Explains blockchain address clustering heuristics (UTXO common-input ownership, account-based deposit sweeps), entity and label layers, attribution confidence, peel chains and taint-style tracing concepts, and operational caveats. Use when the user asks about wallet clustering, linking addresses to the same owner, exchange deposit patterns, attribution, deanonymization limits, or how analytics firms group addresses.
Educational only. Do not assist with harassment, non-consensual doxxing, or sanctions evasion. High-stakes conclusions require legal and compliance process—not a vendor UI alone.
Addresses are pseudonymous. Clustering infers that multiple addresses are likely controlled by the same real-world actor, so analysts can reason about “wallets” rather than isolated strings.
All clustering is probabilistic—wrong merges and missed links happen.
Privacy practices (coinjoin, careful coin selection) weaken naive clustering.
| Layer | Typical meaning |
|---|---|
| Entity | A cluster of addresses grouped as one actor (person, fund, exchange)—often multichain |
| Label | Name for a specific address (e.g. named hot wallet); may include private user labels |
| Tags | Behavioral or risk descriptors (many per address)—often mixed automation, analyst review, community input |
Attribution maps a cluster to a real-world name using OSINT, subpoenas, exchange cooperation, or leaks—confidence varies.
For investigation workflow (OSINT steps), see crypto-investigation-compliance. For platform use cases (AML dashboards), see blockchain-analytics-operations. For bridge-linked and multi-chain unified clustering (graphs across chains, wrapped-asset normalization), see cross-chain-clustering-techniques-agent.