# Counterparty Analysis

## In this section: 

[**1. What blockchain is your address on?** ](#id-1.-what-blockchain-is-your-address-on)

[**2. Who deals with your address?** ](#id-2.-who-deals-with-your-address)

[**2.1 Copy and Paste Your Address**](#id-2.2-is-your-address-labeled-or-categorized)

[**2.2 Is your Address Labeled or Categorized?**](#id-2.2-is-your-address-labeled-or-categorized)

[**2.3 Analyzing the Inbound Senders** ](#id-2.3-analyzing-the-inbound-senders)

        [2.3.1 Check the Labels](#id-2.3.1-check-the-labels)

        [2.3.2 Check the Size](#id-2.3.2-check-the-size)

        [2.3.3 Secondary Sanctions](#id-2.3.3-secondary-sanctions)

[**2.4 Analyzing the Outbound Recipients**](#id-2.4-analyzing-the-outbound-recipients)

        [2.4.1 Tracking Flows](#id-2.4.1-tracking-flows)

        [2.4.2 What is safe?](#id-2.4.2-what-is-safe) 

[**2.5 Deep-Diving into a Transaction**](#id-2.5-deep-diving-into-a-transaction)

        [2.5.1 Copying an Address](#id-2.5.1-copying-an-address)

        [2.5.2 To Address / From Address External Inspection or Verification](#id-2.5.2-to-address-from-address-external-inspection-or-verification)

        [2.5.3 USD Value Today, Sum of Transfer Amounts, Number of Transfers, Avg Transfer Size](#id-2.5.3-usd-value-today-sum-of-transfer-amounts-number-of-transfers-avg-transfer-size)

        [2.5.4 First Txn Date, Last Txn Date](#id-2.5.4-first-txn-date-last-txn-date)

## 1. What blockchain is your address on? 

You have your address, now to figure out which blockchain it's on so you know which Dashboard is relevant for your analysis: 

* evm (Ethereum virtual machine) addresses (e.g. BSC and Ethereum) all start with "0x" and have 42-characters
* TRON addresses start with the letter "T" and have 42-characters

Do note that Ethereum and BSC addresses are identical, and it is entirely possible for a "0x" address to have plenty of transactions on BSC, but not a single one on Ethereum. 

## 2. Who deals with your address?

The easiest way to start analyzing an address is to find out who the biggest sender and receivers to your address are. 

In this example, we'll analyze an address on the Ethereum blockchain, but the Dashboard is also available for BSC and Tron.

The address for our example is  

`0x1b4423364623A4DEffA335413343122194f967F7`

which is an Ethereum address. 

We'll look for the "\[Ethereum] Largest Counterparties for Address" Dashboard in this case. 

Recall that Dashboard titles will start with the name of the blockchain in the following format: 

`[blockchain] Title of the Dashboard` 

Dashboards without the blockchain in parenthesis are multi-chain Looks or Dashboards. 

You can find the example here: 

{% embed url="<https://dashargos.chainargos.com/dashboards/93?To+or+From+Address=0x1b4423364623A4DEffA335413343122194f967F7&Symbol=>" %}

### 2.1 Copy and Paste Your Address

You'll notice in the prepared Dashboard, an address has already been entered for analysis.&#x20;

To enter an address you want to inspect simply go to the "To or From Address" bar and input your address for analysis.&#x20;

<figure><img src="/files/TXpF6c1jvgzBfL9eUrqs" alt=""><figcaption><p>Click on any area within the light shaded blue box below "To or From Address" to toggle the dropdown. </p></figcaption></figure>

Remove the existing address from the search field.&#x20;

<figure><img src="/files/ZgW3lvCp63UuSSeDDMO6" alt=""><figcaption><p>Click on any "x" in to remove the existing address.</p></figcaption></figure>

<figure><img src="/files/oO6pQWFisHg00JGUHGOM" alt=""><figcaption><p>Paste the address you want to analyze in the "any value" field. </p></figcaption></figure>

