Chainalysis used an IP-scraping block explorer to aid law enforcement, leaked docs say
Documents leaked on the dark web and first reported by CoinDesk's Danny Nelson show Chainalysis advertising its use of an affiliated wallet explorer as a means of gathering IP information to aid in police investigations.
The deck — allegedly from a presentation to Italian law enforcement — noted that the firm had used WalletExplorer.com to gather useful IP information on cryptocurrency users who had gone on the site:
"Using this dataset we were able to provide law enforcement with meaningful leads related to IP data associated with a relevant cryptocurrency address. It is also possible to conduct a reverse lookup on any known IP address to identify other BTC addresses. It can also collect data from a data form address that has yet to transit the Blockchain — that is, the BTC address provided as part of a kidnapping or life-threatening investigation — if the suspect checks their address."
Neither the date for the presentation or the time of the creation of the materials is currently available. The original leak involved a cache of documents allegedly obtained from the Italian Guardia Di Finanza's Nucleo Speciale Frodi Tecnologiche's dark web team.
The leaked materials identify the presentation as a component of an investigation into Berlusconi Market. Berlusconi Market was a darknet market that Italian authorities took down in 2019.
Chainalysis declined to comment or confirm the authenticity of the deck.
Though unadvertised by Chainalysis, the site itself draws a connection between its developer, Aleš Janda, and the analytics company, which has long stoked controversy among some quarters of the crypto community. Janda joined Chainalysis as a developer and researcher in 2015, according to LinkedIn, and a note posted at the bottom of WalletExplorer.com advertises the blockchain analytics service:
Source: WalletExplorer.com
A snapshot archived by The Wayback Machine indicates that the text referring to Chainalysis has been live since as early as January 2016.
Janda's work at the firm is also discussed on the explorer's info page:
"Name database is NOT updated (except some very rare cases) since 2016, so it's been a pretty long time now. The reason is that I created WalletExplorer and its database in my free time. Then I joined Chainalysis.com, which basically does the same product (but far more advanced) and I'm paid for discovering names. While I'm paid for it, I can't disclose names publicly. Ask Chainalysis if you want data with newer names."
However, the site's contents make no reference to its use as part of Chainalysis's service offering, let alone its alleged contributions to law enforcement investigations.
Chainalysis is the largest of the major blockchain analytics firms. Just this morning, the U.S. Treasury announced sanctions against a Russia-based crypto exchange, blacklisting wallet addresses that Chainalysis had helped identify.
The full leaked deck can be found below:
