List of Risk Score Sources Used in AML Procedures

Based on the results of AML analysis of a cryptocurrency wallet address, the data is classified according to various parameters, all of which are unified by the presence of links between the crypto address and sources of low, medium, or high risk. The presence of direct and indirect links with various sources is analyzed, and depending on their legitimacy, the crypto address is assigned a corresponding Risk Score (risk assessment based on blockchain links and activity).

A specific Risk Score level is assigned to a crypto address based on the analysis of its on-chain interactions. The final score depends on the nature of the direct and indirect links — incoming and outgoing transactions — with various sources, platforms, resources, and clusters.

High-risk sources

• Child exploitation — funds related to the implementation of child exploitation activities.
• Dark market — funds associated with illegal online markets, usually accessible through anonymous networks.
• Dark service — funds associated with services of an illegal nature that are offered on dark resources.
• Enforcement action — legal/regulatory measures against organizations/individuals that violate AML requirements.
• Exchange fraudulent — fraudulent activities associated with financial transactions on cryptocurrency exchanges or through exchange platforms, which may include improper market manipulation, use of insider information for enrichment, illegal movement of funds, and other forms of deception.
• Gambling — funds associated with various online gambling services that do not have the necessary licenses.
• Illegal service — funds associated with illegal activities in circumvention of existing laws.
• Mixer — services for mixing crypto assets to ensure anonymity. Such services are used to make tracking difficult or impossible, including for money laundering purposes.
• Ransom— funds associated with blackmail, often in the context of cyberattacks.
• Sanctions — funds associated with individuals or organizations under international sanctions. The main regulator of international sanctions activities at the moment is OFAC.
• Scam — funds obtained fraudulently with a direct/indirect connection to fraudulent activity.
• Stolen coins — funds obtained by stealing other people's crypto assets.
• Terrorism financing — funds associated with the financing of terrorist activities.

Suspicious sources

• ATM — funds received through a crypto ATM.
• Exchange unlicensed — a platform that conducts trading and exchange activities without the appropriate license.
• Liquidity pools — smart contracts in which tokens are locked to ensure liquidity. Typically, this is used in decentralized finance.
• P2P exchange unlicensed — organizing peer-to-peer transactions between individuals without the appropriate license.

Trusted sources

• Marketplace — funds obtained during trade and exchange operations to pay for legitimate activities.
• Miner — crypto assets obtained through mining.
• Exchange licensed — an officially licensed platform that conducts trading and exchange activities in accordance with established legislation.
• Other — funds received through airdrops, token sales, or other methods that do not fall into the standard categories.
• P2P exchange licensed — cryptocurrency transactions between individuals through licensed platforms where participants carry out exchange activities without intermediaries.
• Payment — funds received from a licensed payment system.
• Seized assets — assets seized as a result of law enforcement actions for the victim's benefit.
• Wallet — funds stored in verified crypto wallets.