Glossario
Glossario di forensica Bitcoin
Termini tecnici e giuridici intorno alla forensica Bitcoin, all’analisi di cluster e alla regolamentazione crypto — spiegati in modo chiaro.
30 / 30 voci
6AMLD / 6th AML Directive
Regolamentazione
6AMLD / 6th AML Directive
Regolamentazione
The 6th EU Anti-Money Laundering Directive — part of the 2024 AMLA package. Harmonises AML obligations EU-wide, lowers the cash ceiling to €10,000, and brings enhanced due-diligence duties for crypto transfers to self-custodied wallets (above €1,000). German transposition into the Money Laundering Act due by July 2027.
AML (Anti-Money Laundering)
Regolamentazione
AML (Anti-Money Laundering)
Regolamentazione
The umbrella term for anti-money-laundering measures. Covers KYC, KYT, suspicious activity reports (SARs/STRs), and sanctions screening. Legal framework in the EU: AMLR (directly applicable), AMLD6 (directive), AMLA (new EU supervisor).
Bitcoin address
Fondamenti
Bitcoin address
Fondamenti
A cryptographically derived identifier to which Bitcoin amounts can be sent. Created from a public key via hash functions. Today used in three formats: Legacy (starting with 1), P2SH (starting with 3), and Bech32 (starting with bc1). An address does not necessarily belong to a single person — cluster analyses often reveal that several addresses share the same owner.
Block / Blockchain
Fondamenti
Block / Blockchain
Fondamenti
The blockchain is a cryptographically linked journal of blocks, each containing roughly 2,500–3,500 Bitcoin transactions. Approximately every 10 minutes, a new block is appended through mining. Each block references its predecessor via a hash — the resulting chain is tamper-resistant and forms the complete public ledger of all Bitcoin transactions.
CASP / VASP
Regolamentazione
CASP / VASP
Regolamentazione
CASP = Crypto-Asset Service Provider (EU term from MiCA). VASP = Virtual Asset Service Provider (FATF term, international). Both designate providers that offer crypto services commercially: exchanges, wallet providers, payment processors, custodians. They are subject to AML, KYC, and licensing requirements.
Change address
Forensica
Change address
Forensica
When a user wants to pay 0.8 BTC but has a UTXO of 1.0 BTC, the 0.2 BTC remainder goes back as change to a new address owned by the same user. This change address belongs in the cluster — correctly identifying it is one of the hardest forensic tasks. Typical heuristics: round-number analysis, fresh-address detection, optimal-change.
Cluster (address cluster)
Forensica
Cluster (address cluster)
Forensica
A cluster is a group of Bitcoin addresses that very likely belong to the same owner (a person, an exchange, a mining pool). Clusters are formed by forensic heuristics — usually combining multi-input, change detection, and behavioural patterns. The larger and more stable a cluster, the more reliable the attribution.
CoinJoin
Forensica
CoinJoin
Forensica
A collaborative transaction in which several users bundle their inputs and mix the outputs to hinder clustering. Popularised by Wasabi Wallet (ZeroLink protocol) and Samourai Whirlpool. Forensically recognisable by equal output amounts (equal-output CoinJoin). Good detection prevents erroneous clustering of CoinJoin participants.
Cross-chain swap (X-chain)
Forensica
Cross-chain swap (X-chain)
Forensica
Direct exchange of coins between different blockchains, without a centralised exchange. Notable protocols: THORChain (BTC ↔ ETH, BNB, AVAX, ATOM, DOGE, LTC, BCH), Chainflip (BTC ↔ ETH, SOL, Arbitrum, Polkadot), Bridgers (aggregator). Originally built for arbitrage, increasingly used for obfuscation. Coinator traces swaps via memo decoding and timing correlation.
DAC8
Regolamentazione
DAC8
Regolamentazione
The 8th amendment of the EU Directive on Administrative Cooperation. Requires CASPs, from tax year 2026, to report customer data, annual turnover, and proceeds from disposals to the tax authority of the customer's country of residence. The crypto equivalent of the existing OECD-CRS for bank accounts.
Dust / dust-attack
Forensica
Dust / dust-attack
Forensica
Dust refers to the tiniest UTXO amounts (a few hundred satoshis) that are hardly spendable because the fee would exceed the value. A dust-attack is the deliberate sending of such tiny amounts to many addresses, aiming to gain clustering information on the next spend. Forensically relevant as a tracking indicator.
Fan-in / fan-out
Forensica
Fan-in / fan-out
Forensica
Fan-out describes a topology in which a cluster splits its coins across many recipients (typical for layering in money laundering). Fan-in is the reverse — many sources consolidate into a cluster (typical for exchange aggregation wallets). Both are strong indicators of entity type.
Fingerprinting (wallet software)
Forensica
Fingerprinting (wallet software)
Forensica
Wallet-software fingerprinting identifies the wallet software used from characteristic properties of the transactions it produces — e.g. Wasabi signatures, Electrum nSequence choices, Trezor Suite address ordering. Allows inferences about user type and behaviour without direct identification.
GDPR (DSGVO)
Regolamentazione
GDPR (DSGVO)
Regolamentazione
General Data Protection Regulation — EU-wide regulation for the protection of personal data, in force since 25 May 2018. Relevant for Coinator because forensic work touches personal data: legal bases for processing, data subject rights, breach notification obligations. Coinator is operated GDPR-compliantly in Germany.
Heuristic
Forensica
Heuristic
Forensica
A heuristic is a probabilistic rule that reaches a likely-correct answer with reasonable effort. In Bitcoin forensics, heuristics are the basis of cluster and transaction analysis. Unlike deterministic proofs, they produce probability statements — their quality shows in the false-positive rate.
