Bart Simpson Pattern – Inefficiencies in Crypto Trading

How has Bart Simpson managed to weasel his way into cryptocurrency analysis? What possibly could the connection between cryptocurrency pricing and a fictional yellow character from the American TV series The Simpsons be? Talking with the trading experts at Crypto Broker AG, who analyse bitcoin charts, and with our further research in the area of trading patterns and trend analysis, we suggest a different significance behind this price chart pattern – all jokes aside.

Thanks to a little ingenuity and some inspiration from highly reliable, albeit satirical media sources, a recognisable chart pattern, known as the Bart Simpson Pattern, can be used to explain the recent inefficiencies in cryptocurrency trading.

So, what is happening?

The Bart Simpson Pattern occurs when an unexpected spike (or a drop) in prices is followed by a sideways movement, and subsequently by a sudden drop (or a spike) in prices. The chart pattern takes on the shape of Bart Simpson’s head.

Bart Simpson Pattern on Price Chart
Figure 1 – Bart Simpson Pattern on Price Chart

And why is it worth taking a closer look at the Bart Simpson chart pattern?

One enticing thought is that even though the cryptocurrency markets are becoming more professionalised, the possibility of price and market influences still exist. They manifest in the Bart Simpson Pattern. Inexperienced market participants are causing a great deal of these inefficiencies, which could easily be mitigated, e.g. by the use of appropriate brokerage services.

Allow me to explain by going more in depth.

The Bitfinex chart above (Fig.1) shows a BTC/USD price development. Several common market fluctuations are visible without any apparent abnormalities. Generally, a massive green (or red) candle will introduce the typical (or inverse) Bart Simpson Pattern. Upon closer inspection, at least two Bart Simpson Patterns can be made out in Fig.1: an inverse Bart starts on September 8th, with the end of the formation already beginning to form the second Bart Pattern. Images of Bart Simpson’s head have been inserted into the corresponding periods.

Ever since the beginning of 2018, both the variety and frequency of Bart Patterns have increased. When asked about price patterns in general, American financial market analyst John J. Murphy explained: “Price patterns are pictures or formations, which appear on price charts of stocks or commodities, that can be classified into different categories, and that have a predictive value”.

Despite the fact that cryptocurrencies and crypto assets came after his time, it also goes without saying that this research paper in no way constitutes financial investment advice nor will it offer any predictive value.

Returning now to Murphy’s definition, research has shown that the Bart Pattern may vary in its volatility, duration, and frequency. The formation usually occurs over a period of a few hours, apparent on intraday charts with a scale of 15-minute intervals. In Fig.2, which shows a close-up of the same two patterns depicted in Fig.1, the inverse Bart Pattern is visible in the significant increase in trading volume and significant decrease in price. In total, the price drops here for a period of approximately two hours. Subsequently, there is a kind of consolidation phase characterised by prices moving very little over a 15 hour period (the so-called accumulation area), after which an unexpected price increase takes place. The typical Bart Pattern that follows after that could be described in the reverse.

Zoom-In Bart Simpson Pattern
Figure 2: Zoom-In Bart Simpson Pattern [1]
As shown in Fig.2, a price cycle will generally contain the following phases: accumulation, markup, distribution, and markdown. However, a common price cycle is not characterised by an extremely steep markup and markdown curve as seen in a Bart Pattern. Moreover, a complete price cycle may last for a few hours, days, or months. A theoretical price cycle according to renowned stock market authority Richard Wyckoff is depicted in Fig.3.

Wyckoff Price Cycle
Figure 3 – Wyckoff Price Cycle

Here, the accumulation area is characterised by a sideways movement with the price moving relatively slowly. This phase is also referred to as market consolidation. During the late stages of a bear market, in particular, many investors try to trade during the accumulation phase in order to catch the bottom of the trend. Nevertheless, it is also possible for the bears to win, and a further downward trend will follow. Once the resistance level of the accumulation phase is exceeded, the markup phase will then begin. In this context, new highs will be set, or in the case of the Bart Pattern, an exceptional new high will be set in a relatively short period of time. Usually, the markup will last longer than the accumulation phase. At this point, investors of all kinds are attracted to invest, in the hopes of making profits during the upward trend.

As soon as there is resistance and the market faces a correction or pullback, the distribution area will start. As in the accumulation phase, the bulls and bears will battle against the upcoming movement. This means that the distribution area does not necessarily allude to a price drop. If selling volumes increase regardless and buying volumes decrease, it is only a question of time before the resistance level is exceeded and the price will drop in the markdown phase until the next accumulation phase is reached.

Richard Wyckoff, who founded The Magazine of Wall Street, was a pioneer in technical stock market analysis. He based his trading strategy on three laws, with the intent of identifying the best markets to trade and the potential future directional bias for prices. According to his “Three Wyckoff Laws”, the price chart can be affected by:

– Supply and demand
– Trading volume and the corresponding price change
– Duration of accumulation and distribution period

Is There a Reason for a Bart Simpson Chart Pattern in Crypto Markets?

Research has shown that the conditions under which the Bart Simpson Pattern seems to appear is if price movements were not apparent before the formation started, although trade volumes increased. This assumption may be in line with one of Richard Wyckoff’s trading theory laws. Talking with the trading experts at Crypto Broker AG, analysing bitcoin charts, and conducting further research in the area of trading patterns and trend analysis, I concluded that the Bart Pattern is due mainly to liquidity issues.

