Blockchain analysis is the process of inspecting, cataloging, and interpreting the data that blockchains produce in order to gain actionable insights.
A public blockchain, such as Bitcoin or Ethereum, is essentially a database of accounts and their respective balances. Each new block in the chain updates the previous state of the database. With the Ethereum blockchain currently growing at a rate of more than 100GB per year, this represents an enormous amount of information added to the permanent history of the chain. And keep in mind that all this data is in text format, and 100GB of text is very different to 100GB of images or video.
This information is free for anyone and everyone to browse, but it exists in a raw, unprocessed state.
Tools such as blockchain explorers perform the fundamental tasks of organizing this data.
An Ethereum block’s data on Etherscan
Block height, total difficulty, hashes, parent hashes, state roots, nonces… it’s hard for anyone who doesn’t make a career of blockchain analysis to differentiate between the useful and irrelevant information that blockchains create.
Before we get into how you can perform blockchain analysis, let’s discuss why you might want to.
One of the primary purposes of blockchain analysis is to trace the flow of funds between addresses. This may be to follow the proceeds of an exploit, or to establish a transaction chain linking two or more wallets. Law enforcement agencies, such as the U.S. Department of Justice’s newly launched National Cryptocurrency Enforcement Team (NCET), make extensive use of blockchain analysis when conducting anti-money laundering and cybersecurity operations. While no laws exist at the federal level regarding the admissibility of blockchain data in court cases, states including Arizona have passed laws confirming the legal validity of blockchain records. The immutability of blockchains makes the technology well-suited to establishing historical claims and chains of strong correlation.
Privacy tools such as Tornado Cash exist for the sole purpose of breaking these traceable transaction chains. This makes it a powerful tool for anyone to take back some control of their online financial privacy, everyday users and cybercriminals alike.
Tornado Cash improves transaction privacy by breaking the on-chain link between source and destination addresses. It uses a smart contract that accepts ETH deposits that can be withdrawn by a different address. To preserve privacy a relayer can be used to withdraw to an address with no ETH balance. Whenever ETH is withdrawn by the new address, there is no way to link the withdrawal to the deposit, ensuring complete privacy.
But blockchain analysis is not just the domain of government and law enforcement, or the criminals seeking to evade them. It can also be leveraged to provide insights into the health and overall functioning of all blockchain-based platforms. Crypto is a unique industry, as actions and transactions are not reported quarterly, if at all – like in traditional finance and commerce – but rather in real-time.
Tools such as Skynet utilize this real-time data to provide actionable security insights. Analyzing metrics such as the number of transactions interacting with a protocol, the number of discrete users, and the number of events emitted by a protocol can provide a wealth of information that paints a specific picture of a platform’s functioning over time. Individual traders and investors can make use of these tools to monitor platforms and projects in which they have invested.
DeFi users can also utilize several different platforms that monitor their wallets – or anyone else’s wallet – and send an alert whenever a transaction is processed. This allows them to have real-time notifications about any activity on the addresses most important to them, whether it’s final confirmation of a low-priority transaction broadcast to the network hours before, or the first attempt of a hacker to gain control of or drain funds from their account.
Blockchain analysis is a rich and continuously expanding field. Now that we’ve gone over what blockchain analysis is, let’s take a look at the tools that are available to help you leverage it in your research and how exactly these tools work.
Etherscan is likely to be the tool that DeFi users are most familiar with. Many DeFi platforms provide a direct link to the website after every transaction, so the user can check on its confirmation status. Etherscan is an excellent tool for confirming transactions and getting a general overview of a particular wallet’s holdings. Additionally, the fact that the site tags many well known wallets (e.g. Coinbase 1 Hot Wallet or Uniswap V3 Router) makes it relatively easy to see at a glance where your money is coming from and going.
Etherscan is great for raw data such as wallet balances and transaction history; the who, what, and how much. But if you’re looking for second-level insights, you’ll need to turn to a tool that aggregates and analyzes this raw data.
Skytrace is a blockchain analysis tool that greatly simplifies the process of tracing the flow of funds from one wallet to another. Skytrace visualizes a wallet’s interactions with other addresses and has helpful tags for well-known protocols, such as Uniswap and Tornado Cash.
