Wallet Clusters¶

Discover networks of related wallets using automated clustering algorithms.

Overview¶

Wallet Clusters help you identify groups of wallets that are likely controlled by the same entity or working together. This is crucial for detecting coordinated SCAM operations, wash trading, and token manipulation.

Access: app.chainsentinel.net/clusters

What are Wallet Clusters?¶

A wallet cluster is a group of wallets that share common characteristics:

• Transaction patterns - Similar behavior
• Token holdings - Hold same tokens
• Creation patterns - Create similar tokens
• Network connections - Connected through transactions

How It Works¶

Clustering Algorithm¶

Chain Sentinel uses Label Propagation algorithm:

1. Build Graph: Create network of wallet connections
2. Initialize Labels: Each wallet gets unique label
3. Propagate: Wallets adopt most common label from neighbors
4. Iterate: Repeat until convergence
5. Result: Wallets with same label = same cluster

Connection Types¶

Wallets are connected if they:

• Share token holdings (both hold same token)
• Have transaction history (sent/received from each other)
• Created similar tokens (same patterns)
• Are linked to same known scammer

Viewing Clusters¶

Clusters List¶

The main page shows all detected clusters:

Columns: - Cluster ID - Unique identifier - Size - Number of wallets in cluster - Risk Score - 0-100 (higher = more suspicious) - SCAM Rate - % of SCAM tokens created - Total Tokens - Tokens created by cluster - Actions - View details, export

Cluster Details¶

Click on a cluster to see:

Overview: - Cluster statistics - Risk assessment - Timeline of activity

Wallets: - List of all wallets in cluster - Individual reputation scores - Tokens created by each

Tokens: - All tokens created by cluster - SCAM/LEGIT distribution - Confidence scores

Network Graph: - Visual representation - Connection strength - Sub-clusters

Risk Scoring¶

Clusters are scored based on multiple factors:

Risk Factors (0-100)¶

SCAM Rate (40%): - Percentage of SCAM tokens created - Higher = more suspicious

Reputation (30%): - Average wallet reputation - Lower = more suspicious

Network Density (15%): - How tightly connected - Higher = more coordinated

Known Scammers (15%): - Contains known scammers - Yes = very suspicious

Risk Levels¶

• 90-100: 🔴 CRITICAL - Confirmed SCAM ring
• 75-89: 🟠 HIGH - Very suspicious
• 60-74: 🟡 MEDIUM - Requires investigation
• 40-59: 🟢 LOW - Possibly legitimate
• 0-39: ⚪ MINIMAL - Likely legitimate

Filtering Clusters¶

By Risk Level¶

Filter clusters by risk score:

• Critical Only - Score ≥ 90
• High Risk - Score ≥ 75
• Medium Risk - Score ≥ 60
• All Clusters - No filter

By Size¶

Filter by number of wallets:

• Small - 2-5 wallets
• Medium - 6-20 wallets
• Large - 21-50 wallets
• Very Large - 50+ wallets

By Activity¶

Filter by recent activity:

• Last 24 hours
• Last 7 days
• Last 30 days
• All time

Use Cases¶

1. Detect SCAM Rings¶

Goal: Find coordinated SCAM operations

Steps: 1. Filter by Critical Risk (90-100) 2. Sort by Size (largest first) 3. Review cluster details 4. Check tokens created 5. Report to authorities

Example:

Cluster #42
- Size: 15 wallets
- Risk: 95/100
- SCAM Rate: 87%
- Tokens: 23 (20 SCAM, 3 LEGIT)

2. Identify Wash Trading¶

Goal: Find artificial volume manipulation

Steps: 1. Look for High Network Density (>0.8) 2. Check Transaction Patterns 3. Analyze Token Holdings (same tokens) 4. Review Trading Volume (suspicious spikes)

Indicators: - Wallets trade same tokens back and forth - Similar transaction amounts - Coordinated timing

3. Track Token Farms¶

Goal: Find wallets mass-creating tokens

Steps: 1. Filter by Large Size (50+ wallets) 2. Check Tokens Created (high count) 3. Review Creation Patterns (similar timing) 4. Assess SCAM Rate

Indicators: - Many wallets - Each creates multiple tokens - Similar token characteristics - High SCAM rate

4. Discover Money Laundering¶

Goal: Find how SCAM proceeds are moved

Steps: 1. Start with known SCAM token 2. Find creator wallet's cluster 3. Analyze Transaction Flow 4. Identify Bridge Wallets (connect clusters) 5. Trace to final destination

Cluster Management¶

Flagging Clusters¶

Mark suspicious clusters for monitoring:

1. Open cluster details
2. Click "Flag Cluster"
3. Select reason:
4. SCAM ring
5. Wash trading
6. Token farm
7. Money laundering
8. Other (specify)
9. Add notes (optional)
10. Click "Submit"

Benefits: - Tracked in your dashboard - Alerts on new activity - Shared with community (optional)