To create an overview of the relationship between market liquidity and the corresponding price developments, I attempted an historical reappraisal of an inverse Bart Pattern (cf. Appendix A). It is possible to divide its development into the following six steps

1. Trade Initiation (Sell Order)

Firstly, a larger [2] selling (market) order needs to be issued to initiate a corresponding and considerable price movement. For instance, the bitcoin price may already have moved by 2% with a market order of 500 bitcoin on a smaller exchange. Due to the possibility of initiating a relatively large selling (market) order for bitcoin – for whatever reason – the market may be faced with a liquidity problem.

From an economical point of view, the market supply of bitcoin exceeds the current demand and consequently the supply has exerted downward pressure on the bitcoin price due to the surplus.

2. Trade Execution

If the market (S0) does not have enough supply or liquidity and one relatively large order is placed that cannot be easily satisfied by the corresponding exchange platform, the order books will be completely stripped out. When an exchange is faced with an oversized price shift, every single buy position below the current trading price will be accepted without any restrictions, particularly with a market order.

As a result, the trading price is pushed down instantly until the trade is fully executed (D1). The left side of an inverse Bart Pattern is now visible. When the bottom is reached, the market starts to consolidate and so the sideways movement begins.

3. Accumulation Phase

Now, we enter the accumulation phase. Here, the market has reached its new equilibrium, meaning that the open orders were satisfied and the market will consolidate until S1 = D0. There is now also a new price (P1).

4. Trade Initiation (Buy Order)

As soon as a larger buy order is issued, leading to a breach of a higher resistance level, the probability increases that the bitcoin whales[3] will re-enter the market. By using their relatively large trading volume – in this case to execute a long position – the whales’ direct impact is reflected in the chart in an unexpected spike; and the second part of Bart’s head begins to appear. However, there is no shift in supply, only an unusual shift in demand (D0 –>D1).

5. Trade Execution

Because of the resulting demand surplus, the price is pushed even higher because there are not sufficient bitcoins available for the price offered. Similar to the previous trade executions for sell orders, every single sell position above the current trading price will be accepted without restrictions. Thus, the trading price is pushed even higher until the trade is fully executed (D1).

6. Distribution Phase

Subsequently, the distribution phase starts. As described in the accumulation phase, the market has reached its new equilibrium. The difference now, however, is that the balance is found at S1 = D1 with the new price (P2).This price could even be the price P0 from the beginning of the Bart Pattern.

The description above would be the same for a (non-inverse) Bart Simpson Pattern if steps one through three were to be changed to four through six, and vice versa.

Market Liquidity plays an Integral Role in the Markets

As a general rule, if there is sufficient market liquidity, most goods and services can be traded without there being any unexpected impact on their prices. Conversely, this implies that a lack of market liquidity could affect the prices of the traded goods, as shown in the example of the (inverse) Bart Simpson Pattern.

Both the upward and the downward move could be caused by a lack of liquidity. For the downward move, the lack of liquidity stems from too large of a supply that cannot be absorbed by the market. For the upward move, the lack of liquidity can be due to an increase in demand that also cannot be met by the market.

In the bitcoin market, two parties could be bitcoin whales and therefore capable of entering a relatively large order. On the one hand, there are institutional investors with the financial means to take influence on the market. On the other hand, there are many retail (private) investors who have an unusually large amount of cryptocurrencies, e.g. due to early participation in the crypto markets. In either case, one of them may represent a whale and thus be able to initiate such a trading pattern from the buy or sell side.

What is the intent of such an order beyond it simply being large and inadvertently burning money?

There are two explanations: either this is a retail investor without the necessary trading knowledge to execute a smart and smooth trading order; or the trade has been submitted intentionally by someone with a professional background. Speaking rationally, however, a large market order is completely inefficient because of the resulting financial loss. Both situations are therefore unusual in liquid traditional markets.

There is no proof that liquidity problems are entirely responsible for any Bart Simpson Pattern. There are, of course, examples where a Bart-like downward move was followed by a second downward move, forming a stair rather than a Bart Pattern. Yet, the great majority of Bart Patterns may be caused, and moreover explained, by liquidity issues.

Do Bart Simpson Patterns Also Appear in Traditional Markets?  

Yes and no. Since the beginning of 2018, the cryptocurrency market has faced a downward slide. In January 2018, its market capitalisation exhibited an all-time peak at approximately USD 800 billion. Through the following months, a steady decline in the market capitalisation became apparent. On October 23, 2018, 54% of the market capitalisation of approximately USD 209 billion was attributed to bitcoin. This is comparable to the market capitalisation of a single larger listed company such as McDonalds, IBM, or SAP. In short, it is difficult to compare a traditional market to the cryptocurrency market currently – not only because of its market capitalisation, but due to the market participants and emerging regulation.

A market that enables its participants to initiate relatively large orders also provides the greater possibility of prices being influenced. In the case of bitcoin, retail investors can enter these orders in the absence of regulation (be that through brokers or on exchanges). Whales are not just a factor in the bitcoin market. They also dominate the equity market, but there they are more likely to be institutional whales in a regulated environment. Thresholds to entry and related infrastructure in cryptocurrency markets vary significantly when compared to traditional markets. The execution of trades are carried out in an appropriate and more rational manner in traditional markets. Also, in traditional markets, so-called circuit breakers and other security mechanisms are implemented, as is apparent in the S&P 500 Index. As soon as a market or a single stock drops a predefined percentage within a predefined timeframe, a circuit breaker temporarily stops all trading on that exchange.

