What is a vendor kickback investigation?
A vendor kickback investigation traces whether a vendor, supplier or contractor made undisclosed payments to a company employee in exchange for preferential treatment — inflated invoices, favored contract awards or other benefits. We look for a confirmed on-chain connection between wallet addresses controlled by the two parties who should have no direct financial relationship.
What is on-chain forensic analysis, and how is it different from what a regular auditor or compliance tool does?
Regular auditors lack the specialized blockchain knowledge required to trace wallet-level connections. Standard compliance tools focus on source-of-funds analysis — they're not built to automatically surface relationships between counterparties. On-chain forensic analysis maps fund flows across wallets, chains and intermediaries to answer a specific question: are these two parties connected, and is that connection intentional?
What chains do you cover?
We cover all major blockchains — including Bitcoin, Ethereum, Tron, BSC and others supported by leading compliance infrastructure. The majority of kickback cases we see involve USDT on Tron. Cross-chain coverage matters because bad actors routinely use bridges and chain-hops specifically to break the transaction trail.
What does a client need to provide to start?
Wallet addresses are the most useful starting point, but not the only one. We can also work from company names, legal entities, employee or vendor identifiers, transaction hashes, bank references or internal context about what triggered the concern. The more you provide, the faster the initial scoping — but even a single wallet or vendor name is enough to begin.
How long does an engagement take?
A preliminary conclusion is typically delivered within two weeks of submission. For subscription engagements, the report is updated monthly as new transactions are added and activity is monitored on an ongoing basis.
What does the final report contain?
The report covers which wallets, transactions and counterparties were reviewed, the methodology used, and the findings — including any confirmed or suspected on-chain connections. All suspicious payments and fund flows are highlighted. If clear links are identified, a separate deep-dive can be conducted, including exchange requests and OSINT based on additional digital footprints.
What if no connection is found?
Clients still receive a full report. A "no connection found" result documents that a proper review was conducted and provides an evidence-based conclusion — useful for closing the matter internally or with legal counsel. Relevant wallets can also be placed on monitoring so the client is notified if suspicious activity appears later.
How far back can you trace transactions?
There is no hard technical limit on historical depth — transactions can typically be traced back to the earliest available on-chain activity. The practical limits are the quality of input data, the number of intermediary hops, and the use of mixers, bridges or privacy tools by the counterparties.
Is the investigation passive — do you contact the vendor or employee?
By default, entirely passive. We do not contact the vendor, employee or any third party during the investigation. All findings are based on blockchain tracing, transaction analysis, attribution data and materials provided by the client. Any outreach — for example to an exchange — is only handled separately and with explicit client approval.
How is pricing structured?
We offer two models: a flat annual fee, or a smaller flat fee combined with a percentage of identified fraudulent volume. Pricing is scoped individually based on the number of wallets, counterparties, chains and the depth of investigation required. Specific figures are shared on request after a short scoping conversation.