Input / Output
Fondamenti
Input / Output
Fondamenti
Every Bitcoin transaction references inputs (pointers to existing UTXOs) and creates new outputs. The sum of inputs must be at least as large as the sum of outputs; the difference is the mining fee. Multiple inputs from different addresses suggest that those addresses belong to the same owner — the basis of the multi-input heuristic.
KYC (Know Your Customer)
Regolamentazione
KYC (Know Your Customer)
Regolamentazione
The customer identification obligation that banks and CASPs must fulfil before taking on business — ID verification, proof of residence, PEP check. The foundation of every AML compliance programme. For crypto, KYC is typically carried out digitally (video ident, document scan).
KYT (Know Your Transaction)
Regolamentazione
KYT (Know Your Transaction)
Regolamentazione
The extension of KYC by ongoing analysis of individual transactions: where does the money come from? Are there links to mixers or sanctioned addresses? Is the behaviour unusual? KYT is the natural domain of on-chain-based forensics tools like Coinator.
MiCA
Regolamentazione
MiCA
Regolamentazione
Markets in Crypto-Assets Regulation — an EU regulation in force from 30 June 2024 (stablecoins) and 30 December 2024 (fully applicable). The first comprehensive regulatory framework for crypto-assets. It contains licensing, disclosure, and compliance obligations for CASPs. Combined with the TFR it brings the travel rule to all crypto transfers between CASPs.
Mixer / Tumbler
Forensica
Mixer / Tumbler
Forensica
A centralised (or semi-decentralised) service that bundles Bitcoin deposits from multiple users, mixes them, and pays out in a different combination — to obscure origin. Notable examples: ChipMixer (seized 2023), Sinbad (seized 2024), Tornado Cash (ETH-based, OFAC-listed 2022). Coinator recognises the characteristic patterns of common mixers.
Multi-input heuristic (sharedspending)
Forensica
Multi-input heuristic (sharedspending)
Forensica
The central heuristic of Bitcoin forensics: if a transaction uses multiple addresses as inputs, those addresses very likely belong to the same owner — the wallet software signed simultaneously with all corresponding private keys. The foundation of practically every cluster algorithm.
OFAC / SDN
Regolamentazione
OFAC / SDN
Regolamentazione
OFAC = Office of Foreign Assets Control, the US sanctions authority. It maintains the SDN list (Specially Designated Nationals) — persons, organisations, and since 2022 also smart contracts with which US persons may not do business. European institutions are not directly bound but often follow the listings in practice.
PayJoin (BIP-78)
Forensica
PayJoin (BIP-78)
Forensica
A two-party transaction in which the recipient also contributes an input (BIP-78). This defeats the classical multi-input heuristic — the forensic analyst wrongly assumes all inputs belong to the same owner. Detection relies on atypical output distributions and wallet-specific signatures.
Peel-chain
Forensica
Peel-chain
Forensica
A peel-chain is a sequence of transactions in which a small amount is peeled off and the remaining value continues via a change address. In money laundering, peel-chains are used to break down large sums into small portions. Forensically recognisable by characteristic topology: a single forward path with regular branchings.
Self-custody / Hot wallet / Cold wallet
Fondamenti
Self-custody / Hot wallet / Cold wallet
Fondamenti
Self-custody means the user controls the private keys to their own coins. Hot wallets are online (mobile app, browser extension); cold wallets are offline (hardware wallet, paper wallet). Newly relevant under MiCA: transfers between CASP accounts and self-custodied wallets above €1,000 trigger enhanced KYC obligations.
Tagging (provider tagging)
Forensica
Tagging (provider tagging)
Forensica
Provider tagging attributes addresses to known entities — exchanges, mining pools, payment providers, custodians, ETFs. Tagged addresses are the foundation of forensic interpretation: without them, clusters would be anonymous graphs. Tagging arises through direct interaction (making a deposit and observing the address), OSINT, and exchange within the forensics community.
Taint (tainting)
Forensica
Taint (tainting)
Forensica
Contamination: the property that a UTXO has historical links to a suspicious source (theft, mixer, sanctions list). Multiple calculation models exist: poison taint (every link colours fully), haircut taint (proportional), FIFO/LIFO (time-based). A core concept for source-of-funds reviews.
TFR / Travel Rule
Regolamentazione
TFR / Travel Rule
Regolamentazione
Transfer of Funds Regulation — an EU regulation that, together with MiCA, implements the FATF Travel Rule. It requires CASPs to exchange sender and receiver information on transfers between crypto providers — with no minimum threshold. Similar to the classical SWIFT reporting system used by banks.
Transaction (TX)
Fondamenti
Transaction (TX)
Fondamenti
A Bitcoin transaction is a signed message that transfers coins from one or more inputs to one or more outputs. Each TX has a unique transaction ID (TXID, a hash). Transactions are bundled into blocks and are immutable thereafter.
UTXO (Unspent Transaction Output)
Fondamenti
UTXO (Unspent Transaction Output)
Fondamenti
The Unspent Transaction Output model is Bitcoin's accounting principle. Every TX output is either unspent (usable) or spent (consumed). A wallet balance is the sum of all UTXOs attributable to it. Crucial for heuristics: the UTXO model reveals more structural information than account-based systems.
Nessun risultato. Prova un altro termine di ricerca o un’altra categoria.
Manca un termine importante?
Il glossario viene ampliato in modo continuo. Se ti manca un termine, ti saremo grati per la segnalazione.
Proporre un termine →