Part 1 of our "AML Typologies for Crypto" series — the laundering techniques every monitoring programme has to recognise, and how each one looks on-chain. We start with the most common structuring pattern in crypto: the peel chain.
A peel chain is the on-chain equivalent of slowly skimming cash off a stack. A launderer holding a large tainted balance does not send it to an exchange in one transaction — that lights up every screening system at once. Instead they "peel" a small amount off to a cash-out point and forward the large remainder to a fresh address, then repeat, dozens or hundreds of times. The result is a long single-file chain of addresses, each hop shedding a little value to the regulated world while the bulk keeps moving.
How the Pattern Works
The mechanic is simple and repetitive. Start with a tainted UTXO or balance. Send a small portion — the "peel" — to a destination that can convert it: an exchange deposit address, a P2P trade, a payment. Send the large remainder to a brand-new address you control. From that new address, peel again. Each hop:
- Keeps each cash-out small — below the value thresholds that trigger enhanced review at the receiving service
- Adds distance — every hop is another degree of separation between the cash-out and the original crime, so a naive "is the sender the thief" check comes back clean
- Uses a fresh address — so there is no reused-address history tying the chain together for a casual observer
Done patiently, a peel chain can move a large sum to dozens of exchange accounts over weeks, with no single transaction looking remarkable in isolation.
Why It Defeats Naive Screening — and Doesn't Defeat Tracing
Peel chains beat two common but shallow controls: a flat value threshold (every peel is under it) and a one-hop counterparty check (the immediate sender is always a fresh, unlabelled address). What they do not beat is multi-hop tracing. The remainder address at each hop is deterministically linked to the next, so the whole chain is a single connected path back to the source — the structure that hides each transaction is exactly what makes the chain recognisable as a chain.
The detection signal is the shape: a sequence of addresses each receiving one input and emitting one small external payment plus one large forward, repeating. That morphology is rare in legitimate activity and characteristic of structuring.
Screen the chain, not the transaction
A peel chain is invisible to any control that looks at a single transaction or a single hop. It is obvious to one that looks at the path: the connected sequence, the repeating peel-and-forward morphology, and the tainted address at the head of the chain. The practical requirement is multi-hop, source-tracing screening — "how far is this deposit from a known-illicit origin, and through what structure" — not "is this single sender on a list."
Detecting It
How BA detects it. BA traces deposits upstream through the transaction graph and scores indirect exposure by hop distance to known-illicit sources — so a peel chain's small, clean-looking final hop still carries the risk of the tainted head it descends from. The peel-and-forward morphology and the connection back to a labelled source surface together, across 80+ chains, rather than each tiny cash-out being judged in isolation. For where this fits in a monitoring programme, see Ongoing Customer Wallet Monitoring.
Next in the series: Cross-Chain Laundering — Bridge Hopping as Obfuscation, where the launderer doesn't lengthen the chain but jumps it to another blockchain entirely.
Detect peel-chain patterns in your customers' transaction flows
Screen wallets, monitor entities, and generate compliance reports with 1B+ labeled addresses and 305+ data sources.
See Monitoring Solutions