Blockchain money flow patterns (part 1)

Untitled

In my work developing anti-fraud systems, a common misunderstanding I've encountered is the belief that "If we can't identify fraud, we can't automate its detection." To address this, we've developed a tool specifically designed to visualize and analyze the flow of money within the Ethereum network. This tool aids us in researching fraud patterns and conducting various investigations.

Today, I’ll walk you through three patterns—two straightforward and one quite complex. While not outright fraudulent, many organizations couldn’t accept funds that pass through these types of crypto-wallets.

A Simple Chain of Transfers

Untitled simple chain of transfers

In this straightforward example, four ethereium-wallets pass around substantial sums—between $160,000 and $190,000 across just three transactions. What if we simplified tracking by directly connecting the first and last wallets? This shortcut would allow reduce traversing complexity and allow clarify the end point of the money.

Hidden Funds with One-Time Wallets

Untitled one-time-use wallets

Check this out: Our target wallet is funneling money through a few one-time-use wallets, each making just two moves—money comes in, and then it goes right out. Normally, this setup makes sense if you’re dealing with smart contracts. You might want to use a throwaway wallet to keep your main stash safe, especially if you're not too deep into the tech details or just don’t have the time to vet every contract thoroughly.

But here’s the twist—our “big one” doesn’t fit the usual smart contract profile. It looks more like a bustling exchange. This wallet’s got a massive balance and sees tons of transactions flying in and out, but it’s not a smart contract. So, what’s up with that? Let’s try to explore the second example of the same pattern.

Untitled one-time-use wallets - 2nd example

The “black” wallet is also playing the pass-the-parcel game with bunches of one-time wallets. Each of these wallets is a flash in the pan, popping up for two transactions and then disappearing. It seems like they’re set up just to throw off basic fraud detection systems, which can spot this pattern without breaking a sweat.

So, even though this might look clever at first glance, it's actually pretty easy for us to catch onto these tricks.

The Complex 'Dandelion' Scheme

Untitled dandelions

This scenario gets wilder. Imagine our central wallet as the 'bed of a dandelions', surrounded by dozens of other wallets—our 'dandelions'. Each dandelion starts from a 'root' fed by around 150 smaller 'money source' wallets, which each interacts with their root exactly once. These money sources likely belong to real individuals and receive cryptocurrency or stablecoins from major exchanges like Binance and Kucoin.

Each dandelion wraps up its show after about 150 transactions and sends everything—yes, all the funds—straight to our central “dandelions' bed.” This central wallet is like the intermediate gathering spot for all that cash.

Untitled zoomed dandelions

If you take a closer look, you’ll notice that most of the cash from our “dandelion bed” wallet is flowing right into a much smaller wallet on the right side of the graph.

And guess what? This little guy is also getting hefty sums from other wallets that works exactly same as our earlier “black” wallet. But here’s the kicker: despite all this money flowing in, our tiny wallet’s balance? Zero. Nada.

Turns out, this little wallet isn’t just any wallet—it’s called a “Smart Account by Safe”, or "Gnosis Safe" to be precise. It’s a multi-sig smart contract wallet, which means it requires multiple approvals for transactions. This setup suggests that it might actually be controlled by the masterminds behind this whole operation.

All funds eventually disappear into the sidechain of the Gnosis network, with no outward transactions—a probable vault

Exploring these blockchain patterns shows us how cleverly money can move around, and reminds us just how tricky it can be to keep track of it all, but is still possible. While we've managed to uncover these schemes, imagine what larger organizations with more resources can find. Always be cautious with where you send your money. Keep in mind, your anonymity is not guaranteed by default.

Want to see how your wallet stacks up? Check it using our service Dictynna.