Crypto Finance AG, through its subsidiary Crypto Broker AG, is a financial intermediary available to qualified and institutional investors. This team of experienced investment bank traders draws on the liquidity of the world’s top exchanges to offer optimised order execution, without affecting prices, thus avoiding Bart Simpson Patterns.

Download the Bart Simpson Trading Pattern Research Article as a PDF


[1] Figure 2 includes the price development charts of Coinbase (red) and Binance (orange). It clearly shows that not only one exchange is faced with a considerable price drop and spike.

[2] Measured relative to the common trading volume during the last 24 hours

[3] Bitcoin whales – holders of large amounts of bitcoin


ERC20 Token Swaps – the Redemption

ICOs, Mainnet Launches & Token Swaps – the Redemption of ERC20 Tokens

During the last year, an increasing amount of companies have launched an initial coin offering (“ICO”) to finance their business. The Swiss Financial Market Supervisory Authority (“FINMA”) states in their recently published ICO Guidelines that “in an ICO, investors transfer funds, usually in the form of cryptocurrencies, to the ICO organiser. In return they receive a quantity of blockchain-based coins or tokens which are created and stored in a decentralised form either on a blockchain specifically created for the ICO or through a smart contract on a pre-existing blockchain”. According to a research report by PwC Strategy&, more funding was raised with ICOs within the first five months of 2018 than the total of the previous five years before.

An ICO is usually structured so that the company issues their own tokens using smart contracts that are executed on an existing blockchain. The establishment of a propriety and stable blockchain usually requires a substantial amount of development work and the associated investment in software. Startups developing their own blockchain do not have the necessary financial means at their disposal in the early stages. As these companies cannot immediately develop a blockchain solution from scratch, instead they use an existing blockchain with the ability to host an ICO token. Blockchains that allow this functionality must have “the ability to create a second layer on top of their own native token”.

Ethereum is the most popular blockchain used to issue ICO tokens, using the “ERC20” common technical standard for Ethereum tokens. For companies aiming to build their own blockchain, the issued ERC20 tokens act as a placeholder for the future “native” tokes. From an economic point of view, an ERC20 token exhibits similar characteristics to a convertible note, if the prospective native token meets the requirements of an asset token according to its definition by the FINMA. Whereby in case of a convertible note the initial loans will be converted to equity at a specific milestone, the ERC20 tokens are converted to native tokens at a specific milestone. There is also the option to use a Simple Agreement for Future Tokens (“SAFT”) in order to raise funding – as in the case of the Telegram ICO.

ERC20 Token Standard & Mainnet Launch

The term ERC20 describes a technical de-facto token standard for an Ethereum smart contract. ERC is the abbreviation for “Ethereum Request for Comment” which determines the necessary requirements for tokens to follow within the Ethereum ecosystem. The core ERC20 functions include:

– transfer(to, value)
– balanceOf(owner)
– approve(sender, value)
– allowance(owner, spender)
– transferFrom(from, to, value)
– totalSupply( )

Based on these commands, an ERC20 token is queried and modified. These commands and rules have to be met for a token to be accepted and to ensure that the tokens can interact with each other and the surrounding infrastructure on the Ethereum blockchain. Besides this “placeholder” function, this kind of token can be also used as a currency for dApps. Moreover, the smart contract may define additional features that hint towards the purpose of a token, for instance, the usage as a payment, utility or asset token.

By using an ERC20 token as a placeholder, issued on the Ethereum blockchain, their target purpose functionality might be limited. Once the final blockchain solution is developed, tested and successfully verified, the next step is the launch of this new, self-sufficient blockchain – the mainnet launch.

The mainnet, i.e. the new blockchain, may differ in basic characteristics such as the underlying security algorithm, cryptography, level of decentralization, level of efficiency, identity obfuscation strategy, network topology, block production policy, permissibility, scope of participants and grandeur of the vision. Many of these properties are highly related. The ERC20 tokens issued during the ICO might not be compatible with the new blockchain and its corresponding features and adaptions. Therefore, they need to be migrated onto the new blockchain. Normally, a project sets a date, or a time period, when the “old” tokens have to be swapped, otherwise they become frozen and thus unusable.

Past projects have approached this in several ways but commonly all ERC20 tokens that were not transferred from the Ethereum blockchain became frozen and thus useless at a pre-determined date. The tokens from the Ethereum blockchain must be moved to the new blockchain. This process is known as coin swap or token swaps. The most recent and best known token swaps were EOS (EOS), Tron (TRX) and VeChain (VEN). Figure 1 below shows a short overview of the most relevant ERC20 token swaps:

Figure 1: Overview of (upcoming) Token Swaps

Given the technical properties of cryptography and the underlying blockchain, the process of substituting two digital assets is not as complicated as it seems at first glance. To explain the whole process more understandably, we summarized two recent token swaps below.

Which are the necessary steps? Exhibited by the example of TRX & VEN

Tron (TRX)

The Tron ERC20 tokens had to be swapped into TRON20 standard tokens (the native coins for the Tron mainnet). All Tron tokens traded at this time were exchanged at a 1:1 ratio.

