Back to App

Limitations

Understanding what blockchain analysis cannot determine

Fundamental Limitations

1. Cannot Identify Individuals

Blockchain analysis reveals addresses and transactions, NOT people.

What we CAN see:

  • Address: 1ABC...received 2.5 BTC
  • Transaction: Funds moved to Coinbase

What we CANNOT see:

  • Who controls the address
  • Whose Coinbase account received it
  • Name, location, or identity

Solution: KYC data from exchanges (requires legal request)

2. Cannot Predict Future Movements

Analysis is historical only.

Can do:

  • Trace where funds went in the past
  • Identify patterns in historical behavior

Cannot do:

  • Predict where funds will go next
  • Know when address will activate again
  • Forecast exchange deposits

Mitigation: Set up monitoring alerts for future activity

3. Cannot See Off-Chain Transactions

Only on-chain Bitcoin transactions are visible.

Invisible to blockchain analysis:

  • Lightning Network: Off-chain payment channels
  • Exchange Internal: Transfers between exchange users
  • Custodial Wallets: Internal accounting not on blockchain
  • Liquid/Sidechains: Separate blockchain networks

4. Cannot Determine Intent

Transactions are neutral—we infer intent from patterns.

Can observe: Funds passed through mixer

Cannot know:

  • Why (guilt vs. legitimate privacy)
  • Who initiated it
  • What they planned to do next

Technical Limitations

Mixer Output Correlation

Cannot definitively link specific mixer inputs to outputs.

Mixer transaction:
  127 inputs (including ours: 2.5 BTC)
  128 outputs
  
  Which output is "ours"?
  - Could be any of 5-10 similar amounts
  - Statistical correlation only
  - Not cryptographic proof

Best we can do: Identify most likely outputs within time window

Address Clustering Accuracy

Common input heuristic is probabilistic, not certain.

Transaction uses:
  Input 1: 1ABC...
  Input 2: 1DEF...
  
Heuristic: Same entity owns both
Accuracy: ~95% but not 100%

Exceptions:

  • CoinJoin participants (different entities)
  • Multi-sig wallets (multiple parties)
  • Payment channels (two parties)

High-Volume Address Analysis

Addresses with 10,000+ transactions are challenging.

Challenges:

  • API rate limits slow investigation
  • Pagination required (time-consuming)
  • Matching specific amounts becomes probabilistic
  • Multiple matches require guessing

Mitigation: Use local Bitcoin Core node + temporal analysis

Old/Incomplete Data

Very old addresses may have incomplete records.

  • 2009-2011: Some early blockchain data sparse
  • Pruned nodes: May not have full history
  • API gaps: Public APIs may have holes

Methodological Limitations

Threshold-Based Decisions

All thresholds are somewhat arbitrary.

Example: Why is ≥7/13 the mixer threshold?

  • Based on empirical analysis of known mixers
  • Balanced against false positive rate
  • But a score of 6/13 isn't necessarily "not a mixer"

Gray areas exist: Borderline scores require human judgment

Known Exchange Database

Database is never complete.

Gaps:

  • New exchanges not yet added
  • Small/regional exchanges missing
  • Recently rotated addresses unknown
  • Privacy-focused exchanges harder to identify

False negatives: Real exchanges might not be flagged

Heuristic Analysis

Behavioral analysis is probabilistic.

  • Exchange behavior heuristics can miss atypical exchanges
  • May flag non-exchanges with similar patterns
  • Confidence scores are estimates, not measurements

Privacy Technology Limitations

Advanced Privacy Techniques

Some privacy methods significantly complicate analysis.

Taproot

  • Makes multi-sig look like single-sig
  • Hides complex scripts
  • All transactions look more uniform
  • Impact: Harder to distinguish transaction types

PayJoin/P2EP

  • Breaks common input heuristic
  • Looks like normal transaction
  • Two parties contribute inputs
  • Impact: Address clustering becomes unreliable

Lightning Network

  • Off-chain payment channels
  • Only opening/closing visible on-chain
  • Intermediate payments completely hidden
  • Impact: Funds can move "invisibly" for days

Future Privacy Enhancements

Upcoming tech may further limit analysis:

  • Confidential Transactions: Hidden amounts (if adopted)
  • Cross-Chain Atomic Swaps: Switch to other cryptocurrencies
  • Improved CoinJoin: Better mixing protocols

Legal/Jurisdictional Limitations

Exchange Cooperation

Not all exchanges respond to legal requests.

Exchange Type Cooperation Level Challenge
US-Regulated Excellent None
EU-Regulated Good GDPR compliance required
Offshore Variable May require MLAT
No-KYC/Privacy Minimal/None No records to provide

Decentralized Exchanges

DEXs have no central party to subpoena.

  • No KYC records exist
  • No company to serve legal requests
  • Smart contract interactions are pseudonymous

Practical Limitations

Investigation Depth

Must stop somewhere to avoid infinite loops.

Hard limits:

  • Fund flow: 10 hops maximum
  • Path analysis: 4 hops per path
  • Circular references: Stop immediately

Why limits exist:

  • Prevent infinite recursion
  • Control API usage and cost
  • Keep investigation time reasonable
  • Trail gets cold after many hops anyway

API Dependencies

Relies on external data sources.

Risks:

  • API downtime = investigation stalls
  • Rate limits slow analysis
  • Data quality varies by provider
  • Costs scale with usage

Real-Time Constraints

Investigations take time.

  • Typical: 45-90 seconds
  • Complex: Up to 2-3 minutes
  • Very active addresses: Longer

Trade-off: Depth vs. speed

Working Within Limitations

Strategies for Success

1. Use Multiple Methods

  • Blockchain analysis + commercial tools
  • Fund flow + multi-path investigation
  • Confirmed databases + heuristics

2. Combine with Traditional Investigation

  • Blockchain evidence + witness statements
  • Transaction analysis + IP logs
  • Address clustering + email forensics

3. Set Appropriate Expectations

  • Blockchain analysis = leads, not identity
  • Some cases will remain unsolved
  • Recovery depends on exchange cooperation
  • Time and patience often required

4. Continuous Monitoring

  • Funds may move later
  • New information emerges
  • Set alerts for key addresses
  • Re-investigate periodically

When to Escalate

Consider Professional Services If:

  • Amount involved > $100,000
  • Multiple mixer hops detected
  • High-volume addresses involved
  • Cross-chain swaps suspected
  • Case requires court testimony
  • DIY tools insufficient

Commercial Forensics Providers

  • Chainalysis: Most comprehensive, expensive
  • Elliptic: Strong compliance focus
  • CipherTrace: Good mixer analysis
  • TRM Labs: Emerging player

They have:

  • Larger address databases
  • Advanced mixer penetration
  • Machine learning models
  • Expert testimony experience
  • More resources for deep dives

Conclusion

Blockchain analysis is powerful but not omniscient. Understanding limitations helps:

  • Set realistic expectations
  • Know when professional help needed
  • Avoid over-interpreting findings
  • Combine methods effectively
  • Present evidence accurately in court

The best investigations use blockchain analysis as one tool among many in a comprehensive investigation strategy.

Related Documentation