Chain analytics shows movement, but identity verification shows who is likely operating the accounts behind that movement. When laundering uses exchanges, mule accounts, or delegated access, the answer depends on both data sets. Without identity evidence, investigators often know where value moved but not who controlled the flow.
Why This Matters for Security Teams
Crypto laundering investigations fail when teams treat blockchain visibility as proof of identity. Chain analytics can show clustering, velocity, and asset movement, but it does not by itself establish beneficial ownership, delegation, or whether an exchange account, mule wallet, or compromised credential is being used on behalf of someone else. That is why identity verification remains central to AML and KYC decisioning, alongside evidence from FATF Recommendations and identity controls in eIDAS 2.0.
For security, fraud, and investigations teams, the practical issue is attribution. A wallet can be visible, but the human or non-human actor behind it may be hidden behind synthetic identities, reused credentials, or delegated access. NHIMG research on Ultimate Guide to NHIs shows how often identity controls fail at the infrastructure layer, which matters because laundering frequently exploits the same credential and access weaknesses used in wider cyber abuse. In practice, many teams encounter suspicious transaction graphs only after the underlying account-control problem has already widened the blast radius.
How It Works in Practice
Effective casework usually combines three layers: transaction tracing, identity verification, and control evidence. Chain analytics is strongest at answering where funds moved, how quickly they were split, and which services or addresses repeatedly interact. Identity verification is strongest at answering who opened, controlled, or benefited from the service account, wallet, or exchange relationship. The combination is what turns a suspicious pattern into an actionable case.
In regulated environments, investigators typically cross-check exchange onboarding records, KYC artefacts, device and session signals, beneficiary information, and any evidence of account delegation or shared access. Current guidance from FATF supports risk-based customer due diligence, while NIST SP 800-53 Rev. 5 provides control language for identity proofing, access enforcement, auditability, and incident response. For NHI-led environments, the same logic applies to API keys, service accounts, and delegated wallets: if the credential is not tied to a verifiable owner and lifecycle, attribution remains weak.
- Use chain analytics to identify high-risk flows, then validate the actors behind the flows with onboarding and access records.
- Correlate wallet, exchange, and device identity where lawful, rather than relying on one data set alone.
- Treat delegated access as a governance issue, not just a transaction anomaly.
- Preserve logs that show control, consent, and account recovery actions, not only transfers.
NHIMG notes that 97% of NHIs carry excessive privileges, which is a useful reminder that laundering-related abuse often rides on poorly governed access rather than purely technical obfuscation. These controls tend to break down when laundering is routed through fast-moving cross-border services with weak onboarding, limited log retention, or fragmented ownership across affiliates.
Common Variations and Edge Cases
Tighter identity verification often increases friction and operating cost, requiring organisations to balance investigative confidence against customer experience, privacy, and remediation speed. That tradeoff becomes sharper in crypto because not every high-risk pattern is fraudulent, and not every suspicious wallet maps cleanly to a single person.
There is no universal standard for this yet, but current guidance suggests a tiered approach. For low-risk activity, basic identity assurance and sanctions screening may be enough. For higher-risk cases, teams may need stronger proof of control, enhanced due diligence, source-of-funds checks, and corroborating evidence from exchange records or travel-rule style metadata. Where non-custodial wallets, mixers, or cross-chain bridges are involved, attribution may remain probabilistic even after verification, so investigators should document confidence levels rather than overstate certainty. NHIMG research on 52 NHI Breaches Analysis and Ultimate Guide to NHIs is relevant here because credential reuse, delegated access, and poor lifecycle control often blur the line between technical control and true accountability.
In practice, the hardest cases are the ones where chain analytics is noisy, identity data is incomplete, and a compromised account has been used for legitimate and illicit activity in parallel. That is where teams need both evidence streams, plus careful case notes, because the real failure is usually attribution under uncertainty, not lack of transaction visibility.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack surface, NIST CSF 2.0, NIST SP 800-63 and NIST AI RMF set the technical controls, and NIS2 define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Identity proofing and access governance support attribution in laundering cases. |
| NIST SP 800-63 | AAL2 | Stronger identity assurance helps link suspicious crypto activity to real actors. |
| NIST AI RMF | GOVERN | Fraud investigation workflows need accountable governance over identity and analytics use. |
| OWASP Non-Human Identity Top 10 | NHI lifecycle governance | Delegated wallets and service accounts behave like NHIs when used in laundering. |
| NIS2 | Article 21 | Operational resilience and incident handling matter when laundering overlaps with account compromise. |
Define roles, oversight, and escalation rules for combining chain analytics with identity evidence.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on July 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org