Wallet Monitoring
Continuous monitoring of cryptocurrency wallets for changes in risk status, new sanctions exposure, and suspicious transaction patterns.
Cryptocurrency Wallet Monitoring
Automate ongoing KYT compliance with continuous monitoring of cryptocurrency wallets for risk status changes, sanctions exposure, and suspicious transaction activity.
Why Monitor Crypto Wallets?
Cryptocurrency wallets and transaction patterns change constantly:
- Wallets can interact with sanctioned addresses
- Previously clean wallets can receive tainted funds
- Transaction patterns can indicate money laundering
- Risk scores change as blockchain activity evolves
Regulatory Requirement
Many crypto regulations (MiCA, FATF guidance, FinCEN) require ongoing monitoring of customer wallets, not just one-time screening at onboarding.
1 Credit Per wallet per month
How It Works
1. Enable Monitoring
await fetch(`/api/v3/kyt/crypto/${checkId}/monitor`, {
method: 'POST',
body: JSON.stringify({
frequency: 'daily', // daily, weekly, monthly
alertThreshold: 70, // Alert if risk score >= 70
monitorIncoming: true, // Monitor incoming transactions
monitorOutgoing: true, // Monitor outgoing transactions
sanctionsOnly: false // Monitor all risk factors
})
});Monitoring Options:
| Frequency | Use Case | Cost per Month |
|---|---|---|
| Daily | High-risk wallets, exchanges | 30 credits |
| Weekly | Medium-risk, active traders | 4 credits |
| Monthly | Low-risk, dormant wallets | 1 credit |
2. Automated Checks
VeriPlus automatically re-analyses monitored wallets:
- Transaction Monitoring: Every new transaction analysed
- Sanctions Screening: Check against updated OFAC/EU lists (updated daily)
- Risk Reassessment: Recalculate risk score based on new activity
- Cluster Analysis: Track associated wallets
3. Receive Alerts
Get notified immediately when risk factors change:
Alert Channels:
- Email notifications
- Dashboard alerts
- Webhook events (real-time)
- SMS (optional, premium)
4. Investigate and Resolve
Review each alert and take action:
- True Risk: Enhanced DD, transaction limits, exit customer
- False Positive: Dismiss with documentation
- Uncertain: Escalate to compliance team
Alert Types
Sanctions Exposure
Trigger: Wallet interacts with sanctioned address
Severity: CRITICAL
{
"alertType": "sanctions_exposure",
"severity": "critical",
"walletAddress": "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa",
"blockchain": "bitcoin",
"transaction": {
"txHash": "0x123abc...",
"timestamp": "2024-01-15T10:30:00Z",
"direction": "outgoing",
"amount": "0.5 BTC",
"counterpartyAddress": "1SanctionedAddress...",
"sanctionsList": "OFAC SDN"
},
"actionRequired": "Freeze wallet immediately"
}Immediate Actions:
- Freeze all activity - Block deposits and withdrawals
- File SAR - Submit Suspicious Activity Report within 24 hours
- Notify legal/compliance - Escalate immediately
- Document everything - Complete audit trail
- Consider account termination - Depending on circumstances
Zero Tolerance
Direct sanctions exposure requires immediate action. Even small amounts can result in massive regulatory fines and criminal prosecution.
High-Risk Transaction
Trigger: Transaction with high-risk wallet or unusual pattern
Severity: HIGH
{
"alertType": "high_risk_transaction",
"severity": "high",
"transaction": {
"txHash": "0x456def...",
"amount": "10.5 ETH",
"direction": "incoming",
"from": "0xHighRiskWallet...",
"riskScore": 85,
"riskFactors": [
"Source wallet used mixer recently",
"Associated with dark web marketplace",
"Multiple small incoming transactions (structuring pattern)"
]
},
"actionRequired": "Enhanced due diligence recommended"
}Investigation Steps:
- Check transaction context (legitimate purchase vs. suspicious transfer?)
- Review source wallet history
- Assess customer explanation (if any)
- Determine if pattern indicates money laundering
- Apply enhanced monitoring or transaction limits
Mixer/Tumbler Usage
Trigger: Wallet interacts with crypto mixing service
Severity: HIGH
{
"alertType": "mixer_usage",
"severity": "high",
"walletAddress": "0x789ghi...",
"blockchain": "ethereum",
"mixerService": {
"name": "Tornado Cash",
"type": "tumbler",
"sanctioned": true, // Tornado Cash sanctioned by OFAC
"transaction": {
"amount": "2.5 ETH",
"timestamp": "2024-01-14T18:45:00Z"
}
},
"actionRequired": "Investigate immediately - sanctioned mixer"
}Why This Matters:
- Mixers/tumblers obscure transaction history
- Often used for money laundering
- Some mixers are sanctioned (e.g., Tornado Cash)
- Indicates intent to hide source of funds
Risk Score Increase
Trigger: Wallet risk score increases significantly
Severity: MEDIUM
{
"alertType": "risk_score_increase",
"severity": "medium",
"previousRiskScore": 35,
"newRiskScore": 72,
"change": "+37 points",
"causes": [
"Received funds from darkweb marketplace wallet",
"Increased mixing service usage",
"Large value transfer to new wallet"
],
"recommendation": "Manual review and risk reassessment"
}Unusual Transaction Pattern
Trigger: Behavior change indicating potential fraud
Severity: MEDIUM
{
"alertType": "unusual_pattern",
"severity": "medium",
"pattern": "structuring",
"description": "20 transactions under $3,000 in past 24 hours",
"totalVolume": "$48,500",
"normalVolume": "$2,000/day average",
"suspicionLevel": "high",
"potentialIssue": "Structuring to avoid reporting thresholds"
}Suspicious Patterns:
- Structuring: Many small transactions to avoid reporting limits
- Sudden High Volume: Dormant wallet suddenly active
- Chain Hopping: Rapid conversions across multiple blockchains
- Round-Trip Transactions: Send and receive back same amount
- Rapid Withdrawals: Deposit then immediately withdraw
Dormant Wallet Reactivation
Trigger: Previously dormant wallet becomes active
Severity: LOW-MEDIUM
{
"alertType": "dormant_reactivation",
"lastActive": "2021-06-15",
"dormantPeriod": "967 days",
"newActivity": {
"timestamp": "2024-01-15",
"transactionType": "outgoing",
"amount": "150 BTC",
"destination": "exchange_deposit_address"
},
"potentialConcern": "Large withdrawal after long dormancy - may indicate compromised wallet"
}Monitoring Dashboard
Monitored Wallets Overview
GET /api/v3/kyt/monitored-wallets
{
"summary": {
"totalWallets": 1245,
"activeMonitoring": 1102,
"pausedMonitoring": 87,
"alerts": {
"critical": 3,
"high": 12,
"medium": 45,
"low": 28,
"unresolved": 19
}
},
"wallets": [
{
"walletAddress": "1A1zP1eP...",
"blockchain": "bitcoin",
"applicantId": "app_abc123",
"currentRiskScore": 72,
"lastCheck": "2024-01-15T10:00:00Z",
"frequency": "daily",
"alertCount": 2,
"status": "monitoring_active"
}
// ... more wallets
]
}Alert Management
GET /api/v3/kyt/alerts?severity=high&status=unresolved
{
"alerts": [
{
"id": "alert_kyt123",
"type": "high_risk_transaction",
"severity": "high",
"walletAddress": "0x123...",
"created": "2024-01-15T14:30:00Z",
"status": "new",
"assignedTo": null
}
// ... more alerts
]
}Transaction Monitoring
Real-Time Transaction Analysis
Monitor every incoming/outgoing transaction:
{
"transactionMonitoring": {
"enabled": true,
"minAmount": 1000, // Only monitor transactions >= $1,000
"analyzeIncoming": true,
"analyzeOutgoing": true,
"instantAlerts": true
}
}Per-Transaction Analysis:
{
"txHash": "0x789...",
"timestamp": "2024-01-15T15:22:00Z",
"from": "0xabc...",
"to": "0xdef...",
"amount": "5.5 ETH",
"usdValue": "$9,350",
"riskAssessment": {
"sourceWalletRisk": 25,
"destinationWalletRisk": 78, // High risk!