Figure 2: Visualization of the TRX token swap

To conduct the token swap, the token holders had to deposit their token on an exchange platform that supported the swap – there was no other way to swap these tokens. Around 60 exchanges supported the swap such as Bitfinex, Bittrex and Huobi. According to the official instructions published by the Tron foundation, the ERC20 Tron tokens had to be deposited onto the participating exchanges before June 24th 2018 to ensure a successful migration. Alternatively, the exchange platform Binance, have been offering an ongoing coin swap until the end of December 2018. The mainnet was already launched on May 31th 2018 using a “delegated Proof-of-Stake (POS) consensus algorithm and relies on 27 block validators – dubbed super representatives (SR) – to produce the blocks and verify transactions” – only a side remark for the more technical readers.

VeChain (VEN)

VeChain published a specific guide for their token swap. The company has described the whole procedure as a “smooth launch of VeChain’s mainnet”. In contrast to EOS where to tokens had to be swapped on a pre-determined date (and actually 1.2% of tokens failed to do so and are hence frozen), VeChain allows its token holders to swap their tokens during a defined time horizon beginning July 13th 2018. At the time of writing, no end-date for the swap has been announced and there will probably be no deadline (with the exception of a minority of specific token holders). Like Tron, the Vechain ERC20 tokens (VEN) are swapped into the native coins VeChainThor tokens (VET). However, in this case the tokens will be swapped at a 1:100 ratio – for every single VEN token transferred, the token holder will get 100 VET tokens.

Figure 3: Visualization of the VEN token swap

According to the VeChain guide, there are three different methods outlined how the VeChain tokens can be swapped. There is the possibility to swap via an exchange (like Tron), the VeChain wallet or the ledger nano hardware wallet. Using the exchange option, the VEN tokens had to be transferred to the exchange wallet before the second week of July 2018 when the token swap occurred. The swap was supported by seven exchanges, among them Lbank, Bithumb, Binance and Bitfinex. Similarly to TRX, an option to exchange after the announced time horizon passed has been possible using Lbank exchange. For the swap using the VeChainThor wallet, further detailed instructions can be found here. At the time of writing, there is unfortunately no guide released for token migration by using the hardware wallet nano ledger.

Is there a general approach for token swaps?

No. As outlined above, there is no blueprint to how a token swap is constructed. However, it is clear that for all token swaps the token holder must conduct research on the process. The token development teams typically provide instructions on the required steps of a token swap. These instructions are commonly published in the newsfeed of exchange platforms, via Twitter and Medium accounts or on their official homepage. Figure 4 summaries a framework on how a token holder should handle a token swap and which steps should be considered:

Figure 4: General assistance framework regarding token swaps

In the first step, an investor must determine if there is any fixed date when the token swap takes place or if there is any time horizon when the tokens should be swapped. In the case of EOS or Augur there was a pre-determined date on which the tokens had to be transferred. Alternatively, there is also the possibility of a time slot over a few months or more when the token swap can be conducted, such as in the case of Pundi X, Tron or VeChain. A different approach was implemented by Icon where both options were possible.

The second step addresses where the ERC20 tokens are currently stored. Depending on the storage option, a token swap might differ therefore varying actions steps are required.

In case of storing the coins on a wallet on an exchange platform, the investors have to check if the exchange supports the new token – based on announcements on the exchange platform or the website/ forum of the corresponding ERC20 token. In the past, the major exchanges have typically supported the native coin. As a side note, this process of initially issuing ERC20 tokens could represent a cheap and easy alternative of becoming listed on an exchange platform with a native token.

The specific way how the token will be swapped may also differ – there is either the possibility of an automatic exchange where tokens only have to be stored in the wallet on the exchange during a specific timeframe or, alternatively, some specific instructions will be announced. If the token migration is not supported, the token holder will have to transfer the ERC20 to a specific wallet that supports the token swap.

In case of storing the coins on any other kind of wallet, the investor has to analyze initially if their wallet supports the new token standard. For previous token swaps, this was usually not the case and the coins had to be transferred either to a specific supporting wallet or to any exchange platform supporting the exchange.

Are there any risks associated with a token swap?

The primary risk is missing the announced deadline – when it is likely that the ERC20 tokens can no longer be swapped. They will become frozen and thus worthless. Taking into consideration that this is a quite new process occurring in the decentralized cryptocurrency market where no central authority is available, such a “trustless” process itself represents a major problem. There is no legal recourse if anything goes wrong – unlike in a central (bank) system. Additionally, the token swap has to be conducted in a proper manner, like every blockchain based transaction because of their irreversibility. If, for instance, a wrong receiving address for the new wallet is used (which might be due to a mix up of private and public keys), then the coins could be lost.

In a nutshell

If an ICO issues ERC20 tokens as a placeholder, a token swap is an inevitable step that has to be completed by any token holder. The coin swap is necessary to gain access to the (native) token’s full functionality and to prevent freezing of the ERC20 tokens. How a token swap is conducted depends on several factors, however, our framework (see Figure 4) should assist with the swapping process. The key points to remember are to:

– check the official instructions
– be aware of a potential deadline
– follow the instructions in a proper manner

Considering that a significant number of ICOs have issued ERC20 placeholder tokens, there is an increasing amount of future tokens swaps expected – the most relevant ones are exhibited in Figure 1.

