Last updated: March 2026
Elliptic Forensics is a blockchain investigation platform used by law enforcement agencies, financial institutions, and specialist forensic firms to trace cryptocurrency transactions across multiple blockchain networks, with particular strength in DeFi protocol mapping and cross-chain bridge tracing. Founded in London in 2013, Elliptic has developed a strong presence in UK regulatory and law enforcement contexts and is one of the two platforms most frequently cited in UK court blockchain evidence alongside Chainalysis Reactor. According to Elliptic (2025), the platform covers over 100 blockchain networks and 400 DeFi protocols.
Crypto Trace Labs uses Elliptic Forensics as a primary investigation tool for DeFi cases and as a cross-reference platform to Chainalysis Reactor on complex multi-chain investigations. This guide explains Elliptic’s key features, where it outperforms competitors, and how investigators should use it in practice.
Key Takeaways
- Elliptic Lens is the investigation interface providing interactive transaction graphs, entity attribution, and multi-asset tracing across 100-plus chains
- DeFi protocol coverage is Elliptic’s primary differentiator, with entity-level mapping across 400-plus protocols including Uniswap, Aave, Tornado Cash, and cross-chain bridges
- Elliptic Discovery is the compliance screening product, distinct from the forensic investigation toolset
- Cross-chain tracing in Elliptic follows assets through bridge protocols including Wormhole, Thorchain, and Multichain, a capability absent or limited in most competitors
- UK court acceptance is strong – Elliptic forensic reports have been submitted and accepted in multiple UK criminal and civil proceedings
Why This Matters
DeFi-based money laundering has grown significantly as a proportion of total crypto-related financial crime. According to Elliptic (2024), DeFi protocols were used to launder approximately USD 1.7 billion in 2023, representing over 35% of total crypto money laundering volume. Investigators and prosecutors who cannot trace assets through DeFi protocols, cross-chain bridges, and liquidity pools are structurally unable to follow the majority of sophisticated criminal transaction flows. Elliptic Forensics is the primary commercial platform for this investigation type, and understanding its capabilities and limitations is essential for anyone handling complex cryptocurrency cases. The FATF (2024) has specifically flagged DeFi as a priority area for improved investigative tooling and regulatory oversight.
Elliptic Lens Investigation Interface
Elliptic Lens is the primary investigation interface, presenting blockchain data as interactive transaction graphs with entity attribution, risk scoring, and multi-chain tracing. Investigators input a wallet address or transaction hash and Lens automatically builds the transaction graph, attributing known entities and flagging high-risk counterparties. Unlike Chainalysis Reactor’s single-graph approach, Elliptic Lens provides an asset-centric view that can track a specific cryptocurrency balance through wallet hops, DeFi interactions, and cross-chain bridge transfers as a continuous flow rather than a series of discrete transactions.
The entity attribution methodology in Elliptic draws on similar sources to Chainalysis – co-spend heuristics, exchange cooperation agreements, open-source intelligence, and proprietary monitoring. Elliptic has a particular strength in DeFi-related entity attribution, having invested more in protocol-level mapping than most competitors. The result is a database where DeFi smart contract interactions are attributed to specific protocols with counterparty risk scores, rather than appearing as unattributed contract calls.
DeFi Protocol Coverage and Mapping
DeFi coverage is Elliptic’s most significant competitive advantage. The platform maps over 400 DeFi protocols at the entity level, meaning that when a wallet interacts with Uniswap, Elliptic identifies the interaction as a specific protocol, the asset being swapped, and the counterparty wallet. This level of attribution allows investigators to follow transaction flows that pass through multiple DeFi protocol interactions as a continuous chain of custody rather than a series of unexplained smart contract events.
Key DeFi protocols covered include all major DEX aggregators (Uniswap, Curve, Balancer, 1inch), lending protocols (Aave, Compound, MakerDAO), and privacy-enhancing services (Tornado Cash deposits and withdrawals, cross-chain mixers). The Tornado Cash attribution capability is particularly relevant for post-sanction investigations, where investigators need to document whether specific funds passed through Tornado Cash after OFAC‘s August 2022 sanctions designation. For broader platform comparison including DeFi depth, Elliptic and TRM Labs consistently outrank Chainalysis and Crystal Intelligence.
Cross-Chain Bridge Tracing
Cross-chain bridge tracing is one of the most technically demanding investigation challenges in blockchain forensics. Bridge protocols transfer assets between blockchains, breaking the continuous transaction chain that standard tracing tools follow. Elliptic addresses this through protocol-specific bridge mapping that identifies the locking and minting events on each chain side of a bridge transfer. Covered bridges include Wormhole, Thorchain, Multichain, Polygon Bridge, Arbitrum Bridge, and Optimism Bridge, among others. For each bridge interaction, Elliptic attempts to match the incoming and outgoing amounts, timestamps, and wallet patterns to establish continuity of the asset flow across the chain boundary.
