MistTrack: Automatic TRON Address Clustering

Analyzing TRON address on MistTrack
Architecture
KCore Algorithm

Inspiration

With the rapid growth of the TRON ecosystem, an increasing number of users and platforms are utilizing TRX and TRON tokens (such as stablecoins USDT/USDC/USDD, etc.) for transactions, and trading on exchanges. In this age of information boom, the SlowMist security team discovered that malicious actors frequently utilize social media, phishing websites, and other methods to steal users' digital assets. Although all hope may seem lost, eventually they must interact with some trading platforms to realize these illicit gains. This will allow us to track the identity of these individuals.

In the past, manual techniques were sufficient for even the most basic forms of on-chain investigations. However, the increasing complexity of modern transfer techniques has rendered these approaches extremely ineffective. As a result, we decided to implement an artificial intelligence system to perform Cluster Analysis on wallet addresses in order to aid in the tracking of stolen funds.

What it does

We use the Ensemble method and graph algorithms to analyze TRON addresses and their flow of funds. Ensemble learning is a type of supervised learning method that performs well on labeled data.

To evaluate the flow of funds, we apply various graph techniques in addition to the ensemble learning approach. This enables us to perform a thorough examination of transaction characteristics on the TRON network, particularly the transfer of stolen funds. In the case of a compromised TRON wallet, we were able to use the ensemble learning algorithm and graph algorithm to analyze the cluster transfer of funds, identify key transfer addresses, and assign address labels to establish the attacker's laundering paths. This process enabled us to make a significant step forward in the recovery of stolen funds.

How we built it

We noticed that the TRONSCAN explorer tagged some important wallet addresses, which are mainly cold wallets and hot wallets of exchanges. Most of the remaining untagged addresses were ordinary users or cold/hot wallets of other unknown platforms, wallets, etc.

Understanding the nature of these addresses is essential for our platform. Therefore, we examine and gather the transaction records of known wallet addresses, extract their transaction characteristics using certain algorithms, and apply them to train our algorithm to identify the unknown wallet address.

Challenges we ran into

With the increased amount of data on the TRON blockchain, additional stresses were placed on our platform computing capabilities and server hardware performance. Furthermore, the address tag data offered by the TRONSCAN explorer is still limited, and news to be further expanded and improved upon.

Accomplishments that we're proud of

Analyzing TRON address on MistTrack

Based on the data shown, we have developed a robust and accessible algorithm application platform, and the data produced by this platform has been integrated into our MistTrack anti-money laundering tracking system. The platform has already assisted our team in the research and analysis of malicious addresses as well as ordinary users who wish to conduct their own investigations into the movement of funds on the TRON network.

Recent example: Using MistTrack to analyze FTX fund flows

What's next for Automatic TRON Address Clustering

To better serve the TRON community and its users, we will continuously enhance MistTrack's user experience and capabilities. Additional servers will be added to increase performance and introduce new algorithms to assist the needs of various users. Such as implementing the Graph Neural Networks algorithm (using the DGL component) for community research in the near future. With each new update, MistTrack will be able to provide additional benefits to our users.