Download the ERC20 Token Swaps Research Report PDF

Bitcoin just had an “inflation bug” and no, it is not dying

A responsible disclosure is not fun. Especially if the stakes are high and the timeline tight.


On 17th of September a vulnerability was found that could, in the very worst case, have led to a real on-chain double spend. I will not go into the nature of the bug, how it was found and who resolved it (although that story is great and an amazing example of efficiency). Instead, I will focus on what it would take (or rather have taken) for an attacker to actually exploit the vulnerability and what he would stand to gain from it. There is a lot of misinformation about this in the media right now.

The attacker has to be a miner and he would have to create a block that includes a specially crafted transaction that spends the same input twice in the same transaction.  This transaction cannot be one that he picked up from the network, where such a transaction would not propagate. Think of it as handing over the same twenty Swiss Francs bill twice in one payment at the grocery store. The grocery store actually received forty Swiss Francs even though you only spent one twenty Swiss Francs bill. The total monetary supply just increased by twenty Swiss Francs. This is why the bug is often dubbed as an ‘inflation bug’. The bug originated in the bitcoin core node software – this is run by companies dealing with or accepting bitcoin as well as individuals or developers in order to independently verify the information that they get from the blockchain. Since version 0.15.0 (September 2017) it no longer recognized such transactions as invalid.

After the bug was found, only few hours passed before version 0.16.3 was released and as of now already 19% of publicly visible nodes run on that version[i].

A miner running such an attack however runs the risk that despite many nodes not noticing the creation of money, other players will. He runs the risk that the betrayal of the network rules is picked up by humans instead of nodes. If this happens quickly enough, the operators of nodes, especially of economically relevant ones at exchanges will manually override and ignore this block. All it takes for this is one input in the bitcoin core node terminal. All preparations for such a step are taken. This would subsequently lead to a split in the blockchain, where nodes with observant operators follow a different chain than those nodes that do not. However, there is still a risk that the attacker can get his unjustly gained coins to an exchange, sell them there and withdraw the proceeds in fiat or a different cryptocurrency before the exchange notices the split and freezes operation. Given the mentioned efficiency and careful observation of certain individuals, the risk of such an attack, especially in economically damaging amounts, is very low.

It all comes down to two things. Firstly, what does the attack cost the attacker and secondly, how fast is the network likely to notice the anomaly and work around the culprit before he can take his profit.

Since the attacker has to be a miner and put his inflating transaction into a block which would otherwise have been valid, he is losing out on the reward for the block, yet still has to cover the production cost of that block. If the attack is unsuccessful, he just lost 12.5 BTC (plus fees), or at current rates roughly CHF 80k. This represents his investment.

To the second point, for the likelihood of discovery, that very much depends on the level of automation. Above, I only mentioned the manual, human means of discovery, but this is certainly not all. Projects like Statoshi or Bitcoin Optech continually monitor all possible network parameters. Fork monitors run different node software to determine any deviations. Developers do that to notice deviations between their software to bitcoin core and actually any bitcoin node will notify its operator if it determines that it is running on a minority chain, i.e. if there is a chain that is at least six blocks longer, but the node determines that chain to be invalid.

There are mechanisms in place to monitor the network for inconsistencies. In that context, the fact that the commit that enabled this bug only happened last September is very good news. Older versions are therefore not affected.

As of right now, 64% of nodes are secure, only 31% are vulnerable and 5% of publicly visible nodes do not send a standard version identifier, which means that it is unknown if they are affected or not. Those numbers obviously come after 19% of nodes have already updated to 0.16.3, but even if we assume that all of those have previously been on an affected version 0.15.0 to 0.16.2, this means that in the worst case scenario, there are still 31% of nodes that have not been vulnerable at the time of disclosure.

This rather high number, together with tools that monitor anomalies in the network, make it very unlikely that an attacker would be able to successfully spend his unjustly gained coins before the community notices and self-adjusts.

As a corollary to this: We do know that this exploit has not been executed in the past. For the very simple reason that pre-vulnerability nodes, running lower versions are purposely still up, running and in sync with the vulnerable ones.

Above considerations are valid for BTC. Smaller networks skew the numbers significantly. If it is cheaper to create a block, or rather if the opportunity cost of missing out on one, is smaller, the investment for the attacker goes down. Moreover, if there are fewer nodes and fewer developers monitoring the network, the likelihood of success goes up massively.

[i] For this and the further number of nodes, I source the information from This gives an indication about the network. Getting exact numbers is impossible though, since many nodes do not publicly advertise their existence.

Crypto blockchain analysis: the tool for criminal investigations and AML & KYC requirements

The Crypto Privacy Myth

Crypto and Bitcoin are terms synonymous to many with secrecy and illegality. Stories of drug dealing, tax evasion and money-laundering have dominated the press on Bitcoin in earlier years. Many consequently, and wrongly, assume crypto to be a cover for criminal activity.

In fact, Bitcoin and the majority of other crypto assets provide safeguards against criminal use. They are public blockchains where each coin’s history and chain of ownership is permanently and publically logged. The journey of a coin can be traced back in time – and it can be followed going forward. Compare this to a bank note, with no such history attached to it. These permanent records mean Bitcoin does not offer the same level of privacy as cash.

Governments and other institutions are able to gather a large amount of data from public blockchains. Had the transactions occurred with traditional money such information would not be available.

