CRYPTOCURRENCY TRACING & ATTRIBUTION REPORT
[SUBJECT ENTITY / INDIVIDUAL / ADDRESS / ENGAGEMENT REF]
The Cryptocurrency Tracing & Attribution Report is a forensic blockchain-intelligence investigation to trace, attribute, and map the flow of cryptocurrency assets belonging to or controlled by a subject entity or individual, where the subject’s cooperation is partial or absent and the on-chain footprint must be reconstructed from blockchain-forensic, open, licensed, and field sources. It is the cryptocurrency-specialist tier of the Asset Tracing node: it establishes what crypto assets exist, on which blockchains, at which addresses, through which exchanges/platforms, and under whose control - applying blockchain-forensic attribution (cluster analysis, taint tracing, exchange-intelligence correlation, DeFi/mixer/tumbler de-anonymization) to a standards-of-evidence level sufficient to inform litigation strategy, enforcement action, fraud investigation, insolvency administration, or investigative due diligence. It does not deliver the integrated asset-discovery and value-estimate depth of the Asset Trace & Discovery Report; the integrated net-worth reconstruction and lifestyle-audit depth of the Wealth Profile; the deep forensic/human-source investigation for deliberately concealed or layered non-crypto assets of the Hidden Asset Investigation; the claimed-narrative-to-source verification and substantiation determination of the Source-of-Wealth Report; the enforcement-readiness and recovery-cost assessment of the Judgment Recovery Asset Report; or the ongoing positional-monitoring of the Continuous Asset Monitoring (retained service). Where those needs surface, raise them as RFIs in §20 and escalate - do not perform them here. This product traces and attributes; it does not value, opine on recoverability, certify legal entitlement, or provide investment advice.
Document Control
| Field | Value |
|---|---|
| Report Reference | [REF-YYYY-###] |
| Date of Report | [YYYY-MM-DD] |
| Reporting Period / As-Of Date (Block Height) | [YYYY-MM-DD / BLOCK HEIGHT] |
| Classification / Handling | [CONFIDENTIAL - CLIENT EYES ONLY / TLP:AMBER] |
| Client | [CLIENT NAME] |
| Requesting Party | [CONTACT - ENGAGEMENT REF] |
| Subject | [LEGAL NAME / ENTITY NAME / KNOWN ADDRESS(ES) - and identifiers] |
| Engagement Purpose | [Litigation support / Enforcement / Fraud investigation / Insolvency / Investigative DD / Asset discovery prior to SoW verification] |
| Scope / Depth | [Blockchain-forensic tracing to a professional standard - see §2 scope] |
| Prepared By | [ANALYST NAME / ID] |
| Reviewed By | [REVIEWER NAME / ID] |
| Approving Officer | [APPROVER NAME / ID] |
| Version | [1.0] |
| Distribution | [NAMED RECIPIENTS] |
Handling & Legal Caveat
Handling: [Classification/TLP]. Disseminate only to the named authorized recipients. Reproduction or onward sharing prohibited without originator approval. May contain personal data on the subject and associated parties - store and transmit per the client data-processing agreement. This product may contain information protected by attorney-client privilege or work-product doctrine where the engagement is conducted through counsel - mark and handle accordingly.
Nature of this product (READ FIRST): This is a blockchain-forensic intelligence assessment tracing and attributing cryptocurrency assets for which the subject’s cooperation is partial or absent, prepared to inform the client’s legal, enforcement, or financial decision. It is not a formal valuation, an appraisal, a recoverability opinion, a certification of ownership, a tax opinion, or an investment recommendation. It is one analytic input; the client’s legal, financial, and enforcement advisers should be relied on for those determinations.
Data-protection & privacy caveat: Blockchain-forensic analysis is conducted on publicly-available on-chain data and lawfully-obtained exchange/off-chain intelligence. This investigation is conducted wholly within applicable data-protection and privacy frameworks (GDPR, CCPA, and local equivalents); no pretexting for financial information (US GLBA §521), no impersonation, no unauthorized access to protected databases, no fraud, and no violation of any jurisdiction’s anti-secrecy or blocking statute. Findings derive from lawful access only; gaps arising from lawful-access limitations are reported transparently rather than closed by impermissible means.
