Briefings·Methodology
11 March 2026 5 min read GSIG-B-2026-005

Cross-Chain Identity: Why Single-Chain Attribution Is a Structural Handicap

An OFAC-designated entity rotates between chains weekly. Your screening vendor labels it on Ethereum but not on the others. Your AML programme's effectiveness on this entity collapses to whichever chain the labelling happened to catch up with. This is the cross-chain attribution problem — and most institutions are operating under it without knowing.

A sanctioned-network actor — an entity, a service, a sophisticated counterparty — operates on multiple blockchains. They use distinct addresses on each chain. There are no shared signing keys, no shared on-chain linkage, and no obvious connection between their chain-A activity and their chain-B activity. A naive compliance system looking at chain A sees one entity. Looking at chain B, it sees a second, unrelated entity. These are, operationally, the same actor. The compliance system treats them as two.

This is the cross-chain identity problem, and it is doing real damage to institutional compliance programmes that do not realise they are exposed to it.

What this means for an institution

The practical consequences for any compliance programme that operates on a single-chain attribution graph are concrete:

  • Flow reconstruction fails at bridges. If chain-A and chain-B attribution do not resolve to a unified identity, funds that bridge between them appear to terminate at the bridge contract. They do not.
  • Counterparty analysis fragments. A counterparty that transacts with you on multiple chains appears as multiple separate counterparties, each with incomplete history, each producing weaker risk signals than a unified view would.
  • Pattern detection degrades. Behavioural signatures — the fingerprints that distinguish one entity from another — are computed per-chain. A consistent cross-chain actor is never identified as such.
  • Sanctions screening produces false negatives. An entity may be labelled as sanctioned-adjacent on the chain where it was first identified and entirely unflagged on every other chain it operates on. The institution's screening hit rate is bounded by its weakest chain.

These are not theoretical degradations. They are the everyday reality of single-chain attribution systems operating in a multi-chain threat environment.

The signal classes that resolve identity across chains

Cross-chain entity resolution relies on five classes of signal, in roughly decreasing order of strength:

  1. Direct bridge correspondence. An address on chain A sends funds through a bridge; an address on chain B receives them. For most bridges, the correspondence is recoverable from the bridge contract's event logs. This is the strongest signal and the easiest to use.
  2. Timing correlation at exchanges. An entity deposits on chain A and withdraws on chain B, where both deposit and withdrawal flow through the same centralised exchange within a correlated window. The exchange-side linkage is inferrable from transaction timing and amount fingerprints even without internal exchange data.
  3. Behavioural fingerprinting. Transaction patterns — preferred counterparties, gas behaviour, time-of-day distributions, contract interaction preferences — produce per-entity signatures that cross chains. The fingerprint is weaker than a direct bridge correspondence but more robust to address rotation.
  4. Service attribution cross-reference. Known services — OTC desks, mixers, swap aggregators — operate on multiple chains. An entity using the same service across chains produces a linkable pattern via the service, not via its own addresses.
  5. Label inheritance. If an address on chain A is known to belong to an entity, and the same entity is known to operate on chain B through a specific mechanism (known counterparty, known exchange account), the chain-B address can be inferred with appropriate confidence scoring.
Cross-chain identity is not solved by any single signal. It is solved by the weighted combination of many signals, each with explicit confidence, subject to continuous validation against new evidence. The system is probabilistic, not categorical. — GSIG methodology documentation

What a production system looks like

A working cross-chain identity system has four components:

  • Canonical entity registry. Each resolved entity is assigned a chain-agnostic identifier. All addresses that belong to that entity, on any chain, point to the same canonical identifier.
  • Evidence graph. Every linkage between two addresses — or between an address and an entity — is stored with its signal source, confidence score, and timestamp. This allows retroactive re-evaluation when new evidence arrives.
  • Continuous re-resolution. Entity identities are not static. Resolutions are recomputed as new transactions, new services, and new bridges come online. An entity that was only detectable on two chains last quarter may be linked to four chains this quarter.
  • Cross-validation. Each claimed linkage must be validated against independent signal classes before being treated as high-confidence. Single-signal linkages are stored but flagged as provisional.
Operational implication Cross-chain identity resolution is expensive to build and expensive to maintain. It is also a capability that most institutions will never build in-house, because the marginal cost of each additional chain grows faster than the internal utility. The institutions that produce cross-chain identity at scale are those that serve multiple clients with the same graph — which is exactly the economic model of a dedicated intelligence firm.

Why thirty-plus chains, not five

The question of how many chains need to be covered is not a marketing number; it is an operational one. An entity that operates on thirty chains is operationally different from an entity that operates on five. An attribution graph that covers only the top five chains by capital will systematically miss the rotational behaviour of any sophisticated actor who migrates to less-supervised chains when pressure increases on the major ones.

The threshold of useful coverage is, in practice, every chain with meaningful native-asset or stablecoin activity that is not purely retail. As of 2026, that set is in the low thirties. It is still growing.

Closing

Cross-chain identity resolution is not a nice-to-have; it is the foundational capability on which all cross-chain compliance rests. Institutions that attempt to do cross-chain compliance without it are operating under a specific, quantifiable, and generally underestimated attribution handicap. The handicap does not manifest until an investigation or an examination forces it into the open. By then, the institution has been operating under it for whatever interval it took for the case to surface — typically, a long time.

GSIG operates cross-chain identity resolution across thirty-one chains, producing a canonical entity registry of approximately 99,700 resolved entities against a wallet population of 30.4 million addresses.

Suggested citation
Global Sanctions Intelligence Group (2026). "Cross-Chain Identity: Why Single-Chain Attribution Is a Structural Handicap." GSIG Briefing GSIG-B-2026-005, 11 March 2026. Available at: https://gsig.uk/briefings/cross-chain-identity
GSIG-B-2026-005 · Methodology · 11 March 2026 ← All briefings