Skip to main content
Note: Risk levels for each type are dynamic and can propagate from source addresses to interacted addresses based on the number of hops (N hops). The actual risk level is determined at runtime based on the relationship chain and other contextual factors.

Risk Type Categories

Black-Gray Market

  • Code: black-gray-goods
  • Description: Addresses involved in black or gray market activities
  • Indicators:
    • Sale of prohibited goods
    • Underground marketplace transactions
    • Counterfeit product channels

Online Gambling

  • Code: online-gambling
  • Description: Addresses involved in unauthorized online gambling operations
  • Note: Consider local regulations for treatment

Fraud

  • Code: scam
  • Description: Addresses involved in fraudulent schemes or scams
  • Types:
    • Ponzi schemes
    • Investment scams
    • Phishing operations
    • Fake exchanges or services

Hacking

  • Code: hack
  • Description: Addresses involved in hacking incidents or security breaches
  • Indicators:
    • Funds from known exchange hacks
    • Exploit-related transactions
    • Smart contract vulnerabilities

Money Laundering

  • Code: launder-money
  • Description: Addresses involved in layering and obfuscation of illicit funds
  • Indicators:
    • Rapid fund movement across multiple addresses
    • High transaction volumes with no apparent business purpose
    • Connections to known mixing services

Sanctions

  • Code: sanction
  • Description: Addresses owned by sanctioned individuals or entities
  • Sources:
    • OFAC (US Treasury)
    • EU Sanctions List
    • UN Sanctions List
    • Other international watchlists

Freeze

  • Code: frozen
  • Description: Addresses or funds that have been frozen due to legal or regulatory actions
  • Indicators:
    • Court-ordered freezes
    • Law enforcement seizures
    • Regulatory freezes

Political

  • Code: politics
  • Description: Addresses associated with politically sensitive activities
  • Considerations:
    • Political organizations
    • Embargoed entities
    • Sanctioned political figures

Drug Trafficking

  • Code: drug
  • Description: Addresses involved in illegal drug trade
  • Indicators:
    • Darknet marketplace connections
    • Drug trafficking network patterns

Firearms Trafficking

  • Code: gun
  • Description: Addresses involved in illegal firearms trade
  • Indicators:
    • Weapons marketplace transactions
    • Trafficking network connections

Terrorism Financing

  • Code: terrorist
  • Description: Addresses associated with terrorist financing
  • Sources:
    • OFAC Specially Designated Nationals (SDN) list
    • UN Security Council sanctions
    • National terrorism databases

Pornography

  • Code: porn
  • Description: Addresses associated with illegal pornography
  • Indicators:
    • Adult content platforms
    • Illegal content marketplaces

Controlled Substances

  • Code: controlled-substance
  • Description: Addresses dealing in controlled substances
  • Indicators:
    • Prescription drug sales
    • Illegal pharmaceutical sales
  • Code: bloodiness
  • Description: Addresses associated with violent or graphic content
  • Code: religion
  • Description: Addresses associated with religiously sensitive content

CSAM

  • Code: csam
  • Description: Addresses associated with child sexual abuse material
  • Action: Immediate report to law enforcement

Risk Type in API Responses

Risk types appear in both KYA and KYT endpoints: 
{
  "data": {
    "risks": [
      {
        "riskLevel": "high",
        "riskType": "sanction"
      },
      {
        "riskLevel": "generally-high",
        "riskType": "online-gambling"
      }
    ]
  }
}

Multiple Risk Types

An address or transaction can have multiple risk types: 
{
  "risks": [
    {"riskLevel": "high", "riskType": "hack"},
    {"riskLevel": "high", "riskType": "launder-money"},
    {"riskLevel": "generally-high", "riskType": "politics"}
  ]
}

Handling Different Risk Types

Compliance Workflows

function handleRisk(risks) {
  const criticalRisks = ['sanction', 'terrorist', 'launder-money', 'csam'];

  for (const risk of risks) {
    if (criticalRisks.includes(risk.riskType)) {
      return 'BLOCK_AND_REPORT';
    }

    if (risk.riskLevel === 'high') {
      return 'BLOCK_AND_REVIEW';
    }
  }

  return 'ALLOW';
}

Regulatory Reporting

Different risk types may trigger different reporting requirements:
  • Sanctions: Immediate blocking and reporting
  • Terrorism Financing: Immediate report to authorities
  • Money Laundering: SAR filing
  • CSAM: Immediate report to law enforcement
  • Fraud: Law enforcement reporting

Risk Type Evolution

Our risk detection models are continuously updated:
  • New categories added as new threats emerge
  • Refined classifications based on new intelligence
  • Deprecated categories as threats evolve

Reporting False Positives

If you believe a risk classification is incorrect:
  1. Document the transaction details
  2. Gather supporting evidence
  3. Submit a report through our support portal
  4. Our team will investigate and update if needed