Attribution caveat (READ - cryptocurrency tracing’s primary failure mode): Every address, cluster, and transaction is attributed to the subject only to the stated attribution confidence (Confirmed / Probable / Possible / Unresolved) against matched identifiers. Blockchain attribution is probabilistic, not deterministic - an address cluster is attributed to a subject based on behavioral, transactional, and off-chain corroboration, not absolute proof. Attribution at Possible/Unresolved is not actionable without further verification. Address-reuse, cluster-heuristic limitations, and mixing/tumbling/privacy-layer obfuscation are inherent constraints - document them transparently rather than over-claiming attribution.
Exchange / off-chain data caveat: Any reference to exchange-identified, KYC-linked, or off-chain-attributed data is used only where lawfully obtained and where the legal basis for reliance is confirmed with counsel - such data is flagged as to provenance, graded at the reliability of the source, and its admissibility and lawful use must be confirmed with counsel before any reliance - particularly in litigation/enforcement contexts.
Leaked / breach-sourced data caveat: Any reference to leaked, breached, or illicitly-obtained datasets (e.g., exchange hack dumps, wallet-database leaks) is used only where lawful in the relevant jurisdiction and only as a lead-generation pointer, never as a primary evidentiary basis; such material is flagged as to provenance, graded at low reliability pending independent lawful corroboration, and its admissibility and lawful use must be confirmed with counsel before any reliance.
Sourcing & verification: Findings derive from blockchain-forensic analysis, open, licensed, and discreet-source-collection channels current as of the as-of date/block height and are graded (Annex A). On-chain data is immutable and verifiable; off-chain attribution and exchange intelligence vary in completeness, currency, and reliability by jurisdiction and platform. Absence of an on-chain footprint is not assurance the subject does not hold cryptocurrency - particularly where privacy coins, non-custodial wallets, or OTC/peer-to-peer channels are used. Findings are time-sensitive - re-verify before any enforcement or transactional action.
Reliance: Reliance is limited to the named client for the stated purpose; no third-party reliance without originator consent.
Subject / Engagement Snapshot
| Field | Value |
|---|---|
| Subject Name / ID / Known Address(es) | [Legal name / entity name / known blockchain address(es)] |
| Tracing Mandate | [Litigation / Enforcement / Fraud investigation / Insolvency / DD / Other] |
| Blockchains / Networks Analyzed | [List - e.g., Bitcoin, Ethereum, ERC-20, BSC, Solana, TRON, Monero (if applicable)] |
| Count of Identified Addresses / Clusters | [ ] |
| Estimated Aggregate Value Bracket (Crypto) | [e.g., Under $10K / $10K–$100K / $100K–$1M / $1M–$10M / Over $10M] |
| Highest-Value Single Address / Cluster | [Address / cluster reference & approximate value range] |
| Material Tracing Obstacles / Opacity | [e.g., Mixer/tumbler usage, privacy coins, DeFi-layer obfuscation, non-custodial wallets, OTC channels, jurisdictional exchange-data barriers] |
| Subject Cooperation | [Full / Partial / None - and impact on tracing completeness] |
| Subject Identity-Resolution Confidence | [Confirmed / Probable / Possible / Unresolved - matched identifiers; see §5 & Annex A] |
| Overall Tracing Confidence | [HIGH / MODERATE / LOW - see §21] |
Table of Contents
- BLUF
- Executive Summary & Scope
- Key Judgments
- Priority Intelligence Requirements (PIRs)
- Subject Crypto Profile Overview
- Known Addresses & Wallet Clusters
- Transaction Flow Analysis
- Exchange & Off-Ramp Attribution
- Mixer, Tumbler & Privacy-Layer Indicators
- DeFi, Staking & Yield-Farming Exposure
- NFT & Token Holdings
- Cross-Chain & Bridge Activity
- OTC, P2P & Non-Custodial Channel Indicators
- Illicit-Finance & Sanctions Indicators
- Value Estimates & Standing
- Verified Findings Summary
- Red Flags & Notable Indicators
- Analysis of Competing Hypotheses (ACH)
- Key Assumptions Check (KAC)
- Collection Gaps & RFIs
- Assessment & Recommendations
- Annex A - Sources & Methodology
- Annex B - Appendices
(Page numbers populate on export to Word/PDF.)
1. BLUF
2–3 sentences. Lead with the number of identified addresses/clusters, the estimated aggregate value, the most significant tracing finding (attribution to a known exchange, mixer usage, sanctions-linked address interaction), and the recommended next action. Written so the decision-maker (litigator, enforcement officer, investigator, counsel) can act on this line alone.
