.webp){kind=spacer}
Sanctioning bodies like the Office of Foreign Assets Control (OFAC) maintain blacklists of crypto addresses linked to sanctioned individuals or groups. Although these blacklisted addresses number in the thousands, they represent only a tiny fraction of those associated with criminal activity.
Companies must look for distinct behavioral patterns in transactions to effectively identify bad actors. Criminals often use specific tactics or anomalies to obfuscate and launder money.
This article highlights the top ten red flags in crypto transactions, explaining what each entails, and how blockchain analytics tools can identify them in real time.
The following is a list of the biggest red flags in crypto transactions. Crypto businesses must be vigilant about these red flags to avoid interacting with criminal entities and facing regulatory repercussions.
Smurfing involves breaking large transactions into smaller ones to avoid triggering compliance alerts. For example, U.S. banks must report cash transactions exceeding $10,000 in a single day under the Bank Secrecy Act. A criminal might instead send $3,333 over three consecutive days. Similarly, smurfing in crypto aims to bypass monitoring systems to detect large, suspicious transactions.
Criminals often use multi-wallet transfers to disperse stolen funds. A peel chain furthers this concept by sending increasingly smaller amounts to additional wallets. For example, a thief may steal $1 million and distribute $100,000 to 10 wallets. From each wallet, smaller amounts are sent to others, creating layers of transactions that make the laundering trail harder to trace.
Legitimate wallet activity usually follows predictable patterns, such as holding coins for the long term or maintaining a running balance. By contrast, a criminal wallet may be drained of all funds within minutes of receiving them, signaling a temporary stopover en route to its final destination. This behavior is a key indicator of illicit activity.
Users disclose their income sources and expected transaction amounts as part of the Know Your Customer (KYC) process. A major red flag arises when trading activity vastly exceeds these declarations. For instance, an unemployed individual claiming monthly benefits under $1,000 but trading over $100,000 daily should raise serious concerns.
Countries blacklisted by OFAC, such as North Korea, are widely recognized as high-risk. However, there is also a gray list of nations subject to "increased monitoring" for strategic deficiencies in their anti-money laundering (AML) and counter-terrorism financing (CFT) policies. As of October 2024, this includes Algeria, Kenya, Nigeria, and Vietnam. Exposure to these jurisdictions can indicate attempts to exploit weaker regulatory environments.
Dark net marketplaces enable illegal trade in goods and services, from drugs to firearms. Criminals may use these platforms to launder crypto by purchasing goods and reselling them for clean fiat funds. In some cases, the goods, such as weapons, may be the ultimate goal for criminal or terrorist organizations.
Coin mixers (also known as tumblers) break the link between transactions by blending funds from multiple users. For instance, a user deposits crypto into a mixer and receives an equivalent amount from other pooled funds. Popular among criminals, these tools, like Tornado Cash, which was already brought down by the Securities and Exchange Commission in August 2022, obscure transaction trails and hinder compliance efforts.
Unlike bank accounts, individuals can create multiple crypto addresses. Blockchain analytics use clustering algorithms to identify wallets likely controlled by the same entity. Sending funds to clustered wallets could indicate wash trading to inflate coin trading volumes or obfuscate illicit transactions.
Legitimate users may move assets across blockchains to minimize fees or access specific protocols. However, rapid chain hopping is a red flag, as no analytics tool offers full coverage of all blockchains. Criminals use chain hopping to obscure their trails, especially on lesser-known chains.
Privacy coins, like Monero, prioritize user anonymity. While they appeal to those seeking decentralization, their association with criminal activity makes them a significant red flag. Criminals use privacy coins to conceal their transactions from regulatory scrutiny.
While manual screening can verify prospective users during KYC processes, monitoring thousands of crypto transactions daily is impractical. This gap is where blockchain analytics tools play a critical role.
These tools leverage rule-based engines fully customizable to a business's compliance needs. For example, a rule could trigger an alert if a wallet withdraws more than 90% of its funds within minutes of receiving them. By automating real-time monitoring, businesses can scale their efforts, identify suspicious activities, and report bad actors to the proper authorities.
Rules can also be tailored to specific jurisdictions. For instance, stricter thresholds may be applied in highly regulated regions, enabling businesses to mitigate risks while staying compliant.
The top ten red flags highlighted here are just the beginning—criminals constantly evolve their tactics. Tools like Merkle Science’s Compass offer comprehensive detection capabilities, helping businesses block suspicious transactions and report potential threats before they become liabilities.
With Compass, businesses can ensure compliance, foster a secure environment for legitimate users, and prevent criminals from exploiting their platforms. Contact us today for a free demo and stay ahead in the fight against crypto-related crime.
