Blockchain intelligence for Web3: Entity Resolution for Wallet Clusters and Exchanges

---

Why entity resolution matters now

So, if you’re getting into the Web3 scene, you’ve probably figured out that grasping "who owns what" is really crucial. It plays a big role in keeping up with market trends, staying compliant, and managing any issues that pop up. As we look toward 2025, it’s clear that a few major shifts are on the horizon that will make getting accurate entity resolution more important than ever.

• Hey, have you noticed how exchange transparency is really picking up these days? Thanks to the ongoing Proof-of-Reserves and address attestations, we've got some great anchors to help us shape those label graphs. It's pretty exciting stuff! For example, OKX has shared that they’ve got more than 650,000 verified addresses spread out across over 20 different blockchains. They even go the extra mile by publishing signed proofs that say, “Yep, I’m an OKX address.” Pretty cool, right? Plus, they've got these cool open-source verification tools to support everything. Take a look at this: (prnewswire.com). It's pretty interesting stuff!
• The user experience for on-chain activities is getting a fresh new look! So, with account abstraction--shoutout to EIP-4337 and EIP-7702 during this whole Pectra era--most user transactions are now being taken care of by bundlers and paymasters. Pretty cool, right? This is really changing the way we think about attribution and clustering patterns! From 2024 to 2025, we saw more than 100 million UserOps tied to 4337, along with some pretty noteworthy paymaster activity happening. You know, we actually noticed a big jump thanks to Base, but then things took a bit of a dip in Q1 2025. It really shifted the conversation from “who hit send” to looking more closely at the infrastructure behind it all. Want to learn more about it? Check it out here: (ethereum.org).

This post is like a go-to guide for anyone making decisions, filled with practical tips that can actually make a real impact. Let’s jump right in and explore what’s working well, where things could potentially go off the rails, and how things have changed across the big players in the industry. Plus, I’ll walk you through setting up a production-ready pipeline in just 90 days, step by step. It’ll be an exciting journey!

---

From addresses to entities: what still works (and what doesn’t)

UTXO chains (Bitcoin, Litecoin, etc.)

Core Heuristics

• Common-input ownership (CIO): So, when you come across a single transaction that has several inputs, it's often a sign that there's really just one person pulling the strings behind those inputs. Honestly, this is still the best and safest way to go. (cacm.acm.org).
• Change-address identification: You’ll find a few more traditional methods that can help connect the inputs with their unique change outputs. Just take it easy, okay? If you go overboard, you might end up with some serious mega-clusters. (cacm.acm.org).
• Miner coinbase clustering: This tool is awesome for tracking mining pools and validators. It's super helpful if you want to stay in the loop! (mdpi.com).

Where it Breaks

• CoinJoin/PayJoin is really changing the game for CIO. So, during 2024 and 2025, there were a few enforcement actions, like the ones taken against Samourai and Whirlpool, that really tightened up some of those coordinator-led flows. It was definitely a noticeable shift in how things were being managed. Hey, just a heads-up--don’t get too caught up in privacy tech like Wasabi and WabiSabi. They can definitely help, but if you're not careful and end up clustering too much, you might end up with a bunch of false positives. Just something to keep in mind! When it comes to CoinJoin-related transactions, it's a good idea to think of them as “do not merge” unless you have some strong proof to support it. For more info on this, swing by justice.gov. There's plenty to dive into over there!

The shifts happening in the regulatory scene aren’t just something to ignore; they actually carry a lot of weight. Let’s take a look at the 2022 decision by OFAC to designate Tornado Cash. This move sparked some pretty interesting legal battles afterward. It really shows how fast these risk labels can change from one place to another. It's a good idea to think of sanctions feeds as more like living, breathing features instead of rigid rules you have to follow. If you're looking for more info, just check out home.treasury.gov. It's got some great insights waiting for you!

Practical Tip

• Monitor a “mixer proximity score” that helps lower the importance of CIO connections that are too close--like within N hops--to certain mixers or well-known coinjoin coordinators. Try to steer clear of any abrupt cuts unless you're in the middle of a sanctions-screening process. (home.treasury.gov).

Account‑based chains (Ethereum, Tron, others)

Core Heuristics

• Spotting deposit-address clusters to exchanges: Keep an eye out for those unique deposit accounts that are constantly sending money to different exchange hot wallets. Those patterns are really important flags to pay attention to! Studies from universities and industry experts show that there are big, recognizable deposit networks where users often come back to use their accounts again and again. If you're curious to learn more about the findings, you can check them out here. Happy reading!
• Behavior and Interaction Patterns: Using techniques like "airdrop multi-participation" and "self-authorization" can really help you hone in on EOAs (Externally Owned Accounts). You can also use contract interaction signatures and time-based patterns to piece together the connections between related EOAs. If you're interested in digging deeper, you can find more details about it here.