A number of innovative firms are using proprietary intelligence tools to analyse blockchains to create reports for anti-money laundering (AML), counter-terrorism regulatory (CTR) and know-your-customer (KYC) requirements. They search the public, and freely accessible, blockchain to build a historic picture of the blockchain addresses and transactions.

Shift in Criminal Activity

New technologies are often first adopted by those with questionable intents. The internet’s early use was disproportionately used for unsanitary and illegal reasons.

The crypto market has entered a maturing and exchange-dominated stage. The time of the illegal and unethical activity being the majority of transactions is now history. In the early years, criminals could hide behind Bitcoin when no one was looking and when it was little understood. A paper (published by Paolo Tasca, Shaowen Liu and Adam S. Hayes of University College London, Deutsche Bundesbank and University of Wisconsin-Madison respectively) concludes that the crypto market has moved away from mainly illegal activity towards a market dominated by legitimate merchants.

A sample study on Bitcoin Laundering by the blockchain analysis firm Elliptic finds the vast majority of funds received by conversion services (e.g. crypto exchanges) do not appear to be illicit. The study notes that the volume of coins previously used on the Bitcoin network for illicit reasons entering conversion services has decreased over time. Another firm, Chainalysis, reported “the share of Bitcoin transactions sent to darknet markets has declined from 30% in 2012 to less than 1% in 2017”. These studies concur that the relative decline of Bitcoin usage in the darknet is largely a consequence of the rise of legitimate uses of the Bitcoin network.

USD currency is used for terrorist financing, money laundering and drug dealing. The common mistrusting view of Bitcoin starts to look unjustified when comparing the low levels of illicit activities using Bitcoin against the levels of criminal activity using USD.

The real current concern regarding illegal activity in crypto is their use as a way to obtain cyber ransom proceeds (Elliptic’s study finds 16% of illicit Bitcoins entering conversion services come from ransomware in 2016 compared to just 0.5% in 2013). This is most commonly demanded in cybercrime and ransomware attacks (e.g. hacking and taking control of an entity’s system then demanding crypto as ransom).

Blockchain Analysis for Forensic Investigation and Law Enforcement

Analysis of a blockchain, combined with other data sources, can provide game-changing information and data. Governments, regulators, secret services and law enforcement agencies are using data analysis of blockchains.

Natural persons behind crypto transactions are identified at the point of “fiat gateway”. This is where, at some point, the individual exchanged crypto for their fiat currency (or vice versa). The crypto transactions can be followed to the fiat gateway. The firm providing the fiat gateway (e.g. a fiat-to-crypto exchange website) provides law enforcement agencies the identifying data on the individual. As the availability for direct crypto purchases for goods and services increases, the range of fiat gateways will open up. Depending on the size of the transaction, identify verification may or may not be required (as with current traditional transactions). The burden will be on the vendors to meet regulations for acceptance of crypto payments.

The US Department of Justice used the “immutable, digital footprints” of the Bitcoin blockchain to identify a federal agent working undercover on the Silk Road Task Force that was abusing his power and selling information to obtain crypto. Leaked papers from the US National Security Agency (NSA) indicate they are delving into the blockchain to gather data and locate individuals.

Blockchain analysis companies Coinfirm, Neutrino, Chainalysis, Elliptic, Blockchain Intelligence Group and CipherTrace provide services to law enforcement agencies, intelligence agencies and regulators in blockchain surveillance and forensic investigation. These companies assist in tracking criminally obtained funds and in investigations of money laundering, ransomware and the darknet.

Chainalysis were the official investigators in the Mt. Gox bankruptcy case (a Bitcoin exchange that went into bankruptcy after losing a large number of funds). They have also contracted with many US government agencies including the DEA, FBI and IRS, worked with Dutch police to track down criminals involved in darknet markets and have successfully identified the attacker in a ransomware case.

Elliptic was engaged by a law enforcement agency to identify an individual using Bitcoin for illegal firearms trafficking and have engaged with the FBI, homeland security, IRS and SEC. They also investigated the flow of funds related to a Russian hack.

Neutrino collaborated with Sophos to trace and interpret crypto flows involved in the ongoing SamSam ransomware threats.

Blockchain Intelligence Group has established an office in Washington D.C. to keep close proximity to key federal agencies and provides law enforcement and regtech services.

Despite the use of advanced and obfuscating crypto strategies aimed to hide identifies, criminals are being foiled by blockchain analysis and intelligence. Governments are using the new public technology to their advantage. They are benefiting from the transparent feature of blockchains.

Blockchain Analysis for AML and KYC

These same blockchain analysis companies use their proprietary software and methodologies to provide comprehensive reports on fund origin checks and risk assessments for AML, CTF and KYC requirements.

Blockchain analysis companies provide individual credit risk ratings for each address – every coin is not equal. This is because the Bitcoin network stores all transaction history which is immutable (it cannot be altered). A coin can be considered “tainted” (see next section) if it is linked to previous illegal transactions. For example, an A rating for where no risks were identified vs. a C rating when it has been linked to ransomware attacks. Crypto exchanges, financial institutions and ICOs use these ratings for AML and KYC purposes.

Figure 1. Extract of example AML/KYC risk report on Bitcoin address by Coinfirm. Search and check blockchain addresses to get initial AML and financial risk assessment results for free.

