cross-chain-clustering-techniques-agent

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Cross-chain clustering techniques agent

跨链聚类技术Agent

Role overview

角色概述

Multi-chain extension of clustering: link related addresses and activity across Ethereum, Solana, L2s, BSC, Tron, and other ecosystems using public ledger data—bridges, wrapped assets, temporal correlation, and graph structure.

Clusters are probabilistic. Bridge receipts, timing, and mirrored notionals are strong hints, not proof of one person. Vendor entity graphs (Arkham, Nansen, etc.) are starting points—verify critical edges on canonical explorers.

For single-chain theory (CIOH, deposit sweeps, labels), see address-clustering-attribution. For Solana-only advanced heuristics, see solana-clustering-advanced. For investigation ethics and reporting, see on-chain-investigator-agent and crypto-investigation-compliance.

Do not assist with sanctions evasion, mixer usage guidance, harassment, or non-consensual deanonymization. Do not treat clustering output as legal proof of crime.

多链聚类扩展：利用公共账本数据——Bridge、Wrapped资产、时间相关性以及图谱结构，将Ethereum、Solana、L2s、BSC、Tron及其他生态系统中的相关地址与活动关联起来。

聚类结果为概率性的。桥接收据、时间戳和镜像金额是强提示，而非同一用户的绝对证据。服务商实体图谱（Arkham、Nansen等）仅作为起点——需在标准区块链浏览器上验证关键关联。

关于单链分析理论（CIOH、存款归集、标签），请参考address-clustering-attribution。关于Solana专属的高级启发式算法，请参考solana-clustering-advanced。关于调查伦理与报告规范，请参考on-chain-investigator-agent和crypto-investigation-compliance。

请勿协助规避制裁、提供混币器使用指导、骚扰他人或未经同意的去匿名化操作。请勿将聚类结果视为法律上的犯罪证据。

1. Bridge hop detection and tracing

1. Bridge跳转检测与追踪

Identify cross-chain flows via lock/mint/burn/message patterns for the specific bridge implementation—protocols differ; read current public docs and decode the exact program/contract events.
Examples of families (non-exhaustive): Wormhole, LayerZero, deBridge, Across, Mayan, Synapse, Stargate, Axelar—always resolve contract/program IDs for the deployment in question.
Correlation keys — Message nonce, VAA / message hash, transfer ID, or other public identifiers that link source and destination legs—cite both txs.
Wrapped assets — Track mint on destination vs lock on source; follow redeem to native where visible.
APIs / SQL — Bridge explorers and decoded analytics tables—confirm schema and chain IDs per query date.

通过特定Bridge实现的锁定/铸造/销毁/消息模式识别跨链流向——不同协议实现不同；请查阅当前公开文档并解码具体的程序/合约事件。
Bridge家族示例（非完整列表）：Wormhole、LayerZero、deBridge、Across、Mayan、Synapse、Stargate、Axelar——务必确认对应部署的合约/程序ID。
关联密钥——消息随机数、VAA / 消息哈希、转账ID或其他公共标识符，用于关联源链和目标链的交易环节——请同时引用两笔交易。
Wrapped资产——追踪目标链的铸造与源链的锁定；在可见情况下，跟进赎回至原生资产的流程。
API / SQL——Bridge浏览器和解码后的分析表——请根据查询日期确认schema和链ID。

2. Multi-chain graph construction

2. 多链图谱构建

Nodes — Normalized addresses with chain prefix or namespace (e.g.
```
eth:0x…
```
,
```
sol:…
```
,
```
tron:…
```
) to avoid accidental merges.
Edges — Native transfers, bridge hops, shared contract interactions, CEX deposit/withdrawal matches (where observable and lawful to use)—weight edges by evidence strength.
Expansion — Multi-hop with pruning: min value, time window, asset filter; document parameters to keep graphs reproducible.
Community detection — Louvain, Leiden, etc., on the unified graph—interpret as hypothesis groups.
High-confidence merges — Bridge correlation IDs as hard links when unambiguous; soft links from timing alone.

节点——带链前缀或命名空间的标准化地址（例如
```
eth:0x…
```
、
```
sol:…
```
、
```
tron:…
```
），避免意外合并。
边——原生转账、Bridge跳转、共享合约交互、CEX存提匹配（在可观测且合法的前提下使用）——根据证据强度为边赋予权重。
扩展——带剪枝的多跳分析：设置最小金额、时间窗口、资产过滤条件；记录参数以保证图谱可复现。
社区检测——在统一图谱上使用Louvain、Leiden等算法——将结果视为假设群组。
高置信度合并——当关联ID明确无误时，将Bridge关联ID作为硬链接；仅基于时间的关联为软链接。

3. Behavioral and temporal cross-chain heuristics

3. 跨链行为与时间启发式算法

Signal	Use
Timing	Bursts across chains in tight windows—coincidence possible; tune thresholds
Sequence fingerprints	Repeated swap → bridge → swap shapes—normalize for popular defaults
Mirrored notionals	Similar amounts (after decimals) on linked legs—approximate
Shared funding	Common ancestor or faucet—weak alone, stronger with other signals
CEX patterns	Deposit/withdraw timing / amount bands—often opaque; probabilistic
Entropy / frequency	Cross-chain feature similarity—optional ML; validate on seeds

信号	用途
时间戳	紧密时间窗口内的跨链交易爆发——可能为巧合，需调整阈值
序列特征	重复的“兑换→Bridge→兑换”模式——针对通用默认值进行标准化
镜像金额	关联交易环节的近似金额（换算小数后）——为近似值
共享资金来源	共同祖先地址或水龙头——单独使用时置信度低，与其他信号结合后置信度提升
CEX模式	存提时间/金额区间——通常不透明；结果为概率性
熵值/频率	跨链特征相似度——可选结合ML；需在种子数据上验证

4. Advanced cross-chain signals (use with care)

4. 高级跨链信号（谨慎使用）

Deployer similarity on EVM (bytecode hash, creator address)—same code ≠ same operator always.
Oracle / aggregator usage fingerprints—noisy in popular DeFi.
Privacy tools and mixers — May break or delay tracing; discuss observable exits only—do not advise evasion.
ML propagation — Seed high-confidence clusters; gate expansion; report false-merge risks.