Exchange anchors you can trust (examples)

If you’re on the hunt for trustworthy exchange wallets, take a peek at Etherscan’s name tags. You’ll find the big names like Binance (check out tag “14”) and the Coinbase deposit gateways. These are really popular and can be awesome jumping-off points. Just keep in mind not to depend too much on the whole label set, okay? You can check them out right here.

Another great choice is Proof-of-Reserves (PoR) disclosures, especially when they include signed address attestations. For instance, OKX gives you a comforting little message that says “I am an OKX address,” and they've also got this handy public VerifyAddress tool. It’s a nice touch that makes everything feel a bit more secure! This really sets the bar when it comes to building trust across various chains. Check it out here.

Network‑specific factors

• Tron’s USDT Gravity Well: As we head into 2025, TRON is gearing up to manage a whopping $75-80 billion in USDT. That’s a serious slice of the transfer market pie! When you dive into entity resolution on TRON, it's really all about stablecoins, isn't it? If you zero in on the TRC-20 USDT transactions going in and out of exchange clusters, you'll definitely boost your coverage. It’s a smart move! Check out more here!.
• XRP/Stellar Memos: So, when you're dealing with exchange custody, it's pretty common to come across a shared address that comes along with a destination tag or memo. It's really crucial for your entity resolver to treat "address and tag/memo" as the main key. Hey, if you notice a tag is missing, don’t rush to judgement about a new user. It’s likely just a mix-up with the deposit. Oh, and here's something cool: with SEP-29, Stellar exchanges can now actually tag “memo required” right on the blockchain itself. Pretty handy, right? If you're curious to dive deeper into this topic, check it out here. You'll find some great insights!

AA/4337 Impact

After the 4337 update, things got a little tricky when it comes to figuring out who actually did what in a transaction. Just because you see “who signed” doesn’t automatically mean it’s the same as “who sent it.” Alright, so here's the scoop: UserOperations start off offchain, and then the bundlers grab those and send them over to EntryPoint. Oh, and let's not forget--there are folks out there who can foot the bill for those gas fees!

Alright, so if you’re looking to uncover who’s really pulling the strings, you’re gonna have to dig into those UserOps logs. It’s all about connecting the dots between the bundler and the paymaster entities now, rather than just focusing on the msg.sender like you used to. Happy sleuthing!

As we glance toward 2024 and 2025, it looks like paymasters are really making a name for themselves! The numbers show that roughly 87% of UserOps in 2024 are expected to choose this option. Quite the trend, right? Also, it seems like a handful of bundlers are really taking the spotlight right now. I'm talking about names like Coinbase, Alchemy, Pimlico, and Biconomy. They’re definitely the ones to watch! It’s definitely a smart move to have a table with AA-specific labels close by! If you're curious and want to dive deeper, take a look at this article! It'll give you all the juicy details.

---

Exchange labeling: from public proofs to complete clusters

To build a solid exchange entity graph, we rely on a bunch of independent anchors.

1. Proof of Relationship (PoR) and Signed Ownership.

• Go with exchanges that are open about their address inventories and provide their signatures. A perfect example of this is OKX. They have a signed statement that says something like, "I am an OKX address," plus they also provide zk-STARK and Merkle proof repositories. Don't forget to check those details cryptographically, and grab snapshots at specific block heights. This way, it’ll be super easy for you to keep track and do some auditing down the line! (okx.com).

1. Check Out Explorer Name Tags and Label APIs! Hey there! So, if you're looking to get the Etherscan name tags (and the API) for those "Exchange" labels, that’s what you need to do! Just a heads up--take a moment to double-check those sample balances and any past activity. It’s a good way to avoid getting stuck with squatting or those super cringey vanity tags! (info.etherscan.com).

3) Characteristic Sweep Patterns

• Watch out for deposit addresses that are bringing in cash from lots of different EOAs and then are continually shuffling those funds into just a few hot or warm wallets. You’ll notice this happening pretty frequently--like every 5 to 60 minutes--with those tidy “round-number” consolidations. These patterns really give us a good sense of what's going on with exchange activity. If you want to really dive in, start by checking against a known seed, like Binance's hot wallet “0x28C6…bf21d60.” From there, you can broaden your search by analyzing the bipartite flow patterns. Happy digging! Feel free to take a look at it over on etherscan.io. You might find it interesting!

