Which crypto AML tool is best for a self-custody holder?

Chainalysis, Elliptic and TRM Labs do not sell to individual self-custody holders. They sell exclusively to institutions through enterprise contracts. AegisAML is the only one of the four built for self-custody, OTC and family-office users.

How much does Chainalysis cost?

Chainalysis does not publish pricing. Public reports place the base contract at roughly USD 500–2,000 per month for KYT, plus per-address or per-query API fees in the USD 3–15 range. Reactor is priced separately at a higher tier.

Is AegisAML a real Chainalysis alternative?

For self-custody screening, yes. AegisAML indexes the same sovereign sanctions lists Chainalysis uses (OFAC SDN, EU CFSP, UN, OFSI, SECO, DFAT, SEMA) and the same open-source mixer and hack-cluster databases. For investigative casework, government use and SAR workflows, Chainalysis Reactor remains the institutional tool.

Do Chainalysis or Elliptic store the addresses I query?

Yes. Both run as SaaS or API. Every query is processed on their servers and is logged against your account for billing and audit. AegisAML runs locally on Windows and never sends queried addresses outbound.

Comparison · 2026 Updated Jun 2026

Chainalysis vs Elliptic vs TRM Labs vs AegisAML — Honest 2026 Comparison

Four tools dominate the crypto AML space in 2026: Chainalysis, Elliptic, TRM Labs and AegisAML. The first three are enterprise SaaS sold to banks, exchanges, regulators and law enforcement. The fourth is a free Windows desktop application built for the people the other three do not sell to. This guide compares them on pricing, data coverage, deployment model, and target customer — with no NDA, no rephrasing of vendor marketing, and no pretence that one tool fits every buyer.

Direct answer: which one should you use?

If you run a bank, a regulated exchange, a VASP, a payments processor, or a financial-crimes investigation unit at a government agency, the answer is one of Chainalysis, Elliptic or TRM Labs. The exact choice depends on your existing vendor relationships, your jurisdiction, and which sales team gives you the better commercial terms in a procurement bake-off.

If you self-custody crypto, run an OTC desk, manage a family-office portfolio, or settle B2B payments in USDT, the answer is AegisAML. The three enterprise vendors will not sell to you. AegisAML is free, runs on Windows, and indexes the same sovereign sanctions lists the others do.

The 10-row comparison table

Criterion	Chainalysis	Elliptic	TRM Labs	AegisAML
Target customer	Banks, exchanges, regulators, law enforcement	Banks, exchanges, governments, VASPs	Banks, payments, agencies	Self-custody, OTC, family office
Pricing model	Enterprise contract + per-query	Enterprise contract + per-query	Enterprise contract + per-query	Free · no tier
Base monthly cost (published)	Not published; ~$500–$2,000+	Not published; enterprise quote	Not published; enterprise quote	$0
Per-address query fee	~$3–$15	~$3–$15	~$3–$15	$0
Procurement path	Sales call, KYC, contract	Sales call, KYC, contract	Sales call, KYC, contract	Download · no signup
Deployment	Web / API (SaaS)	Web / API (SaaS)	Web / API (SaaS)	Windows desktop · local
Queries leave your network	Yes — sent to provider	Yes — sent to provider	Yes — sent to provider	No — local index
OFAC + EU + UN coverage	Yes	Yes	Yes	Yes — same lists
Mixer + hack clusters	Proprietary	Proprietary	Proprietary	Open OSINT
Hardware wallet integration	API only	API only	API only	Native USB read-only

Chainalysis — the KYT and Reactor standard

Chainalysis is the largest and most widely deployed blockchain analytics vendor. Its two flagship products are KYT (real-time transaction monitoring for VASPs and exchanges) and Reactor (graph investigation tool used by financial-crimes units and government agencies). Chainalysis published the original Crypto Crime Report, which most regulators cite when drafting policy.

The strengths are scale and coverage. Chainalysis has more labels, more entity attributions, and longer history than its competitors. Its customer base includes the US Department of Justice, IRS, FBI, multiple central banks, and most US-licensed exchanges. If you are a financial institution under FinCEN or FATF jurisdiction, Chainalysis is the safe procurement choice.

The weaknesses are pricing opacity and customer fit. Chainalysis does not publish prices. Anecdotal data points place base contracts at USD 500 to 2,000 monthly plus per-query fees in the USD 3 to 15 range. There is no individual or small-business tier. You either buy at enterprise prices or you do not buy at all.

When Chainalysis is the right tool

Regulated VASP with a compliance officer and a budget.
Government investigation requiring graph-traversal evidence admissible in court.
Large exchange screening every inbound deposit at scale.
Insurance, audit or law firm working on a named crypto matter.

Elliptic — the European institutional alternative

Elliptic is the closest direct competitor to Chainalysis. Headquartered in London, it sells Elliptic Lens for transaction screening and Elliptic Investigator for graph analysis. Coverage is comparable; pricing is comparable; deployment is comparable. The differentiator is usually relationship and regional focus, not capability.

Elliptic has historically been favoured by UK and EU institutions that prefer a London-headquartered vendor for data-sovereignty reasons under post-Brexit and MiCA-aligned procurement frameworks. Read more about MiCA crypto AML for EU holders.

When Elliptic is the right tool

UK or EU institution with a regional procurement preference.
Customers already in the Elliptic ecosystem (analytics, training, certifications).
VASPs operating under MiCA who need an EU-friendly compliance partner.

TRM Labs — the newer enterprise entrant

TRM Labs entered the market later than Chainalysis and Elliptic and grew aggressively. Its product surface is similar — transaction monitoring, investigation, training — with a sales pitch oriented toward modern fintech and crypto-native institutions. TRM frequently publishes typology reports and has positioned itself as the "fast-moving" alternative.

