Know Your Transaction (KYT)

KYT is BlockchainAnalysis.io's pre-transaction risk screening engine. It allows exchanges, OTC desks, and payment processors to assess the risk of a blockchain transaction before it is executed — delivering a risk verdict in under 500 milliseconds. KYT is a critical compliance tool for VASPs operating under MiCA, AMLA, and FATF Travel Rule obligations.

Why KYT Matters

Traditional wallet screening evaluates addresses after the fact. KYT shifts compliance to the pre-transaction stage, enabling you to block or flag high-risk transactions before funds leave your platform.

This distinction is significant for several reasons:

Regulatory expectation — MiCA Article 67 requires CASPs (Crypto-Asset Service Providers) to implement effective systems for detecting suspicious transactions. Pre-transaction screening demonstrates proactive compliance.
Liability reduction — Once funds are sent to a sanctioned or high-risk address, the damage is done. Clawing back crypto transactions is effectively impossible. KYT prevents the problem entirely.
Operational efficiency — Blocking a withdrawal before execution is far cheaper than investigating a suspicious transaction after the fact, filing a SAR, and potentially facing regulatory penalties.
Customer experience — Legitimate customers benefit from instant approvals. Only genuinely risky transactions are held for review, reducing false friction.

KYT is designed to complement, not replace, Wallet Screening. Wallet screening provides deep, comprehensive analysis (12-section reports). KYT provides a fast, binary-style risk check optimized for real-time transaction flow. Most VASPs use both: KYT for real-time gating and wallet screening for periodic due diligence.

How KYT Works

When a KYT check is initiated — either via API call or dashboard — the platform executes a streamlined risk evaluation pipeline optimized for speed:

1. Address Resolution

The destination (and optionally, the source) address is validated and resolved against the BlockchainAnalysis.io entity database. If the address belongs to a known entity, that entity classification is immediately available for risk evaluation.

2. Sanctions Pre-Check

The address is checked against all integrated sanctions lists (OFAC SDN, EU Consolidated, UN Security Council, HM Treasury, SECO, DFAT, and 26+ additional lists). A direct sanctions match triggers an immediate BLOCK verdict — no further analysis is needed.

3. Risk Factor Screening

If no sanctions match is found, the address is evaluated against the following risk factors:

| Risk Factor | Description | Severity | |---|---|---| | Sanctions Exposure | Direct or indirect (1-2 hop) connection to a sanctioned address | Critical | | Darknet Market | Association with known darknet marketplaces | Critical | | Stolen Funds | Address linked to known theft or hack proceeds | Critical | | Terrorist Financing | Connection to addresses flagged for terrorism financing | Critical | | Mixer/Tumbler | Direct interaction with mixing services (Tornado Cash, Wasabi, etc.) | High | | Ransomware | Association with known ransomware campaigns | High | | Scam/Fraud | Address linked to known scam operations, phishing, or rug pulls | High | | Gambling | Interaction with unlicensed gambling platforms | Medium | | High-Risk Jurisdiction | Entity located in a FATF grey-listed or high-risk jurisdiction | Medium | | Privacy Coins | Interaction with privacy-focused tokens or cross-chain swaps to privacy chains | Medium | | Child Exploitation | Any association with CSAM-related addresses | Critical |

4. Verdict Generation

Based on the risk factor evaluation, a verdict is returned:

| Verdict | Meaning | Recommended Action | |---|---|---| | APPROVE | No significant risk factors detected | Process the transaction | | REVIEW | Moderate risk signals detected | Hold for manual compliance review | | BLOCK | Critical risk factors detected or sanctions match | Reject the transaction immediately |

A BLOCK verdict on a withdrawal request should be treated as a compliance obligation, not a suggestion. Processing a transaction despite a BLOCK verdict may constitute a sanctions violation or a failure to prevent money laundering, depending on your jurisdiction.

Response Time and SLA

KYT is engineered for real-time transaction flows:

| Metric | Target | Typical | |---|---|---| | Median response time | < 200ms | 120-180ms | | P95 response time | < 500ms | 300-450ms | | P99 response time | < 1000ms | 600-900ms | | Availability | 99.9% uptime | 99.95% observed |

Response times are measured from API request receipt to response dispatch. Network latency between your infrastructure and our API endpoints is additional.

