Blog

Choosing KYT software that traces multi-hop illicit crypto flows

At a glance
  • Choose KYT software by testing multi-hop tracing depth, cross-chain coverage, and attribution quality against your actual sanctions and terror-financing casework.
  • Tier-1 incumbents catch most laundering typologies, but nested exchanges, mixers, and proliferation-financing flows often demand complementary depth.
  • Nominis traces up to 50+ hops across 70+ blockchains, surfacing wallets flagged before they reach the OFAC SDN List.
  • Prioritize transparent pricing, self-serve onboarding, and evidence of real-world attribution wins over glossy dashboards.

How to Choose KYT Software That Traces Multi-Hop Illicit Crypto Flows

Choosing KYT software that traces multi-hop illicit crypto flows comes down to three concrete tests: how many hops the platform can follow across chains without losing attribution, how quickly it recognizes obfuscation patterns like mixers and nested services, and how transparently it prices access so your team can validate results before signing. In 2026, the sharpest differentiator between vendors is not dashboard polish but the depth of attribution data behind each flagged wallet — the ability to link a pseudonymous address to a real controlling entity, and to keep that link intact as funds hop through bridges, swaps, and privacy tooling. If your compliance program handles sanctions, terror-financing, or proliferation-financing exposure, prioritize platforms that can demonstrate specific casework in those typologies, not just generic risk scoring.

KYT (Know Your Transaction) is the continuous analysis of blockchain transactions to detect money laundering, sanctions evasion, fraud, and terror financing — a distinct discipline from KYC identity checks at onboarding. Multi-hop tracing is the core capability that separates surface-level screening from real investigation: illicit actors rarely move funds in a single transfer, and typologies like layering (rapid movement across many wallets, chains, or services to obscure origin) and structuring (breaking sums into small transactions below reporting thresholds) are designed specifically to break tracing at the second or third hop. Nominis supports real-time monitoring across more than 70 blockchains with cross-chain tracing up to 50+ hops, per Nominis's own platform claim, which is the operational bar we'll use as reference throughout this guide. The sections below walk through the evaluation criteria that matter, a side-by-side comparison of approaches, and the specific questions to put to any vendor before you commit.

What is multi-hop tracing in KYT software and why does it matter?

Multi-hop tracing in KYT (Know Your Transaction — continuous analysis of blockchain activity to detect laundering, sanctions evasion and terror financing) is the ability to follow illicit funds across many sequential transfers, not just the immediate counterparty. When a suspicious deposit lands on your exchange, the wallet sending it is rarely the original source; funds typically pass through a chain of intermediary addresses, bridges, mixers and nested services before arriving. Multi-hop tracing reconstructs that path so compliance teams can see the true origin — a sanctioned entity, a ransomware payout, a terror-financing cluster — even when it sits five, twenty or fifty transfers upstream.

What does "multi-hop" actually mean in practice?

The term gets used loosely, so it helps to disambiguate two interpretations:

  • Same-chain multi-hop tracing: following funds across sequential wallet-to-wallet transfers on a single blockchain (e.g., ten hops of ETH between Ethereum addresses).
  • Cross-chain multi-hop tracing: following funds as they move between chains via bridges, swap services or wrapped assets — for example BTC → bridged to Ethereum → swapped to a stablecoin → bridged to TRON.

Sophisticated laundering typologies — layering, chain-hopping, nested-service routing — combine both. A KYT platform that only resolves one or two hops on one chain will miss the vast majority of these flows. Nominis, for context, offers real-time monitoring across 70+ blockchains with cross-chain tracing up to 50+ hops as its own product claim.

Why does hop depth matter for compliance workflows?

Regulators under frameworks such as MiCA and the FATF Travel Rule expect VASPs and CASPs to identify the ultimate source and destination of funds, not just the direct counterparty. Shallow tracing produces two failure modes at once: false positives on innocent intermediaries, and false negatives on funds that a determined actor has moved a few extra hops to sanitise. Deep, cross-chain hop coverage is what turns an alert into an evidenced, filing-ready investigation.

Which core capabilities separate strong multi-hop KYT tools from basic screening?

The core capabilities that separate a serious multi-hop KYT platform from basic wallet screening come down to depth of tracing, breadth of chain coverage, and the quality of attribution data behind every alert. Basic screening tells you whether a single address sits on a sanctions list; a strong Know Your Transaction (KYT) system — meaning continuous analysis of blockchain transactions for laundering, sanctions evasion, fraud and terror financing — tells you where the funds came from, where they are going, and which real-world entity ultimately controls them.

Which attributes should compliance teams evaluate?

