Node and Branch - Single Internal To Mutiple External
Description
This test detects accounts withdrawing funds to multiple unique external destinations, potentially to obscure fund origins or execute coordinated manipulation strategies. This analysis highlights patterns of fund dispersion from internal accounts.
Use Cases
- Single Internal to Multiple External: Funds from a single account are distributed across multiple external accounts, potentially obscuring origins or facilitating coordinated manipulation strategies.
Required Data
Deposits Data
| Variable | Description |
|---|---|
timestamp | Timestamp of the deposit (YYYY-MM-DD hh:mm:ss). |
user_id | User ID of the depositor. |
currency_type | Type of currency deposited (fiat or crypto). |
symbol | Asset symbol (BTC, ETH, USD, EUR, etc.). |
price_usd | Price of the asset in USD. |
amount | Amount deposited. |
to | Internal user account receiving the deposit. |
from | External wallet address or bank account initiating the deposit. |
Withdrawals Data
| Variable | Description |
|---|---|
timestamp | Timestamp of the withdrawal (YYYY-MM-DD hh:mm:ss). |
user_id | User ID of the withdrawing user. |
currency_type | Type of currency withdrawn (fiat or crypto). |
symbol | Asset symbol (BTC, ETH, USD, EUR, etc.). |
price_usd | Price of the asset in USD. |
amount | Amount withdrawn. |
to | External wallet or bank account receiving the withdrawal. |
from | Internal user account initiating the withdrawal. |
Parameters
| Parameter | Description | Type | Default Value | Configurable |
|---|---|---|---|---|
analysis_minimum_branch_count_threshold | Minimum number of branch connections required between internal and external accounts. | Integer | 3 | Yes |
analysis_minimum_aggregate_dollar_threshold | Minimum total transaction amount to trigger an alert. | Float | 10000 | Yes |
whitelist_file | File path for the list of whitelisted wallets. | String | s3://BUCKET/whitelisted_wallets.csv | Yes |
analysis_window | Time window for analysis in hours. | Integer | 120 | Yes |
check_fiat | Whether to analyze fiat transactions. | Boolean | True | Yes |
check_crypto | Whether to analyze cryptocurrency transactions. | Boolean | True | Yes |
create_ticket | Flag to determine if tickets should be created for alerts. | Boolean | True | Yes |
Methodology
- Single Internal to Multiple External Tracks internal accounts making withdrawals to multiple external destinations. Flags cases exceeding the unique recipient count and transaction value threshold.