For latency-sensitive integrations, we recommend using the API endpoint geographically closest to your infrastructure. Endpoints are available in EU (Frankfurt), US East (Virginia), and APAC (Singapore).

API Integration

KYT is primarily consumed via the REST API for automated, real-time transaction screening.

Endpoint

POST /api/v1/kyt/check

Request Headers

Authorization: Bearer <your-api-key>
Content-Type: application/json

Request Body

{
  "address": "0x1234567890abcdef1234567890abcdef12345678",
  "chain": "ethereum",
  "direction": "withdrawal",
  "amount": "2.5",
  "asset": "ETH",
  "customer_id": "cust_abc123",
  "reference_id": "tx_20260331_001"
}

Request Parameters

| Parameter | Type | Required | Description | |---|---|---|---| | address | string | Yes | The blockchain address to screen | | chain | string | Yes | Blockchain identifier (e.g., ethereum, bitcoin, solana) | | direction | string | Yes | withdrawal (outgoing) or deposit (incoming) | | amount | string | No | Transaction amount (used for threshold-based rules) | | asset | string | No | Token/asset identifier | | customer_id | string | No | Your internal customer ID (for audit trail linkage) | | reference_id | string | No | Your internal transaction reference |

Response

{
  "id": "kyt_8f3a2b1c4d5e6f7a",
  "timestamp": "2026-03-31T14:22:05.123Z",
  "address": "0x1234567890abcdef1234567890abcdef12345678",
  "chain": "ethereum",
  "verdict": "REVIEW",
  "risk_score": 62,
  "risk_level": "MEDIUM",
  "risk_factors": [
    {
      "factor": "MIXER_USAGE",
      "severity": "HIGH",
      "description": "Address received 1.2 ETH from Tornado Cash within the last 30 days",
      "confidence": 0.94
    },
    {
      "factor": "HIGH_RISK_JURISDICTION",
      "severity": "MEDIUM",
      "description": "Entity associated with jurisdiction on FATF grey list",
      "confidence": 0.71
    }
  ],
  "sanctions_match": false,
  "entity": {
    "name": null,
    "category": "UNKNOWN",
    "labels": []
  },
  "recommendations": [
    "Hold transaction for manual compliance review",
    "Request source of funds documentation from customer",
    "Consider initiating a full wallet screening for deeper analysis"
  ],
  "meta": {
    "response_time_ms": 147,
    "api_version": "v1",
    "reference_id": "tx_20260331_001"
  }
}

Response Fields

| Field | Type | Description | |---|---|---| | id | string | Unique KYT check identifier | | verdict | string | APPROVE, REVIEW, or BLOCK | | risk_score | integer | 0-100 risk score | | risk_level | string | LOW, MEDIUM, HIGH, or CRITICAL | | risk_factors | array | List of detected risk factors with severity and confidence | | sanctions_match | boolean | Whether a direct sanctions match was found | | entity | object | Entity identification results (if any) | | recommendations | array | Actionable compliance recommendations |

Dashboard Usage

KYT checks can also be performed manually through the dashboard:

Navigate to KYT

Go to Dashboard > KYT from the main sidebar.

Enter Transaction Details

Fill in the destination address, select the blockchain, choose the direction (withdrawal or deposit), and optionally enter the amount and asset.

Review Results

The verdict is displayed immediately with a color-coded indicator (green for APPROVE, amber for REVIEW, red for BLOCK). Click on any risk factor to see details.

Take Action

Based on the verdict, approve the transaction, escalate to your compliance officer, or block the withdrawal. All actions are logged in the audit trail.

Use Cases

Exchange Withdrawal Screening

The most common KYT use case. When a customer initiates a withdrawal to an external address, the exchange calls the KYT API before broadcasting the transaction:

Customer requests withdrawal to address 0xABC...
Exchange backend calls POST /api/v1/kyt/check with the destination address
If verdict is APPROVE — broadcast the transaction
If verdict is REVIEW — hold the withdrawal and notify the compliance team
If verdict is BLOCK — reject the withdrawal and log the event

OTC Desk Compliance

OTC desks handle large, off-exchange trades where counterparty risk is elevated. KYT screening on the counterparty's receiving address before settlement provides a compliance checkpoint:

Screen the buyer's deposit address before sending assets
Screen the seller's receiving address before releasing fiat
Maintain an audit trail of all pre-trade KYT checks

Payment Processor Gateway

Crypto payment processors can integrate KYT to screen incoming payments from customers, flagging deposits from high-risk addresses for manual review before crediting the merchant account.