1. Attestations and Audits
   A few exchanges provide customer-verifiable Merkle proofs, and one great example is Kraken’s Proof of Reserves (PoR) process. This nifty feature helps users indirectly verify how their liabilities stack up against the reserves the exchange holds. These might not be traditional address labels, but they sure do enhance the confidence in how the exchange shows up on the blockchain. Feel free to take a look at it over at kraken.com.

5) Sanctions and Takedowns

Don’t forget to take into account things like OFAC actions--like the Garantex re-designations coming up in 2025--and any law enforcement seizures. It’s important to consider those as negative factors. We really need to prioritize down-ranking clusters that are linked to those sanctioned centralized exchanges and over-the-counter hubs. It’s a key step in keeping everything above board. When you're trying to identify successor entities, like Grinex, it's best to rely on information from multiple sources. Just make sure to double-check what's out there to confirm things! If you're looking for more info, you can find it here.

Emerging Best Practice

Hey, consider using cryptographic ownership proofs--like those PoR files and signatures--rather than just depending on heuristic labeling all the time. It adds an extra layer of security, you know? When you're able to verify ownership, it transforms what was just a guess into reliable, concrete information. This really enhances accuracy! Take a look at this link: GitHub. I think you'll find it interesting!

---

Case‑level heuristics that deliver

Check out this handy list of "ready to implement" tips that highlight the key things to watch for in 2025.

Heuristic A: Deposit‑sweep discovery (EVM chains)

Goal: Find Exchange Deposit Addresses and Their Hot Wallets

When you start exploring the world of cryptocurrency, one of the first things you'll want to do is hunt down those exchange deposit addresses and the hot wallets that go along with them. It’s a crucial step in getting your crypto game on point! Getting a grip on this can really make a difference when it comes to managing your assets in a smart way. Alright, let’s dive in and get you started! Here’s a quick guide to help you out:

1. Research Exchange Platforms: To kick things off, jot down a list of the exchanges that catch your eye. Make sure to check out their official websites or trusted info sources to get all the details about their deposit addresses.

2. Check Out Blockchain Explorers: If you want to dive into the world of blockchain, give explorers like Etherscan or Blockchain.com a try. They’re super handy for tracking down specific deposit addresses and checking out transaction histories. It’s a great way to get the info you need!

3. Look for Hot Wallets: Hot wallets are usually where people keep their crypto for everyday use since they’re online. However, tracking down their addresses can be a bit of a challenge at times. Check out some community forums or reliable groups where folks chat about wallet addresses. You’ll find a lot of valuable insights and experiences shared by other users!

4. Try Out API Services: If you're into tech and enjoy tinkering, why not give APIs from exchanges a shot? They can really open up some cool possibilities! A lot of exchanges have APIs that make it super easy to check your deposit addresses right from their platform.

5. Stay in the Loop: Just a heads up, exchange wallet addresses aren’t always set in stone; they can change from time to time. Make sure to stay in the loop with any updates from the exchanges and keep an eye out for their announcements.

Just follow these steps, and you'll be all set to find those important deposit addresses and hot wallets! Have fun exploring!

Signals

• In-degree: So, we're checking out N different funders over a span of T days. For example, N should definitely be at least 50 funders within just 7 days.
• Sweep cadence: We're aiming for a median time-to-sweep of 60 minutes or under, especially when we're dealing with a small group of recipients--think 5 people or fewer for K.
• Net flow: You can expect that over 90% of the balances will be cleared out within a day, with just a tiny bit of leftover dust remaining.
• Token mix: We should aim for a good mix of stablecoins along with a few long-tail ERC-20s that you usually find on exchanges.
• Counterparties: Check for any overlaps with the hot wallets from exchanges that we already know about - that's where we want to start! (walletfinder.ai).

Validation

• Go ahead and pick out 30 addresses that match what we're looking for. Take a look at 10 of these using explorer labels or the sets that PoR has published. Just keep adjusting those thresholds until you get at least 95% precision on that sample. You’ve got this!

Heuristic B: XRP/Stellar shared‑address pinning

Goal: Resolve the Entity at "Shared Address + Tag/Memo"

When you're trying to track down an entity using a shared address along with a specific tag or memo, it's really important to have a clear game plan. So, here's the lowdown on how to tackle this:

1. Find the Shared Address: First things first, double-check that you’ve got the right shared address that connects to the entity you're looking for. Could you take a moment to look over this and see if there are any typos or mistakes? Thanks!

2. Take a Peek at the Tag/Memo: After that, go ahead and check out the tag or memo that could help you refine your search a bit. It might have just the info you need! This is super important when there are a bunch of entries for the same address.

