Wallet Screening

Wallet screening is the core compliance function of BlockchainAnalysis.io. It allows you to submit any blockchain address across 52 supported chains and receive a comprehensive risk assessment report with 12 detailed sections — covering entity identification, risk scoring, source-of-funds analysis, sanctions checks, DeFi exposure, and more.

How Wallet Screening Works

When you submit an address for screening, the platform executes a multi-step analysis pipeline:

1. Address Validation and Chain Detection

The platform validates the address format and determines which blockchain(s) it belongs to. For EVM-compatible addresses (which share the same format across Ethereum, BSC, Polygon, Arbitrum, and other EVM chains), the system checks on-chain activity across all supported EVM networks and reports findings per chain.

For non-EVM addresses, the chain is identified by the address format:

• Bitcoin — Starts with 1, 3, bc1, or bc1p
• Solana — Base58 string, typically 32-44 characters
• NEAR — Human-readable account names (e.g., alice.near) or implicit accounts (64-character hex)
• Cosmos/Osmosis/Injective/Sei — Bech32 with chain-specific prefixes (cosmos1, osmo1, inj1, sei1)
• XRP — Starts with r, 25-35 characters
• Stellar — Starts with G, 56 characters
• Tron — Starts with T, 34 characters, Base58Check encoding
• Sui — Starts with 0x, 66 characters
• Aptos — Starts with 0x, 66 characters
• TON — Raw or user-friendly format (EQ/UQ prefix)

2. Entity Resolution

The address is first pre-checked against 4.2B+ verified on-chain addresses to confirm it has appeared on-chain, then checked against the BlockchainAnalysis.io entity database of 49M+ labeled addresses. If the address is linked to a known entity, the report will include:

• Entity Name — The identified entity (e.g., "Binance Hot Wallet", "Tornado Cash Router", "OFAC-Sanctioned Address")
• Entity Category — Classification such as Exchange, DeFi Protocol, Mixer, Sanctioned Entity, Gambling, Darknet Market, Scam, etc.
• Confidence Level — High, Medium, or Low, based on the attribution methodology used (on-chain clustering, public attestation, proprietary intelligence, or community reports)
• Related Addresses — Other addresses known to belong to the same entity

3. Transaction Graph Analysis

The platform constructs a transaction graph for the address, tracing both incoming (source of funds) and outgoing (destination) flows. The depth of analysis depends on the complexity:

• Direct counterparties — Always analyzed (1 hop)
• Extended graph — Traced up to 10 hops for high-risk indicators (mixer exposure, sanctioned entity proximity)
• Cross-chain flows — Bridge transactions are followed to the destination chain and analyzed as a continuous flow

4. Risk Factor Evaluation

Each of the 11 risk factors is independently evaluated against the transaction graph and entity resolution data. See Risk Score for the complete list of factors and their scoring methodology.

5. Report Generation

All findings are compiled into a structured report with 12 sections, available in the web dashboard, via API (JSON), and as a downloadable PDF.

Supported Blockchains

Wallet screening is available across all 52 supported blockchains. For a complete list with per-chain capabilities (token tracking, DeFi support, NFT tracking, real-time monitoring), see Supported Blockchains.

EVM Chains (22)

Ethereum, BSC, Polygon, Arbitrum, Optimism, Base, Avalanche C-Chain, Fantom, Cronos, Gnosis, Celo, Moonbeam, Moonriver, zkSync Era, Polygon zkEVM, Linea, Scroll, Mantle, Blast, Mode, Manta Pacific, opBNB

UTXO Chains (4)

Bitcoin, Litecoin, Bitcoin Cash, Dogecoin

Other Architectures (12)

Solana, NEAR, Tron, Cosmos, Osmosis, Injective, Sei, Sui, Aptos, TON, XRP (Ripple), Stellar

The 12 Report Sections

Every wallet screening report contains the following 12 sections. Each section is generated regardless of the blockchain being screened, though the depth of data varies by chain capability.

1. Executive Summary

A concise, human-readable overview of the screening results. This section is designed for decision-makers who need a quick assessment without reading the full report.

The Executive Summary includes:

• Overall risk classification (Low / Medium-Low / Medium / High / Critical)
• The single most significant finding
• A one-line recommendation (proceed, review, escalate, block)

2. Entity Match

Reports whether the screened address is linked to a known entity in the BlockchainAnalysis.io database.

Possible outcomes:

• Direct Match — The address is directly attributed to a known entity with high confidence.
• Cluster Match — The address belongs to a cluster of addresses attributed to a known entity via on-chain heuristics.
• No Match — The address is not linked to any known entity. This does not mean the address is safe; it means it is unidentified.

3. Risk Score Breakdown

The overall 0-100 risk score with a granular breakdown showing the contribution of each of the 11 risk factors. Displayed as both a numerical table and a visual radar chart.

Overall Risk Score: 73 / 100 (HIGH RISK)

Factor Breakdown:
  Sanctions Exposure ............ 0/100   (weight: 25%)  →  0.0
  Mixer Usage ................... 85/100  (weight: 15%)  → 12.8
  Darknet Activity .............. 0/100   (weight: 12%)  →  0.0
  Gambling ...................... 40/100  (weight: 5%)   →  2.0
  Scam Association .............. 60/100  (weight: 10%)  →  6.0
  Stolen Funds .................. 0/100   (weight: 12%)  →  0.0
  Terrorist Financing ........... 0/100   (weight: 10%)  →  0.0
  High-Risk Jurisdiction ........ 70/100  (weight: 3%)   →  2.1
  DeFi Risk ..................... 45/100  (weight: 3%)   →  1.4
  Bridge Risk ................... 90/100  (weight: 3%)   →  2.7
  Entity Reputation ............. 50/100  (weight: 2%)   →  1.0

  Weighted Total: 28.0 → Normalized Score: 73

4. Source of Funds

Traces the origin of funds flowing into the screened address. Results are presented as a percentage breakdown by source category:

• Known exchanges (with entity names)
• DeFi protocol interactions (swaps, lending, yield)
• Mining/staking rewards
• Direct peer-to-peer transfers
• Mixer/privacy protocol outputs
• Unknown/unattributed sources

5. Destination Analysis

The mirror of Source of Funds — traces where the screened address has sent funds. Categorized by destination type with volume and frequency data. Useful for identifying patterns such as rapid exchange deposits (potential cashing-out behavior) or transfers to high-risk addresses.