DeFi Protocol Front-End Compliance

DeFi front-ends (not the smart contracts themselves, but the web interfaces) can integrate KYT to screen wallet addresses at the point of connection, blocking sanctioned addresses from interacting with the UI.

KYT and Transaction Monitoring

KYT and Transaction Monitoring serve complementary roles:

| Aspect | KYT | Transaction Monitoring | |---|---|---| | Timing | Pre-transaction (before execution) | Post-transaction (after execution) | | Speed | < 500ms | Near real-time (seconds to minutes) | | Depth | Focused risk check on a single address | Behavioral pattern analysis across all transactions | | Scope | One address, one transaction | Full customer transaction history | | Output | APPROVE / REVIEW / BLOCK verdict | Alerts based on rule triggers | | Use case | Gate individual transactions | Detect suspicious patterns over time |

The recommended compliance architecture uses KYT as the first line of defense (blocking obviously high-risk transactions in real time) and Transaction Monitoring as the second line (detecting complex patterns that require historical context).

Automatic Fund Trace Escalation

When a KYT check returns a BLOCK or REVIEW verdict, you can configure the platform to automatically initiate a Fund Trace investigation on the flagged address. This provides your compliance team with a detailed origin-of-funds analysis and visualization, ready for review without manual intervention.

To enable automatic escalation:

Go to Settings > KYT Configuration
Enable Auto Fund Trace on BLOCK
Optionally enable Auto Fund Trace on REVIEW
Set the trace depth (default: 3 hops)

Pricing

KYT checks are priced per individual check:

| Volume (Monthly) | Price per Check | |---|---| | 1 - 1,000 | $0.25 | | 1,001 - 10,000 | $0.22 | | 10,001 - 50,000 | $0.20 | | 50,001+ | Contact sales |

KYT checks are billed separately from wallet screening credits. Volume discounts are calculated based on your rolling 30-day usage. Enterprise customers can negotiate fixed monthly pricing — contact sales@blockchainanalysis.io.

MiCA Compliance

The Markets in Crypto-Assets Regulation (MiCA) imposes specific obligations on CASPs operating in the EU. KYT directly supports compliance with several MiCA requirements:

Article 67 — Obligation to detect and prevent suspicious transactions — KYT provides the technical mechanism to screen transactions before execution, demonstrating proactive compliance.
Article 68 — Record-keeping obligations — Every KYT check is logged with a unique ID, timestamp, and full results, providing the audit trail required under MiCA.
Article 76 — Measures to prevent money laundering — Pre-transaction screening is a core anti-money-laundering control that regulators expect CASPs to implement.

MiCA became fully applicable on 30 December 2024. CASPs operating in the EU without pre-transaction screening capabilities are at risk of regulatory enforcement action. If you are not yet using KYT or an equivalent pre-transaction screening tool, we strongly recommend implementing it immediately.

Error Handling

The KYT API uses standard HTTP status codes:

| Status Code | Meaning | |---|---| | 200 | Check completed successfully | | 400 | Invalid request (malformed address, unsupported chain) | | 401 | Authentication failed (invalid or expired API key) | | 429 | Rate limit exceeded (max 100 requests/second) | | 500 | Internal server error (retry with exponential backoff) | | 503 | Service temporarily unavailable (maintenance window) |

For 429 and 5xx errors, implement retry logic with exponential backoff. A suggested retry schedule: 1s, 2s, 4s, 8s, then fail.

Best Practices

Screen both directions — Screen the destination address on withdrawals AND the source address on deposits. Inbound exposure to sanctioned funds is just as problematic as outbound.
Log every check — Store the KYT id alongside your internal transaction record. This provides a complete audit trail for regulators.
Act on BLOCK verdicts immediately — Do not queue BLOCK verdicts for batch review. A sanctions match requires immediate action.
Set up automatic escalation — Configure auto fund trace on BLOCK and REVIEW verdicts to give your compliance team ready-made investigation packages.
Monitor your approval rate — A consistently high approval rate (> 98%) is normal. A sudden drop may indicate that your customer base has shifted or that you are onboarding higher-risk customers.
Combine with Transaction Monitoring — KYT catches individual risky transactions. Transaction Monitoring catches patterns across many transactions. Use both.