[BLUF]
2. Executive Summary & Scope
Triggering requirement and engagement purpose; who the subject is and why a cryptocurrency trace was commissioned. Scope in/out stated explicitly - this is a blockchain-forensic tracing investigation to a professional standard; name what is deferred to deeper products (the Asset Trace & Discovery Report for integrated non-crypto asset discovery; the Net Worth / Wealth Profile for integrated financial reconstruction; the Hidden Asset Investigation for deliberately concealed non-crypto assets; the SoW report for claimed-narrative substantiation; the Pre-Litigation / Judgment Recovery report for enforcement-readiness). Narrative of key findings across the tracing dimensions below, to the ICD 203 floor - reporting separated from analytic judgment, uncertainty drivers named.
[EXECUTIVE SUMMARY & SCOPE]
3. Key Judgments
The analytic bottom line on cryptocurrency tracing: how many addresses/clusters identified, aggregate value bracket, degree of opacity/concealment (mixer/privacy-layer usage), attribution confidence to the subject, and feasibility of further tracing. Likelihood and analytic confidence as separate columns (never combined - ICD 203); a change-indicator column stating what would shift the judgment.
| # | Key Judgment | Likelihood | Analytic Confidence | Change Indicator (what would shift it) |
|---|---|---|---|---|
| KJ-1 | [e.g., Subject holds identifiable cryptocurrency assets in the [x] value bracket across [y] blockchains] | [ICD 203 term] | [HIGH/MOD/LOW] | [ ] |
| KJ-2 | [e.g., The identified address clusters are attributable to the subject with [HIGH/MOD/LOW] confidence] | [ ] | [ ] | [ ] |
| KJ-3 | [e.g., Subject has used mixer/tumbler/privacy-layer services indicating deliberate concealment intent] | [ ] | [ ] | [ ] |
| KJ-4 | [e.g., A significant portion of subject’s crypto holdings is plausibly held in non-custodial/off-exchange wallets and is undiscoverable via current collection] | [ ] | [ ] | [ ] |
4. Priority Intelligence Requirements (PIRs)
Collection-management spine. State each PIR, the answer, key evidence, and analytic confidence. Summarize in the matrix.
- PIR-1 - Address inventory: What is the complete or best-available inventory of blockchain addresses and address clusters attributable to the subject? [Answer / evidence / confidence]
- PIR-2 - Value aggregate: What is the estimated aggregate value and value distribution across addresses/clusters? [ ]
- PIR-3 - Exchange exposure: Through which exchanges, platforms, or off-ramp services has the subject transacted, and what KYC/identity data is associated? [ ]
- PIR-4 - Concealment indicators: Are there indicators of deliberate concealment - mixer/tumbler usage, privacy coins, DeFi-layer obfuscation, OTC channels? [ ]
- PIR-5 - Illicit-finance nexus: Is there any traceable connection to sanctioned addresses, darknet markets, ransomware wallets, fraud schemes, or other illicit-finance activity? [ ]
- [Add engagement-specific PIRs.]
| PIR | Answer (summary) | Confidence | Key Gap |
|---|---|---|---|
| PIR-1 | [ ] | [H/M/L] | [ ] |
| PIR-2 | [ ] | [H/M/L] | [ ] |
| PIR-3 | [ ] | [H/M/L] | [ ] |
| PIR-4 | [ ] | [H/M/L] | [ ] |
| PIR-5 | [ ] | [H/M/L] | [ ] |
5. Subject Crypto Profile Overview
Summary crypto-asset register - consolidated one-glance table of every blockchain/network analyzed, with search result, count of addresses/clusters, estimated value bracket, attribution confidence, and key tracing obstacles. This is the map; the detail sections below are the territory.
| Blockchain / Network | Addresses / Clusters Identified | Estimated Value Bracket | Attribution Confidence | Key Tracing Obstacles | Source Grade |
|---|---|---|---|---|---|
| [Bitcoin] | [ ] | [ ] | [H/M/L] | [ ] | [A–F/1–6] |
| [Ethereum / ERC-20] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [BSC / Solana / TRON / Other] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [Privacy coins - Monero / Zcash] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [Cross-chain / bridges] | [ ] | [ ] | [ ] | [ ] | [ ] |
| [Other] | [ ] | [ ] | [ ] | [ ] | [ ] |
6. Known Addresses & Wallet Clusters
Record every blockchain address and address cluster attributable to the subject, with the basis for attribution - direct KYC-linked exchange deposit/withdrawal, on-chain behavioral heuristics (co-spend, common-input, change-address clustering), off-chain corroboration (leaked database, disclosed wallet, social-media post, court filing, investigator field inquiry), or derived inference. Record address, blockchain, cluster reference, first-seen/last-active dates, transaction count, and attribution basis. Distinguish between confirmed attribution (direct KYC or documented link) and probabilistic attribution (cluster heuristic).
