Request Demo

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

What to look for in a Transaction
Monitoring Tool

Join the Merkleverse

Global policymakers mandate the highest importance of blockchain analytics for organizations due to its pivotal role in real-time monitoring, due diligence, and identification/reporting of suspicious activities, ensuring compliance with stringent regulatory standards and safeguarding against financial crimes in the private sector.

It's crucial to note that the data provided by various blockchain analysis tools can exhibit significant variations. Whereas the variance is majorly due to the different clustering and attribution methodologies, the correct interpretation of data is an indispensable affair for law enforcement authorities imposing or implementing sanctions. 

The significant variation is also due to several factors, including the scope of the data analyzed, and the specific focus of each tool. As blockchain networks process a significant amount of information, different tools may prioritize different aspects of this data, leading to variations in the insights they provide. 

It is imperative to understand that predetermined data interpretation methodology involving comparable inputs lead to similar outputs as it operates on preset rules. Our clustering incorporates deductive, analytically observed on-chain behavior of wallets and VASPs. 

For example, some tools may focus on tracking transactions and visualizing on-chain activity, while others may emphasize risk management, compliance, or market analysis. Additionally, the specific blockchains and protocols supported by each tool can also impact the variations in the data they provide. 

Depth of Coverage 

While many forensic solutions tout the number of blockchain covered, it is essential for crypto businesses to evaluate not just the number of blockchains covered but also all illicit transactions monitored. Tailoring solutions to needs is essential to comply with all the regulations. With the SEC bringing more stringent regulations, businesses can leverage robust blockchain solutions to enhance their security and ensure total compliance. 

While dominant chains like Bitcoin and Ethereum represent a majority of cryptocurrency transaction volume, there now exist over 20,000 unique blockchain networks and tokens, including both public and private/permissioned protocols spanning various technical architectures, security models, and governance. 
Sophisticated cybercriminals exploit gaps in monitoring coverage, rapidly migrating between assets and platforms to intentionally evade detection. Just last year, intelligence uncovered North Korean state hackers had orchestrated a record $1 billion+ cryptocurrency heist by compromising and siphoning funds from a promising but little-known blockchain network called Harmony.

Multiple layer 2 platforms have been subjected to exploitation which include: 

  • Hundred Finance (Optimism) $7.4 million
  • Merlin (Arbitrum) $1.82 million
  • Level Finance (Arbitrum) $1 million
  • Platypus Finance (Base) $2.23 million

To avoid dangerous visibility gaps, blockchain analytics solutions must ingest and parse on-chain data from a vast and growing array of networks. Merkle Science’s data platform is uniquely structured for swift integration with new blockchains and asset mapping. We have on boarded a number of layer 2 chains like arbitrum and optimism with ease. This expansion enriches its risk and intelligence platform with broader data sets, enhancing our ability to monitor transactions and identify addresses tied to previously undetected criminal activities.
At minimum, core coverage should include major public chains (Bitcoin, Ethereum, XRP, USDT, TRON),emergent Layer 1 ecosystems (Solana, Polkadot, Cosmos, Avalanche), decentralized finance protocols operating atop Ethereum and other chains, and cross-chain bridges facilitating asset movements between chains.

Lite Coverage:

  • Analyzes select subsets of data across blockchains, such as transactions associated with sanctions lists, malware, or mixers, hacks and scams too.
  • Typically only traverses a few hops in the transaction graph beyond direct interactions
  • Results in targeted insights on risks identified a priori based on limited factors
  • Focuses more on real-time screening than historical transparency
  • Lower infrastructure requirements and simpler setup given narrower data inputs

Complete Coverage:

  • Comprehensively ingests full nodes across supported chains, encompassing all transactions ever conducted
  • Traverses extensive historical graphs and emerging flows without hop limits
  • Enables exploratory analysis drawing contextual insights from total network behavior
  • Applies analytics retroactively for audit trails demonstrating historical diligence
  • Requires scaled architecture, storage and oversight investments proportional to vast data volumes

As you evaluate solutions, allow no ecosystem blindspots that can be surreptitiously exploited by financial criminals. Comprehensive monitoring and investigative capabilities across a platform-agnostic array of networks – both public and private, centralized and decentralized – is mandatory to account for the radically heterogeneous nature of blockchain technologies and crypto assets. The wider the coverage umbrella, the better, as new cryptocurrencies constantly emerge.

Real time Transaction Monitoring

Leading blockchains process transactions in seconds, which criminals exploit to rapidly obscure traces before discovery. Advanced analytics must therefore ingest and parse torrential data flows in real-time to enable continuous transaction monitoring process and rapid alerts calibrated to risks.  