Note this diminished fungibility (where one unit is equally interchangeable for another) is unlike fiat cash. An A rated Bitcoin address is not equal to a C rated Bitcoin address, as the lower rated coins will be rejected by financial institutions and crypto exchanges. Whereas, one USD is legally equal to another one USD.

Coinfirm has collaborated with Iconiq Lab (an ICO accelerator) to provide AML services for their ICO partnerships. They have also partnered with Payment21 (a Swiss-based crypto payment processing firm) and with Billion (a blockchain based payment platform). Coinfirm is launching their AML token (AMLT) designed to enhance their data knowledge by encouraging members to provide AML ratings and information in exchange for tokens.

Chainalysis is working with Barclays and Circle to provide information used to investigate the source, activity and destination of their client’s crypto funds.

Blockchain Intelligence Group has contracted with a number of firms to provide crypto risk assessment and compliance services such as with ATB Financial.

These modern approaches to AML and KYC are accelerating the crypto industry’s integration into the mainstream system and into existing regulatory requirements.

How to Analyse the Blockchain

The scope of public blockchain information available depends on the blockchain, but the Bitcoin blockchain holds a lot of data. It can be publicly accessed by anyone. Websites such as provide free and easy-to-use interfaces to extract blockchain information.

Figure 2. 3D2oetdNuZUqQHPJmcMDDHYoqkyNVsFk9r is a known Bitfinex Crypto Exchange (the company, not a user) wallet address – enter this into a blockchain explorer site.

Every address (typically held in a wallet) and every transaction address can be searched on the Bitcoin blockchain.

Key transaction data available:

  • Size in BTC
  • Fees
  • Timestamp
  • Origin addresses
  • Destination addresses

Key address data available:

  • Total coins sent
  • Total coins received
  • Final balance
  • Number of transactions

This raw data, along with other information obtained, is used to create the AML, KYC and CTR reports. For example, analytics can be performed to categorize wallets into types of users (such as wallets owned by crypto market exchanges or private wallets) based on their transactional behaviour. Judgement is then made on the groups and on the quality of their crypto holdings. Another method involves clustering – where multiple transactions and addressed can be linked together and associated with one owner. The owner is identified at a fiat gateway, or via alternative methods such as investigating an identity from their online public mentioning of a crypto address (for donations or payment requests).

A publication by Imperial College London visualises actual Bitcoin transactions and clearly identifies certain behaviour. For example, figure 3.1 shows how a firm can link many small payments to the same transaction and figure 3.3 shows a historic pathway of transactions from user to user. Explore the Bitcoin blockchain by amending the block numbers in the URL to visualise block transactions.

Figure 4 Visualisation of actual Bitcoin transactions: As coins move via transactions between addresses the history is saved and judgements are made on their journey.

Importantly, it is established if a coin has a questionable history. This is when the coin has entered services such as mixers (services that mix crypto to obscure their historic trail) or to wallet addresses that are already known to be associated with illegal activity. At this point, the coin is tainted and this is factored into the blockchain analytic companies’ reports.

The Right to Privacy

Many crypto enthusiasts value the importance of privacy, anonymity and freedom from central authorities such as governments. The advancements in blockchain analysis by governments may be seen by some as an attack on their principles of crypto. They will look for alternative ways to pursue their goals.

“Privacy coins”, such as Monero and Zcash, help make transactions anonymous. Other services, such as mixers and unregulated crypto exchanges, are used to attempt to blur the historic linkages. It is expected that while most governments are now moving forward to provide a regulatory framework to support the crypto industry, they are likely to exclude the permission of privacy coins.

Evolution of the Industry

A large amount of useful information can be obtained on analysis of a Bitcoin transaction. It is information that never would have been available had the transaction occurred with cash.

Blockchain analysis firms are helping crypto become mainstream by using technology to provide robust KYC/AML services and to assist in forensic investigations. Regulated institutions are using these services to invest in the industry. A deeper understanding of the assumptions used by the blockchain analysis companies is required to strengthen their acceptability for KYC and AML regulatory requirements.

Leading financial service firms in the emerging crypto market are taking a professional and proactive approach to regulatory requirements using blockchain analysis to enhance their AML and KYC procedures. Governments, regulators and other agencies continual collaboration with the crypto world is helping establish stability in the industry.

The BIS report – a rebuttal

Just a few years ago, every mentioning of cryptocurrencies in publications of the established financial systems was celebrated for the recognition that the young community received. These early days are clearly over. When the Bank for International Settlements (BIS) published a chapter about cryptocurrencies in their 2018 annual report, the community’s reaction was far from positive. The responses on twitter were of a form that we don’t intend to reproduce here. So this might generate some heat from the community as well: The report is actually fairly good. The technological valuation is sound, the economic critique is warranted. So where does this discrepancy originate? The BIS report fell short on only two aspects: It evaluated the technology for what it was a year ago and it criticizes cryptocurrencies for failing to be something that they do not aim for.