3. Alright, now that you have the address and the tag or memo, it’s time to put everything together and see the whole picture! Mixing these elements together will help you get a better sense of who or what you’re really trying to figure out.

4. Check Out Tools or Databases: If you’re looking to gather some info, consider using tools or databases that could really help you out. They can make compiling everything a lot easier! Services like Example Database can be super useful!

5. Check the Results: After you’ve gathered the information, take a quick second to double-check it. Just double-check that everything fits together nicely and that the entity is exactly what you need.

If you stick to these steps, you’ll be well on your way to sorting out the entity linked to that shared address and tag/memo!

Signals

Keep an eye out for multiple deposits hitting the same XRP address. You'll notice that each deposit has a unique DestinationTag, but they all get credited to just one offchain user account. Think of "address, tag" as your special identifier. It's what sets things apart! If you've got a stellar account with the config.memo_required setting turned on (that’s from SEP‑29), it means you're looking at custodial receivers. Yeah, wallets really need to block any transactions that don’t have a memo attached when it comes to those accounts. It’s just a smart move! If you want to dive deeper into the topic, check it out here: stellar.org. It's got some great info!

Edge Case

Just because a tag is missing doesn’t mean it’s something brand new. It’s really just a deposit that got miscredited. It’s a good idea to set up a recovery queue instead of just starting a whole new cluster. Trust me, it’ll save you time and hassle! ” (support.bitpay.com).

Heuristic C: TRON stablecoin funnels

Goal: Prioritize TRC‑20 USDT Flows for Coverage

Let’s make sure TRC‑20 USDT transactions really get the spotlight they need!

Key Points to Consider:

• Why Coverage Matters: USDT is super popular, so it’s really important to keep these flows well-covered. This helps maintain stability and build trust with users.
• Keeping Up with Trends: Stay on top of the latest happenings and activity in TRC-20 USDT transactions. It’s a good idea to spot any changes in how people are using it.
• Feedback Loop: Let’s make it a habit to check in with users and stakeholders for their feedback. This way, we can keep fine-tuning our approach and make sure we’re really hitting the mark for everyone involved.

If we focus on these workflows, we can really boost the quality of our service and better support our TRC‑20 USDT users. Let’s get to work!.

Signals

Since USDT is really taking the lead on TRON, with projections showing over $75 billion in circulation by 2025, it seems like a smart move to prioritize the USDT pathways first. By doing it this way, you'll be able to track most of the cash coming in and going out on exchanges. Make sure you focus on USDT transactions more than those with other tokens. If you want to dive deeper into this, you can find more info right here: (coindesk.com).

Compliance Overlay

Make sure to stay alert about those sanctioned hubs where stablecoin issuers are hitting pause on certain assets. This includes things like wallet blocks connected to exchanges that have been sanctioned. Wow, those frozen events really mix things up in the outflow graph dynamics! (reuters.com).

Heuristic D: 4337 attribution

Goal: Attribute "Who Initiated" When a Bundler Submits the Txn

When a bundler gets involved to submit a transaction, it's super important to figure out who started the whole process. This can really help with keeping track of things, making sure everyone’s accountable, and boosting transparency throughout the whole transaction process.

Why This Matters

• Accountability: It's really important to know who kicked off the transaction because that way, we can hold the right people responsible, especially when problems come up.
• Transparency: When folks can see who's making the decisions, it really helps build trust in the whole system.
• Data Analysis: You can totally use this info for analytics. It’s a great way to boost user experience and tweak your services as you go along!

How to Implement

1. Capture Initiator Info: Make sure the bundler keeps track of who kicked off the transaction right from the get-go.

2. Add Metadata: When you’re submitting the transaction, make sure to include the details of the person who started it in the metadata.

3. Review Process: Let’s create a regular review system to take a look at the initiator data every so often. This way, we can keep track of everything and make sure we're staying on top of things! This might help us spot trends or patterns that we wouldn’t have noticed otherwise.

4. Help Users Get It: It's really important to show users why this attribute matters and how it can actually make their lives easier.

If we make "who initiated" a regular part of every transaction, we can really improve the whole process and make it a lot easier for everyone to use.

Signals

• Break down EntryPoint events so we can grab the sender's smart account, factory, and paymaster. Make sure to create and regularly update label tables for the big players in the industry, like Coinbase, Alchemy, Pimlico, and Biconomy. Keeping these tables fresh will help you stay on top of things! When you're clustering at the user level, make sure to keep an eye on the smart account address. And if you’re looking at B2B risk, definitely focus on the paymaster. (medium.com).