CertiK’s Skynet combines six security primitives to arrive at a comprehensive score that reflects the effectiveness of a DeFi project’s security measures. These six primitives are: social sentiment, on-chain monitoring, governance, market dynamics, safety analysis, and finally the Security Oracle. With the exception of the social sentiment metric, each of these primitives incorporate blockchain analysis.
Breaking down each of these primitives will provide illustrative case studies of how blockchain analysis works.
Blockchain analysis works by aggregating the massive amount of data that blockchains produce, and then filtering, modeling, or otherwise inspecting it in order to produce actionable insights. These insights could be anything from a transaction linking two wallets, an important wallet making moves before or after big announcements, or a gradual decay in the number of active users of a specific DeFi protocol.
That’s the short answer. To really understand how blockchain analysis works, let’s take a deep dive into a specific example of on-chain monitoring. Skynet is CertiK’s security scoring tool that uses on-chain analysis to arrive at actionable security and data insights.
The on-chain monitoring section of the Security Leaderboard gives a comprehensive overview of a project’s activity. You can see the number of transactions interacting with the protocol over the last 24 hours, the number of transfers of the project’s token, the number of active users, and the price of the token, plus all of these metrics plotted over a customizable period.
The next Skynet primitive is Governance. Decentralized governance is one of the most important factors that put the De in DeFi. Decentralized protocols have governance forums where users can propose, debate, and vote on ideas in an open, collaborative process. Any protocol that is governed in such a way is a DAO – a Decentralized Autonomous Organization. As you can imagine, when the power to make any and all decisions lies with a DAO, it’s important for investors to pay close attention to the votes and actions it undertakes (if they’re not getting directly involved themselves).
The Governance Score is an overall rating of the platform’s decentralization, links to major crypto platforms, and the health of its DAO. The on-chain component of Skynet’s Governance score is made up of the following metrics.
Privileged Transactions lists the number of privileged transactions in the last 72 hours. A privileged transaction is one initiated by an address that has power to modify a platform’s smart contracts. A truly decentralized DeFi protocol should only be able to be updated or changed after its DAO has voted on and approved the changes. Recent Privileged Transactions is similar, but here we get a list of all privileged transactions, not just in the last 72 hours. It’s a great way to see how often a platform’s smart contracts are modified, by whom, and for what purpose.
The Privileged Addresses section lists all the addresses that have the power to initiate privileged transactions (as defined above). You can click on the address or contract to be taken to its listing on a block explorer – BSCScan in this case, since PancakeSwap runs on Binance Smart Chain.
Privileged Functions outlines the code functions that privileged addresses can invoke. In this case we’ve got burn, constructor, and mint. The burn function sends tokens to an address where they cannot be retrieved. The constructor function is called when initializing a contract. It sets the contract’s variables to the correct state. Mint creates new tokens, often for liquidity mining rewards.
Decentralized exchanges (DEXs) function entirely on-chain, which means all the data they create is freely available. This is great news for anyone seeking to do research on decentralized market dynamics.
Skynet analyzes this data to provide actionable insights. At a single glance, you can see exactly which token pairs have the deepest liquidity, volume plotted over time, and the largest holders of liquidity provider (LP) tokens. All this data helps give an accurate overview of the health of a particular token’s market dynamics. For example, if you see in the Top Remove Liquidity tab that all of the major LP Holders are suddenly withdrawing their positions, you may take that as a reason to do some further investigation.
With the consistent growth of blockchain adoption and the data that users, platforms, and miners produce, blockchain analysis becomes more powerful every day. Larger datasets mean deeper insights. With the approaching Web3 economy focused on using blockchain technology to empower everyone left out of centralized Web2 platforms, blockchains are the newest frontier of data analysis.
Powerful tools exist to help all blockchain users gain insights into Web3 platforms. CertiK’s Skynet is a security-focused resource that demystifies the complex technicalities of DeFi security, while Skytrace makes it easy to perform your own blockchain data analysis and map out interactions between wallets visually.
Blockchain analysis is a uniquely insightful way to understand the functioning and security of blockchain platforms. But it can also help you take control of your own personal security, by displaying exactly how much traceable information every transaction creates. As more and more value shifts onto public blockchains, it’s worth remembering that all activity is out in the open, viewable by anyone and everyone.