Exporting Clusters¶

Export cluster data for analysis:

Formats: - CSV - Wallet list with stats - JSON - Full cluster data - Graph - Network visualization

Use Cases: - Share with team - Import into analysis tools - Report to authorities - Archive for records

Advanced Features¶

Sub-Cluster Detection¶

Identify sub-groups within large clusters:

Algorithm: Hierarchical clustering

Use Case: Large cluster (100+ wallets) may contain multiple sub-groups

Example:

Cluster #15 (120 wallets)
├─ Sub-cluster A (45 wallets) - Token farm
├─ Sub-cluster B (38 wallets) - Wash trading
└─ Sub-cluster C (37 wallets) - SCAM ring

Temporal Analysis¶

Track how clusters evolve over time:

Features: - Cluster growth rate - New wallet additions - Wallet departures - Activity patterns

Timeline View: - Shows cluster formation - Identifies growth spurts - Detects coordinated campaigns

Cross-Cluster Analysis¶

Find connections between clusters:

Bridge Wallets: - Belong to multiple clusters - Connect different groups - Possible money laundering

Shared Tokens: - Clusters holding same tokens - Possible coordination

Transaction Links: - Clusters transacting with each other - Possible network expansion

API Access¶

Access cluster data programmatically:

import requests

API_KEY = "your_api_key"
headers = {"X-API-Key": API_KEY}

# List all clusters
response = requests.get(
    "https://api.chainsentinel.net/api/clusters",
    params={"risk_min": 75},
    headers=headers
)

clusters = response.json()
for cluster in clusters["data"]:
    print(f"Cluster {cluster['id']}: {cluster['size']} wallets, Risk: {cluster['risk_score']}")

# Get cluster details
response = requests.get(
    f"https://api.chainsentinel.net/api/clusters/{cluster_id}",
    headers=headers
)

details = response.json()
print(f"Wallets: {len(details['wallets'])}")
print(f"Tokens: {len(details['tokens'])}")

See API Reference for details.

Statistics¶

Global Cluster Stats¶

View system-wide statistics:

• Total Clusters: Number of detected clusters
• High-Risk Clusters: Risk score ≥ 75
• Average Size: Mean wallets per cluster
• Largest Cluster: Biggest cluster size
• Total Wallets Clustered: Unique wallets in clusters

Your Cluster Stats¶

Track your flagged clusters:

• Flagged Clusters: Clusters you've marked
• Monitored Wallets: Wallets in flagged clusters
• Alerts Received: Notifications from flagged clusters
• Confirmed SCAMs: Flagged clusters confirmed as SCAM

Alerts¶

Get notified about cluster activity:

Alert Types¶

New Wallet Added: - Cluster grows - New wallet joins

New Token Created: - Cluster creates token - Possible new SCAM

Risk Score Changed: - Cluster risk increases/decreases - Requires review

Cluster Merged: - Two clusters combined - Possible network expansion

Alert Configuration¶

1. Go to 🚨 Alerts page
2. Enable "Cluster Alerts"
3. Select alert types
4. Set minimum risk threshold
5. Choose notification channel (Telegram/Discord/Email)

Best Practices¶

For Investigators¶

✅ Do: - Start with high-risk clusters - Review cluster details thoroughly - Check network graph - Export data for records - Flag suspicious clusters

❌ Don't: - Assume all clusters are malicious - Ignore low-risk clusters completely - Skip verification - Share sensitive data publicly

For Traders¶

✅ Do: - Check if token creator is in high-risk cluster - Avoid tokens from flagged clusters - Monitor clusters holding your tokens - Report suspicious activity

❌ Don't: - Panic if wallet is in cluster (could be false positive) - Ignore cluster warnings - Trade tokens from SCAM ring clusters

Troubleshooting¶

Cluster not showing?¶

Possible causes: - Cluster too small (<2 wallets) - Low connection strength - Recent formation (not yet detected)

Solutions: 1. Wait for next clustering run (daily) 2. Check individual wallets 3. Use Network Graph for manual exploration

False positives?¶

Possible causes: - Legitimate wallets sharing popular tokens - Coincidental transaction patterns - Exchange wallets grouped together

Solutions: 1. Review cluster details carefully 2. Check individual wallet reputations 3. Analyze token quality 4. Report false positive to improve algorithm

Cluster too large?¶

Solutions: 1. Use sub-cluster detection 2. Filter by specific criteria 3. Export and analyze offline 4. Focus on highest-risk wallets

Next Steps¶

• 🕸️ Network Graph - Visualize connections
• 🧠 Model Explainability - Understand AI decisions
• 👛 Wallet Intelligence - Analyze individual wallets

Need Help?¶

• 📖 FAQ
• 💬 Telegram Community
• 📧 support@chainsentinel.net

Tip: Wallet Clusters are most effective when combined with Wallet Reputation and Known Scammer Database for comprehensive risk assessment.