Cross-chain bridge tracing produces probabilistic attribution in most cases, not deterministic certainty, and forensic reports should state this clearly. The evidentiary value lies in establishing a probable path that can be corroborated by other investigation methods, including exchange data, IP address correlation, and KYC records.
Evidence Export and Court Reporting
Elliptic Forensics produces PDF investigation reports that include transaction graphs, entity attributions, risk scores, and methodology documentation. These reports have been submitted and accepted in UK Crown Court criminal proceedings, civil asset recovery applications under POCA, and financial regulatory enforcement actions. Elliptic’s UK origins have contributed to its strong acceptance in UK court contexts, where judges and counsel are more familiar with its reporting format.
Report quality depends on analyst annotation, methodology documentation, and the clarity with which probabilistic elements are distinguished from confirmed attributions. Elliptic reports that conflate heuristic attributions with confirmed entity identifications are vulnerable to challenge. Investigators should ensure each attribution is documented with its confidence level and the specific method used to reach it, consistent with on-chain evidence documentation standards.
Elliptic vs Chainalysis: When to Use Each
The choice between Elliptic and Chainalysis Reactor for a specific investigation should be driven by transaction type and chain coverage requirements. Chainalysis Reactor is preferred for standard Bitcoin and Ethereum investigations where entity attribution depth and court report familiarity are the primary requirements. Elliptic Forensics is preferred for DeFi investigations, cross-chain bridge cases, Tornado Cash tracing, and investigations involving less common chains where Elliptic’s protocol-level mapping provides meaningfully better coverage.
| Investigation Type | Recommended Primary | Recommended Secondary |
|---|---|---|
| Bitcoin fraud / ransomware | Chainalysis Reactor | Elliptic (cross-check) |
| Ethereum / ERC-20 theft | Either | Other (cross-check) |
| DeFi exploit tracing | Elliptic | TRM Labs |
| Tornado Cash investigation | Elliptic | TRM Labs |
| Cross-chain bridge fraud | Elliptic | TRM Labs |
| Monero / privacy coins | TRM Labs | Elliptic |
| Eastern European exchanges | Crystal Intelligence | Chainalysis |
| UK court proceedings | Either | Both recommended |
Frequently Asked Questions
What is Elliptic Forensics used for?
Elliptic Forensics is a blockchain investigation platform used by law enforcement, financial institutions, and forensic firms to trace cryptocurrency transactions, attribute wallet addresses to known entities, and produce court-ready evidence. It is particularly strong in DeFi protocol mapping and cross-chain bridge tracing, with coverage of over 400 DeFi protocols and bridges including Uniswap, Aave, Tornado Cash, Wormhole, and Thorchain. Elliptic is widely used in UK law enforcement and has a strong record of evidence acceptance in UK court proceedings.
How does Elliptic compare to Chainalysis Reactor?
Elliptic leads on DeFi protocol coverage and cross-chain bridge tracing, while Chainalysis Reactor leads on entity attribution depth for Bitcoin and Ethereum and has broader court acceptance globally. Both produce admissible court reports for UK and US proceedings. For standard Bitcoin and Ethereum investigations, Chainalysis is typically the baseline choice. For DeFi, Tornado Cash, and cross-chain bridge cases, Elliptic provides meaningfully better investigation capability. Specialist forensic firms use both platforms to cross-reference findings and maximise evidentiary coverage.
Does Elliptic cover Tornado Cash transactions?
Yes. Elliptic maps Tornado Cash deposit and withdrawal interactions at the entity level, including post-OFAC sanctions designation events. Investigators can identify whether specific funds deposited to or withdrew from Tornado Cash, the approximate timing, and the amount denomination pool used (0.1, 1, 10, or 100 ETH). This attribution is particularly relevant for investigations involving funds that were run through Tornado Cash after OFAC’s August 2022 sanctions designation, where use of the protocol by non-sanctioned parties became legally significant.
What is Elliptic Lens?
Elliptic Lens is the forensic investigation interface within the Elliptic platform, providing interactive transaction graphs, entity attribution, risk scoring, and multi-chain tracing capabilities. Lens presents an asset-centric view of transaction flows, following a specific cryptocurrency balance through wallet hops, DeFi protocol interactions, and cross-chain bridge transfers as a continuous flow. It is the primary tool used by investigators for case building and evidence preparation, and generates the investigation graphs that feed into Elliptic’s court-format PDF report export.
Is Elliptic evidence accepted in UK courts?
Yes. Elliptic forensic reports have been submitted and accepted in multiple UK Crown Court criminal proceedings, civil asset recovery applications under the Proceeds of Crime Act, and financial regulatory enforcement actions. Elliptic’s UK origins have contributed to its familiarity with UK court formats and evidentiary standards. As with all blockchain forensic evidence, admissibility depends on methodology documentation, analyst qualifications, and the clear distinction between confirmed and probabilistic attributions rather than on the platform itself.
What DeFi protocols does Elliptic cover?