Processing scale should match business needs as risks intensify. Dynamic blockchains generate vast amounts of data continuously. Advanced analytics solutions ingest and parse this firehose of on-chain activity in real-time to enable continuous monitoring. The Merkle Science platform features lightning-fast data ingestion, enabling users to access the most up-to-date information on blockchain transactions, addresses, and tokens. This real-time capability empowers users to engage with faster Response Times and Better Uptimes.

The regulatory bodies such as FCA, and the MiCA regulations necessitate crypto asset businesses to demonstrate effective and efficient compliance control measures to trace crypto transactions and identify as well as manage suspicious activities in alignment with their risk tolerance. 

As a best practice, compliance teams not only need to understand the applicable crypto crime typologies, money laundering red flags, and other risk considerations but also deploy tools that provide the appropriate level of coverage. While looking for a blockchain analytics solution, crypto businesses should look for providers with capabilities like:

  • Real-time ingestion of blockchain data at scale across supported networks
  • Streaming analysis to detect risks and suspicious behavior as it occurs
  • Immediate alerts for priority incidents requiring urgent response

Real-time monitoring is crucial for risk mitigation and time-sensitive investigations where minutes or hours count. Situational awareness is key.


Risk assessment is a multifaceted process crucial for organizations aiming to mitigate potential threats and ensure the integrity of financial operations. Here’s a deeper look into risk assessment within the blockchain analytics context:

Types of Risks Analyzed:

Transaction-related Risks: Blockchain analytics delve into transactional data to identify suspicious or fraudulent activities, anomalies, and deviations from established patterns. This includes activities like money laundering, illicit fund transfers, or fraudulent transactions.

Market Risks: Analyzing broader market trends and fluctuations enables the identification of risks stemming from market volatility, price fluctuations, or sudden shifts in cryptocurrency values that might impact an organization’s financial stability.

Regulatory and Compliance Risks: Assessing compliance with regulatory standards and ensuring adherence to anti-money laundering (AML) and know-your-customer (KYC) regulations is integral. Blockchain analytics help in verifying compliance and detecting potential risks of non-compliance.

Risk Identification Techniques:

Pattern Recognition: Identifying patterns of behavior within transactions helps in flagging potentially risky activities. This involves analyzing transactional data to spot unusual or irregular patterns that may indicate fraudulent behavior. 

Behavioral Analysis and Anomaly Detection: 

Assessing transactional behaviors and historical data of counterparties aids in identifying risky entities engaging in suspicious activities. Leveraging advanced algorithms, blockchain analytics systems detect anomalies, deviations, or outliers in transactional data, alerting organizations to potential risks that require further investigation. The “Deposit heuristic” using dusting is used to group addresses of VASPs, such as exchanges. When funds arrive at a deposit address, they are usually transferred to the exchange’s primary hot wallet, revealing  additional addresses associated with the exchange.

Continuous Monitoring and Adaptive Risk Management:

Blockchain analytics enable continuous monitoring, ensuring that risk assessment is not a one-time process but an ongoing activity that adapts to evolving trends and emerging risks. By constantly refining risk models and adjusting detection algorithms, these systems evolve to address new threats and vulnerabilities.

Direct Risk

This refers to an address that appears directly on sanctions lists or blacklists indicating involvement in prohibited activities like fraud, terrorism financing, etc that trigger legal restrictions.

Direct risk screening involves matching wallet addresses and transaction graphs against known threat intelligence lists and assigning risk levels based on exact matches. This can accurately identify previously flagged addresses but lacks insight into emerging risks.

Indirect Risk

This encompasses addresses that have transacted with sanctioned entities through intermediaries over multiple transactional hops. Indirect risk requires traversing multi-hop transaction graphs to uncover associations between addresses flagged on sanctions lists versus addresses transacting via intermediaries. Tools with complete historical coverage and advanced link analysis illuminate these obfuscated connections over various degrees of separation across entities.

Counterparty Risk

Tagging addresses owned by such high-risk counterparties as threats and alerting on associated transactions provides insight into poor governance over assets. Clustering analysis grouping related addresses to common owners is vital for recognizing larger risky counterparties.

UTXO Model Overview:

The UTXO model tracks fund ownership through Unspent Transaction Outputs (UTXOs) - outputs from transactions that haven't been spent. This model impacts how transactions and ownership are recorded and verified within the blockchain. Prominent examples of cryptocurrencies adopting the UTXO model include Bitcoin and Cardano. 