---

Cross‑chain flows: bridges as “connective tissue”

Bridges have become the go-to solution for handling laundering and UX rails. Plus, when it comes to entity resolution, it’s super important to keep an eye on messages as they hop from one chain to another.

Alright, let’s kick things off by finding the main bridges for each network. This covers stuff like Base’s L2StandardBridge for both Layer 1 and Layer 2, plus the Base‑Solana bridge contracts. You can think of these bridge contracts as little “portals.” Just a heads-up to keep the entity label consistent while you're making those jumps! If you want to explore more details, just check it out here. Happy reading! So, based on what TRM looked into for 2025, it seems like there’s a clear shift happening. People are starting to steer away from mixers and are instead opting for cross-chain bridges when it comes to hiding their transactions. Alright, so when you’re planning those routes that involve a lot of bridges, don’t forget to check if your resolver can provide an “obfuscation score.” It’s super helpful! "This really matters when you’ve got a lot of hops going on and things start to get a bit scattered." Want to dive deeper into the topic? You can take a look at the complete report here.

• Label: “CEX‑A on Ethereum” (based on info from Etherscan/PoR). Make sure to monitor any withdrawals that are crossing over to Base using the L1StandardBridge. After that, take a look at how things are going on Base, especially with a known hot wallet labeled “CEX‑A on Base.” It’s a good idea to tie everything together under one label for clarity when you're wrapping up the details. (docs.base.org).

---

Quality control: how to know your clusters are right

Metrics that Matter

• Kick Things Off with Precision: You know, it's really all in the little things. Make sure you use PoR sets, signed messages, or tags that explorers have verified to nail down your ground truth.
• Gini Impurity for Tags in Each Cluster: If your Gini score is close to zero, that’s a good sign--it indicates that your data is pretty pure. On the flip side, if you start seeing that Gini score climb, it might be a red flag that your data is getting a bit too jumbled. Don't forget to keep an eye on those Gini values and any shifts in the thresholds! (mdpi.com).
• Look for Consistency Over Time: Your entity graphs need to stay pretty stable for about 30 to 90 days. If you’re seeing a lot of churn, it might just mean you’re chasing after short-term trends instead of really focusing on the bigger picture.

Nuisance Patterns to Watch Out For

• Too Aggressive Change Heuristics (UTXO): These might end up causing the formation of huge super-clusters. Let’s play it safe here. Going with CIO is definitely the more dependable choice! Check it out here.
• CoinJoin/Whirlpool Residues: Honestly, it's a good idea to either leave these out of your analysis or really lower their impact. Hey there! Just a heads up--recent happenings like arrests and sentencing have really changed the game. So, make sure you tweak your model to keep up with those time-sensitive policy updates. If you want to dive deeper into this topic, check out the details here. You’ll find all the info you need!
• FIFO/Temporal Linkers on Mixers: There's definitely some promise here, but just be cautious as you explore. So, some research from 2025 suggests that using FIFO matching might increase the risk of deanonymization. Because of that, it’s smart to back up your findings with a few different signals for confirmation. Want to explore the research a bit more? Check it out here! You might find some interesting insights!

---

Architecture blueprint: your 90‑day build

What You Need to Set Up a Production-Grade Resolver for BTC, ETH-Family, TRON, and XRP/Stellar

Setting up a reliable production-grade resolver for Bitcoin, Ethereum, TRON, and XRP/Stellar is definitely no easy feat. It can be quite the challenge! Here’s a quick overview of what you’re going to need to get things rolling:

1. Technical Requirements

• Infrastructure: It’s super important to have a cloud provider you can trust or some solid on-premise servers that can keep things running smoothly, especially when it comes to handling lots of users and scaling as you grow.
• Blockchain Nodes: Make sure to set up and keep running full nodes for all the blockchains you're interested in, like Bitcoin (BTC), Ethereum (ETH), TRON, and XRP/Stellar. This is super important when it comes to searching for information and sending transactions.
• Network Connections: Make sure your setup is linked up with all the right RPC endpoints, and double-check that you've got enough bandwidth to handle the traffic you expect.

2. Software Components

• Resolver Software: Depending on what you're trying to do, you might need to create or connect some resolver software that can smoothly handle multiple blockchains at once. Check out some libraries that work well with multi-chain setups.
• APIs: You can totally use APIs, like Web3 for Ethereum or any other blockchain-specific ones, to chat with the nodes and pull in the data you need.
• Database: Create a solid database to keep track of transaction data, user info, and any other important details. You might want to think about using something like PostgreSQL or MongoDB if you're looking for a little more flexibility in your setup.