| Address / Cluster Ref | Blockchain | First Seen / Last Active | Transaction Count | Attribution Basis | Attribution Confidence | Source Grade |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [Direct KYC / Cluster heuristic / Off-chain corroboration / Derived inference] | [Confirmed / Probable / Possible / Unresolved] | [ ] |
7. Transaction Flow Analysis
Trace the flow of funds from known subject addresses through the blockchain - inbound sources (exchange withdrawals, miner/validator rewards, DeFi yields, peer-to-peer transfers, airdrops) and outbound destinations (exchange deposits, merchant payments, DeFi interactions, mixer/tumbler deposits, cross-chain bridge transfers, peer-to-peer transfers). Provide flow diagrams (Appendix C) and a transaction-summary table for material flows. Flag transactions to/from known illicit addresses, sanctioned addresses, or high-risk platforms.
| Transaction Hash / Ref | Date / Block | From (Address / Cluster) | To (Address / Cluster) | Value (Crypto / Fiat Equivalent) | Flow Direction | Notable Flag | Source Grade |
|---|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] | [Inbound / Outbound / Internal] | [ ] | [ ] |
8. Exchange & Off-Ramp Attribution
Identify exchanges, trading platforms, OTC desks, and fiat off-ramp services that have received deposits from or sent withdrawals to subject addresses - based on known exchange deposit addresses, cluster analysis, and off-chain intelligence. Record exchange name, jurisdiction, regulatory standing (licensed/registered/unregulated), KYC/AML posture (where observable), and the basis for attribution. Flag exchanges in high-risk or non-cooperative jurisdictions.
| Exchange / Platform | Jurisdiction | Regulatory Standing | Subject Interaction (Deposit / Withdrawal / Trade) | Value Bracket | Attribution Basis | Source Grade |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [Licensed / Registered / Unregulated / Unknown] | [ ] | [ ] | [Known address / Cluster / Off-chain] | [ ] |
9. Mixer, Tumbler & Privacy-Layer Indicators
Identify and analyze any interaction with mixer/tumbler services (e.g., Wasabi, Samourai, Tornado Cash, ChipMixer, Sinbad, YoMix), privacy coins (Monero, Zcash, Dash), privacy-layer protocols (e.g., Aztec, Railgun, Umbra), or other obfuscation techniques. Record the service, transaction hashes, value obfuscated, and the confidence that the subject intentionally used obfuscation (vs. receiving from a mixer as a third-party payment). Flag mixer usage as a high-severity concealment indicator.
| Obfuscation Service / Technique | Transaction Hash / Ref | Value Obfuscated | Direction (Deposit / Withdrawal / Receipt) | Intent Confidence | Source Grade |
|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [Confirmed / Probable / Possible] | [ ] |
10. DeFi, Staking & Yield-Farming Exposure
Identify subject addresses’ interaction with decentralized finance (DeFi) protocols - lending/borrowing platforms, liquidity pools, staking contracts, yield aggregators, and governance protocols. Record protocol name, blockchain, interaction type (deposit/withdraw/lend/borrow/stake), value, and any locked/staked assets that may be illiquid or subject to withdrawal delays. Flag protocols with known security incidents, regulatory actions, or sanctions nexus.
| Protocol / Platform | Blockchain | Interaction Type | Value | Locked / Staked Status | Notable Flag | Source Grade |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [Liquid / Locked / Staked / Withdrawn] | [ ] | [ ] |
11. NFT & Token Holdings
Identify non-fungible token (NFT) holdings, token holdings (ERC-20, BEP-20, SPL, and other token standards), and any other on-chain asset positions attributable to the subject - including airdropped tokens, governance tokens, and meme coins. Record token/NFT identifier, contract address, quantity/value, acquisition date/basis, and any observable sale/transfer activity. Flag high-value NFTs or tokens with regulatory/sanctions nexus.
