Counterterrorism Financing
Al-Qaeda and Hamas crypto fundraising disruption
Traced active fundraising for al-Qaeda across Syria and Hamas across Gaza; attribution stood up in a U.S. federal court affidavit.
National Security
Target and disrupt threat networks with multi-source blockchain intelligence for national security
Hostile states, proxies, and transnational networks increasingly rely on cryptocurrency to fund operations, evade sanctions, and procure infrastructure beyond the reach of conventional finance. A crypto address is just another selector: a handle that shows who is involved, how money moves, and which services keep them running.
Chainalysis strengthens your existing collection with multi-source blockchain intelligence, giving you a precise real-time view of these networks and the ability to disrupt operations, guide sanctions, and dismantle the systems behind them.
$34B+ in illicit funds
Disrupted, seized or frozen using Chainalysis intelligence
Partnerships with Five Eyes agencies
Intelligence, defense, and law enforcement organizations across 70+ countries
120+ practitioners
Former intelligence officers, military analysts, and financial crime specialists with operational backgrounds across IC, defense, and allied services
Air gapped delivery and FedRAMP ready
The only blockchain intelligence platform authorized for classified and sensitive environments.
Highest-stakes missions we support
Disrupting terrorist and hostile state financing
Map how designated groups, hostile-state proxies and shadow financiers raise and move, and consolidate funds across exchanges, hawala networks and informal value-transfer channels before flows disperse or are laundered beyond reach. Chainalysis connects on-chain activity to real-world entities, giving CT finance teams and targeting officers the financial intelligence picture behind the network.
Tracking nation-state cyber operations and WMD financing
Track how state-sponsored actors steal, launder and convert cryptocurrency through bridges, mixers and unregulated OTC brokers to fund weapons programmes and sustain regime operations. Chainalysis maps their financial infrastructure end-to-end, identifying consolidation hubs, laundering typologies and the procurement networks behind them. Multi-source collection across OSINT, SIGINT, CYINT, and FININT produces the corroborated assessments required for sanctions packages and interagency targeting.
Defending critical infrastructure from ransomware
Maintain live visibility on ransom payments, tracing funds from initial extortion through affiliate networks, laundering services, and initial access brokers in real time. Use our on-chain intelligence to map the full ransomware economy at both the operational and strategic level: who profits, how proceeds move and where they concentrate before cash-out.
Exposing transnational crime and harm at scale
Trace how pig-butchering syndicates, CSAM networks and industrialised fraud operations share common financial infrastructure, consolidation wallets, and laundering pathways. Identify convergence points where distinct threat categories intersect – the same OTC brokers serving ransomware operators, sanction evaders, and trafficking networks simultaneously. Chainalysis maps the flows, surfaces key wallets and exposes the network structure, delivering attribution, pattern-of-life insight, and geographic indicators for early intervention and interagency intervention.
Why national security agencies choose Chainalysis
Independently proven data quality
An independent study led by Delft University of Technology in cooperation with Dutch law enforcement evaluated commercial blockchain tracing tools across multiple illicit services. Chainalysis delivered up to 95% coverage across tested illicit services, with a false-positive rate below 0.15%.
Unmatched adversary visibility
We track more than 134,000 entities, map over 345 million cross-chain swaps across 980+ bridges, and collect across multiple intelligence disciplines, including geolocation, node fingerprinting, VPN detection, and geographic pattern analysis to effectively follow funds and map adversary infrastructure wherever they operate. This breadth of collection enables corroborated, high-confidence assessments the intelligence community demands.
Operationally proven disruption
Chainalysis intelligence has helped detect hostile-state and proxy finance earlier in the cyber kill chain, map sanctions-evasion and laundering architecture, and orchestrate joint disruptions that have recovered or frozen more than $36 billion in illicit funds — from terrorism-finance seizures and ransomware takedowns to billion-dollar state-sponsored hack recoveries
Scale, training, and trust
More than 1,500 institutions, including over 50 regulators worldwide, rely on Chainalysis intelligence every day. Our training programs have certified more than 41,000 professionals, making our methodology the de facto standard in blockchain investigations tradecraft.
