Back to App

Investigation Modes

Understanding the two complementary investigation approaches

Overview

Blockchain Detective employs two distinct investigation modes that work together to provide comprehensive analysis. Each mode offers unique insights, and their combination creates a complete picture of fund movements.

Mode 1: Fund Flow Tracking

Fund flow tracking follows a single amount through the blockchain, providing a narrative of where specific funds went.

When to Use

  • You want to know where the largest incoming payment went
  • Building a timeline of how funds moved
  • Tracking a specific amount through mixers or consolidations
  • Following the "money trail" for legal evidence

How It Works

  1. Identify Largest Incoming: Scans all transactions to find the biggest payment received by the target address
  2. Track Specific Amount: Follows that exact amount (within tolerance) through subsequent transactions
  3. Handle Transformations: Detects consolidations (multiple inputs combined) and splits (divided into multiple outputs)
  4. Detect Endpoints: Identifies when funds reach an exchange, disperse excessively, or stop moving

Advantages

  • Precision: Tracks a specific amount rather than generic "where did funds go"
  • Narrative: Creates a clear story of fund movement
  • Mixer Penetration: Can identify matching amounts even after mixing
  • Consolidation Tracking: Follows funds even when combined with other inputs

Limitations

  • Only tracks one path (the largest incoming)
  • May miss important secondary paths
  • Can lose trail if funds split into 10+ outputs
  • Maximum hop limit (typically 10) prevents infinite loops

Example Output

Target: 1ABC...
Received: 2.5 BTC
│
├── Hop 1: 1XYZ... = (2.49 BTC) [transfer]
├── Hop 2: 1DEF... = (2.48 BTC) [⚠️ MIXER]
├── Hop 3: 1GHI... = (2.47 BTC) [📊 CONSOLIDATION of 3 inputs]
└── Hop 4: 1JKL... = (2.45 BTC) [🎯 Coinbase EXCHANGE]

Mode 2: Multi-Path Analysis

Multi-path analysis investigates all major outflows from the target address, providing breadth and discovering multiple potential endpoints.

When to Use

  • You want comprehensive coverage of where funds went
  • Finding all exchange deposits, not just one
  • Detecting if funds split across multiple laundering paths
  • Building a complete map of address relationships

How It Works

  1. Identify Major Outflows: Finds all transactions where the target address sent ≥0.01 BTC
  2. Prioritize by Value: Selects top 6 outflows, prioritizing those ≥0.1 BTC
  3. Investigate Each Path: Traces each selected path through 4 hops
  4. Parallel Analysis: Checks each hop for mixers, exchanges, and behavioral patterns
  5. Aggregate Results: Combines findings from all paths into comprehensive report

Advantages

  • Comprehensive: Finds multiple exchange deposits if they exist
  • Redundancy: If one path goes cold, others may succeed
  • Pattern Detection: Can identify sophisticated layering strategies
  • Breadth: Covers more of the blockchain graph

Limitations

  • Doesn't track specific amounts (more generic)
  • Fixed hop depth (4 hops) may miss longer paths
  • Prioritizes large transfers, may miss important small ones
  • Can generate many API calls for addresses with many outflows

Example Output

Target: 1ABC... (5.2 BTC sent)
│
├── Path 1: 1XYZ... (2.5 BTC, 4 hops) [🟡 EXCHANGE CONFIRMED]
├── Path 2: 1DEF... (1.3 BTC, 3 hops) [🔴 MIXER DETECTED]
├── Path 3: 1GHI... (0.8 BTC, 2 hops) [🟢 CLEAN PATH]
├── Path 4: 1JKL... (0.4 BTC, 4 hops) [🟡 EXCHANGE CONFIRMED]
└── Path 5: 1MNO... (0.2 BTC, 1 hop)  [🟢 CLEAN PATH]

Comparison Matrix

Aspect Fund Flow Tracking Multi-Path Analysis
Focus Single largest amount All major outflows
Depth Up to 10 hops Up to 4 hops per path
Coverage Narrow (1 path) Wide (6+ paths)
Amount Tracking Yes - precise No - generic
Best For Following specific funds Finding all destinations
Typical Duration 15-30 seconds 30-60 seconds
API Calls Moderate Higher

Combined Investigation Strategy

Blockchain Detective runs both modes automatically in a single investigation. This provides:

Phase 1: Fund Flow (Depth)

  • Identifies where the most significant funds went
  • Provides detailed amount tracking
  • Creates a clear narrative

Phase 2: Multi-Path (Breadth)

  • Discovers additional exchange deposits
  • Maps out the complete transaction graph
  • Identifies alternative paths and patterns

Synthesis

  • Report combines findings from both phases
  • Highlights if both methods found the same exchanges (high confidence)
  • Notes discrepancies or unique findings from each mode

Mode Selection for Manual Use

While the default is to run both, you can select individual modes via the API:

API Usage
// Default: Both modes
POST /chat
{
  "message": "investigate 1ABC...",
  "mode": "path"  // Runs both phases
}

// Fund flow only (faster)
POST /chat
{
  "message": "investigate 1ABC...",
  "mode": "flow"  // Only fund flow tracking
}

When to Use Flow-Only Mode

  • Quick preliminary investigation
  • API rate limits are a concern
  • You only need to know where the largest funds went
  • Testing or development

When to Use Combined Mode (Default)

  • Comprehensive legal investigations
  • You need to find all exchange deposits
  • Building a complete case file
  • Production investigations

Performance Considerations

Fund Flow Tracking

  • Fast path: 3-5 hops, clean trail = 10-15 seconds
  • Medium path: 5-7 hops, some complexity = 20-30 seconds
  • Complex path: 8-10 hops, high-volume addresses = 30-45 seconds

Multi-Path Analysis

  • Few outflows: 2-3 major paths = 20-30 seconds
  • Typical: 4-6 paths analyzed = 40-60 seconds
  • Many outflows: 6+ paths with many transactions = 60-90 seconds

Combined (Default)

  • Typical: 45-75 seconds for complete investigation
  • Complex: Up to 120 seconds for very active addresses

Interpretation Tips

When Results Agree

If fund flow tracking and multi-path analysis both find the same exchanges, confidence is very high:

Found via: Fund Flow Tracking (Primary Trail)
Found via: Path Analysis (path_3)
✅ High confidence - confirmed by multiple methods

When Results Differ

If each mode finds different exchanges, it likely means funds split and went to multiple destinations:

Fund Flow: Found Exchange A (2.5 BTC)
Path Analysis: Found Exchange B (0.8 BTC) and Exchange C (0.4 BTC)
📊 Funds dispersed across multiple exchanges

When One Succeeds, One Fails

Common scenarios:

  • Fund flow succeeds, paths fail: Largest amount went to exchange, but smaller amounts dispersed
  • Paths succeed, fund flow fails: Largest amount split/dispersed, but secondary paths reached exchanges

Next Steps