| Token / NFT | Contract Address / Collection | Blockchain | Quantity / Holdings | Value Bracket | Acquisition Basis | Source Grade |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] | [Purchase / Airdrop / Mining / Transfer] | [ ] |
12. Cross-Chain & Bridge Activity
Identify and analyze cross-chain bridge transactions - moving assets between blockchains (e.g., Bitcoin → Ethereum via WBTC, Ethereum → BSC via Binance Bridge, Ethereum → Solana via Wormhole). Record bridge protocol, source chain, destination chain, transaction hashes, value, and any observable pattern (e.g., systematic bridging to a privacy chain). Flag bridge usage as a potential concealment or jurisdictional-arbitrage indicator.
| Bridge Protocol | Source Chain | Destination Chain | Transaction Hash(es) | Value | Pattern / Frequency | Source Grade |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [ ] | [Single / Systematic] | [ ] |
13. OTC, P2P & Non-Custodial Channel Indicators
Identify indicators of over-the-counter (OTC) trading, peer-to-peer (P2P) exchange usage, and non-custodial wallet activity that may represent undiscoverable holdings - based on on-chain patterns (direct wallet-to-wallet transfers without exchange intermediary), social-media or forum indicators, leaked OTC-dealer records, and field intelligence. Record the indicator, the basis, and the confidence that the subject uses these channels for material holdings.
| Channel Type | Indicator | Basis | Value Bracket (Inferred) | Confidence | Source Grade |
|---|---|---|---|---|---|
| [OTC desk / P2P platform / Non-custodial wallet] | [ ] | [On-chain pattern / Off-chain intelligence / Leaked record] | [ ] | [H/M/L] | [ ] |
14. Illicit-Finance & Sanctions Indicators
Screen all identified addresses, clusters, and transaction counterparts against known illicit-address databases - sanctions lists (OFAC SDN, OFSI, EU, UN), darknet-market addresses, ransomware-wallet addresses, fraud-scheme addresses, hack-theft addresses, and other high-risk designations. Record each match, the list/regime, the transaction hash, value, and disposition (true/false/inconclusive). Flag any interaction with sanctioned or illicit addresses as a critical finding requiring immediate escalation.
| Address / Cluster | List / Regime | Transaction Hash | Value | Disposition | Source Grade |
|---|---|---|---|---|---|
| [ ] | [OFAC SDN / OFSI / EU / UN / Darknet / Ransomware / Fraud / Hack] | [ ] | [ ] | [True / False / Inconclusive] | [ ] |
15. Value Estimates & Standing
Consolidated value estimate for each identified address/cluster, with the basis and confidence level. Distinguish between direct valuations (exchange-traded price at transaction time, realized sale value) and estimated valuations (current market price, comparable OTC rates, qualified inference). Provide aggregate value bracket at the top; note that this is not a formal valuation or appraisal. Account for volatility - state the valuation date and price source.
| Address / Cluster Ref (§6) | Description | Value Estimate (Fiat - Currency) | Valuation Date / Price Source | Basis | Value Confidence | Next-Step for Refinement |
|---|---|---|---|---|---|---|
| [ ] | [ ] | [ ] | [ ] | [Direct / Estimated] | [HIGH / MOD / LOW] | [ ] |
Aggregate estimated value: [Bracket] - [basis and confidence]. Valuation disclaimer: Value estimates are indicative only, derived from the stated price source and date, and not a formal appraisal or investment-grade valuation. Cryptocurrency prices are highly volatile; values may have changed materially since the valuation date. An independent professional valuation should be obtained before any enforcement, transaction, or legal filing relying on value.
16. Verified Findings Summary
| # | Finding | Status | Confidence | Materiality |
|---|---|---|---|---|
| 1 | [ ] | [Verified / Unverified / Contradicted] | [H/M/L] | [ ] |
17. Red Flags & Notable Indicators
| # | Red Flag | Tracing Dimension (§) | Severity | Basis | Disposition |
|---|---|---|---|---|---|
| 1 | [ ] | [ ] | [Crit/High/Med/Low] | [ ] | [Open / Mitigable / Disqualifying / Escalated to deeper product] |
Severity definitions: Critical - confirmed interaction with sanctioned/illicit addresses, confirmed mixer/tumbler usage for concealment, confirmed fraud/scheme nexus, confirmed theft/hack proceeds. High - strong indicators of deliberate concealment (mixer usage, privacy coins, systematic OTC), significant unaccounted holdings plausibly hidden. Medium - structural opacity (DeFi-layer obfuscation, cross-chain bridging) that may be legitimate but requires verification. Low - note only.