6. Sanctions Check

Cross-references the address and its known entity associations against sanctions lists from:

• OFAC SDN List (US Treasury)
• EU Consolidated Sanctions List
• UN Security Council Consolidated List
• HM Treasury Sanctions (UK)
• SECO Sanctions (Switzerland)
• DFAT Consolidated List (Australia)
• And 26+ additional jurisdiction-specific lists

Results include exact matches, fuzzy matches (similar addresses on sanctions lists), and indirect exposure (the screened address has transacted with a sanctioned address).

7. DeFi Protocol Interactions

Comprehensive listing of all DeFi protocol interactions associated with the address:

• DEX Activity — Swaps on Uniswap, SushiSwap, PancakeSwap, Curve, 1inch, and other supported DEXes, including volumes and token pairs.
• Lending/Borrowing — Positions on Aave, Compound, MakerDAO, Venus, and others.
• Liquidity Provision — LP positions, farming rewards, and impermanent loss tracking.
• Derivatives — Interactions with on-chain derivatives protocols.
• Protocol Risk Rating — Each protocol is assigned its own risk rating based on audit status, TVL history, exploit history, and governance model.

8. NFT Activity

Tracks all NFT-related activity for the address:

• Minting events
• Buy/sell transactions with prices
• Transfers (including zero-value transfers that may indicate wash trading)
• Marketplace interactions (OpenSea, Blur, Magic Eden, etc.)
• Flagged wash trading patterns using proprietary detection algorithms

9. Bridge Usage

Documents all cross-chain bridge transactions:

• Bridge protocol used (e.g., Wormhole, LayerZero, Stargate, Orbiter, Across)
• Source chain and destination chain
• Amount and token transferred
• Bridge risk rating (based on the protocol's security model and exploit history)

Excessive bridge usage, especially to chains with less regulatory oversight, is a risk signal flagged in the overall score.

10. Mixer/Privacy Protocol Exposure

Detects and quantifies any exposure to mixing services or privacy-enhancing protocols:

• Direct exposure — The address directly interacted with a mixer (e.g., deposited into Tornado Cash)
• Indirect exposure — The address received funds that previously passed through a mixer, with hop distance reported
• Percentage calculation — What percentage of the address's total inflows/outflows have mixer exposure

Covered protocols include Tornado Cash, Wasabi Wallet, Samourai Whirlpool, CoinJoin implementations, and other privacy tools.

11. Historical Risk Trend

Shows how the address's risk score has evolved over time:

• Risk score at first appearance on-chain
• Score changes correlated with specific events (e.g., a mixer deposit, a sanctions list addition)
• 30-day, 90-day, and all-time trend lines

This section is valuable for identifying addresses whose risk profile has recently deteriorated, which may indicate compromised wallets or evolving illicit use.

12. Recommendations

Actionable, regulation-aware recommendations based on the screening results:

• Proceed — No significant risk factors detected. Standard record-keeping is sufficient.
• Enhanced Due Diligence (EDD) — Collect additional KYC information from the counterparty before proceeding.
• Escalate — Route to your compliance officer or MLRO for manual review.
• Block/Reject — Do not process the transaction. Consider filing a SAR/STR.
• File SAR/STR — The findings are consistent with suspicious activity that should be reported to your jurisdiction's FIU.

Screening Modes

Single Address Screening

Screen one address at a time through the dashboard, API, or Telegram bot. Results are returned in real-time (5-15 seconds).

Batch Screening

Upload a CSV file with up to 10,000 addresses for batch processing. Results are delivered as a downloadable report bundle. Available via the dashboard (Screening > Batch Upload) and the API (POST /v1/screening/batch).

address,chain,reference
0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045,ethereum,customer-001
1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa,bitcoin,customer-002
DRpbCBMxVnDK7maPMoEQhSd6fGNfWJTWbp,dogecoin,customer-003

Continuous Monitoring

Add addresses to a monitoring watchlist. The platform re-screens them automatically at configurable intervals (hourly, daily, weekly) and sends alerts when the risk score changes by more than a configurable threshold.

Interpreting Results

When reviewing a screening report, focus on these key questions:

1. Is there an entity match? — A known entity match provides immediate context. An exchange deposit address has a very different risk profile than a mixer contract address, even if their on-chain patterns look similar.

2. What is driving the risk score? — Check the Risk Score Breakdown (Section 3) to see which factors are contributing. A score of 65 driven by mixer usage is a fundamentally different situation than a score of 65 driven by high-risk jurisdiction exposure.

3. Are there sanctions hits? — This is a binary compliance question. Any direct sanctions match requires immediate action regardless of the overall score.

4. What is the source of funds? — Section 4 tells you where the money came from. A high percentage of funds from unknown sources warrants additional investigation.

5. Is the risk trend improving or worsening? — Section 11 shows whether the address is becoming more or less risky over time. A rapidly increasing risk trend may indicate an account that has been compromised or repurposed.