Get API Key
Chain Analysis

Wallet Clustering Intelligence

Advanced blockchain analysis identifying connected wallet clusters used by nation-state actors for cryptocurrency theft and laundering operations.

15

Tracked Clusters

3,847

Linked Wallets

$13.10B

Total Volume

0

Active (30d)

Clustering Methodology

Common Spend Analysis

Identifies wallets that are inputs to the same transaction, indicating shared ownership.

Timing Correlation

Links wallets based on synchronized transaction timing patterns across chains.

Change Address Heuristic

Traces change outputs to identify wallets controlled by the same entity.

Mixer Output Correlation

Links wallets through statistical analysis of mixer withdrawal patterns.

Entity Attribution

Government designations and known entity tags from OFAC, EU, and research.

ML Pattern Detection

Machine learning models identifying behavioral patterns unique to threat actors.

Interactive Cluster Network

Click on nodes to explore connections. Drag to pan, scroll to zoom. Filter by nation or click a cluster to highlight its network.

Filter:

Legend

DPRK Cluster
Iran Cluster
Russia Cluster
Mixer
Bridge
Wallet

Identified Clusters

🇷🇺

Garantex Operations Cluster

high confidence

RUS-GARANTEX-OPS • Entity Attribution

$6.00B

Total Volume

OFAC-sanctioned Russian exchange cluster linked to ransomware payments and sanctions evasion.

Linked Wallets

2500

Threat Actor

garantex

First Seen

2019-04-01

Last Activity

2025-02-20

Primary Wallets

0x7F367cC4...89DEbe1B
0x68872466...63F32985
#exchange #sanctions #ransomware-nexus
🇮🇷

Iranian State Mining Cluster

high confidence

IRAN-MINING-OPS • Entity Attribution

$2.50B

Total Volume

Network of wallets linked to Iranian state-sponsored Bitcoin mining operations used for sanctions evasion.

Linked Wallets

156

Threat Actor

irgc

First Seen

2019-06-01

Last Activity

2025-02-01

Primary Wallets

bc1qxy2kgd...fjhx0wlh
bc1q5shngj...fctt30ch
#mining #state-sponsored #sanctions-evasion
🇰🇵

Bybit Cold Wallet Cluster

high confidence

DPRK-BYBIT-2025 • Entity Attribution

$1.46B

Total Volume

February 2025 Bybit exchange cold wallet attack - largest crypto theft in history. Lazarus exploited multisig UI vulnerability to drain 401,346 ETH.

Linked Wallets

95

Threat Actor

lazarus

First Seen

2025-02-21

Last Activity

2025-02-22

Primary Wallets

0x47666fab...f09486e2
0xa4b2b098...59a56b6b
0x2e0d96e8...8e4c8f5d

Related Incidents

Bybit Cold Wallet Hack
#exchange-hack #historic-hack #2025-attack #cold-wallet #active-movement
🇮🇷

Iranian OTC Trading Cluster

high confidence

IRAN-OTC-NETWORK • Common Spend Analysis

$1.20B

Total Volume

Over-the-counter trading network used to convert cryptocurrency to fiat for Iranian entities.

Linked Wallets

89

Threat Actor

irgc

First Seen

2020-01-15

Last Activity

2025-01-20

Primary Wallets

0x7db418b5...8f3e6107
TQSjJM2e7w...2G3cX5n9
#otc #fiat-conversion #sanctions-evasion
🇰🇵

Ronin Bridge Cluster

high confidence

DPRK-RONIN-2022 • Common Spend Analysis

$620.00M

Total Volume

Cluster of wallets used to receive, layer, and launder funds from the March 2022 Ronin Bridge exploit. Initial funds were quickly split across multiple addresses.

Linked Wallets

86

Threat Actor

lazarus

First Seen

2022-03-23

Last Activity

2023-09-15

Primary Wallets

0x098B716B...383E2f96
0x35fB6f6d...5626D4b1
0x53264Ba6...f53E7414

Mixers Used

Tornado Cash Sinbad ChipMixer

Bridges Used

Multichain Anyswap Synapse

Related Incidents

Ronin Bridge Hack
#bridge-hack #high-value #layering #ofac-designated
🇰🇵

DMM Bitcoin Cluster

high confidence

DPRK-DMMBIC-2024 • Entity Attribution

$308.00M

Total Volume

May 2024 DMM Bitcoin exchange attack - largest single theft of 2024. 4,502 BTC stolen through private key compromise.

Linked Wallets

67

Threat Actor

lazarus

First Seen

2024-05-31

Last Activity

2025-02-15

Primary Wallets

bc1qegcfpv...u3w6lp0t
bc1qv4h5n7...5q3zj8u4
1E5QYrMu8N...5R7K8P3n

Mixers Used

Wasabi JoinMarket YoMix

Bridges Used

THORChain

Related Incidents

DMM Bitcoin Hack
#exchange-hack #high-value #btc-focused #2024-attack #active-laundering
🇰🇵

WazirX Multisig Cluster

high confidence

DPRK-WAZIRX-2024 • Common Spend Analysis

$230.00M

Total Volume

July 2024 WazirX Indian exchange multisig wallet compromise through UI manipulation.

Linked Wallets

43

Threat Actor

lazarus

First Seen

2024-07-18

Last Activity

2025-02-10

Primary Wallets

0x04b21735...16891a88
0x35fEbc10...6f8745CA

Mixers Used

Tornado Cash eXch

Bridges Used

Hop Protocol Across

Related Incidents

WazirX Hack
#exchange-hack #multisig-attack #2024-attack
🇷🇺

Conti Ransomware Network

high confidence

RUS-CONTI-NETWORK • Common Spend Analysis

$180.00M

Total Volume

Bitcoin wallets linked to Conti ransomware operations and associated money laundering.

