Methodology

MWEBscan analyses only public Litecoin blockchain data. Nothing inside MWEB is visible to anyone, including us. Every link between a peg-in and a peg-out is an inference from public-side signals: a heuristic confidence score, not a calibrated statistical probability, and never a proof. Treat confidence scores as investigative leads, not facts.

What we observe directly

Peg-ins are witness_mweb_pegin outputs on the public chain. Peg-outs are the non-witness_mweb_hogaddr outputs of each block's HogEx (integrating) transaction; the hogaddr output's value is the total LTC held in MWEB. These amounts, addresses, blocks and times are facts. Everything below is derived from them.

Round-trip linking

A peg-out of amount A is matched against earlier peg-ins of amount A to A + fee tolerance (a peg-out equals an earlier peg-in minus small fees). Confidence rises when:

• Small anonymity set: few peg-ins and peg-outs share that amount. A unique amount with one candidate each side is a high-confidence candidate, but still not proof; a common rounded amount is effectively unlinkable.
• Timing proximity: the peg-out follows the peg-in within a short window.

Confidence ~ 1 / (candidate_pegins + competing_pegouts − 1), scaled by a timing weight. Common, mixed, well-spaced amounts score low, which is the privacy-preserving case.

Wallet clustering

Addresses that co-spend as inputs of the same peg-in transaction are treated as one owner (the common-input-ownership heuristic). This only applies to peg-in funding transactions, where we can see the inputs.

Entity attribution

Curated, sourced address labels (exchanges, services, mixing services, sanctioned entities, and so on) are applied directly, then propagated across a wallet cluster at slightly reduced confidence. A label is only as good as its source; a wrong label is worse than none, so we never publish unverified attributions.

Scores

Peg-in privacy score (0-100, higher is better): anonymity-set size, reduced if the peg-in is heuristically linked to a peg-out, if its funding address is reused on a peg-out, or if it is funded from a known entity.

Peg-out AML risk score (0-100, higher is more concerning): the risk weight of the destination entity, the risk of the funding entity carried through the inferred MWEB hop, and the traceability (link confidence), plus an address-reuse bump.

Multi-hop tracing

Following coins across more than one peg cycle multiplies per-hop confidences, so uncertainty compounds quickly. A three-hop chain at 80% per hop is roughly 50% overall.

Limitations & false positives

• Internal MWEB transactions are invisible: splits, merges and mixing can break amount matching entirely.
• Coincidental amount matches happen, especially for popular amounts (hence the anonymity-set weighting).
• Clustering only covers peg-in funders, not the wider chain.
• Attribution depends on label quality and coverage.

Address labels

Attribution depends on curated, sourced labels, and Litecoin is heavily under-labelled, so coverage is intentionally sparse. MWEBscan prefers fewer sourced labels over broad unsourced attribution: a small accurate set is more trustworthy than a large speculative one. The other signals (amounts, timing, anonymity-set size, address reuse, clustering) work regardless of label coverage. See the repository README for where to obtain labels and how to import them.

Submit or correct a label. MWEBscan accepts sourced, publicly verifiable labels (exchanges, services, pools, merchants, sanctioned entities, public donation addresses, and the like); unsourced or speculative attributions are not. Open a label submission issue or email [email protected] with the address, entity, category, a source, and whether it is new, a correction, or a removal. By submitting you grant Tech1k/MWEBscan the right to publish, modify, redistribute, and sublicense it as part of the MWEBscan label set (full terms in CONTRIBUTING). Labels are heuristic metadata, not proof of ownership or wrongdoing; we may edit or remove them.