We **ALWAYS** recommend you copy and paste addresses to avoid making any mistakes. Check that "is" in the dropdown is selected. This will ensure that the Dashboard will only query your exact address.&#x20;

In our example, we'll be pasting the same address back into the search field, but you can go ahead and use any address you want.&#x20;

Once your address is in, click on the "Update" button.&#x20;

<figure><img src="/files/rZsa2gd3LpY6zuZ6ZhBB" alt=""><figcaption><p>Click on the "Update" button and allow the system to run. This may take some time, depending on the number of transactions the address has, and is a function of the blockchain, as transaction history is extracted directly from nodes run by ChainArgos.</p></figcaption></figure>

### 2.2 Is your Address Labeled or Categorized?&#x20;

The "Largest Counterparties for Addresses" Dashboard also includes a row which displays the Labels and/or Categories associated with the address you are querying.&#x20;

<figure><img src="/files/4lzbNEARrk1XCeBChk7D" alt=""><figcaption><p>The Labels and/or Categories associated with the address you're searching can almost immediately give you an indication of what neeeds to be analyzed next (if at all). </p></figcaption></figure>

### 2.3 Analyzing the Inbound Senders&#x20;

As we can see from our example, there are two addresses which are also forwarder addresses. We know this because they are marked "➡️Fwds tracked tkns to Cumberland"

<figure><img src="/files/EaCAbvmzOxMpczaDbZhC" alt=""><figcaption><p>The vast bulk of the inbound transfers to the wallet being analyzed come from what appear to be forwarding addresses from Cumberland, a known market maker. </p></figcaption></figure>

To find out more about address Labels, go [here](/documentation/labels.md).&#x20;

#### 2.3.1 Check the Labels

The analyzed address receives around $53 million worth of ether, and almost $3 million worth of the dollar stablecoin USDC from two Cumberland forwarding addresses.&#x20;

Where things get more interesting is the last address which sends the HEX token to the address being analyzed.&#x20;

As we can see, the analyzed address only had three inbound transfers, and the third transfer was from an address which also had two suspicious transfers to individuals on the U.S. Office of Foreign Assets Control or OFAC blacklist.&#x20;

<figure><img src="/files/ea5o8fQw0Xn5Gp2L3CXl" alt=""><figcaption><p>The third sender also had two suspicious transfers to two separate individuals on the OFAC blacklist.</p></figcaption></figure>

But just because the third sender also dealt with OFAC-blacklisted addresses, does that mean we shouldn't deal with the current address being analyzed?&#x20;

This is why it's important to analyze the size of the transaction.&#x20;

#### 2.3.2 Check the Size

It is not uncommon for airdrops to send very small amounts of tokens to a variety of random wallet addresses, referred to as "dust".&#x20;

Without analyzing the size of the transaction, it would be easy to decide not to transact with this counterparty on the basis that they had dealt with someone else who interacted with OFAC-blacklisted addresses.&#x20;

However, a closer analysis reveals that the OFAC-interacting address only sent 100 of the HEX token to the address being analyzed and that the HEX token is worthless.&#x20;

<figure><img src="/files/zACoUHEbtFBNXwv1lJpO" alt=""><figcaption><p>Note the size of the transaction. </p></figcaption></figure>

Even though the HEX tokens are worthless today, they may have been worth substantially more at some time in the past, so let's check.&#x20;

On March 31, 2020, at the time when the 100 HEX was transferred to the wallet being analyzed, the price of HEX was $0.0004, so 100 HEX would have been worth roughly 4 cents.&#x20;

Depending on your AML/KYC policy, interacting with the analyzed wallet may or may not be acceptable.&#x20;

#### 2.3.3 Secondary Sanctions

Some policies strictly forbid any transactions with counterparties who have transacted with other counterparties which have interacted with OFAC-blacklisted addresses, regardless of the size of the transaction, which would be the equivalent of a self-imposed secondary sanction.&#x20;

Secondary sanctions target non-U.S. persons (primarily foreign financial institutions and foreign sanctions evaders) who do business with individuals, countries, regimes, and organizations.