Cooperation with industry firms like Chainalysis was necessary to confirm our intelligence and freeze terrorism-linked funds.
Paul Landes
Head of Israel’s National Bureau for Counter Terror Financing (NBCTF)
One platform for every phase of the intelligence cycle
Chainalysis provides a secure platform with mission-ready platform that integrates blockchain intelligence into every phase of your intelligence cycle, from collection and target development through analysis, production, and dissemination.
Collection and target development
Build threat‑landscape dashboards, run custom analytics against the full Chainalysis intelligence dataset, and set precise collection requirements on typologies that matter — from sanctions evasion to ransomware affiliate patterns to CT finance indicators — using SQL, Python, and no‑code workflows that feed other collection systems and enriching existing intelligence holdings.
Expand networks and map infrastructure
Start from a few known crypto addresses and surface related wallets, services, and infrastructure they touch. Use on-chain data to reveal shared IP ranges, VPN endpoints and bulletproof hosts across seemingly distinct actors, and feed those leads into SIGINT and cyber workflows to decide what to watch, collect on, or disrupt next.
Triage indicators and warnings
Give non-specialist units — field officers, watch floors, duty desks — instant, plain-language assessments of any wallet. Surface balances, counterparties, and risk exposure so they can determine what warrants escalation, immediately.
All-source analysis and network mapping
Follow the money across chains, services, mixers, bridges, and DeFi protocols. Map wallets to real-world entities, and build defensible intelligence products to support seizures, sanctions packages, targeting nominations, and joint operations.
Sensitive site exploitation and digital DOMEX
Extract blockchain intelligence from recovery seeds, hardware wallets, or digital devices recovered during operations. Map wallet history, counterparties, and linked addresses across chains to build target profiles, support network mapping, and identify seizable assets, all processed offline for complete operational security.
Data integration and APIs
Integrate Chainalysis intelligence into existing data lakes, SIEM/XDR, and mission systems via bulk exports and APIs, so blockchain becomes another INT discipline in your fusion architecture. Export selectors, enriched attribution, and confidence-rated relationships for ingestion by downstream analytic tools.
Tradecraft development and operational enablement
120+ practitioners and analysts work alongside yours on complex cases, custom collection workflows, and intelligence-led operations. In the United States, Chainalysis Government Solutions deliver these capabilities to U.S. Government customers. Build lasting internal capability through on-demand Academy certifications and training programs tailored to your mission requirements.
Learn more about Global Services
Built for sensitive missions
The only blockchain intelligence platform with FedRAMP Full authorization, on-premises and fully air-gapped deployment options built to meet the classification, legal, and operational requirements of national security missions worldwide.
Sensitive capabilities and government-only offerings are shared in secure briefings, not listed on this page.
Chainalysis in action
The operations below represent the publicly attributable fraction of our work with national security agencies.
Hostile-State Proxy Operations
Hezbollah and the Iran Quds Force: first-ever cryptocurrency seizure
NBCTF confirmed the Quds-Hezbollah crypto network, named the financiers, in a first-of-its-kind national security win.
Nation-State Cyber & WMD Proliferation
DPRK Lazarus Group: Ronin Bridge hack recovery
Maintained real-time visibility across chains through mixer obfuscation; enabled the first-ever DPRK crypto recovery.
Sanctions Evasion & Threat Convergence
Russian espionage laundering networks disrupted in Operation Destabilise
Crypto flows exposed two networks simultaneously funding Russian espionage, ransomware groups, and drug cartels across 30+ countries.
Adversary Ecosystem Intelligence
Inside Iran’s $7.8 billion cryptocurrency ecosystem: IRGC dominance and geopolitical signals
IRGC controls 50% of Iran’s crypto ecosystem; On-chain activity correlates in real time with kinetic events – strikes, civil unrest, and regional conflict – delivering operational indicators that complement traditional collection.
