Stablecoins settled $33 trillion in 2025, more than double Visa's. Tokenized treasuries crossed $9 billion on-chain. The regulatory architecture is catching up: MiCA is live in Europe, the GENIUS Act is law in the US, and FATF is auditing Travel Rule implementation worldwide. What was a crypto thesis is becoming a financial infrastructure one. Public blockchains already give us something traditional finance never had: a complete, permanent record of every transaction, flow, and interaction.
The data is there. The problem is comprehension. The volume, speed, and complexity of on-chain activity now exceed what any team of human analysts can process. While we can see the ledger, we lack the infrastructure to understand it at scale.
Humans still need to audit, approve, and decide. We need something to make the ledger legible. That something is machine comprehension. This is the bitter lesson: what wins going forward are not the methods that got us here.
Drowning in a Tidal Wave of Fraud
In 2024, the FBI recorded $9.3 billion in cryptocurrency fraud losses, up 66% year over year. Globally, over $51 billion flowed to illicit addresses that year, and that's a lower-bound estimate. The financial industry spends $206 billion per year on financial crime compliance worldwide, according to LexisNexis Risk Solutions, much of it on human investigators who manually review alerts and trace transactions one by one.
The unit economics are brutal, and they grow worse with scale. L1 analysts cost $20-$40 per hour. A trivial case takes 20 minutes to an hour. Multiply that across hundreds or thousands of daily alerts, and the numbers add up fast. And for anything that requires real depth, the economics get worse. A professional blockchain investigator costs $300K-$500K a year, if you can find one. The top investigation firms won't even start a case below a $500K-$1M threshold.
The problem is structural. Today, the machine outputs data and the human does the computing: tracing flows, combining heuristics, holding transaction graphs in their heads, navigating combinatorial spaces through judgment. Analyst headcount grows linearly. Transaction volume grows exponentially. That's the wrong architecture for a high-speed, global, 24/7 financial network. That math doesn't bend.
When the machine is the computer, it screens over one million addresses per second. The machine is the data source, the compute, and the explainer. It's a system that understands what a transaction means in context, not just which rule it triggered, so fewer false positives reach a human in the first place. Then the human acts as the judge.
The Bitter Lesson: The Future Belongs to Data and Compute
On-chain investigation is still rule-based: common-spend clustering, timing analysis, peel-chain detection, and change address identification. Implicit human knowledge is baked into investigative procedure. While this system works for common cases, it breaks when the adversary is novel, when the pattern is complex, or when there's simply too much to process.
In other words, this system represents a ceiling. The answer that the incumbents are trying is more labels, more data, more rules. We believe the better option is to build agents that explore, discover, and reason like a human investigator, reconstructing what happened, why, and what it means for the next case. This path results in fewer false positives, lower investigation costs, and a credible path to effective security compliance at scale.
On-chain is unusually well-suited to this shift because the data is already sitting there in public ledgers. Every transaction is recorded, complete, and immutable. What's missing is a system that can make sense of it.
An on-chain world model lets agents do what investigators do: read the ledger, call the right tools to transform raw data into evidence, and reach beyond the chain when needed. With off-chain ground truth, the agent queries real-world APIs to identify entities, pull hack event context, search news, and connect it all back to the case. It is a meta-structure that enables agents to work like humans: not just reading on-chain data, but discovering, reasoning, and building a case across both on-chain and off-chain sources. A world model lets an agent investigate why.
The urgency keeps growing. If on-chain transaction volume grows even a fraction of the 100x some forecast by 2030, security and compliance infrastructure won't keep pace. We can't investigate machine-speed activity with human-speed reasoning.
A New Direction: Humans Steer, Machines Row
The bitter lesson doesn't say human knowledge is worthless. It says that human knowledge works best when it directs computation rather than trying to replace it.
In practice, the human stops tracing transactions. The machine traces. The human stops holding the graph in their head. The machine holds it. The human stops combining five heuristics to guess the transaction intent, and lets the machines permutate.
Humans do two things that the machine can't.
First, the human establishes the starting context. The kind of intelligence that neither lives on-chain nor is captured explicitly. Who is suspected, what is the political backdrop, which exchanges will cooperate, and what patterns are typical of a particular threat actor? "We think this address belongs to group X. They operate during UTC+8 hours. They've used Tornado Cash before. The stolen funds were these token types." That context constrains the search space and makes the machine's work tractable. The interface has to support this: structured briefing, not a search box. And iterative steering. The human is redirecting mid-investigation, injecting new information, correcting misattributions as things develop.
Second, the human renders judgment. The machine can search a space too large for any human to traverse. It can surface evidence, reconstruct flows, identify patterns, and rank hypotheses by confidence. But it can't decide if a case is proven. It can't weigh legal sufficiency. It can't factor in what exists outside the blockchain: geopolitical context, classified intelligence, and the standard of proof in a given jurisdiction.
This only works if the machine's output is presentable, interpretable, and explainable.
Presentable means it can be included in a legal filing, a SAR, or a regulatory submission. A black-box score that says "87% probability" is not evidence. A reconstructed transaction graph with annotated flows and proven entity interactions is.
Interpretable means an analyst or attorney can follow the reasoning without understanding the model: "These wallets share a funding source, interact with the same contracts in correlated time windows, and show the same peel chain pattern attributed to this actor."
Explainable means it holds up under challenge. Why this wallet? Why not that one? What would change the conclusion? In adversarial proceedings, the other side will attack every link. The reasoning has to survive.
A system that actually comprehends on-chain activity at the semantic level produces explanations rooted in observable facts. It produces output that an analyst, compliance officer, or judge can evaluate on its merits.
The Infrastructure Bet
The problem is hard. We know because we have lived it, and see where we came from and believe where we are heading.
The CipherOwl team helped build on-chain and compliance infrastructure at Coinbase, and that experience shaped our view: capturing on-chain data is essential, but not sufficient. Public data does not automatically become useful intelligence. It has to be transformed, connected, interpreted, and grounded in deep domain knowledge of the on-chain ecosystem.
The core challenge is seeing transactions and letting machines understand what they mean.
That requires establishing the real-world connection between addresses, entities, services, protocols, and behaviors. It means solving the data problem in a way that helps both humans and agents build a shared understanding of activity on-chain. And it means giving agents enough context to reason step by step, rather than simply returning isolated labels, alerts, or scores.
Today, much of this work still depends on skilled humans applying heuristics to a transaction graph that is growing faster than any team can keep up with. Labels are sparse. Entity resolution across chains remains imperfect. Adversaries adapt. Institutions do not always share intelligence because their incentives are not aligned.
The next step is not more data. It is a new generation of infrastructure.
This infrastructure needs to ingest large volumes of on-chain activity, adapt as new chains, assets, protocols, and behaviors emerge, and build the foundational understanding that investigative agents can reason from. It needs to learn from incomplete and delayed signals. When new intelligence appears, it should be able to replay history, update context, and improve its understanding of past activity.
This is not a problem solved by a better dashboard or a longer list of rules. The future of on-chain compliance will require systems that learn continuously, incorporate organization-specific knowledge, reason across fragmented data, and help investigators move from raw transactions to defensible conclusions.
That is what we are building at CipherOwl. If you're working on the same problem from a different angle, let's talk.