For example, if the volume of transactions between a foreign financial institution and the entity subject to secondary sanctions are significant enough, that foreign financial institution risks being designated pursuant to one of the legal authorities authorizing the use secondary sanctions. &#x20;

Once designated, secondary sanctions can prohibit U.S. persons from doing business with that foreign financial institutions or require U.S. banks to limit or restrict that foreign financial institution’s correspondent accounts in the United States.

In this case, **the analyzed address** has not interacted with any OFAC-blacklisted addresses, but one of the senders to the analyzed address has.&#x20;

Other policies may determine that the HEX transaction appears to be "dust" and unlikely to constitute any OFAC violations.&#x20;

### 2.4 Analyzing the Outbound Recipients&#x20;

In our earlier example, the outbound recipients were unlabeled, so we'll have to use another address to understand how outbound recipients from an address may affect whether or not you want to interact with a counterparty.&#x20;

For this example, let's use an address that has been blacklisted:&#x20;

`0x39D908dac893CBCB53Cc86e0ECc369aA4DeF1A29`

#### 2.4.1 Tracking Flows

The blacklisted address has been tied by OFAC to Jonathan Zimenkov and doesn't have a lot of transactions, two transfers in, and one transfer out:&#x20;

<figure><img src="/files/a6iME2vbGkF9a3N2Lcr6" alt=""><figcaption><p>Address identified by the OFAC as belonging to Jonathan Zimenkov and blacklisted. </p></figcaption></figure>

Unlike a Tether blacklist, it's not possible to "freeze" ETH tokens, which can continue to be transferred.&#x20;

In this case the OFAC-blacklisted Jonathan Zimenkov wallet transfers all the ETH to another address:&#x20;

`0x76a6fcc3b6db8aed6b1a6a85678a01889020bded`

an address which is **not blacklisted** by OFAC, and which we'll refer to as "Downstream 1."

<figure><img src="/files/7YgqUkWztIGJDHtxAkky" alt=""><figcaption><p>The OFAC-blacklisted Jonathan Zimenkov address transfers all the ETH out to one address. </p></figcaption></figure>

Downstream 1 then transfers all the ETH to Downstream 2:&#x20;

`0x6a365f68071376bd75ff6e881afd57c95afc5b43`

<figure><img src="/files/VgiX4wyLCEwEJEOT3cBT" alt=""><figcaption><p>All the ETH from Downstream 1 gets sent to Downstream 2. </p></figcaption></figure>

Downstream 2 then transfers all the ETH to Downstream 3:&#x20;

`0xd243c21b1bd99b078dca72c3dff1c2f8a5f6099c`

and Downstream 3 is where the ETH sits and ends.&#x20;

<figure><img src="/files/DY6d9EDXJ47SS8QIzhe5" alt=""><figcaption><p>The ETH stops here.</p></figcaption></figure>

#### 2.4.2 What is safe?&#x20;

The following addresses downstream from the OFAC-blacklisted Jonathan Zimenkov address have  not been blacklisted (at the time of writing):&#x20;

* `0x76a6fCc3B6DB8aEd6B1a6a85678a01889020bdED` (Downstream 1)
* `0x6a365f68071376bd75ff6e881afd57c95afc5b43` (Downstream 2)
* `0xd243c21b1bd99b078dca72c3dff1c2f8a5f6099c` (Downstream 3)

Although Downstream 1 and Downstream 2 are flagged in DashArgos, Downstream 3 is not flagged (as we would expect), because Downstream 2 does not itself have any direct suspicious transfers with any blacklisted and/or sanctioned addresses. &#x20;

But assuming Downstream 3 is safe to interact with would be missing a step.&#x20;

And that's why it's important to analyze the inbound *and* outbound recipients carefully and at the very minimum, 1-step up and 1-step down, the DashArgos Labels will help with further analysis and identification.&#x20;

### 2.5 Deep-Diving into a Transaction

Deep-diving into a specific transaction generally isn't needed in most cases, but in some cases, you may want to analyze the specific breakdown of transactions.&#x20;

The "Largest Counterparties for Addresses" Dashboard allows you to deep-dive and verify transactions easily.