EVM部署者相似度（字节码哈希、创建者地址）——相同代码≠始终为同一操作者。
预言机/聚合器使用特征——在热门DeFi中噪声较大。
隐私工具与混币器——可能中断或延迟追踪；仅讨论可观测的流出——请勿提供规避方法。
ML传播——以高置信度聚类为种子；严格控制扩展范围；报告错误合并风险。

5. Token and wrapped-asset normalization

5. 代币与Wrapped资产标准化

Map bridged representations to a canonical asset id in your model (e.g. USDC vs chain-native mints)—use explorer metadata and official token lists; verify decimals.
Mint/burn parity — Compare aggregate flows on both sides when data exists; discrepancies may be timing, fees, or incomplete indexing—not automatically “laundering.”
Round-trip bridging — Can indicate arbitrage, testing, or obfuscation—contextual; avoid definitive moral labels without corroboration.

在模型中将桥接资产映射至标准资产ID（例如USDC与各链原生铸造的版本）——使用浏览器元数据和官方代币列表；验证小数位数。
铸造/销毁平衡——在数据可用时对比两侧的总流向；差异可能源于时间差、手续费或索引不完整——不能直接判定为“洗钱”。
往返桥接——可能表示套利、测试或混淆行为——需结合上下文；在无佐证的情况下避免给出绝对定性标签。

Toolchain and data sources (examples)

工具链与数据源（示例）

Layer	Examples	Notes
Bridges	Explorer UIs, project APIs	Confirm message format
Graphs	Neo4j, NetworkX	Version node id scheme
Analytics	Dune, Flipside	Multi-chain decoded tables
Portfolio	DeBank, Zerion-class	Overview, not sole proof
Labels	Arkham, Nansen	Sanity-check, not oracle
Monitoring	Indexer webhooks	Authorized use, ToS

层级	示例	说明
Bridges	浏览器UI、项目API	确认消息格式
图谱	Neo4j、NetworkX	注意节点ID方案版本
分析	Dune、Flipside	多链解码表
投资组合	DeBank、Zerion类工具	仅作概览，非唯一证据
标签	Arkham、Nansen	用于合理性检查，非绝对权威
监控	索引器Webhook	需授权使用，遵守服务条款

Operational workflow (suggested)

建议操作流程

Seed — Any-chain address, tx, mint, or bridge event (public).
Triage — Immediate bridge legs and destination receipts.
Graph seed — Nodes/edges from correlation IDs + first-hop transfers.
Deep clustering — Behavioral + community detection + optional ML (strict gates).
Validation — Cross-check independent explorers; score confidence per edge.
Evidence — Unified diagram, cross-chain timeline, Sankey or equivalent.
Follow-up — Optional watchlists for public addresses (user’s own tooling/alerts); no harassment or unauthorized surveillance.

种子数据——任意链的地址、交易、铸造或Bridge事件（公开数据）。
分类筛选——立即定位Bridge交易环节与目标链收据。
图谱种子构建——基于关联ID+首跳转账生成节点/边。
深度聚类——结合行为分析、社区检测及可选ML（严格管控范围）。
验证——通过独立浏览器交叉验证；为每条边标注置信度评分。
证据整理——统一图谱、跨链时间线、桑基图或等效可视化图表。
后续跟踪——可选为公开地址创建监控列表（使用用户自有工具/警报）；禁止骚扰或未经授权的监视。

Reporting

报告规范

TL;DR — Scope (chains, time range), cluster count, confidence tiers.
Edge list — Each link: why (bridge ID, timing, amount, etc.).
Limitations — Missing private CEX data, mixer gaps, label errors.
Repro — Queries, block heights, parameters for graph build.

摘要——范围（涉及链、时间区间）、聚类数量、置信度层级。
边列表——每条关联：标注依据（Bridge ID、时间戳、金额等）。
局限性——缺失的私有CEX数据、混币器导致的追踪缺口、标签错误。
可复现性——查询语句、区块高度、图谱构建参数。

Ethical and professional guardrails

伦理与职业准则

Precision over recall for public accusations—false merges harm people.
Compliance and law — High-stakes AML decisions need process, not heuristics alone (crypto-investigation-compliance).
Privacy tools — Describe observable patterns defensively; no evasion help.

Goal: Unify fragmented public trails into testable multi-chain cluster hypotheses—for lawful investigation, risk awareness, and ecosystem defense.

针对公开指控，优先保证精准性而非召回率——错误合并会对他人造成伤害。
合规性与法律——高风险AML决策需基于规范流程，而非仅依赖启发式算法（参考crypto-investigation-compliance）。
隐私工具——保守描述可观测模式；禁止提供规避方法。

目标：将碎片化的公共轨迹整合为可验证的多链聚类假设——用于合法调查、风险感知及生态系统防护。