Chainalysis vs Elliptic vs TRM Labs: Choosing Blockchain Analytics in 2026

Blockchain analytics is no longer optional for a regulated CASP — the Markets in Crypto-Assets Regulation authorisation file requires evidence of operational analytics capability with a named provider, the Transfer of Funds Regulation requires risk-based screening on every transfer above €1,000 to and from self-hosted wallets, and the EBA Guidelines treat crypto-specific typologies (mixers, peel chains, privacy coins) as standing enhanced-due-diligence triggers. Three vendors dominate the market for serious CASPs in 2026: Chainalysis, Elliptic, and TRM Labs.¹^[1]³^[2]⁴^[3]

Each takes a different posture. Chainalysis is the incumbent with the broadest enterprise deployment, the deepest investigations product (Reactor), and the highest list price. Elliptic is the European-headquartered alternative with strong regulator relationships, particularly across the FCA / EEA NCA pipeline, and historical strength in MiCA-era authorisation files. TRM Labs is the newer entrant that has scaled aggressively with attribution depth on EVM and Solana ecosystems and a growing institutional base.

This guide compares the three head-to-head: chain coverage, attribution depth, screening API performance, investigations product, sanctions handling, integration complexity, pricing, and which vendor fits which CASP profile. The headline: most large CASPs run two providers in parallel — typically Chainalysis as the primary investigations stack with Elliptic or TRM Labs as the screening and overlap detection layer. Sole-vendor architectures are increasingly the exception.

Five regulatory drivers force blockchain analytics into every regulated crypto stack. Each one alone would justify the spend; together they make sole-source crypto operations effectively impossible to defend at supervisory inspection.

• MiCA authorisation. NCAs require evidence of an analytics provider contract and integration architecture in the Programme of Operations.

• TFR Travel Rule self-hosted wallet workflow. Risk-based EDD on transfers ≥ €1,000 to/from non-custodial wallets requires address attribution and risk scoring.

• Source of funds at onboarding. CDD policies require provenance assessment of inbound crypto deposits — analytics provides the evidence.

• Sanctions screening. Office of Foreign Assets Control SDN list now contains crypto wallet addresses (Tornado Cash, Garantex, Lazarus Group, Hydra successors) — sanctions screening at the wallet level requires analytics.⁶^[4]

• Sixth Anti-Money Laundering Directive predicate offences. Investigation of suspected ML requires forensic tools to trace funds across hops, chains, and bridges. Without analytics, the investigation product is non-existent.⁷^[5]

The three providers diverge most across attribution depth on long-tail chains, investigations product strength, and pricing. The table below benchmarks each on the dimensions that actually drive procurement decisions.

Chainalysis is the most-deployed blockchain analytics platform across regulated crypto firms globally. Coinbase, Kraken, Binance entities, Bitstamp and the majority of Tier-1 EU exchanges run Chainalysis as either primary or one of two providers. The product suite — Chainalysis KYT for real-time wallet screening, Reactor for investigations, and Crypto Investigations Solutions for forensic case management — is the industry standard.

Chainalysis's structural advantage is attribution data: 15+ million labelled clusters, deep history on BTC, ETH, and major altcoins, and continuous attribution work on emerging entities (sanctioned addresses, ransomware groups, exchange hot wallets). Reactor's investigation flow is the benchmark — the tool every other vendor's product is compared against.

The trade-off is price. Chainalysis is the highest-priced of the three at €120,000–€250,000/year for a mid-sized CASP, with negotiation room mainly through volume tier commitments. The cost is justified for any CASP whose Reactor usage is material; for screening-only deployments at smaller volumes, Elliptic or TRM Labs are typically more cost-effective.

Elliptic is the European-domiciled alternative with strong roots in EEA and UK regulator relationships. The FCA's typology work has historically been informed by Elliptic; the EBA Guidelines on crypto-specific ML/TF typologies reflect concepts (peel chains, hop analysis) that Elliptic helped popularise. Elliptic Investigator and Lens together cover the full screening-and-investigation workflow.

Elliptic's strengths: strongest UK / EEA regulator engagement, comparable BTC and ETH attribution to Chainalysis, slightly leaner investigations product, and pricing 30–40% below Chainalysis's at the mid-tier. The trade-off: chain coverage is narrower than Chainalysis, particularly on long-tail Solana, Tron, and emerging EVM L2 chains, and the investigations UX is functional rather than industry-leading.

Elliptic is the right choice for any EEA-regulated CASP whose primary AML use case is screening + occasional investigations, where Chainalysis's premium is hard to justify, and where the home NCA's familiarity with the vendor matters in supervisory dialogue.

TRM Labs is the youngest of the three (founded 2018) and has scaled aggressively, particularly through US institutional and law-enforcement deployments. The product portfolio — TRM Wallet Screening, TRM Investigations, TRM Tactical for law enforcement — covers the full workflow with strong attribution velocity (faster updates on emerging sanctioned addresses than the incumbents).

TRM's strengths: best-in-class attribution depth on Solana, Tron, and Polygon ecosystems; particularly strong on stablecoin flow tracing (USDT, USDC) which matters disproportionately for institutional CASPs; growing integration with Notabene and Veriscope for Travel Rule data exchange; and aggressive pricing — €60,000–€150,000/year for a mid-sized CASP.