Integration of blockchain analytics stands as a beacon of assurance for organizations navigating the complexities of compliance and risk management. As businesses traverse the dynamic realm of cryptocurrencies and blockchain technology, the adoption of sophisticated analytics tools becomes paramount. 

These tools not only empower organizations to monitor transactions but also serve as vigilant gatekeepers, identifying potential risks and safeguarding against fraudulent activities. Within this realm, customization plays a pivotal role, reflecting a business's astuteness in tailoring blockchain analytics tools to its unique risk appetite and regulatory landscape.  Anchored within this customizable framework lie two vital features, whitelisting and blacklisting. 

These mechanisms, woven into the fabric of blockchain analytics, provide businesses with precision tools to delineate trust and mitigate risks, offering nuanced control in a landscape characterized by its decentralized nature. Let’s explore how these features, embedded within customizable blockchain analytics, bolster organizations' capacities to manage risks effectively while maintaining compliance and operational integrity.


Authorized Entities: 

Whitelisting involves creating a list of approved or trusted entities, addresses, or transactions within the blockchain network. Blockchain analytics tools allow businesses to designate specific addresses or counterparties as trusted entities. Transactions involving these whitelisted entities are considered low-risk or pre-approved, reducing the need for constant monitoring or triggering alerts for authorized activities.

Risk Mitigation: 

Whitelisting helps in mitigating risks by ensuring that transactions involving known and trusted entities pass through without triggering alerts. It streamlines processes for legitimate transactions while focusing monitoring efforts on non-whitelisted or potentially high-risk activities.


Identifying High-Risk Entities: Conversely, blacklisting involves identifying and flagging high-risk entities, addresses, or transactions. Blockchain analytics tools enable businesses to designate certain entities or addresses as blacklisted due to involvement in suspicious or illicit activities.

Alerts and Preventive Measures: Transactions involving blacklisted entities trigger alerts or are outrightly blocked by the analytics system. This proactive measure helps prevent potential risks associated with engaging in transactions with entities identified as high-risk or involved in fraudulent activities.

These features empower businesses to effectively manage risks and compliance within their blockchain transactions, ensuring a more nuanced and tailored approach to risk management.

Behavior Based Risk Policies

Blockchain analytics solutions allow users to screen crypto wallet addresses and transactions to identify various risk types. They provide customized rule engines so users can configure risk rules aligned to their compliance policies and local regulations.

These solutions support two key rule types - source of funds rules and behavior-based rules.

Source of Funds

Source of funds rules screen an address's entire transaction history to flag risks from its counterparty interactions - like transacting with sanctioned or darknet entities. Rules can be set at single or multi-hop levels to adjust risk proximity.

“For example, a rule could state: "If this address has sent/received payments from actors linked to illicit activities over $X amount with over Y% taint, categorize as HIGH RISK".


Behavior rules analyze the transaction patterns of a wallet to surface anomalous behaviors that may indicate criminal intents to conceal funds' source. This allows detecting risky addresses not already blacklisted.

“For instance, a rule could be: "If this address has withdrawn over 90% of received funds within 60 mins, categorize as MEDIUM RISK". Such transit address behaviors may flag intentional laundering.”

The risk categories flagged by the rules engine depend on the customized risk levels set for each rule. Users can modify rules and risk levels on an ongoing basis to adapt to new regulations and policies.

By combining wallet screening and transaction monitoring rules in a single platform, blockchain analytics solutions enable robust and automated compliance processes for crypto market participants.

Behavior-based Red Flag multiple high-value transactions

Comprehensive crypto crime investigations solution ensures strict compliance by cross-referencing addresses and transactions with proprietary databases, which includes sanctions list, providing unparalleled regulatory adherence. Another feature that can be leveraged is the customizability through which they can raise alerts based on risk proximity to the address, whether at a single-hop or multiple-hop, enhancing precision in risk detection. 

More robust solutions combine Sources of Funds and Behavior-Based Rules, enabling users- LEAs, crypto businesses, FIIs- to leverage a broader spectrum of data points for performing comprehensive risk analysis.

For example:

  • In short succession, such as within a 24-hour period
  • In a staggered and regular pattern, with no further transactions recorded

The regulatory authorities- FATF, FinCEN, SEC, CFTC, FCA, MAS- and regulations such as MiCA, highlight key red flags to identify potential money laundering or terrorist financing involving cryptocurrencies, including:

  • Entity: Transactions involving opaque shell companies or hard-to-identify entities.
  • Geography: Transactions with high-risk countries or regions.
  • EDD-Involvement of Politically Exposed Persons (PEPs).
  • Customer Profile:
  • Transactions inconsistent with customers' known business or profile.
  • Customers unwilling to disclose information or transaction details.
  • Engagement in unusual or suspicious behavior to evade detection.
  • Multiple identities or aliases used by customers.
  • Refusal to disclose the source of funds.