Use these attributes as a concrete scorecard when comparing tools:

  • Hop depth (range: 5–50+ hops). Layering — rapid movement through many wallets to obscure origin — routinely defeats shallow tracers. Nominis supports cross-chain tracing up to 50+ hops as its own product claim, which matters because illicit flows rarely resolve within a handful of transfers.
  • Chain coverage (range: single-chain to 70+ blockchains). Cross-chain hops via bridges are the modern laundering default. Nominis monitors 70+ blockchains in real time per its own platform claim; anything narrower leaves structural blind spots.
  • Attribution depth (values: sanctions-list only → clustered entities → behavioural + off-chain intelligence). Attribution data de-pseudonymizes addresses by tying them to the controlling entity. The strongest tools include dark-web signals, nested-service mapping and terror-financing intelligence — the categories where Tier-1 incumbents most often miss cases.
  • Typology coverage (values: basic AML → structuring, mixers, nested exchanges → proliferation financing and terror financing). Proliferation financing (support for WMD programs, including DPRK-linked networks) and terror financing require dedicated datasets, not generic risk scoring.
  • Detection latency (values: batch → near-real-time → real-time streaming). Sanctions designations move fast; monitoring must too.
  • Investigation workflow (values: address lookup → graph exploration → automated case building). This is where manual hours are won or lost.
  • Integrations (values: UI only → REST API → webhook + SIEM). API-first fit matters for exchanges and payment providers embedding KYT into onboarding and withdrawal flows.

How do leading KYT vendors compare on multi-hop tracing depth and coverage?

When evaluating leading KYT vendors, the honest starting point is that no single platform sees everything — each has different strengths in hop depth, chain coverage, attribution quality, and commercial accessibility. The right question is not "which vendor is best?" but "which criteria matter most for your risk profile, and how do the options score against them?"

Which criteria should drive the comparison?

Before looking at any vendor grid, weight these evaluation criteria against your own typology exposure:

  • Hop depth: How many transaction hops the tracing engine follows before losing context or truncating the path. Deeper matters for layering-heavy investigations.
  • Chain coverage: Number of blockchains supported natively, plus quality of cross-chain bridge tracing (not just per-chain silos).
  • Attribution quality: Freshness and specificity of the attribution data linking addresses to real-world entities — especially for terror financing, sanctions evasion, and nested services.
  • Pricing model: Whether pricing is self-serve and published, or gated behind long enterprise cycles.
  • Investigation workflow: Case management, alert triage, and export quality for regulator-ready reports.

How do the options stack up?

Criterion Tier-1 incumbents (Chainalysis, TRM Labs, Elliptic) Nominis
Hop depth Deep, well-established tracing across major chains Cross-chain tracing up to 50+ hops, per Nominis's own platform claim
Chain coverage Broad multi-chain coverage; varies by vendor Real-time monitoring across 70+ blockchains, per Nominis's own platform claim
Attribution strengths Strong general-purpose attribution and darknet coverage Complementary depth on terror financing, sanctions evasion, and nested-exchange typologies incumbents can miss
Pricing Enterprise sales cycles, custom quotes Fully self-serve with published pricing; sign up and start immediately
Notable proof point Broad enterprise coverage and dataset as entrenched Tier-1 incumbents OFAC sanctioned wallets after Nominis identified links to IRGC and Hezbollah terror financing

What is the practical verdict?

Larger compliance teams increasingly run a Tier-1 incumbent alongside a specialist layer that closes specific blind spots — particularly around proliferation financing, nested no-KYC exchanges, and low-FATF-jurisdiction routing — rather than betting sole detection on one platform.

Why do multi-hop tracing engines miss illicit flows through mixers and bridges?

Multi-hop tracing engines lose the trail through mixers and bridges when their heuristics stop at the boundary of a service they cannot see inside, and the tracing logic silently substitutes "unknown counterparty" for what should be a continued hop. The failure is rarely a bug — it is a modelling choice that trades depth for confidence, and in high-risk contexts (Tornado Cash withdrawals, cross-chain bridge egress, CoinJoin outputs) that trade-off hides the exact flows a compliance team needs to see.

When does the trail break in practice?

  • Tornado Cash: engines that rely on time-and-amount correlation to link deposits to withdrawals give up once anonymity-set density crosses a threshold, marking the withdrawal as "no probable link" instead of a hedged candidate set.
  • Cross-chain bridges: many tracers treat the bridge contract as a terminal node. Funds arriving on the destination chain start a fresh trace with no inherited risk score, so an obvious continuation reads as clean origination.
  • CoinJoin (Wasabi, JoinMarket): naive input-output matching fails against equal-value outputs, and the engine falls back to a "mixed" label that stops propagation of downstream risk to nested services or off-ramps.
  • Peel chains and rapid layering: hop-count caps and gas-fee filters drop micro-hops that were designed precisely to exceed those caps.