Elliptic covers over 400 DeFi protocols at the entity level, including all major decentralised exchanges (Uniswap, Curve, Balancer, 1inch), lending protocols (Aave, Compound, MakerDAO), yield aggregators (Yearn Finance, Convex), and privacy-enhancing services (Tornado Cash, cross-chain mixers). Protocol coverage is updated continuously as new protocols achieve material transaction volume. For the most current list of covered protocols, investigators should contact Elliptic directly, as coverage expands faster than public documentation is updated.
How does Elliptic trace cross-chain bridge transactions?
Elliptic traces cross-chain bridge transactions by mapping the locking and minting events on each chain side of a bridge transfer. For each bridge protocol, Elliptic identifies the deposit transaction on the source chain and the corresponding mint or release transaction on the destination chain, matching amounts, timestamps, and wallet patterns to establish asset flow continuity. Covered bridges include Wormhole, Thorchain, Multichain, Polygon Bridge, Arbitrum Bridge, and Optimism Bridge. Cross-chain tracing produces probabilistic attribution that should be clearly stated as such in forensic reports.
What is Elliptic Discovery?
Elliptic Discovery is a separate compliance screening product designed for crypto exchanges and financial institutions to screen wallet addresses and transactions for AML risk in real time. It is distinct from Elliptic Forensics, which is the investigation tool used for case building and evidence preparation. Discovery is a compliance product with an automated risk-scoring API. Forensics is a manual investigation tool with a case management interface. Both draw on the same underlying Elliptic entity attribution database but serve entirely different use cases and buyer profiles.
Does Elliptic support Monero investigation?
Elliptic provides limited Monero investigation capability through heuristic analysis of ring signature patterns and transaction timing, consistent with other commercial platforms. Elliptic invests more research resources in Monero heuristics than Chainalysis but cannot produce deterministic Monero attribution due to the protocol design. Exchange deposit and withdrawal analysis and off-chain intelligence remain more productive investigation pathways than on-chain analysis for Monero cases. Elliptic’s Monero capability should be treated as generating probabilistic investigative leads rather than definitive attribution.
How much does Elliptic Forensics cost?
Elliptic does not publish public pricing. Licences for Elliptic Forensics are annually negotiated and comparable in price range to Chainalysis Reactor, starting at approximately similar price points for single-seat law enforcement licences. UK regulated financial institutions may access Elliptic through specific programme pricing. Independent forensic firms hold commercial licences at varying tiers depending on usage volume and the number of additional chain and protocol modules activated. Pricing should be verified directly with Elliptic as it varies by customer type and contract terms.
Executive Summary
Elliptic Forensics is a leading blockchain investigation platform with particular strength in DeFi protocol coverage and cross-chain bridge tracing, distinguishing it from Chainalysis Reactor for investigations involving Tornado Cash, decentralised exchange flows, and multi-chain asset movement. The platform covers over 100 blockchain networks and 400 DeFi protocols, with strong UK court acceptance and an asset-centric investigation interface through Elliptic Lens. For standard Bitcoin and Ethereum investigations, Chainalysis Reactor remains the baseline. For DeFi, cross-chain, and Tornado Cash cases, Elliptic is the recommended primary platform. Specialist forensic firms use both in combination.
What Should You Do Next?
DeFi and cross-chain investigations require platform capability beyond what standard Bitcoin tracing tools provide. Elliptic Forensics covers the majority of DeFi protocols and bridge interactions where criminal transactions increasingly occur, but platform access without qualified analysts produces data rather than court-admissible evidence.
Crypto Trace Labs uses Elliptic Forensics alongside Chainalysis Reactor and TRM Labs, cross-referencing platforms to maximise coverage and evidentiary weight. Our ACAMS-accredited team has produced Elliptic-based forensic reports accepted in UK court proceedings. Contact Crypto Trace Labs to discuss your DeFi or cross-chain investigation requirements.
People Also Read
- Chainalysis vs Elliptic vs TRM Labs vs Crystal Intelligence: Platform Comparison
- Chainalysis Reactor: On-Chain Analysis Workflow for Investigators
- How Does Blockchain Forensics Work? Expert Methods Explained
- Comparing On-Chain Analysis Platforms: Technical Feature Analysis
About the Author
Crypto Trace Labs is a specialist crypto asset recovery and blockchain forensics firm founded by VP and Director-level executives formerly of Blockchain.com, Kraken, and Coinbase. Our team holds ACAMS accreditations, MLRO qualifications across the UK, US, and EU, and Chartered Fellow Grade status at the CMI. With over 10 years of experience in financial crime investigation and court-recognized blockchain forensics expertise, we have recovered 101 Bitcoin for clients in the last 12 months and delivered record fraud reduction for a $14bn crypto exchange. We work with law enforcement agencies, regulated financial institutions, and private clients on crypto asset recovery, blockchain forensics, AML compliance, and expert witness testimony – globally. We offer no upfront charge for non-custodial wallet recoveries. Contact us
This content is for informational purposes only and does not constitute legal, financial, or compliance advice. Crypto asset recovery outcomes depend on specific circumstances, regulatory cooperation, and technical factors. Consult qualified professionals regarding your specific situation.