"sanctionsExposure": false,
"mixerInvolved": false,
"overallRisk": "high",
"recommendation": "review_transaction"
}
}Travel Rule Compliance
Automatic threshold detection for regulatory reporting:
Travel Rule Requirements:
- US: Transactions ≥ $3,000
- EU (MiCA): Transactions ≥ €1,000
- FATF Recommendation: Transactions ≥ $1,000 USD equivalent
Monitoring Configuration:
{
"travelRule": {
"enabled": true,
"threshold": 1000, // USD
"jurisdiction": "EU", // or "US", "global"
"requireCounterpartyInfo": true,
"autoGenerateReport": true
}
}When Threshold Exceeded:
{
"travelRuleAlert": {
"txHash": "0x999...",
"amount": "$8,500",
"requiresReporting": true,
"counterpartyVASP": "Binance",
"originatorInfo": {
"name": "John Smith",
"walletAddress": "0xabc...",
"country": "US"
},
"beneficiaryInfo": {
"needed": true,
"status": "pending"
}
}
}Risk-Based Monitoring
Different monitoring intensity based on wallet risk:
High-Risk Wallets
Criteria:
- Risk score ≥ 70
- Previous sanctions exposure
- High-value transactions
- Crypto exchange hot wallets
Monitoring:
- Frequency: Daily
- Transaction threshold: $100
- Instant alerts
- Manual review required
Medium-Risk Wallets
Criteria:
- Risk score 40-69
- Moderate transaction volume
- Some risk indicators
Monitoring:
- Frequency: Weekly
- Transaction threshold: $1,000
- Email alerts
- Automated decisioning with manual review option
Low-Risk Wallets
Criteria:
- Risk score < 40
- Clean transaction history
- Low volume
Monitoring:
- Frequency: Monthly
- Transaction threshold: $10,000
- Email digest
- Automated decisioning
Automated Actions
Configure automatic responses to alerts:
{
"automatedActions": {
"sanctionsExposure": {
"action": "freeze_wallet",
"notify": ["compliance_team", "legal_team"],
"createTicket": true
},
"riskScoreAbove90": {
"action": "flag_for_review",
"transactionLimit": 1000,
"notify": ["compliance_officer"]
},
"mixerUsage": {
"action": "enhanced_monitoring",
"frequency": "daily",
"notify": ["risk_team"]
}
}
}Historical Data & Trending
Track risk score changes over time:
GET /api/v3/kyt/crypto/:checkId/history
{
"walletAddress": "1A1zP1eP...",
"riskScoreHistory": [
{ "date": "2024-01-01", "riskScore": 35 },
{ "date": "2024-01-08", "riskScore": 42 },
{ "date": "2024-01-15", "riskScore": 72 } // Significant increase!
],
"transactionVolume": [
{ "date": "2024-01-01", "volume": "$2,500" },
{ "date": "2024-01-08", "volume": "$1,800" },
{ "date": "2024-01-15", "volume": "$48,500" } // Spike!
],
"alertHistory": [
{ "date": "2024-01-14", "type": "mixer_usage" },
{ "date": "2024-01-15", "type": "risk_score_increase" }
]
}Best Practices
- Monitor all customer wallets - Regulatory requirement for exchanges
- Set appropriate frequency - Daily for high-risk, monthly for low-risk
- Investigate all critical alerts - Sanctions exposure within 4 hours
- Document decisions - Required for regulatory compliance
- Review false positive rate - Adjust thresholds quarterly
- Disable for exited customers - Stop monitoring when relationship ends
- Re-assess risk regularly - Quarterly review of all monitored wallets
- Train compliance team - Ensure proper alert handling procedures
Cost Optimization
Strategies to reduce costs:
-
Risk-Based Frequency:
- High-risk: Daily (30 credits/month)
- Medium-risk: Weekly (4 credits/month)
- Low-risk: Monthly (1 credit/month)
-
Transaction Thresholds:
- Only monitor transactions ≥ $1,000
- Ignore dust transactions
-
Disable Dormant Wallets:
- Pause monitoring if no activity for 90 days
- Resume when wallet becomes active
-
Sanctions-Only Mode:
- Monitor only for sanctions exposure (reduced cost)
- Use full monitoring for high-risk wallets
-
Batch Processing:
- Group weekly/monthly checks
- Process during off-peak hours
Compliance Reporting
Audit Trail
Every monitoring event logged:
- Initial monitoring setup
- Each automated check performed
- All alerts generated
- Investigation notes
- Resolution decisions
- Monitoring disabled
Regulatory Reports
GET /api/v3/kyt/report?period=2024-Q1&format=pdf
// Generates PDF report with:
// - All monitored wallets
// - Alert history
// - Investigation details
// - Sanctions exposure incidents
// - Risk score trends
// - Compliance metricsWebhooks
Receive real-time alerts via webhook:
// Your webhook endpoint receives:
{
"event": "kyt.alert.high_risk",
"alertId": "alert_kyt123",
"walletAddress": "0x123...",
"severity": "critical",
"type": "sanctions_exposure",
"transaction": {
"txHash": "0x789...",
"amount": "2.5 ETH",
"counterparty": "1SanctionedAddress..."
},
"timestamp": "2024-01-15T10:30:00Z"
}Next Steps
Ready to get started?
Start with our free plan. No credit card required.