Counterparty Analysis

In this walkthrough, we're going to analyze a single address to help make decisions about the risks related to transacting with an individual counterparty.

In this section:

1. What blockchain is your address on?

2. Who deals with your address?

2.1 Copy and Paste Your Address

2.2 Is your Address Labeled or Categorized?

2.3 Analyzing the Inbound Senders

2.3.1 Check the Labels

2.3.2 Check the Size

2.3.3 Secondary Sanctions

2.4 Analyzing the Outbound Recipients

2.4.1 Tracking Flows

2.4.2 What is safe?

2.5 Deep-Diving into a Transaction

2.5.1 Copying an Address

2.5.2 To Address / From Address External Inspection or Verification

2.5.3 USD Value Today, Sum of Transfer Amounts, Number of Transfers, Avg Transfer Size

2.5.4 First Txn Date, Last Txn Date

1. What blockchain is your address on?

You have your address, now to figure out which blockchain it's on so you know which Dashboard is relevant for your analysis:

  • evm (Ethereum virtual machine) addresses (e.g. BSC and Ethereum) all start with "0x" and have 42-characters

  • TRON addresses start with the letter "T" and have 42-characters

Do note that Ethereum and BSC addresses are identical, and it is entirely possible for a "0x" address to have plenty of transactions on BSC, but not a single one on Ethereum.

2. Who deals with your address?

The easiest way to start analyzing an address is to find out who the biggest sender and receivers to your address are.

In this example, we'll analyze an address on the Ethereum blockchain, but the Dashboard is also available for BSC and Tron.

The address for our example is

0x1b4423364623A4DEffA335413343122194f967F7

which is an Ethereum address.

We'll look for the "[Ethereum] Largest Counterparties for Address" Dashboard in this case.

Recall that Dashboard titles will start with the name of the blockchain in the following format:

[blockchain] Title of the Dashboard

Dashboards without the blockchain in parenthesis are multi-chain Looks or Dashboards.

You can find the example here:

2.1 Copy and Paste Your Address

You'll notice in the prepared Dashboard, an address has already been entered for analysis.

To enter an address you want to inspect simply go to the "To or From Address" bar and input your address for analysis.

Remove the existing address from the search field.

We ALWAYS recommend you copy and paste addresses to avoid making any mistakes. Check that "is" in the dropdown is selected. This will ensure that the Dashboard will only query your exact address.

In our example, we'll be pasting the same address back into the search field, but you can go ahead and use any address you want.

Once your address is in, click on the "Update" button.

2.2 Is your Address Labeled or Categorized?

The "Largest Counterparties for Addresses" Dashboard also includes a row which displays the Labels and/or Categories associated with the address you are querying.

2.3 Analyzing the Inbound Senders

As we can see from our example, there are two addresses which are also forwarder addresses. We know this because they are marked "➡️Fwds tracked tkns to Cumberland"

To find out more about address Labels, go here.

2.3.1 Check the Labels

The analyzed address receives around $53 million worth of ether, and almost $3 million worth of the dollar stablecoin USDC from two Cumberland forwarding addresses.

Where things get more interesting is the last address which sends the HEX token to the address being analyzed.

As we can see, the analyzed address only had three inbound transfers, and the third transfer was from an address which also had two suspicious transfers to individuals on the U.S. Office of Foreign Assets Control or OFAC blacklist.

But just because the third sender also dealt with OFAC-blacklisted addresses, does that mean we shouldn't deal with the current address being analyzed?

This is why it's important to analyze the size of the transaction.

2.3.2 Check the Size

It is not uncommon for airdrops to send very small amounts of tokens to a variety of random wallet addresses, referred to as "dust".

Without analyzing the size of the transaction, it would be easy to decide not to transact with this counterparty on the basis that they had dealt with someone else who interacted with OFAC-blacklisted addresses.

However, a closer analysis reveals that the OFAC-interacting address only sent 100 of the HEX token to the address being analyzed and that the HEX token is worthless.

Even though the HEX tokens are worthless today, they may have been worth substantially more at some time in the past, so let's check.

On March 31, 2020, at the time when the 100 HEX was transferred to the wallet being analyzed, the price of HEX was $0.0004, so 100 HEX would have been worth roughly 4 cents.

Depending on your AML/KYC policy, interacting with the analyzed wallet may or may not be acceptable.

2.3.3 Secondary Sanctions

Some policies strictly forbid any transactions with counterparties who have transacted with other counterparties which have interacted with OFAC-blacklisted addresses, regardless of the size of the transaction, which would be the equivalent of a self-imposed secondary sanction.

