On-chain attribution, mixer analysis, and cross-chain tracing. Part of a broader structural asset-recovery toolkit for UHNW civil recovery. Where crypto meets the off-chain structure counsel actually needs to unwind.
Blockchain forensics is the analytical discipline of attributing, tracking, and contextualising on-chain activity. For a civil recovery matter in 2026, it is essential where the subject has used cryptocurrency as one layer of a broader structural concealment. It is insufficient as the only work done, because the recoverable assets almost always settle off-chain.
Coldstorm was founded as a blockchain-forensics practice. We continue the work under a broader private-intelligence umbrella because the vast majority of UHNW asset concealment in 2026 spans Swiss AGs, BVI SPVs, Monaco operating companies, Luxembourg SARLs, yacht and real-estate registries, and bullion vaults. The on-chain hop is connective tissue, typically 36 hours of a money trail that stretches 18 months through off-chain layers.
Our blockchain forensics work covers EVM chains (Ethereum, Base, Polygon, Arbitrum, Optimism), Bitcoin (including Lightning where applicable), and select Layer-2 networks. We produce attribution exhibits built on transaction-graph reconstruction, mixer-output attribution, cross-chain bridge analysis, and behavioural signal. The recent *Van Loon v. Treasury* decision (Fifth Circuit, November 2024) raised the evidentiary bar for mixer-adjacent conclusions; we operate to that bar.
Where the subject's funds passed through a mixer, bridge, or DEX before settling in off-chain assets. On-chain phase of a broader recovery.
Discovery of crypto holdings among debtor assets for the estate.
Counterparty review where stablecoin inflows or crypto-related activity requires forensic explanation.
Structured on-chain evidence for enforcement referral or civil forfeiture motion.
Pre-investment review where a target's treasury or counterparty activity includes on-chain exposure.
UHNW principal's crypto exposure across direct holdings and indirect (fund-managed) positions.
Seed transaction hashes, wallet addresses, or exchange activity handed off. Scope of on-chain analysis defined. Off-chain integration points (fiat on/off ramp, CEX correspondent) identified early.
Outbound and inbound flows traced, mixer-output attribution performed where applicable, cross-chain bridges mapped. Tier-1 on-chain evidence (block-height, tx hash, contract address) is the foundation.
Where funds exit the chain, the analysis hands off to the structural-reconstruction workstream. Fiat on/off ramp records subpoena-ready, exchange KYC queries scoped.
Post-mixer attribution relies on behavioural signal (timing patterns, destination clustering, counterparty overlap), not on assumption of sanctioned-contract use. This is the post-Van Loon standard.
Final exhibit with chain-of-custody ledger (tx hash, block height, query timestamp, hashed snapshot), attribution map, confidence bands, and expert-testimony availability.
| Matter type | Scope profile | Timing |
|---|---|---|
| On-chain trace (single chain) | Seed tx + 3-hop reconstruction | 5–7 business days |
| Cross-chain trace with mixer | Multi-chain + mixer hop | 10–14 business days |
| Exchange KYC subpoena support | CEX counterparty attribution | Variable (subpoena dependent) |
| Full on-to-off chain recovery | On-chain → fiat → off-chain asset | Integrated with asset-tracing mandate |
Every engagement is quoted after a confidential scoping call. Fees reflect matter complexity, jurisdictions in scope, and delivery timeline. Engagements instructed by counsel are treated as privileged work product and delivered to the retaining party only.
Yes. On-chain evidence is admitted as documentary evidence routinely in civil proceedings in the US, UK, and Switzerland. The evidentiary weight depends on the chain-of-custody documentation, not on the blockchain's inherent properties. We build exhibits to withstand cross-examination by a sophisticated opposing expert.
The Fifth Circuit's November 2024 ruling held that Tornado Cash's immutable smart contracts are not 'property' under IEEPA and therefore cannot be sanctioned by OFAC. Treasury delisted Tornado Cash in March 2025. Counsel relying on pre-2024 'they used a sanctioned mixer' arguments need to reconstruct those matters with behavioural-signal analysis.
Monero and Zcash analysis is limited to behavioural and statistical signal. Direct transaction-graph reconstruction is infeasible for properly-used privacy coins. We disclose this limit explicitly in every engagement where privacy coins are in scope.
EVM: Ethereum mainnet, Base, Polygon, Arbitrum, Optimism, BNB Chain. Bitcoin (main chain + Lightning where custody-graph is reconstructable). Select L2s and appchains on request. Solana on an integration basis.
Blockchain forensics is typically the first phase of a broader recovery mandate. We produce the on-chain exhibit and hand off cleanly to the structural-reconstruction workstream where off-chain assets are the recoverable end-state. The integrated mandate is our most common engagement shape.
Urgent matters receive a scoped response within twelve business hours. Longer engagements begin with a paid scoping consultation under privilege where counsel instructs.
Start Urgent Intake →