3. Security Measures

• Encryption: Make sure to use SSL/TLS for encrypting data while it’s being transferred. This way, you can protect any sensitive info and keep it stored safely.
• Access Control: Make sure to set up robust access controls and authentication methods. This way, you can keep a tight lid on who gets to interact with your resolver.
• Monitoring and Alerts: It’s a good idea to set up a monitoring system to track how your nodes and resolvers are doing. You’ll want to get alerts if anything weird pops up, so you can jump on it right away.

4. Additional Considerations

• Testing: Before you hit that live button, take some time to really test your setup in a staging environment. It’s super important to iron out any kinks first! Make sure to check out all the features, like how transactions are processed, how errors are managed, and how well it scales.
• Documentation: Make sure to jot down everything about your architecture, how you set things up, and any APIs you're working with. It’ll save you a lot of headaches down the road! This is going to be a game-changer when it comes to keeping things running smoothly and making updates down the line.
• Community Resources: Make sure you check out local resources and online forums. They can be super helpful! They're awesome spots for troubleshooting and swapping best practices with others who are in the same situation.

Once you've got everything set up, you're really going to be on track to build a solid production-grade resolver for BTC, ETH-family, TRON, and XRP/Stellar. It’s an exciting step forward! Good luck!.

Days 1-15: Data and Anchors

Alright, let’s dive into what you’ll need for those first few weeks!

• Nodes/Indexers: Just a heads up, you'll want to have archive/API access set up for BTC, ETH (both Layer 1 and Layer 2), TRON, and XRP/Stellar. It's super important for smooth operations!
• Seed Labels: Hey, take a look at the PoR repositories and the signed address lists--like the ones from OKX. They're a solid example to check out! Oh, and don’t forget to check out the VerifyAddress tools! They’re super handy. You can learn more about them here. Trust me, it’s worth a look!
• Don’t forget to use the explorer tags too! Etherscan has some pretty handy exchange label sets that you can tap into using their API. If you're looking for more details, check this out here. It’s got everything you need! Make sure to stay on top of the sanctions feeds, especially the OFAC SDN updates and anything going on with mixers or exchanges. It’s important to keep track of those developments! If you're looking for the latest updates, just hop over to this link: home.treasury.gov. It's got all the info you need!
• Storage and Compute: You might want to consider using something like Spark or Cassandra for your lakehouse. They could really work well for you! If you're looking to get a better grasp on scale profiles, the open-source GraphSense stack is definitely worth checking out! It's a solid resource that really helps make things clearer. If you want to dive deeper into it, check it out here. It's got all the details you need!

Days 16-45: Heuristics and Graph

Hey everyone! We're really excited to jump into how we're rolling out CIO and conservative change heuristics for UTXO. And guess what? We’re also throwing in mixer proximity scores to the mix! If you’re curious to learn more about it, feel free to check out the details here.

• So, our next move is to roll out deposit-sweep clustering for EVM, all while keeping our thresholds in check. We're excited to announce that we're launching the 4337 decoder along with the bundler and paymaster tables! If you're curious and want to dive deeper into the topic, just click on this link. It’s got all the juicy details you need!
• We're excited to let you know that we're adding those XRP/Stellar composite keys--yep, the ones with the address and tag/memo combos! Plus, we’re also throwing in SEP-29 detection for good measure. Hey, you might want to swing by stellar.org to catch the latest updates. There's some interesting info there about fixing those memo-less payments!
• And last but not least, we’re rolling out bridge-aware pathfinding! This will include not just the usual Base standard bridges, but also some other well-known L2 bridges too. If you want to dive deeper into this, you can check out more details here.

Days 46-75: Evaluation and Feedback

• Create a labeling workbench: Make sure it shows things like cluster purity (Gini), PoR overlap, explorer-tag overlap, and how close we are to any sanctions. If you’re looking for more info, feel free to check it out here: mdpi.com. Happy exploring!
• Human-in-the-loop rules: Just a heads-up, it’s super important to have at least two independent anchors--like a signed address and a sweep motif--before you start labeling anything as “trusted.” ”.

Days 76-90: Operationalization

• Streaming updates: We're rolling out Kafka-style ingestion to grab new transactions as they come in, along with daily re-scoring to keep things updated and accurate.
• Alerting: Picture alerts like “first touch from a sanctioned hub” or “a cashout pattern that involves both bridge and CEX.” "According to insights from TRM and Chainalysis, it looks like bridges have turned into a hotspot for shady activities. So, let’s keep an eye out and make sure we flag any of those sequences!" If you want to dive deeper into this topic, check out their 2025 Crypto Crime Report. It’s packed with insights!
• Data products: We’re excited to announce that we're launching entity-level flows sorted by asset and chain! Plus, we’re introducing risk-scored counterparties and handy dashboards that give our BD, compliance, and intel teams a clear picture of “who owns what.” It's all about making their lives easier and enabling smarter decision-making. Nansen’s label and entity concepts are super useful when it comes to thinking about user experience. If you're interested in diving deeper, you can find more details in the Nansen core concepts. It's a great resource to help you get to know the basics!

