Darknet intelligence, specialized in crypto
Adversarial collection · Clean signal · Often before first funding — Surikata-X Feed
We're a darknet intelligence company, specialized in the crypto use case. Using adversarial techniques that induce threat actors to expose their own financial infrastructure, we collect from inside the darknet and attribute the cryptocurrency addresses behind the operators — across the entire illicit economy. Most feeds hand you addresses scraped off the surface; we attribute the address itself, to the operator, accurate at the source — often before it receives its first transaction. Every address is then cleaned against a 35K+ entity, 450M+ address attribution graph, so what you license is high-signal intelligence, not raw scrape.
One feed. The whole illicit economy.
Surikata-X spans roughly 30 entity types — each address typed and jurisdiction-tagged. Multi-chain across Bitcoin, Ethereum, Monero, TRON, and Solana.
We start inside the darknet, not on the chain.
Chain analytics starts with an address and works backward — clustering and co-spend to guess who might be behind it. We start at the source: inside the operator's own darknet site, and work outward to the crypto that runs it. The address is what we pull out, not where we start.
Scan the darknet
We continuously crawl protected .onion marketplaces, forums, and hubs to surface active operator sites as they come online.
Classify every site
AI content classification types each site by what it actually is — surfacing the crypto-adjacent, financially-active operators and dropping the non-actionable rest.
Get inside
Proprietary adversarial collection induces the operator to expose their own payment funnel — the step chain analytics never reaches.
Extract the addresses
We pull the crypto straight out of the operator's own funnel across BTC, ETH, Monero, TRON, Solana, LTC, and DOGE — taken from the source, not lifted off a page.
Attribute & cluster
Each address is tied to its operator and clustered by shared payment rails — mapping the network behind the money, not a single wallet.
Accuracy is a property of how the data is collected — not a scoring model applied after the fact.
Everyone scrapes the darknet. We keep it clean.
Adversarial collection makes attribution accurate at the source; crypto-native cleaning makes sure no noise reaches you downstream. We drop the donation addresses, the "key for sale" scams, and the wallets already labeled in our 450M-address graph — so what reaches you is the real money flow.
Illustrative sample. We drop donation and decorative addresses, "key for sale" scams and exit-scams, and addresses that are already-known entities (public treasuries, exchange wallets). What remains is high-signal — often flagged before first funding.
Proven on the hardest attribution there is.
CSAM and human trafficking networks are the most adversarial, most evasive corner of the darknet — where inference-based attribution fails most often. If a method holds up there, it holds up everywhere. The same adversarial collection and clean-signal pipeline runs across every entity type in the feed.
Built for teams that need attribution, not alerts.
DarkScout is the data supplier, upstream of your stack — not the screening layer. We ship the data; you build the workflow.
Analytics & Threat-Intel Platforms
Supplement your attribution database with clean, darknet-sourced intelligence across every entity type — addresses detected before they appear in traditional datasets
Financial Institutions
Screen and attribute addresses pre-transaction to avoid exposure to the full illicit economy, not just one category
Law Enforcement & Investigators
Operator-level attribution with evidence, and network mapping across addresses and entities
Compliance & Risk Teams
Avoid risk entirely with attribution that lands hours to days before first funding
How it works
Accurate at the source, clean by construction, multi-chain, and evidence-backed. Documented and auditable.
Proprietary techniques induce threat actors to expose their own financial infrastructure — accurate at the source, with full audit trails and content-filtered evidence
Crypto-native cleaning against a 35K+ entity, 450M+ address graph strips donations, scams, and known wallets — high-signal, low false positive
BTC, ETH, Monero, TRON, Solana, Litecoin, Dogecoin — most darknet intel tools are Bitcoin-only
Every address is backed by content-filtered screenshots capturing source and address only — suitable for compliance audits and legal proceedings
Evaluate the feed on your own data.
Request a data license and sample datasets to test attribution accuracy and clean-signal filtering across the entity types that matter to you.
Request Data License