Transaction Conduct Related:

  • Attempts to avoid detection, such as cash transactions or using multiple accounts
  • Frequent or large cash transactions by customers
  • Usage of multiple accounts for transactions.

Criminal Activity Related:

  • Connections to known criminal activities like drug trafficking, ransomware, or terrorism.

With a clear crypto regulatory framework yet to be introduces, the US regulatory authority FinCEN under the BSA (Bank Secrecy Act) had mandated businesses to implement the undermentioned AML/CFT requirements: 

  • Verify customer identities using reliable sources, collecting and verifying information such as name, address, and identification documents, aligning with risk-based CDD requirements.
  • Establish systems to identify and report suspicious transactions to the FinCEN
  • Implement effective transaction monitoring systems to detect and report unusual or suspicious activity to FinCEN.
  • Transaction monitoring under the BSA incorporates FinCEN's red flags to enhance detection and reporting of suspicious activity by crypto businesses.

Look also for the availability of contextual entity profiles that compile all related data points, analytics, and visualizations pertaining to a specific user, transaction, wallet, or cluster. Taken together, robust risk scoring and detailed entity profiles provide invaluable context to streamline investigations and clearly articulate audit trails during prosecutorial processes.

Further, transaction monitoring tools should also empower crypto businesses to monitor their customers’ behavior systematically by generating relevant rules that analyze underlying customers' transaction patterns and generate automated alerts for activities that may be unusual and indicative of deviations from usual transaction patterns. It is crucial that the tool  provides advanced high-risk activity alerting with the depth and breadth of data encompassing prior illicit transactions and direct exposure from current as well as subsequent transactions.


Financial institutions face immense pressure from regulators like the Financial Action Task Force (FATF) to implement comprehensive anti-money laundering (AML) protection. This includes running both manual transaction monitoring and automated transaction monitoring to detect potentially illegal activity. By analyzing transaction data and identifying suspicious patterns, banks can uncover fraudulent transactions and meet their regulatory requirement transaction monitoring software for reporting suspicious activity.

However, aml compliance such as effective transaction monitoring present challenges. Financial crime experts must tune the system to reduce false positives when flagging suspicious transactions. At the same time, establishing the right transaction threshold and scenario to detect fraud requires striking a balance between catching illegal behavior without being overly restrictive for customers. Getting this right enables robust fraud detection while minimizing disruption of financial transactions.

Once a transaction monitoring system spots possible violation, investigators generally perform transaction screening manually before submitting a Suspicious Activity Report (SAR) to the regulator. This review serves as a critical check, ensuring the automated system correctly interpreted complex transaction data and sequence. Based on an internal investigation, banks then file SARs on the most clearly fraudulent transaction to comply with anti money laundering regulation. Filing unnecessary or inaccurate SARs can otherwise dilute their value to law enforcement and lead to penalty.

Essential from the outset is ensuring a provider’s risk methodology aligns with your jurisdiction and business specifics. Given varied regulations worldwide classifying crypto risks differently, the ideal solution sports configurable rules you tailor.
Leading platforms feature proprietary engines where users instantly create risk-based models scoring entity threats from low to critical. Easily incorporate risk perspectives like:

  • Source of funds from risky counterparts
  • Behavioral signals like transaction volumes
  • Other typologies like mixers or fraud traits

Custom controls for continuous monitoring are also key – screening historical transactions then tracking new flows. The best systems centralize configurable rules for addresses enabling fluid fine-tuning as regulations shift. Further, transaction monitoring tools should also empower crypto businesses to monitor their customers’ behavior systematically by generating relevant rules that analyze underlying customers' transaction patterns and generate automated alerts for activities that may be unusual and indicative of deviations from usual transaction patterns. It is crucial that the tool  provides advanced high-risk activity alerting with the depth and breadth of data encompassing prior illicit transactions and direct exposure from current as well as subsequent transactions.

In our view, the regulatory bodies expect crypto asset businesses to demonstrate that they have effective and efficient compliance control measures in place to trace crypto transactions and identify as well as manage suspicious activities in alignment with their risk tolerance. As a best practice, compliance teams should not only understand the applicable crypto crime typologies, transaction fraud, money laundering red flags, and other risk considerations but also deploy tools that provide the appropriate level of coverage.