Coverage is on par with the other two. Pricing follows the same enterprise model: contract plus query fees. Differentiation is again about relationship, sales experience and bundled training rather than raw capability.

When TRM Labs is the right tool

Newer crypto-native institutions evaluating alternatives to Chainalysis.
Customers who value the pace of TRM's typology research and training.
Buyers who prefer TRM's commercial terms after a procurement comparison.

AegisAML — for the buyers the other three will not sell to

AegisAML occupies a different category. It is not an enterprise SaaS. It is a free Windows desktop application built for self-custody holders, OTC desks, family offices, and individual operators who need the same screening logic but do not have an institutional procurement process.

The underlying data is public: the same sovereign sanctions lists (OFAC SDN, EU CFSP, UN, UK OFSI, Swiss SECO, Australian DFAT, Canadian SEMA) and open-source mixer and hack-cluster databases that Chainalysis, Elliptic and TRM also index. Sovereign designations are published by governments. AegisAML adds the screening engine, the hardware-wallet integration and the local-first deployment model.

The trade-off is investigative depth. AegisAML does not have proprietary cluster labels at the same scale as the enterprise vendors. It does not file SARs. It does not run an analyst training program. For self-custody screening before a CEX deposit, an OTC settlement, or a hardware-wallet audit, that scope is sufficient. For a federal grand-jury investigation, it is not.

When AegisAML is the right tool

Self-custody holder screening an inbound BTC, ETH, USDT or SOL payment.
OTC desk verifying counterparty addresses before settlement.
Family office auditing a Ledger or Trezor cold treasury quarterly.
Individual operator wanting documented source-of-funds before a CEX deposit.

Data source overlap — the part vendors do not advertise

One uncomfortable truth about crypto AML: the four tools rely on substantially overlapping data sources. The sovereign sanctions lists are public and identical — OFAC SDN is the same file whether you query it through Chainalysis or AegisAML. The difference is in the screening engine, the proprietary cluster labels, and the deployment model.

Mixer addresses are mostly public knowledge: Tornado Cash deposit contracts are on Etherscan; ChipMixer was law-enforcement-seized; Sinbad's clusters were documented in open-source intelligence reports. Hack clusters are similarly public after the fact — the Ronin breach, the Wormhole bridge exploit, the Bybit hot-wallet drain and the Nomad bridge bug all have their entry addresses documented in OSINT and forensic write-ups.

Where the enterprise vendors genuinely add value is in their proprietary attribution data — cluster labels for exchanges, OTC desks, ransomware actors and darknet markets that were generated through internal heuristics or cooperation with law enforcement. AegisAML does not attempt to compete on that proprietary surface. It uses open OSINT data instead.

The procurement reality for individual buyers

If you tried to buy Chainalysis as an individual in 2026, the sales cycle would look like this:

Request demo through the website.
Wait for a discovery call.
Be politely declined because you are not an institutional customer.

The same outcome would occur at Elliptic and TRM. The enterprise vendors do not sell to self-custody holders because the support cost would exceed the per-customer revenue. This is a rational business decision — it is also why a parallel free tool exists.

If you want enterprise-grade screening but do not have an enterprise budget, the realistic options are: (a) use the free open-source Tornado Cash address lists and OFAC SDN feeds yourself, or (b) use AegisAML on Windows, which pre-indexes those same feeds for you. Both work. AegisAML adds the screening UI and hardware-wallet integration that you would otherwise have to build.

How to choose — a decision tree

Are you a regulated institution under FinCEN, FCA, BaFin, MAS or similar? Use Chainalysis, Elliptic or TRM. Procurement preference and existing relationships drive the choice.
Are you a government investigator? Chainalysis Reactor or Elliptic Investigator. Court-admissibility considerations may push you to a specific vendor based on jurisdiction.
Are you a self-custody holder, OTC desk, or family office? Use AegisAML. The enterprise vendors are not commercially available to you.
Are you an open-source researcher? Build from raw OFAC + community OSINT, or use AegisAML as a packaged tool.

Try AegisAML free on Windows

Same sanctions lists. Same mixer cluster categories. Same hack-cluster matching. No procurement cycle. Runs locally on your machine. Free forever.

Download AegisAML for Windows

Frequently asked questions

Is AegisAML really free, or is there a paid tier?

Free. There is no paid tier. The free version is the only version. AegisAML is self-funded and does not have a commercial roadmap that adds a paid product. The economic model is that more screening lowers the volume of tainted coins circulating, which helps every legitimate counterparty in the ecosystem.

How does AegisAML compare to Reactor for investigation?

It does not. Chainalysis Reactor is the gold-standard graph investigation tool for law enforcement and large-scale financial-crime analysis. AegisAML is a pre-transfer screening tool for self-custody holders. Different problem, different scope. If you need investigative tooling, use Reactor.

Can I use AegisAML to comply with FATF Travel Rule obligations?

AegisAML provides the screening output (sanctions match, mixer exposure, risk score) that supports a Travel Rule decision. It does not replace a VASP's Travel Rule infrastructure (originator/beneficiary data exchange under FATF Recommendation 16). For VASPs, you still need an institutional vendor. For self-custody compliance with your own due-diligence policy, AegisAML's report is sufficient.

What if my CEX uses one vendor and I use another?

It does not matter for screening category coverage. If your sending address has direct OFAC exposure, Chainalysis, Elliptic, TRM and AegisAML will all flag it. The risk score may differ at the margins because each vendor weights its proprietary signals differently, but the categorical findings (sanctioned / mixer / hack) overlap heavily across all four.