees for four consecutive days after a notorious hacker used the platform to move stolen funds. A leading layer-two network had to halt block production entirely after a DeFi exploit drained user assets. These aren't edge cases. They are the operating environment.
Traditional attribution and exposure tools were designed for a simpler world where illicit actors moved slowly through a small number of known entity types. In today's environment, bad actors use complex multistep transfers across bridges, mixers, and smart contracts specifically to defeat taint-based analysis. They move quickly, exploit new protocols before they appear in any watchlist, and rotate through fresh wallets.
Predictive analytics changes the calculus. By detecting behavioral anomalies in real time rather than waiting for a transaction to be catalogued as illicit, compliance systems can intervene before layering is complete, before stolen funds are off-ramped, before the window closes.
Reactive Crypto Compliance Is No Longer Sufficient: What to Do Instead
Attribution and exposure remain foundational. They tell you where a wallet has been. But in a market where the attack surface is expanding and adversarial sophistication is growing, knowing where a wallet has been is no longer sufficient protection.
Predictive analytics tells you where risk is heading. It catches the signals that no watchlist can contain, responds to behavior rather than just history, and ultimately makes compliance an asset for growth rather than a ceiling on it.
The results from leading wallets and protocols aren't anomalies. They are the repeatable outcome of moving from reactive to predictive. The question for every protocol, exchange, and wallet provider is simply: how long can you afford to wait?
Ready to move from reactive to predictive? Contact the Merkle Science team today.