18. Analysis of Competing Hypotheses (ACH)
Apply to the central interpretative question: whether the traced crypto footprint is substantially complete (subject is not actively concealing material holdings) vs. incomplete (meaningful holdings are hidden beyond the current tracing threshold). State the hypotheses, the diagnostic evidence for/against each, and the most consistent explanation. If the subject is cooperative and tracing is prima facie complete, state that and close - do not pad the apparatus.
| Evidence / Indicator | H1: [Traced crypto footprint is substantially complete] | H2: [Material concealed crypto holdings exist beyond current tracing] | H3: [Holdings have been recently transferred/dissipated via obfuscation channels] |
|---|---|---|---|
| [ ] | [C/I/N] | [C/I/N] | [C/I/N] |
(C = consistent · I = inconsistent · N = neutral.) Most consistent hypothesis: [ ] - [rationale + what would change it].
19. Key Assumptions Check (KAC)
| # | Assumption | Basis | Confidence | Impact if Wrong |
|---|---|---|---|---|
| 1 | [e.g., Cluster-heuristic attribution accurately reflects subject’s addresses] | [ ] | [H/M/L] | [ ] |
| 2 | [e.g., The subject has not recently transferred material holdings through privacy layers beyond the tracing threshold] | [ ] | [ ] | [ ] |
| 3 | [e.g., Absence of exchange-KYC linkage means the subject does not use centralized exchanges] | [ ] | [ ] | [ ] |
20. Collection Gaps & RFIs
| Gap | Impact on Assessment | Recommended Collection | Escalation Target | Priority |
|---|---|---|---|---|
| [ ] | [ ] | [ ] | [Asset Trace & Discovery Report / Net Worth / Wealth Profile / Hidden Asset Investigation / SoW Report / Pre-Litigation Asset Report] | [H/M/L] |
21. Assessment & Recommendations
21.1 Tracing Assessment
Overall assessment of the completeness and reliability of the cryptocurrency trace given the mandate - what is known with confidence, what is plausibly missing, what is undiscoverable within the scope. State the overall tracing confidence (HIGH / MODERATE / LOW) and the key drivers.
[ASSESSMENT]
21.2 Recommendations
- For litigators / enforcement counsel: [Asset attachment/saisie targets identified; exchange-account freezing/restraint targets; jurisdiction-by-jurisdiction enforcement feasibility note; priority enforcement targets.]
- For fraud investigators: [Flow-of-funds narrative; identifiable victim funds; tracing to exchange KYC for identification of counterparties.]
- For insolvency practitioners: [Recoverable crypto-asset pool summary; preference/transaction-at-undervalue indicators; claw-back investigation notes.]
- For investigators (next steps): [Further tracing avenues - exchange legal-process requests, blockchain-forensic deep dive, DeFi-protocol analysis, OTC-dealer inquiry, field intelligence collection.]
- Escalations: [Items routed to Asset Trace & Discovery Report, Net Worth / Wealth Profile, Hidden Asset Investigation, Source-of-Funds / Source-of-Wealth Report, Pre-Litigation / Judgment Recovery Asset Report, or Continuous Asset Monitoring.]
- Conditions for reliance: [Any conditions under which the findings should be re-verified before action - e.g., time-sensitive address activity, pending disposals, exchange-data updates, blockchain reorganization risk.]
22. Annex A - Sources & Methodology
Collection methods and scope; the blockchain-forensic tools and methodologies used (cluster heuristics, taint tracing, exchange-intelligence correlation, DeFi-protocol analysis, privacy-layer de-anonymization techniques); the source register graded with the Admiralty two-axis code; the reference scales (below); statement of the likelihood-vs-confidence separation; coverage/currency limitations by blockchain and jurisdiction; a note on lawful-access limitations (exchange-data gateways, data-protection barriers, blocking statutes).
Source reliability (Admiralty, A–F): A Completely reliable · B Usually reliable · C Fairly reliable · D Not usually reliable · E Unreliable · F Reliability cannot be judged.
Information credibility (Admiralty, 1–6): 1 Confirmed by other sources · 2 Probably true · 3 Possibly true · 4 Doubtful · 5 Improbable · 6 Truth cannot be judged. (Each sourced datum carries a two-character grade, e.g., B2.)
