Overview

When a cryptocurrency wallet address undergoes AML (Anti-Money Laundering) analysis, the resulting data is classified across multiple parameters. Each parameter reflects a potential connection between the address and various categories of fund origins, ranging from fully legitimate to highly suspicious.

Both direct and indirect on-chain links are examined, including incoming and outgoing transactions with known platforms, services, and address clusters. Based on the nature and severity of these associations, the address receives a Risk Score — a composite rating that quantifies the level of compliance concern.

The final score depends on how closely and frequently the address has interacted with entities across the following categories.

High-Risk Sources

• Child exploitation — funds linked to activities involving child exploitation material or networks.
• Dark market — funds connected to underground online marketplaces, typically accessible through anonymized networks.
• Dark service — funds tied to illegal services offered through darknet platforms.
• Enforcement action — addresses flagged due to regulatory or legal action against entities violating AML requirements.
• Exchange fraud — funds associated with fraudulent activity on exchanges, including market manipulation, insider exploitation, or unlawful fund movement.
• Unlicensed gambling — funds linked to gambling platforms operating without proper regulatory licenses.
• Illegal service — funds tied to activities that violate existing laws and regulations.
• Mixer / tumbler — services designed to obscure the origin of crypto assets by blending them across multiple wallets, commonly used to evade chain analysis or facilitate laundering.
• Ransom — funds connected to extortion demands, typically in the context of ransomware or cyberattacks.
• Sanctions — funds associated with sanctioned individuals, entities, or jurisdictions. Key regulators include OFAC (U.S.) and the EU sanctions framework.
• Scam — funds obtained through deceptive schemes with established direct or indirect links to fraud.
• Stolen coins — crypto assets acquired through unauthorized access to or theft from other wallets or platforms.
• Terrorism financing — funds linked to the financing or support of terrorist organizations.

Suspicious Sources

• Crypto ATM — funds received through cryptocurrency ATM terminals, which may have limited identity verification.
• Unlicensed exchange — platforms conducting trading and exchange operations without proper licensing or regulatory authorization.
• Liquidity pools — smart contracts holding locked tokens to provide trading liquidity in decentralized finance protocols.
• Unlicensed P2P exchange — peer-to-peer platforms facilitating direct cryptocurrency transactions between users without proper licensing.

Trusted Sources

• Marketplace — funds originating from legitimate trading and commerce activities.
• Mining — crypto assets generated through proof-of-work mining operations.
• Licensed exchange — officially authorized platforms operating in compliance with applicable financial regulations.
• Other — funds received through airdrops, token sales, or distribution mechanisms that fall outside standard categories.
• Licensed P2P exchange — regulated platforms enabling direct cryptocurrency exchanges between individuals with proper oversight.
• Payment processor — funds received through licensed payment networks and processors.
• Seized assets — assets recovered through law enforcement operations, held or distributed in the interests of affected parties.
• Verified wallet — funds held in wallets that have completed identity verification procedures.