Paste any Bitcoin or Ethereum address and get a free chain analysis: risk signals from the US Treasury OFAC sanctions list, mixer interaction detection, hack-linked address proximity, behavioral fingerprinting, counterparty mapping, and a plain-English editorial summary. No login, no signup, no rate limit, no cost.
Chain analysis is the practice of inspecting public blockchain data to understand what a particular address has done, who it has interacted with, and whether it carries any red flags from a compliance or counterparty-risk perspective. Because blockchains like Bitcoin and Ethereum publish every transaction in plain view, the raw data needed for this analysis is freely available to anyone with internet access. What the data needs is structure: a way to turn a stream of cryptographic hashes and value transfers into something a human can actually read.
That structure is what professional chain-analysis firms — Chainalysis, TRM Labs, Elliptic, Arkham Intelligence — sell to banks, exchanges, and law enforcement. Their commercial products combine the public blockchain data with proprietary attribution datasets, wallet clustering heuristics, and forensic-grade graph traversal tools. The price tag for those services starts in the low five figures per year and runs well into the seven figures for institutional deployments.
Most of what a curious retail user actually needs from chain analysis does not require those tools. The first three questions a typical user asks of an address are: is this address safe to send funds to, who does this wallet usually transact with, and what kind of wallet is this. These questions can be answered from public data plus a hand-maintained registry of known entities and risk flags, which is exactly what our free chain-analysis tool does.
The analysis page runs six independent passes over an address's public history. Each pass surfaces a different angle on the wallet.
The US Treasury Office of Foreign Assets Control maintains the Specially Designated Nationals list, which includes crypto wallet addresses tied to sanctioned individuals, entities, and protocols. The August 2022 designation of Tornado Cash was the most-publicized example, but the list grows quietly as new sanctions are issued. We fetch the SDN list daily and check every analyzed address against it. A hit is a critical signal — US persons are legally prohibited from transacting with sanctioned addresses.
Tornado Cash and similar privacy protocols mix deposits from many users to break the link between sender and recipient. The contracts themselves are public, so any wallet that has interacted with them is detectable. Mixing is legal in many jurisdictions, but exchanges, OTC desks, and some regulators treat mixer-tainted funds with suspicion. We flag mixer interaction as a medium-severity signal — informational, not accusatory.
We maintain a curated registry of addresses publicly linked to major hacks — Ronin Bridge, Wormhole Bridge, Nomad Bridge, Euler Finance, Bitfinex 2016, and others. If an address transacts with one of these drain addresses, that transaction is surfaced as a high-severity signal. The registry is hand-maintained from public reporting on Rekt News, project disclosures, and Justice Department announcements.
How old is this wallet, how many transactions has it made, how often does it transact, what is the ratio of inbound to outbound transfers, and when (UTC time) is it most active? These numbers do not directly assess risk, but they reveal what kind of wallet you are looking at. A wallet that is six years old with two thousand transactions spread evenly across the clock is most likely an exchange or service. A wallet that is two months old with sixteen transactions clustered in two-hour windows is most likely an individual or bot.
The top ten addresses this wallet has transacted with most often, ranked by transaction count. Where we can identify the counterparty — Binance cold wallet, Uniswap V3 router, WETH9 contract — we attach a label. Where we cannot, we show the truncated address. The mix of labeled counterparties is often the single most informative piece of the analysis: a wallet that transacts mostly with Uniswap and Aave looks very different from one that transacts mostly with centralized exchanges, even if their balance and age are similar.
The earliest inbound transaction to a wallet often reveals where the wallet's owner came from. If the first deposit came from a centralized exchange, we can identify which one in many cases. If the first inbound was a coinbase transaction (mining or block reward), the wallet is likely a miner. If the first inbound came from a contract or an unknown address, we say so without speculating further.
Risk signals are colored by severity. A green "no risk signals found" badge means the address is not on the OFAC list, is not in our hack or scam registry, and has no recorded interaction with known mixers or flagged addresses within the analyzed window. A yellow medium-severity badge typically signals mixer interaction or other informational flags. A red high-severity badge signals hack-linked address proximity or direct registry presence. A dark-red critical badge means the address itself is OFAC-sanctioned.
A green badge is not a clean bill of health. Our risk registry is finite and inevitably incomplete; many flagged addresses around the world have not made it into public registries yet, and many will never make it in. A green badge means we found no known signal, not that no signal exists. Use the analysis as one input to your decision, not the only one.