#### 2.5.1 Copying an Address

To copy an address, simply,&#x20;

1. Double-click on any of the empty space surrounding an address (do not click directly on the address itself).&#x20;

<figure><img src="/files/wYxUyIzGH9V9jdHnU6SU" alt=""><figcaption><p>Double-click on any open space surrounding an address. Do not click directly on the address itself. </p></figcaption></figure>

2. This will bring up the address window.&#x20;

<figure><img src="/files/0J1XoklztTsTu6SiXsly" alt=""><figcaption><p>The address becomes an address window when you double-click any empty space surrounding an address. </p></figcaption></figure>

3. Double-click on the address to select the entire address, which will be highlighted in blue.&#x20;

<figure><img src="/files/6DfufqO4Dm5YYIFylSUr" alt=""><figcaption><p>Double-click on the address window to highlight the entire selection to be copied.</p></figcaption></figure>

4. Now you can copy the address using "**CTRL** + **C**" (for Windows-based computers) or "**CMD** + **C**" (for Mac-based computers), or the relevant shortcut for copying on your system.  &#x20;

#### 2.5.2 To Address / From Address External Inspection or Verification

Clicking on any address allows you the option to verify an address externally with [Arkham Intelligence](https://www.arkhamintelligence.com/) or [etherscan](https://etherscan.io/).&#x20;

Although ChainArgos does not warrant the accuracy of any information an external inspector or validator provides, the option to validate an address externally provides you with an additional tool to inspect other resources as required.&#x20;

<figure><img src="/files/CYeRpDJOz2idHAVMjLHc" alt=""><figcaption><p>Click on the address to bring up the pop-out to link to an external inspector or validator.</p></figcaption></figure>

#### 2.5.3 USD Value Today, Sum of Transfer Amounts, Number of Transfers, Avg Transfer Size

DashArgos **automatically aggregates transactions** between any two addresses, so you can quickly review the total flow.&#x20;

For this example, we'll use this address:&#x20;

`0x1b4423364623a4deffa335413343122194f967f7`

<figure><img src="/files/v67b14iQPmR6IuerT2yA" alt=""><figcaption><p>Clicking any of the numbers in any of these columns brings up the same window for more detail.</p></figcaption></figure>

Clicking on any of these fields:&#x20;

* USD Value Today
* Sum of Transfer Amounts&#x20;
* Number of Transfers&#x20;
* Avg Transfer Size&#x20;

brings out this window so you can inspect the aggregated transactions in greater detail:&#x20;

<figure><img src="/files/2KIxmUeRvfVC7H4xzHT6" alt=""><figcaption><p>Clicking on the number "4" brings up the full breakdown of the 4 separate transfers, including details such as the Transaction Hash, the Block Number, and the Sum of Transfer Amounts, to get more detail about the transaction. </p></figcaption></figure>

The fields in this window can be further clicked and either link to external verification or inspection, or another window with specific transaction detail.&#x20;

#### 2.5.4 First Txn Date, Last Txn Date

Click on any of the dates in the columns "First Txn Date" and "Last Txn Date."

<figure><img src="/files/FliJX1fqKZ0R2gxL45v7" alt=""><figcaption><p>Click on any of the dates listed in the columns above to get Block Number data.</p></figcaption></figure>

This will bring up:&#x20;

<figure><img src="/files/aZ8Wnto4X0ll5Gpka8l0" alt=""><figcaption></figcaption></figure>

&#x20;for you to inspect the Block Number.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.chainargos.com/documentation/walkthroughs/kyc-aml-package/counterparty-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.