The virtual currency tracing analysis device developed by the Third Research Institute of the Ministry of Public Security is systematically designed around six dimensions: on-chain address analysis, fund path tracing, mixing behavior identification, transaction detail extraction, case management, and evidence collection collaboration. In terms of currency compatibility, the device supports four mainnet currencies: BTC, ETH, TRX, and BNB, and fully supports four issuance protocols of USDT, including USDT-OMNI, USDT-ERC20, USDT-TRC20, and USDT-BEP20, ensuring coverage of over 90% of mainstream asset types encountered in current cases.

In the address analysis module, the system can display the basic information (such as creation time, associated chain, protocol version), transaction behavior characteristics (including deposit frequency, distribution of withdrawal addresses, whether it is a centralized withdrawal), balance historical change curve, daily income and expenditure details, and other full data for any given address. The significance of this function lies in eliminating the reliance on manual retrieval of transaction records, instead digitizing address profiles and visualizing behavior patterns, laying the foundation for subsequent fund path identification and target selection.

In terms of tracing and tracking capabilities, the system supports three path tracing strategies: single-layer, multi-layer, and hybrid structures. The single-layer tracing capability supports simultaneous analysis of up to 30 input addresses, and single-layer tracking supports the generation of withdrawal paths for 30 target addresses; for multi-layer tracking, the system provides visualization paths for level one tracing of 10 addresses, level two tracing of 50 addresses, level one tracking of 10 addresses, level two tracking of 50 addresses, and level three tracking of 250 addresses, all supporting time interval filtering queries to avoid historical redundant transactions affecting judgment.

In terms of mixing behavior identification, the system provides two mixing path analysis algorithms suitable for recognizing scenarios of 'transferring into this address and then dispersing out' and 'immediately transferring to the mixing pool upon entering this address', ensuring the ability to restore graphs based on known mixing mechanisms such as TornadoCash and Wasabi Wallet.

The fund flow chart is presented in a dynamic display format, distinguishing currency types, directions, and levels. Node colors or shapes can be customized to map address types, and the system can view address summary information and export transaction details for that segment path upon clicking any node.

The transaction detail query function supports extracting seven basic parameters including transaction time, initiating address, receiving address, amount, miner fee, currency protocol, and associated block height by specifying the transaction hash (TxHash), and supports the extraction and export of full transaction records between two addresses as Excel files, making it convenient for evidence archiving or submission to the court. The case management module allows users to input case names, initial wallets of suspects, investigation time ranges, etc., and the system will automatically create a case dataset, generating a complete address list, daily transaction statistics, fund flow tracing path chart, evidence collection address list, and standard report documentation. All case data supports a daily update reminder mechanism and has a one-click case closure function for easy subsequent unified archiving.

In terms of evidence collection linkage, the system has built-in evidence collection templates with four exchanges: Binance, Huobi, OKX, and Gate.

It allows investigators to generate standardized materials in one click, including address labels, transaction summaries, and reasons for evidence collection requests. The evidence collection status can be tracked and updated within the system, and it is marked whether it has been completed and whether a response has been received. The device also includes an independent address label database covering six major categories of labels: exchange addresses, hot wallets, cold wallets, OTC merchants, known scam addresses, and frozen addresses, which can be displayed in Chinese, and has remote cloud incremental update capabilities to maintain the real-time nature of the label database.

However, it should also be recognized that the device has capability boundaries. Although the current tracking functions cover mainstream currencies and exchanges, there are still technical challenges in identifying newer cross-chain protocols, L2, mixing protocols, and ZK privacy coins (such as Monero and Zcash) which utilize more advanced anonymity measures. Furthermore, this device relies on on-chain data and address labels, and its identification accuracy is closely related to the quality of the labels and the timeliness of the data. Therefore, it is more suitable for investigating cases involving public chain fund paths rather than highly anonymous or cross-platform money laundering schemes combined with encrypted communications.

The above information is sourced from public channels.

https://www.trimps.ac.cn/gass/cpxx/dsjai/20240914/757.html