The data feeding the analysis is already free. The Bitcoin blockchain is queryable via free public APIs from Blockstream and Mempool.Space. Ethereum balances come from a free public RPC endpoint, and transaction history comes from Etherscan's free tier. The OFAC SDN list is published openly by the US Treasury Department. Our hack-and-mixer registry is hand-maintained in source control from public reporting. Nothing in this stack costs money to run at our current scale.
What the free analysis does not include is the paid attribution layer — services like Arkham Intelligence, Chainalysis Reactor, and Nansen that maintain proprietary databases tagging millions of addresses with entity labels. Those services are excellent and we have no plans to replicate them. If your use case demands that level of attribution depth, the commercial tools are the right choice. For everything else, free chain analysis covers the territory most retail users actually care about.
This is not a compliance product. If you are an exchange, OTC desk, or financial institution with a legal obligation to screen counterparties, you need a commercial-grade compliance tool, not a free educational explorer. The OFAC check we run is real and the data is current, but a free tool has no SLA, no audit trail, and no regulatory standing — none of which a serious compliance program can accept.
This is not forensic-grade tracing. Chainalysis Reactor can follow funds across two hundred hops through three mixers. We can tell you whether an address has touched a mixer once, not where the mixed funds went afterwards.
This is not wallet clustering. We do not currently attempt to identify addresses that are likely controlled by the same entity through common-input heuristics or other clustering techniques. Doing so well is a research-grade problem and doing it badly is worse than not doing it at all.
What this tool is, in one sentence: a free, fast, transparent way for a curious individual to look up a Bitcoin or Ethereum address and see whether anything obvious flags. For nine out of ten retail questions about a wallet, that is exactly the right depth of answer.
Paste any Bitcoin or Ethereum address into the input above. The chain is auto-detected from the address format: Bitcoin addresses start with 1, 3, or bc1; Ethereum addresses start with 0x and have exactly 40 hexadecimal characters after the prefix. Press Enter or click Run Analysis. The detail page opens directly on the Analysis tab and renders the six panels described above.
You can also start from the broader Address Explorer and click the Chain Analysis tab on any address detail page. Both paths reach the same analysis output.
The analysis tool is one tab on the broader Address Explorer. The Overview tab shows balance, USD value, recent transactions, and the 30-day balance curve. To browse the addresses we have hand-labeled — exchange cold wallets, ETF custody, dormant Satoshi-era wallets — see the Whale Wallets hub and the BTC and ETH rich list. For market-level tracking of large transactions, the Whale Watch covers volume anomalies across the market.
Chain analysis is the practice of inspecting public blockchain data to understand what a particular address has done, who it has interacted with, and whether it carries any red flags. Because blockchains like Bitcoin and Ethereum publish every transaction in plain view, the raw data is freely available. What the data needs is structure: a way to turn a stream of cryptographic hashes and value transfers into something a human can read. Our tool provides that structure for free, without login or signup.
Yes, completely free. There is no rate limit, no signup, no login, and no premium tier. The data feeding the analysis is already free at our scale — Bitcoin data from Blockstream's public Esplora API, Ethereum balances from a public RPC, transaction history from Etherscan's free tier, and the OFAC SDN list from the US Treasury. None of this costs us money in any meaningful sense right now, so passing the savings on to users is straightforward. If usage scales to the point where the upstream tiers become expensive, we will revisit that — but the free analysis layer will remain free.
The US Treasury Department publishes the Specially Designated Nationals (SDN) list as a daily-updated XML feed. Our scheduled function fetches that feed once per day at 06:00 UTC, parses out the crypto-address entries, and caches them in Netlify Blobs for fast lookup. When you run an analysis, the address you submit is checked against the cached list. A match returns a critical-severity risk signal labeled "OFAC Sanctioned." We also check the address's recent counterparties against the SDN list, so an address that has transacted with a sanctioned wallet will be flagged with a high-severity "Interacted with OFAC-Sanctioned Address" signal.
A cryptocurrency mixer is a privacy protocol that pools deposits from many users and lets them withdraw the same total to a fresh address, breaking the on-chain link between the original deposit and the final withdrawal. Tornado Cash, the most famous Ethereum mixer, was sanctioned by OFAC in August 2022. Mixing is legal in many jurisdictions and used by privacy-conscious individuals as well as bad actors, but the fact of mixer interaction is something most centralized exchanges, OTC desks, and compliance teams care about. We flag mixer interaction as a medium-severity signal — informational, not accusatory — so users can see the fact and make their own judgment about its relevance to their use case.