Secondary sanctions target non-U.S. persons (primarily foreign financial institutions and foreign sanctions evaders) who do business with individuals, countries, regimes, and organizations.

For example, if the volume of transactions between a foreign financial institution and the entity subject to secondary sanctions are significant enough, that foreign financial institution risks being designated pursuant to one of the legal authorities authorizing the use secondary sanctions.

Once designated, secondary sanctions can prohibit U.S. persons from doing business with that foreign financial institutions or require U.S. banks to limit or restrict that foreign financial institution’s correspondent accounts in the United States.

In this case, the analyzed address has not interacted with any OFAC-blacklisted addresses, but one of the senders to the analyzed address has.

Other policies may determine that the HEX transaction appears to be "dust" and unlikely to constitute any OFAC violations.

2.4 Analyzing the Outbound Recipients

In our earlier example, the outbound recipients were unlabeled, so we'll have to use another address to understand how outbound recipients from an address may affect whether or not you want to interact with a counterparty.

For this example, let's use an address that has been blacklisted:

0x39D908dac893CBCB53Cc86e0ECc369aA4DeF1A29

2.4.1 Tracking Flows

The blacklisted address has been tied by OFAC to Jonathan Zimenkov and doesn't have a lot of transactions, two transfers in, and one transfer out:

Unlike a Tether blacklist, it's not possible to "freeze" ETH tokens, which can continue to be transferred.

In this case the OFAC-blacklisted Jonathan Zimenkov wallet transfers all the ETH to another address:

0x76a6fcc3b6db8aed6b1a6a85678a01889020bded

an address which is not blacklisted by OFAC, and which we'll refer to as "Downstream 1."

Downstream 1 then transfers all the ETH to Downstream 2:

0x6a365f68071376bd75ff6e881afd57c95afc5b43

Downstream 2 then transfers all the ETH to Downstream 3:

0xd243c21b1bd99b078dca72c3dff1c2f8a5f6099c

and Downstream 3 is where the ETH sits and ends.

2.4.2 What is safe?

The following addresses downstream from the OFAC-blacklisted Jonathan Zimenkov address have not been blacklisted (at the time of writing):

  • 0x76a6fCc3B6DB8aEd6B1a6a85678a01889020bdED (Downstream 1)

  • 0x6a365f68071376bd75ff6e881afd57c95afc5b43 (Downstream 2)

  • 0xd243c21b1bd99b078dca72c3dff1c2f8a5f6099c (Downstream 3)

Although Downstream 1 and Downstream 2 are flagged in DashArgos, Downstream 3 is not flagged (as we would expect), because Downstream 2 does not itself have any direct suspicious transfers with any blacklisted and/or sanctioned addresses.

But assuming Downstream 3 is safe to interact with would be missing a step.

And that's why it's important to analyze the inbound and outbound recipients carefully and at the very minimum, 1-step up and 1-step down, the DashArgos Labels will help with further analysis and identification.

2.5 Deep-Diving into a Transaction

Deep-diving into a specific transaction generally isn't needed in most cases, but in some cases, you may want to analyze the specific breakdown of transactions.

The "Largest Counterparties for Addresses" Dashboard allows you to deep-dive and verify transactions easily.

2.5.1 Copying an Address

To copy an address, simply,

  1. Double-click on any of the empty space surrounding an address (do not click directly on the address itself).

  1. This will bring up the address window.

  1. Double-click on the address to select the entire address, which will be highlighted in blue.

  1. Now you can copy the address using "CTRL + C" (for Windows-based computers) or "CMD + C" (for Mac-based computers), or the relevant shortcut for copying on your system.

2.5.2 To Address / From Address External Inspection or Verification

Clicking on any address allows you the option to verify an address externally with Arkham Intelligence or etherscan.

Although ChainArgos does not warrant the accuracy of any information an external inspector or validator provides, the option to validate an address externally provides you with an additional tool to inspect other resources as required.

2.5.3 USD Value Today, Sum of Transfer Amounts, Number of Transfers, Avg Transfer Size

DashArgos automatically aggregates transactions between any two addresses, so you can quickly review the total flow.

For this example, we'll use this address:

0x1b4423364623a4deffa335413343122194f967f7

Clicking on any of these fields:

  • USD Value Today

  • Sum of Transfer Amounts

  • Number of Transfers

  • Avg Transfer Size

brings out this window so you can inspect the aggregated transactions in greater detail:

The fields in this window can be further clicked and either link to external verification or inspection, or another window with specific transaction detail.

2.5.4 First Txn Date, Last Txn Date

Click on any of the dates in the columns "First Txn Date" and "Last Txn Date."

This will bring up:

for you to inspect the Block Number.

Last updated