How Detectives Actually Trace Cryptocurrency Transactions

In February 2022, the Department of Justice announced the largest financial seizure in U.S. history: $3.6 billion in stolen Bitcoin, recovered from a couple living in a Manhattan apartment. Ilya Lichtenstein and Heather Morgan — a tech entrepreneur and a self-described "crocodile of Wall Street" who made cringeworthy rap videos on YouTube — had been sitting on roughly 120,000 Bitcoin stolen from the Bitfinex exchange back in 2016.

The total value of what they stole? Roughly $4.5 billion at the time of their arrest. They'd spent years running the coins through thousands of transactions, darknet markets, privacy wallets, and fictitious identities. Elaborate doesn't begin to describe it. They created shell companies in multiple countries. They converted Bitcoin to gold coins, Walmart gift cards, and NFTs. They used automated programs to move funds through thousands of wallets.

And it didn't matter. Federal agents traced every single transaction on the blockchain, untangled the entire laundering web, and showed up at their door.

Because Bitcoin isn't anonymous. It never was.

The myth that won't die: "Crypto is untraceable"

The myth that cryptocurrency is untraceable is genuinely one of the dumbest ideas in criminal history. It's persisted for over a decade, and it has sent more people to prison than any single misconception about technology I can think of.

Here's the reality. Bitcoin doesn't hide your transactions — it broadcasts them. Every single Bitcoin transaction that has ever occurred is recorded on a public ledger that anyone in the world can read. Right now. For free. It's called the blockchain, and it is, by design, a permanent, immutable, transparent record of every movement of every coin since the network launched in January 2009.

What Bitcoin offers isn't anonymity — it's pseudonymity. Your wallet address isn't your name. It's a long string of characters like 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa. So yes, technically, no one can look at that string and immediately know it's you. But the moment that wallet interacts with anything tied to your real identity — an exchange where you showed your driver's license, a merchant who shipped something to your address, a bank account you used to buy the coins — the pseudonym is cracked. And once it's cracked, investigators can trace every transaction that wallet ever made, backward and forward, forever.

It's the worst possible tool for crime. You'd literally be better off using cash.

How blockchain analysis actually works

This gets technical, but stick with me — the techniques are genuinely fascinating.

Blockchain analysts use several core methods to trace cryptocurrency. The most fundamental is clustering. When you make a Bitcoin transaction, the protocol often combines multiple inputs (different wallet addresses you control) into a single transaction. Analysts can observe these patterns and determine that multiple addresses actually belong to the same person or entity. One transaction can blow the cover on dozens of wallets at once.

Then there's transaction graph analysis. Picture every wallet as a dot and every transaction as a line between dots. Now zoom out. You're looking at a massive web — billions of connections — and analysts can trace the flow of funds through this web like following a river through tributaries. Even when someone splits their Bitcoin into hundreds of smaller amounts and routes them through dozens of wallets, the graph preserves the trail.

Taint analysis tracks the "dirtiness" of coins. If Bitcoin is stolen from an exchange, every coin in that theft is marked. As those coins move through the network, the taint follows. Even if the stolen coins get mixed with clean ones, analysts can calculate what percentage of any given wallet's balance originated from the theft. Courts have upheld this as evidence.

And here's the part that really gets criminals: exchange KYC requirements. KYC stands for Know Your Customer — the legal requirement that financial institutions verify who their customers are. Every major cryptocurrency exchange — Coinbase, Binance, Kraken — requires a government ID, a photo, and often a proof of address. These exchanges are the "on-ramps" and "off-ramps" between real money and crypto. The moment you buy Bitcoin with your bank account or cash out to dollars, your real identity is permanently connected to a wallet address in the exchange's records.

Think of it this way: it's like leaving footprints in wet cement that never dries. You can walk a thousand miles and change your shoes every block. The footprints still lead right back to where you started.

The tools real investigators use

You might think blockchain analysis requires some genius-level code-breaking ability. It doesn't — at least, not anymore. The field has been professionalized and industrialized. There are now multi-billion-dollar companies whose entire business is mapping the cryptocurrency landscape for law enforcement.

Chainalysis is the biggest. Founded in 2014, they've become the go-to blockchain analytics platform for the FBI, IRS Criminal Investigation, DEA, Secret Service, and law enforcement agencies in over 70 countries. Their software, Chainalysis Reactor, lets investigators visualize transaction flows in real time, identify wallet owners, and trace funds across blockchains. They've mapped hundreds of millions of wallet addresses to real-world entities — exchanges, darknet markets, ransomware groups, scam operations, sanctioned entities. When Bitcoin moves, Chainalysis can usually tell you where it came from and where it's going.

Elliptic, based in London, does similar work and has a particular focus on compliance for financial institutions. Their dataset covers over 98% of all crypto transaction volume. CipherTrace (now owned by Mastercard) provides blockchain analytics to both law enforcement and the private sector.

What makes these tools so powerful is their databases. Years of painstaking work have gone into identifying which wallets belong to which entities. Every time a darknet market gets seized, every time a ransomware gang gets busted, every time an exchange cooperates with a subpoena — that data gets fed into the system. The picture gets clearer every day.

An FBI agent in 2025 doesn't need to manually trace transactions through a block explorer. They pull up Chainalysis Reactor, paste in a wallet address, and the software draws them a map.

Real cases that got cracked

The theory is one thing. The track record is what should terrify anyone thinking about using Bitcoin for crime.