The technological criticism

Granted, it would not be prudent to take into the equation technology that does not exist yet. To trust that something will be around to save the day. Any prediction that something does not work is dangerous because some technological advancement might come along and render the counter-arguments invalid. But for the same reason a prediction that something does work can only rely on the current state of technology, not the hope for some breakthrough. The by far most famous example of such a misguided prediction is The Times newspaper’s prediction of 1894 that “In 50 years, every street in London will be buried under nine feet of manure”. Understandable at the time but obsoleted by the invention of the car. If an analogue prediction had been made in the
1920s, when the number of horses in London was even higher than in 1894, the prediction would seem negligent now instead of being a quirky anecdote of a time preceding the invention of the car. Analogously for the case of cryptocurrencies, when evaluating the scalability of the system, it is negligent to base this evaluation on the state of technology as of a year ago and discarding the technological breakthroughs that already happened. The BIS report does acknowledge the existence of proper scaling solutions, but hides this in a footnote, which does not acknowledge its relevance. So here it is:

Proposed solutions for the scaling problem include the Lightning Network, which essentially shifts small transactions off the main blockchain and into a separate pre-funded environment.

The Lightning Network is live and working. Indeed it still needs to increase adoption and for political reasons might fail to do so, but the technology is a settled thing. Instead of communicating every transfer to every participant of the network (if a cryptocurrency would reach global levels of adoption potentially billions of redundant copies of the same load of data), the Lightning Network communicates a transaction directly from the sender to the recipient or via up to 20 hops along the edges of the network. No permanent record is required beyond the closing of that particular channel, which might happen once every few months. Further improvements are also already in great progress, but since those are not live yet, it is fine to ignore them for the time being. Such a network topology does not “bring the internet to a halt”, as the BIS report put it. Even on today’s hardware and today’s global network infrastructure.

The second major infrastructure criticism is the ‘mining’ of cryptocurrencies. Here again, the BIS report is doing an exceptional job at analyzing the process. The description is among the most understandable and accessible that I’ve seen so far. It correctly identifies it as the “mathematical evidence that a certain amount of computational work has been done, in turn calling for costly equipment and electricity use”. This leads to the often made (and true) statements that “At the time of writing, the total electricity use of bitcoin mining equalled that of mid-sized economies such as Switzerland”.

What the report does not take into consideration however, as do most other criticisms, is how the electricity usage scales with the growth of the network. Not at all. Whether a block validates 1000 transactions or 2000 transactions or zero. The amount of electricity is the same. Arguments starting from the current electricity usage and extrapolating to a more widespread usage are invalid. The electricity consumption scales not with the use but with the desire for security in the system. Given an equilibrated system the electricity consumption will be close to the expected monetary reward. If that leads to fees that some use-cases of the system are not ready to pay because they do not require that level of security, then those use-cases will move to other systems, e.g. the still trustless Lightning Network. What remains on-chain is the desire for the native security. This mechanism is currently (at least in Bitcoin) still offset by the ‘block subsidy’ an extra reward of freshly mined coins that does not originate from fees that somebody pays for security. The desire for security might still increase, the block subsidy decreases. In net effect, the electricity consumption will probably rather decrease in the long run or stay roughly the same, even when faced with a much higher use.

The economic criticism

Cryptocurrencies do not aim to be easily adaptable to changing economic situations. They are not suitable as a replacement for the central bank money. On the contrary, they aspire to create stability by predictability. The future supply of most cryptocurrencies is predetermined (Ether is a notable exception of this). This is not to say that they do not have a place in the mission of a central bank.

The Swiss National Bank holds 1040 tonnes of gold. It does not do so because it thinks that gold would make a great payment system. To set it in context to the explicit goals and responsibilities of the Swiss National Bank, room for cryptocurrencies are not in the primary goal, the ‘price stability’, but rather in the ‘asset management’ task. In contrast to that, the BIS has been looking at cryptocurrencies only in the context of a form of ‘cash supply and distribution’, where it miserably fails, as the BIS correctly concluded. Precisely due to its highly predictable supply.


Figure 1: Source: BIS annual report 2018

The BIS coined the ‘money flower’ for characterizing forms of money based on discrete criteria. The central element of that, checking all boxes, is the ‘Central bank digital currencies (retail)’. In this taxonomy, the only difference between that and ‘Cryptocurrency (permissionless DLT)’, under which the BIS also counts Bitcoin and others, is the checkbox for ‘Central bank-issued’. If this is a benefit or drawback strongly depends on the use-case at hand.

(It is almost ironic at this point that – in this admittedly very simplified visualization of the already simplified reproduction of the original arguments – the only difference between ‘bank deposits’ and ‘virtual currencies’ is the wide accessibility. To make no mistake about the meaning, the prototypical example of a ‘virtual currency’ mentioned in the BIS report is World of Warcraft gold. While indeed more people currently use Bank deposits than WoW gold, the criteria for accessibility to the latter literally only requires internet access and a local shop selling a copy of World of Warcraft, while 31% of the adults do not have access to any financial services. So arguably, ‘bank deposits’ and ‘virtual currencies’ do not differ in this simplified characterization of the money flower.)

The mandate of a central bank is indeed incompatible with using a decentralized cryptocurrency. A central bank issued currency sources trust from its sound reaction to economic conditions, resulting in price stability in the day-to-day life of its users. Decentralized cryptocurrency without room for any political or monetary decisions sources trust from its non-reaction to economic conditions, resulting in value stability independent of day-to-day whims and fluctuations.

“Strong oversight and central bank accountability both help to support finality and hence trust” says the BIS report. This is probably the starkest difference between the view that the BIS holds on transactions and what the cryptocurrency community sees in that technological advancement: The BIS achieves trust through finality. Cryptocurrencies achieve finality through trust.