Trade-offs: smaller EEA regulator footprint than Elliptic (though growing), investigations product still maturing relative to Chainalysis Reactor, and the BTC attribution depth — while strong — has slightly less historical breadth than the incumbents.

There is no universal best provider. The right choice depends on volume, asset mix, jurisdiction, and whether investigations are a primary or supplementary use case.

Implementation across all three providers follows similar shape: contract negotiation, sandbox, API integration into the deposit/withdrawal/onboarding flows, MLRO workflow training, and production cutover. The differences are in pace and depth.

• Weeks 1–2: contract negotiation, NDAs, scoping workshops with the provider's solutions team. SLAs, false-positive rate targets, and case-management workflow defined.

• Weeks 2–4: API integration. Wallet screening on inbound deposits and outbound withdrawals; risk-score routing into the transaction monitoring system; investigations console access for the MLRO and AML team.

• Weeks 4–6: AML programme update — risk-scoring thresholds, escalation paths, case-creation rules, false-positive triage workflow. Document for NCA review.

• Weeks 6–8: parallel run alongside any legacy screening. Compare hits, calibrate thresholds, finalise the production runbook.

• Ongoing: monthly false-positive review, quarterly relationship review with the provider, annual reconciliation of attribution coverage vs CASP customer geography.

• Treating analytics as a checkbox. Authorisation files that name a vendor without evidence of operational integration are downgraded to high-scrutiny review.

• No documented escalation path for high-risk hits. NCAs probe what happens after a Chainalysis or TRM Labs scoring threshold is breached — silent kills, account freezes, MLRO escalation must be documented.

• Forgetting privacy coins and mixers. Most CASPs do not list Monero or Zcash, but they receive transfers from mixers (Tornado Cash relays, peel-chain endpoints) constantly. Analytics rules must cover this typology, not just sanctioned-address direct hits.

• Failing to integrate analytics output into transaction monitoring. Risk scores must flow into the AML rules engine — not sit in a parallel console silo.

• Underestimating false-positive operational cost. A naive ruleset generates 5–10× the alert volume of a tuned one. Plan for 0.25–0.5 FTE of analyst time per provider per €1B annual volume.

Yes. NCAs in Lithuania, Cyprus, Ireland, Germany and Malta all require evidence of an analytics provider contract and integration architecture in the authorisation file. 'We will procure post-authorisation' is rejected on first review. Sign with one of Chainalysis, Elliptic, or TRM Labs before submission and document the integration in the Programme of Operations.

TRM Labs has the lowest list price in the three at €60,000–€150,000/year for a mid-sized CASP. Elliptic is mid-tier at €80,000–€180,000. Chainalysis is the highest at €120,000–€250,000. But cheapest at the contract line is not always cheapest at the operational line — Chainalysis Reactor pays for itself if your investigations volume is meaningful; TRM Labs's stablecoin attribution saves analyst time on USDT-heavy flows. Match the price tier to your actual use case.

For a Class 1 or small Class 2 CASP, yes. For any CASP above €5B annual volume or with significant counterparty diversity, dual coverage is becoming the standard — and the AMLA / ESMA convergence push from 2027 will likely require it implicitly. Most large operators run two providers in parallel today.

All three providers rely on attribution data which is necessarily incomplete and time-lagged. A newly-sanctioned wallet may not appear on any provider's list for hours or days. The defensive posture: layer multiple sources, document the attribution latency in the AML programme, and update OFAC SDN screening separately from the provider's bundle. NCAs accept attribution latency as a fact of the technology — they do not accept absence of layered controls.

AMLR codifies common standards across the EU including expectations on blockchain analytics for crypto-asset obliged entities. AMLA's direct supervision of significant CASPs from 2028 will likely formalise dual-provider expectations and potentially set common attribution standards. Any provider selection made today should anticipate stricter convergence within 24 months — favour vendors with strong EBA/AMLA engagement (Elliptic, Chainalysis European subsidiaries).

Not for compliance baseline. Building credible attribution data — clustering across millions of addresses, integrating sanctions feeds, maintaining attribution metadata across hundreds of chains — costs €5M+ per year and 12–18 months minimum to reach parity with a vendor product. In-house tooling is valuable for firm-specific differentiation (proprietary risk models on top of vendor data, custom case workflows) but should never replace a Tier-1 vendor for the core control.

• AML Compliance for Crypto Firms: What the 6AMLD requires from CASPs and VASPs

• MiCA Travel Rule Providers Compared: Notabene vs Sumsub vs Sygna vs Veriscope

• MiCA Compliance Guide for CASPs: Authorisation walkthrough — capital, governance, supplier stack

• How to Get a Bank Account for a VASP or CASP: The 2026 banking playbook for regulated crypto firms

Blockchain analytics is the central nervous system of a regulated crypto AML programme — and the vendor choice has long-tail consequences for false-positive rates, investigation speed, supervisory dialogue, and unit economics. Pick the provider that matches your volume tier, asset mix, and use-case depth; assume you will move to dual coverage within 18 months of crossing €1B annual volume; and remember that the cheapest vendor at signing can be the most expensive at the operational layer if attribution is thin where your customer base actually transacts.