---

Example 1: Growing a Binance Cluster on Ethereum

Let's start by checking out some hot wallets that you can find on Etherscan. For example, you might see something like “Binance 14” with the address 0x28C6…bf21d60. It's a good way to get a feel for what's going on! Alright, here’s the plan. First, we need to track down those deposit addresses that have 50 or more unique funders coming in during a week. Then, we want to see which of these addresses are consistently moving over 90% of their incoming funds to 0x28C6… or any other wallets that are close by, all within an hour. Let's dive in! Alright, the last step is to take a look at 30 samples and see how they stack up against the explorer tags.
When you find some matches, go ahead and add them to your “trusted deposit” list. This will help you expand the entity's reach even further! (etherscan.io).

Example 2: Coinbase Deposit Gateway Recognition

Alright, so you’ve got your Coinbase deposit address tagged on Etherscan, which you’re calling “Coinbase 33.” This is where your journey begins! Your task? Go find those upstream EOAs that just can't help but keep sending funds to this specific address category repeatedly. After you’ve nailed that, take a look at the internal sweep patterns from the exchange. It’s pretty interesting to see how they handle their warm and cold wallets! Just make sure to keep everything sorted by function--like “deposit,” “hot,” and “cold.” It’ll make things a lot easier to find later on! Feel free to check out the address here.

Example 3: Bridge‑to‑CEX Cashout on Base

• Keep an eye out for those L1 to Base bridge actions, like L1StandardBridge and L2StandardBridge.
  Keep an eye on the receiver over on Base, and make sure to watch for those quick transfers heading to a known CEX hot spot on Base. Just remember to connect the cross-chain movement back to the same entity. (docs.base.org).

Example 4: TRON USDT Retail Funnels

• Keep an eye on TRC-20 USDT transfers going to and from those specific exchange clusters. We’re really excited about how much these are likely to outshine the non-stable flows. Just think about it--there’s over $75 billion in USDT expected to be on TRON by 2025! That's pretty impressive, right? (coindesk.com).

---

Risk and compliance notes for decision‑makers

• Sanctions are really stirring the pot. So, the OFAC has been taking some pretty serious steps against risky exchanges. For instance, when they re-designated Garantex and then Grinex in 2025, it created some interesting splits in the entity graphs. It's super important to keep track of lineage in a clear way and make sure to use labels that are tied to specific timeframes. (home.treasury.gov). So, when we talk about mixers, coins, and courts, Tornado Cash is really going through some ups and downs legally, and it seems like the situation is shifting depending on where you look. Think of mixer adjacency not as a definitive verdict, but more like a risk factor to keep in mind. (reuters.com). Bridges are the latest thing in mixing! TRM’s 2025 report highlights some interesting trends. Apparently, ransomware folks and other shady characters are now shifting their money-laundering strategies from mixers to cross-chain bridges. So, it might be a good idea to tweak your monitoring budgets to keep up with this change. Staying ahead of the game is key! (trmlabs.com).

---

Common pitfalls (and how to avoid them)

• So, when we're talking about merging UTXO clusters, we definitely need to be a bit careful with those strict change rules. Let's stick with the CIO as our main signal for now and hold off on any change-based merges until we reach those quality standards and mixer proximity scores we're aiming for.
  If you want to dive deeper into the details, you can find more info here. Happy reading! When you're dealing with shared custodial addresses on XRP or Stellar, it's super important to think of them as if they're just one single user. That's the best way to manage things effectively. Hey, just a quick reminder--make sure to add a tag or memo to the entity key every time! It's super helpful! If you're curious to dive deeper into the topic, check it out here. It's a great resource!
• We should definitely watch out for mistakenly attributing those 4,337 transactions. It’s super important to have the bundler/paymaster decoding as a key feature in EVM resolvers. If we overlook that, we could end up giving credit to the infrastructure for activities that really should be credited to the actual controlling entity. Check it out here.

