Asset Movement Graph Cluster

On top of our proprietary blacklist database, an additional cluster expansion strategy we perform is to identify potential linkages to other high-risk entities. Given any wallet address, FailSafe recursively traverse their node linkages to generate an asset movement graph by leveraging advanced risk heuristics (such as account creation date, transaction timestamps, transaction volumes, etc.)– uncovering relationships between wallets and entities that may point to suspicious patterns exhibited by scammers, Sybil attack coordinators, money launderers, and more.

The modus operandi we track with asset movement clustering is the fact that all bad actors try to diffuse their criminal footprint by employing multiple wallets and hops, but ultimately have to encash it out into a master node. This technology excels at finding the master node, or root address.

Addresses detected as part of an asset movement graph are then added to a structure to be checked for signs of malicious activity in the Address Screening operation.

If an address in the asset transfer graph is detected as high-risk, its proximity and association to the original wallet is recorded and computed into the final risk score.

Note: Depending on the use case, parameters can be configured to expand the number of addresses to check along the asset transfer graph, improving response time at the cost of precision.

Common clustering patterns for fraudsters, Sybil syndicates, and cybercriminals. (Source: 0xpeet/Trusta)