We maintain a hand-curated registry of addresses that have been publicly linked to major hacks and exploits — Ronin Bridge, Wormhole Bridge, Nomad Bridge, Euler Finance, the Bitfinex 2016 hack (now seized funds), and others. The registry is updated as new major incidents are reported in public sources like Rekt News, project disclosures, the Department of Justice, and on-chain forensics blogs. When you run an analysis, our function checks both the analyzed address and its recent counterparties against this registry. A direct match returns a high-severity "Hack-Linked Address" signal; a counterparty match returns a "Interacted with Hack-Linked Address" signal.
A behavioral fingerprint is a compact summary of how a wallet behaves on-chain — how old it is, how many transactions it has made, how often it transacts, what proportion of those transactions are inbound versus outbound, and what hours of the day (UTC) it is most active during. These metrics do not directly assess risk, but they reveal what kind of wallet you are looking at. An old wallet with thousands of transactions spread evenly across the clock is most likely an exchange or service. A young wallet with sparse activity clustered in narrow time windows is most likely an individual or bot. The fingerprint is a useful diagnostic when the other risk signals are silent.
The top ten addresses this wallet has transacted with most often in the analyzed window, ranked by transaction count. Where we can identify the counterparty — Binance cold wallet, Uniswap V3 router, WETH9, Coinbase — we attach a label and a category badge. Where we cannot, we show the truncated address with no label. The labeled mix tells you a lot at a glance: a wallet whose counterparties are mostly DEXes and stablecoin contracts looks very different from one whose counterparties are mostly centralized exchanges, even if the underlying activity volume is similar. You can click any counterparty to open it in the explorer and run the same analysis on it.
The summary is a templated, rule-based string generated deterministically from the signals above. There is no LLM involved, which means the summary is consistent and explainable — the same inputs always produce the same output — but it is also blunt. We do not currently attempt to interpret unusual patterns or write nuanced prose. If the wallet is six years old with extensive activity and has interacted with a mixer, the summary will say so in plain words; it will not speculate about why. For deeper analytical commentary you would need a paid forensics service or a human analyst.
It means we found nothing matching our risk criteria — the address is not on the OFAC SDN list, is not in our hack or scam registry, and has no recorded interactions with known mixer contracts or flagged counterparties within the transaction window we analyzed. It does not mean the address is verified clean. Our registry is finite and inevitably incomplete; many flagged addresses around the world have never made it into public registries and many never will. A green badge is an absence of known signal, not a positive assertion of safety. Treat it as one input to your decision, not the only one.
No. If you are an exchange, OTC desk, or financial institution with a legal obligation to screen counterparties, you need a commercial-grade compliance tool — Chainalysis, TRM Labs, Elliptic, or similar — not a free educational explorer. The OFAC check we run is real and the data is current, but a free tool has no SLA, no audit trail, no contractual data-quality guarantee, and no regulatory standing. None of those gaps would be acceptable in a serious compliance program. This tool exists to help curious individuals investigate addresses they encounter, not to satisfy regulatory obligations.
Wallet clustering — identifying multiple addresses likely controlled by the same entity through common-input heuristics or other techniques — is a well-studied research problem and a genuinely useful capability when done well. We do not include it because doing it badly is worse than not doing it at all. Getting clustering wrong publicly is reputationally bad: if we mis-cluster someone's wallet on a public-facing tool, that is an actual problem we would have to fix one user at a time. The maintenance burden of running and updating cluster heuristics over the full chain history is also non-trivial. We may revisit clustering in a future version if there is demand and we can ship it with sufficient quality. For now, the absence is deliberate.
No. Lookups are not logged against any user identity. The Netlify functions that serve the analysis are stateless — they fetch the data from public APIs, compose the response, and return it. CDN caching means the same address looked up by many users only triggers one upstream API call per cache window, but that caching is keyed by the address itself, not by who looked it up. We do not currently use analytics on the explorer pages to track per-address lookups, and we have no plans to add that.
Address Explorer · Whale Wallets hub · Bitcoin and Ethereum Rich List · Contract Scanner · All tools