Emerging Threat Infrastructure
Chinese-language money-laundering networks: the fastest-growing laundering ecosystem globally
CMLNs now drive 20% of all cryptocurrency laundering. Chainalysis mapped and attributed this activity before it became a policy priority.
The threats don’t stop at borders. Neither does intelligence.
Adversaries route funds through exchanges, mixers and brokers worldwide. Chainalysis gives you visibility across the full chain, wherever funds move—so you can close those gaps and impose real costs on their networks.
FAQ
How does Chainalysis intelligence integrate with existing intelligence and defense mission systems?
Chainalysis provides multiple integration paths: analysts can work from our front-end applications, such as Reactor or Data Solutions which can be deployed on-premises and air-gapped to run fully inside your infrastructure. Other integration options can include REST APIs and data exports directly into existing data lakes, case management, and cyber threat-intel platforms fusing Chainalysis intelligence with other SIGINT, HUMINT, OSINT, and FININT sources in your current toolchain.
What deployment options are available for classified or sensitive environments?
Chainalysis offers on-premises and air-gapped deployments with updates delivered via one‑way transfer. Additionally, Chainalysis is FedRAMP approved in the US. This makes Chainalysis the only blockchain intelligence platform in the US authorized for classified and sensitive environments.
Can non-specialist personnel use Chainalysis effectively?
Yes, Chainalysis is built to equip users so they do not need to be blockchain experts, and can instead focus directly and practically with the objective hand. With clear documentation, AI summaries, and a dedicated accounts team, customers can operate quickly and smoothly with the proper support they need.
What makes Chainalysis different from other blockchain analytics providers for national security?
Chainalysis is the longest first-mover and industry-leader for blockchain analytics and intelligence. We have been part of the industry’s highest impact cases, have the largest Global Intelligence Team collecting and attributing crypto addresses and clusters on a daily basis, and have the lowest tolerance for error in the industry. We are also the only firm to be independently verified by a third party. Our data shows clear advantages when considering the breadth, depth, and quality of our data combined with the right set of solutions for even the most complex workflows and objectives.
How is blockchain intelligence used to counter terrorism financing?
Terrorist organizations increasingly use cryptocurrency to raise, move, and distribute funds across borders. Chainalysis attributes wallet addresses and clusters to real-world entities, allowing analysts to trace the full lifecycle of a financing operation, from fundraising through layering across chains and services to final cashout. Agencies gain a network-level view that reveals the infrastructure behind the financing.
How does Chainalysis help agencies detect cryptocurrency sanctions evasion?
Sanctioned actors routinely generate new wallets, route funds through intermediaries, or exploit DeFi protocols and cross-chain bridges to continue operating beyond published designations. Chainalysis continuously identifies and clusters connected addresses, exposing the broader network of wallets under a sanctioned entity’s control. Our exposure analysis then reveals which services or counterparties have processed linked funds, even indirectly, helping agencies identify facilitators and keep pace with evolving evasion tactics.
Can Chainalysis track nation-state cryptocurrency operations like North Korea’s Lazarus Group?
Yes. Chainalysis has attributed and traced North Korea-linked operations across multiple blockchains, mapping the sophisticated laundering techniques these actors use, including rapid asset-swapping, cross-chain bridging, mixing services, and staged cashouts. The same capabilities apply to other nation-state threats, giving agencies the ability to follow state-sponsored cryptocurrency operations wherever they move.
Can Chainalysis trace funds across multiple blockchains?
Yes. Threat actors frequently move funds between blockchains using bridges and swap services to break the trail. Chainalysis traces activity across all major blockchains including Bitcoin, Ethereum, Tron, Solana, and many others, providing a unified view of fund flows even when actors deliberately hop between chains to evade detection.