Estimative probability / likelihood (ICD 203): almost no chance / remote (01–05%) · very unlikely (05–20%) · unlikely (20–45%) · roughly even chance (45–55%) · likely (55–80%) · very likely (80–95%) · almost certain (95–99%).
Analytic confidence (evidence base - kept separate from likelihood): HIGH (multiple independent reliable sources, primary documentation, no significant contradiction) · MODERATE (some corroboration, gaps, minor unresolved inconsistency) · LOW (single/uncorroborated source, significant gaps, plausible alternatives open). Never combine a likelihood term and a confidence level in the same sentence.
Risk scoring: Likelihood (1–5) × Impact (1–5) = 1–25; key: 1–5 Low · 6–10 Moderate · 11–15 Elevated · 16–20 High · 21–25 Critical.
Crypto-tracing confidence (product-level): HIGH (multiple independent attribution methods converge, direct KYC-linked exchange data, no significant obfuscation indicators, cross-blockchain coverage complete) · MODERATE (some attribution gaps, partial obfuscation indicators, partial blockchain coverage) · LOW (significant attribution gaps, strong obfuscation indicators, limited blockchain coverage, privacy-coin usage).
Subject identity-resolution confidence: Confirmed / Probable / Possible / Unresolved - stated per subject with the matched identifiers (legal name, DOB/nationality, address history, tax/registration IDs, associated entities, known blockchain addresses), so each address/cluster is attributed only to the resolved subject and not to a namesake or coincidental cluster; disambiguation is explicit, never assumed. Attribution at Possible/Unresolved is not actionable without further verification.
Blockchain-attribution confidence (per address/cluster): Confirmed (direct KYC-linked exchange deposit/withdrawal, documented wallet disclosure, court filing, or other primary documentary link) · Probable (strong cluster-heuristic convergence, multiple independent behavioral indicators, off-chain corroboration from reliable source) · Possible (single cluster-heuristic indicator, weak off-chain corroboration, plausible alternative attribution) · Unresolved (address identified but cannot be attributed to any known subject with confidence).
Searched blockchains, data sources, and tools (record provider/version, as-of date/block height, coverage scope, limitations): [TABLE]
23. Annex B - Appendices
- Appendix A - Subject Identifier & Entity Index: legal names, aliases, identifiers (passport, tax ID, registration numbers, LEI), associated entities, family members, professional advisers, known blockchain addresses.
- Appendix B - Address & Cluster Register: full list of all identified addresses and clusters with attribution basis, confidence, and value.
- Appendix C - Transaction Flow Diagrams: visual flow maps for material fund movements (pointer to separate file).
- Appendix D - Exchange & Platform Interaction Map: exchanges, platforms, OTC desks, and off-ramp services with interaction details.
- Appendix E - Mixer / Privacy-Layer Interaction Detail: transaction-level detail for each obfuscation interaction.
- Appendix F - Illicit-Finance & Sanctions Screening Log: lists screened, versions/dates, matches and dispositions.
- Appendix G - Value Estimate Detail: per-address/cluster valuation basis, price source, date, and confidence.
- Appendix H - Full Source Register: every source, Admiralty grade, access date, reference, and any coverage/limitation note.
- Appendix I - Glossary & Abbreviations.
- Appendix J - Revision History.
END OF REPORT.
Verification disclaimer: This cryptocurrency tracing & attribution report is a point-in-time assessment based on blockchain-forensic analysis of on-chain data current to the stated as-of date / block height, supplemented by open, licensed, and lawfully-obtained off-chain intelligence; it is not a formal valuation, an appraisal, a recoverability opinion, a certification of ownership, a tax opinion, or an investment recommendation. Blockchain attribution is probabilistic, not deterministic - address-reuse, cluster-heuristic limitations, and mixing/tumbling/privacy-layer obfuscation are inherent constraints. Cryptocurrency values are highly volatile and may have changed materially since the valuation date. Absence of an on-chain footprint is not assurance the subject holds no cryptocurrency, particularly where privacy coins, non-custodial wallets, or OTC/P2P channels are used. Findings are time-sensitive; re-verify before any enforcement, litigation, transaction, or other consequential action. No pretexting, no unauthorized database access, and no violation of any jurisdiction’s anti-secrecy or blocking statute was committed in the production of this report.
Document control footer: [REF-YYYY-### · Version · Classification/TLP · Prepared/Reviewed/Approved · Distribution].
Model wiring
Generated from cell frontmatter at publish time.