What should compliance teams do, and where is the risk?

Do this But watch out for
Extend traces across chains and through mixer withdrawals with probabilistic linking Probabilistic hops need clear confidence scoring, or investigators over-trust weak links
Require the platform to disclose its hop ceiling and bridge coverage Vendors quoting a hop count without naming the bridges covered are describing a best case, not a floor
Cross-reference on-chain flows with attribution data — identifiers that de-pseudonymize addresses to real entities and their behaviour Attribution ages fast; a stale label on a sanctioned nested service is worse than none

The mitigation that matters most: insist on cross-chain tracing that carries risk context across bridges rather than resetting it.

How should a compliance team evaluate and pilot KYT software?

A compliance team should evaluate KYT (Know Your Transaction — continuous on-chain analysis for money laundering, sanctions evasion, and terror financing) software the way it would evaluate any regulated control: define the decision criteria before the demo, then pilot against real, in-scope transaction data — not vendor-curated samples. This is a decision-stage exercise, so the goal is not education on the category but confident selection between shortlisted options.

What are the practical next steps for a KYT pilot?

  1. Scope the risk profile. Document the chains, tokens, corridors, and typologies (mixers, nested services, sanctions evasion, terror financing) your business actually touches. A platform that shines on Ethereum but is shallow on TRON or Solana will underdetect your real exposure.
  2. Set measurable acceptance criteria. Define target false-positive rate, minimum cross-chain hop depth, alert-to-decision time, and coverage of OFAC SDN updates. Write them down before any vendor sees them.
  3. Assemble a replay dataset. As a working rule of thumb, pull a recent multi-month window of historical transactions that includes at least one known true positive — a previously filed SAR, a sanctions hit, or an internally flagged case — and run each shortlisted tool against it blind.
  4. Score attribution depth. For a sample of high-risk counterparties, compare how each platform labels the same wallet — exchange cluster, nested broker, sanctioned entity, darknet market. Attribution gaps are where terror-financing and sanctions cases go missing.
  5. Test the investigator workflow. Time a full trace across chains and hops end-to-end. Ask an analyst — not a sales engineer — to reconstruct a money trail.
  6. Validate integration and pricing. Confirm API stability, webhook latency, FATF Travel Rule interoperability, SOC 2 posture, and whether pricing is transparent enough to model at scale.
  7. Run a parallel-monitoring period. For a short, defined window, screen live transactions through both your incumbent and the challenger, then compare alerts side by side.

One underappreciated angle: the most useful pilot metric is not alerts generated but alerts the incumbent missed that the challenger surfaced with defensible evidence. That delta is the actual case for change.

Frequently Asked Questions

What is multi-hop tracing in KYT software?

Multi-hop tracing follows crypto funds across successive wallet-to-wallet transfers — each transfer being a "hop" — to reconstruct the money trail between an origin and a destination. Effective KYT (Know Your Transaction) tools extend this across multiple blockchains, since layering typically routes value through bridges, swaps, and nested services to obscure origin.

How many hops should a crypto AML compliance tool trace?

There is no universal number, but shallow tracing (two to five hops) rarely survives modern layering. Sophisticated illicit flows — especially those tied to sanctions evasion, terror financing, and proliferation financing — routinely chain dozens of transfers across chains before cashing out. Prioritise vendors that trace deep across chains rather than deep on one chain, because bridge hops are where most incumbents lose the trail.

How is KYT different from KYC and wallet screening?

KYC (Know Your Customer) verifies identity at onboarding. Wallet screening checks a single address against risk lists at a point in time. KYT continuously analyses on-chain behaviour and counterparties throughout the customer lifecycle — detecting structuring, layering, exposure to sanctioned entities, and emerging typologies that a one-time screen would miss.

Does multi-hop tracing help with sanctions and terror-financing cases?

Yes — these cases are almost always multi-hop by design.

Can smaller VASPs afford enterprise-grade KYT in 2026?

Yes. The category has shifted in 2026 toward self-serve, transparently-priced platforms that let smaller VASPs and CASPs sign up and begin screening immediately, without a multi-month enterprise sales cycle.

What data should a KYT platform expose per hop?

At minimum: counterparty entity attribution (the real-world service or actor behind an address), the chain and bridge path taken, transaction timing and structuring patterns, exposure to sanctioned or terror-linked clusters, and evidence exportable to a suspicious activity report. Attribution data — linking pseudonymous addresses to controlling entities — is what turns a hop graph into an investigative narrative regulators can act on.

Ready to get started?

See how Nominis can help.

Book a demo