Chainalysis used an IP-scraping block explorer to aid law enforcement, leaked docs say


Documents leaked on the dark web and first reported by CoinDesk's Danny Nelson show Chainalysis advertising its use of an affiliated wallet explorer as a means of gathering IP information to aid in police investigations.

The deck — allegedly from a presentation to Italian law enforcement — noted that the firm had used to gather useful IP information on cryptocurrency users who had gone on the site:

"Using this dataset we were able to provide law enforcement with meaningful leads related to IP data associated with a relevant cryptocurrency address. It is also possible to conduct a reverse lookup on any known IP address to identify other BTC addresses. It can also collect data from a data form address that has yet to transit the Blockchain — that is, the BTC address provided as part of a kidnapping or life-threatening investigation — if the suspect checks their address."

Neither the date for the presentation or the time of the creation of the materials is currently available. The original leak involved a cache of documents allegedly obtained from the Italian Guardia Di Finanza's Nucleo Speciale Frodi Tecnologiche's dark web team. 

The leaked materials identify the presentation as a component of an investigation into Berlusconi Market. Berlusconi Market was a darknet market that Italian authorities took down in 2019.

Chainalysis declined to comment or confirm the authenticity of the deck.

Though unadvertised by Chainalysis, the site itself draws a connection between its developer, Aleš Janda, and the analytics company, which has long stoked controversy among some quarters of the crypto community. Janda joined Chainalysis as a developer and researcher in 2015, according to LinkedIn, and a note posted at the bottom of advertises the blockchain analytics service: 


A snapshot archived by The Wayback Machine indicates that the text referring to Chainalysis has been live since as early as January 2016. 

Janda's work at the firm is also discussed on the explorer's info page:

"Name database is NOT updated (except some very rare cases) since 2016, so it's been a pretty long time now. The reason is that I created WalletExplorer and its database in my free time. Then I joined, which basically does the same product (but far more advanced) and I'm paid for discovering names. While I'm paid for it, I can't disclose names publicly. Ask Chainalysis if you want data with newer names."

However, the site's contents make no reference to its use as part of Chainalysis's service offering, let alone its alleged contributions to law enforcement investigations.  

Chainalysis is the largest of the major blockchain analytics firms. Just this morning, the U.S. Treasury announced sanctions against a Russia-based crypto exchange, blacklisting wallet addresses that Chainalysis had helped identify.

The full leaked deck can be found below:

Chainalysis Dek for Italian... by Mike McSweeney

Trending Stories

Get Your Crypto
Daily Brief

Delivered daily, straight to your inbox.

The Era of dFMI for Institutional Digital Asset Markets

Post-trade in capital markets today operates primarily based on provision of balance-sheet to off-set counterparty risk, either directly or indirectly, via settlement agents, CCPs and CSDs etc.  The issues with this ‘hub and spoke’ model are well known, including the resulting massive duplication of data, bifurcated processes, concentration of risk and subsequent deployment of capital and resources that could be better utilized. 
Read Full Story
Sponsored Post

Retail traders are here to stay, says eToro's US CEO

On this episode of The Scoop, eToro's newly appointed US lead Lule Demmissie explained why she doesn't see retail's newfound presence in the market subsiding anytime soon and how eToro plans to capitalize on growing the business across cryptocurrencies and stock trading.
Read Full Story
Jan 26, 2022, 4:23PM UTC