---

What “good” looks like in 2025

When we chat about exchange coverage, we're really focusing on verified anchors. It’s all about things like Proof of Reserves (PoR) and signed addresses, instead of just leaning on some guesswork. OKX really nails it when it comes to transparency. You can see it in how they handle their public address lists, their signatures, and their open-source proof of reserves (PoR) verification. It’s a solid example of putting these practices into action! If you're collaborating with other exchanges, don't forget to encourage them to share similar proofs too. It's important for us to maintain that level of transparency! (okx.com). Our entity graphs are pretty clever--they're tuned in to things like bridges, mixers, and account abstraction (AA). They also take into account things like the roles of bundlers and paymasters, the contracts for canonical bridges, and how sanctions come into play. It's just part of the game! Check out this article on Medium for all the details. It dives into ERC-4337 and what to expect in 2024, plus it covers the launch of OpenZKS and the Arcana S chain abstraction SDK. Definitely worth a read if you're keeping up with the latest trends! We’re always keeping an eye on quality by checking out a few key things, like how precision stacks up against our PoR and explorer seeds, Gini impurity, and the overall stability over time. Absolutely! We keep updating the labels as we move along. (mdpi.com).

---

Brief deep dive: FIFO and temporal heuristics on privacy systems

Recent research has revealed that even the most reliable privacy tools can still end up leaking your info based on how you use them. In a cross-chain study on Tornado Cash from 2025, researchers discovered that there’s about a 5-12% chance of connecting transactions. This likelihood often comes from users reusing their wallets and their overall behavior. It's pretty interesting how even in the world of crypto, patterns can reveal so much! Oh, and if you use a FIFO (first in, first out) matching rule, you can expect an additional boost of 15 to 22 percentage points. Pretty cool, right? This really shows why it’s so much better to use a bunch of different signals to connect the dots in your data, instead of sticking to just one approach. It's definitely a good idea to use temporal matchers for grabbing leads, but before you go ahead and call something "trusted," it's super important to get some independent confirmation. Feel free to dive into more details by checking this link here.

---

Your next 30-90 days: an actionable checklist

Hey team, let’s gather the PoR and those signed address sets for our top counterparties. We can then run a program to verify those signatures automatically. (github.com). Let's get a CIO in place and establish some cautious change guidelines for BTC. We'll take care of deposit-sweeping and AA decoding for EVM, plus we'll make sure to label and memo the keys for XRP and Stellar. Oh, and let’s go ahead and set up USDT-first clustering for TRON! (cacm.acm.org). Let’s take bridges to the next level! We should really focus on indexing those key bridge contracts and making sure we apply the right entity labels across various chains. It’s time to give them the attention they deserve! (docs.base.org). Let’s think about adding some features that deal with sanctions proximity. It might also be a good idea to come up with a mixer or bridge obfuscation score while we're at it. (home.treasury.gov). When you're assessing things, make sure to use Gini impurity and take a look at any overlap between PoR and the explorer. We'll need two independent anchors to really consider it “trusted” for promotion. (mdpi.com).

---

How 7Block Labs can help

We've built some awesome pipelines for exchanges, layer twos, and fintechs! We're talking about everything from fast PoR-seeded exchange maps to AA-aware EVM resolvers and tracking cross-chain bridges. It's all about making things smoother and more efficient! If you need a pilot program that really gets results in just 90 days and can smoothly sail through audits, we’ve got everything you need in our playbook and code. Ready to dive in? Let’s do this!

---

Sources and further reading (selected)

• **So, where do we stand with account abstraction? Let’s dive into EIP-4337 and EIP-7702, plus take a look at how it's being adopted out there. Hey, be sure to take a look at ethereum.org. It’s got some really interesting stuff!
• **Old-school and new-age clustering techniques (Bitcoin, Ethereum).
  Check out all the juicy details over at cacm.acm.org! You'll find some really interesting stuff there.
• Exchange labeling: So, you've got Etherscan tags, which help identify transactions on the Ethereum network. Then there's OKX, which uses Proof of Reserves (PoR) along with signed address verification to offer some transparency. And let's not forget Kraken; they've got some pretty solid examples of PoR too. It's all about keeping things clear and trustworthy in the crypto world! If you’re looking for a solid overview, definitely check out info.etherscan.com. It's got a lot of useful info!
• **The dominance of TRON’s stablecoin and what it means for operations. Hey, you should definitely check out the insights on this topic over at coindesk.com. There's some really interesting stuff in there!
• Sanctions and enforcement: Let's talk about Tornado Cash and Garantex/Grinex. **Check out the latest updates straight from home.treasury.gov!
• **Mixer and privacy system leaks (FIFO time-based matches). Hey, if you're interested in this topic, you might want to take a look at the findings over at arxiv.org. It's definitely worth checking out!

---