Colonial Pipeline — $4.3 million recovered

In May 2021, the DarkSide ransomware gang shut down the Colonial Pipeline, which supplies nearly half the fuel for the U.S. East Coast. The company paid 75 Bitcoin — about $4.3 million — as ransom. The FBI recovered $2.3 million of it within a month. Let that sink in. A Russian cybercrime group extorted millions in Bitcoin, and the FBI clawed back over half of it by tracing the funds to a wallet whose private key they were able to seize. The details of how they obtained the key remain partially classified, but the blockchain tracing that got them to the right wallet was done with standard analytics tools.

Silk Road — $183 million in Bitcoin traced

Ross Ulbricht ran the Silk Road, the first major darknet marketplace, from 2011 to 2013. The FBI didn't just shut it down — they traced $183 million in Bitcoin transactions to Ulbricht's personal wallets. In 2020, the DOJ seized an additional $1 billion in Bitcoin connected to an unknown Silk Road hacker, traced through blockchain analysis seven years after the marketplace was shut down. Seven years. The blockchain doesn't forget.

The Twitter hack — teenagers caught through Coinbase

In July 2020, someone took over the Twitter accounts of Barack Obama, Elon Musk, Bill Gates, and others, posting a Bitcoin scam that collected about $120,000. The perpetrators turned out to be three teenagers. They were caught in under two weeks. How? They'd sent the Bitcoin to Coinbase accounts tied to their real identities. The blockchain trail from the scam wallets to their exchange accounts was trivially short. One of them, 17-year-old Graham Ivan Clark, was arrested at his Tampa apartment.

PlusToken — $2 billion Ponzi traced by Chinese police

PlusToken was a massive cryptocurrency Ponzi scheme that defrauded millions of investors across Asia out of roughly $2 billion. When Chinese police took down the operation in 2019, they traced the Bitcoin and Ethereum through a labyrinth of wallets, mixing services, and over-the-counter trades. The blockchain analysis was so thorough that when the seized Bitcoin was eventually moved (likely by the Chinese government liquidating it), the transactions were large enough to visibly affect the market.

Privacy coins and mixers: harder, not impossible

At this point you might be thinking: "Okay, Bitcoin is traceable. But what about privacy coins? What about mixers?"

Fair question. These technologies exist specifically to make tracing harder, and they do work — to a degree.

Mixers (also called tumblers) take Bitcoin from multiple users, pool it together, and redistribute it so that the connection between sender and receiver is obscured. Think of it as a bunch of people throwing their cash into a pile and everyone grabbing different bills. Tornado Cash did this for Ethereum and was one of the most popular mixing services until the U.S. Treasury sanctioned it in August 2022, making it illegal for Americans to use. Its developer, Alexey Pertsev, was convicted of money laundering in the Netherlands.

Monero is the most well-known privacy coin. Unlike Bitcoin, Monero uses ring signatures, stealth addresses, and confidential transactions to hide the sender, receiver, and amount by default. It's genuinely more private than Bitcoin. The IRS even offered a $625,000 bounty to anyone who could crack Monero tracing, and at least two firms — Chainalysis and CipherTrace — have claimed partial success.

But here's the thing: harder doesn't mean impossible. The FBI has demonstrated the ability to trace funds through mixers in multiple cases. Chain-hopping — converting Bitcoin to Monero and back — still leaves traces at the conversion points. And any time privacy coins touch an exchange, KYC requirements create a link to a real identity. In the Bitfinex case, Lichtenstein used a staggering array of privacy techniques — mixers, chain-hopping, darknet deposits, fictitious identities — and every single one was eventually unraveled.

The investigators aren't standing still either. Every year, the analytical tools get better. Every bust generates new data that makes the next investigation easier. The arms race between privacy technology and forensic analysis continues, but the track record strongly favors the investigators.

Why criminals keep making the same mistake

Given everything above, you'd think criminals would stop using Bitcoin. Some have. The smarter ransomware groups have moved to Monero. But a huge number of criminals continue to use Bitcoin, Ethereum, and other fully traceable cryptocurrencies, because the myth of untraceability is incredibly persistent.

Part of it is the Dunning-Kruger effect in action. People hear "decentralized" and "no bank" and conclude "untraceable." They read a breathless article from 2013 about Bitcoin being the currency of the dark web and assume that's still the whole picture. They don't understand that "decentralized" means the ledger is public, not private. They don't understand that "no bank" means no bank standing between you and law enforcement — the records are right there, open to anyone.

And part of it is that the launderers who do understand the technology overestimate their own ability to stay ahead of the tools. Lichtenstein and Morgan clearly understood the risks — their laundering operation was genuinely sophisticated. But they were up against teams of analysts with purpose-built software, years of accumulated intelligence, and the ability to subpoena every exchange on the planet. Sophistication isn't enough when the underlying technology is working against you.

The bottom line

Cryptocurrency tracing has gone from a niche curiosity to one of the most powerful tools in modern law enforcement. Billions of dollars in stolen and laundered crypto have been recovered. Entire criminal networks have been dismantled because someone thought moving money on a public ledger was a good idea.

The blockchain is not a place to hide. It's a place to be found.

If you're interested in what this actually feels like — tracing wallets, following transactions, connecting addresses to suspects — DetectiveOS includes a blockchain tracing tool called ChainScope. It's simplified for gameplay, not a real forensic platform, but it captures the core mechanic: following the money until it leads you to a killer. It's surprisingly satisfying when the pieces click.

"Follow the money. You don't know where it's gonna take you." — that advice from All the President's Men has never been more literal than it is in the age of blockchain.