Linked Wallets

450

Threat Actor

conti

First Seen

2020-08-01

Last Activity

2024-06-15

Primary Wallets

bc1qz2u7z4...9rn8z9eu
bc1qn9ahlk...z4zcz5z7

Mixers Used

Wasabi Samourai Whirlpool

Related Incidents

Costa Rica Government Attack Irish Health Service Attack
#ransomware #extortion #ofac
🇰🇵

Poloniex Hot Wallet Cluster

high confidence

DPRK-POLONIEX-2023 • Common Spend Analysis

$125.00M

Total Volume

Multi-chain cluster from November 2023 Poloniex exchange compromise.

Linked Wallets

52

Threat Actor

lazarus

First Seen

2023-11-10

Last Activity

2025-01-20

Primary Wallets

0x0A5984f8...36DbF9E7
0xEFc23f8a...2FFAE96a
TKSitnfTLV...Z2yHRHv2

Mixers Used

YoMix eXch

Bridges Used

THORChain Avalanche Bridge

Related Incidents

Poloniex Hack
#exchange-hack #active-laundering
🇰🇵

Harmony Horizon Cluster

high confidence

DPRK-HARMONY-2022 • Timing Correlation

$100.00M

Total Volume

Wallets associated with the June 2022 Harmony Horizon bridge exploit. Funds were laundered through multiple chain hops.

Linked Wallets

42

Threat Actor

lazarus

First Seen

2022-06-23

Last Activity

2023-12-01

Primary Wallets

0x0d043128...285DeD00
0xf424C849...79c30D62
0x9e91ae67...F57E1B66

Mixers Used

Tornado Cash Railgun

Bridges Used

Nomad Hop Protocol

Related Incidents

Harmony Horizon Bridge
#bridge-hack #chain-hopping
🇰🇵

Atomic Wallet Cluster

high confidence

DPRK-ATOMIC-2023 • Entity Attribution

$100.00M

Total Volume

Multi-chain cluster from the June 2023 Atomic Wallet compromise. Funds scattered across BTC, ETH, and TRX chains.

Linked Wallets

156

Threat Actor

lazarus

First Seen

2023-06-03

Last Activity

2024-06-15

Primary Wallets

0x5019c0CB...c2bDA94f
bc1q84z7qn...pe4t4mzp
TNHjNoGpwQ...VfVbRUYf

Mixers Used

Sinbad YoMix

Bridges Used

THORChain Multichain

Related Incidents

Atomic Wallet Hack
#wallet-hack #multi-chain #active-laundering
🇰🇵

HTX/Heco Bridge Cluster

high confidence

DPRK-HECO-2023 • Timing Correlation

$99.00M

Total Volume

Wallets from November 2023 HTX exchange and Heco bridge simultaneous attacks.

Linked Wallets

31

Threat Actor

apt38

First Seen

2023-11-22

Last Activity

2025-01-05

Primary Wallets

0x799982B7...ADd51c91
0x1D23b4DB...f2A9Df0B

Mixers Used

Tornado Cash Sinbad

Bridges Used

Stargate Wormhole

Related Incidents

HTX/Heco Bridge Hack
#bridge-hack #exchange-hack
🇰🇵

Orbit Chain Cluster

high confidence

DPRK-ORBIT-2024 • Common Spend Analysis

$82.00M

Total Volume

January 2024 Orbit Chain cross-chain bridge exploit cluster.

Linked Wallets

18

Threat Actor

lazarus

First Seen

2024-01-01

Last Activity

2025-02-01

Primary Wallets

0x009D2e90...EBF5B0f7
0x70461c89...1F7e0A79

Mixers Used

Tornado Cash

Bridges Used

Stargate Synapse

Related Incidents

Orbit Chain Hack
#bridge-hack #2024-attack
🇰🇵

CoinEx Hot Wallet Cluster

high confidence

DPRK-COINEX-2023 • Common Spend Analysis

$54.00M

Total Volume

Cluster from the September 2023 CoinEx exchange hot wallet compromise.

Linked Wallets

38

Threat Actor

lazarus

First Seen

2023-09-12

Last Activity

2024-08-20

Primary Wallets

0xCC1AE485...2bcCE454
0x8bf8cD7F...498cC3dE

Mixers Used

Tornado Cash

Bridges Used

Hop Protocol Stargate

Related Incidents

CoinEx Hack
#exchange-hack #hot-wallet
🇰🇵

Stake.com Cluster

high confidence

DPRK-STAKE-2023 • Timing Correlation

$41.00M

Total Volume

Wallets linked to the September 2023 Stake.com casino breach.

Linked Wallets

24

Threat Actor

lazarus

First Seen

2023-09-04

Last Activity

2024-07-10

Primary Wallets

0x3130662a...150BCD3c
0x94A67F49...1e4d0d3F

Mixers Used

Tornado Cash

Bridges Used

Multichain Polygon Bridge

Related Incidents

Stake.com Hack
#casino-hack #defi

Cluster Intelligence API

Access wallet clustering data via our free API

Get All Clusters 
GET /api/v1/clusters
Get Cluster by ID 
GET /api/v1/clusters/DPRK-BYBIT-2025
Check Address Cluster 
GET /api/v1/address/0x47666fab.../cluster
Get API Access
Back to Dashboard
🇰🇵 North Korea 🇮🇷 Iran 🇷🇺 Russia

For Research & Public Interest

Free access for researchers, journalists, academics & compliance professionals