Trust & Security
How our AML engine works
Every scan runs an 8-category composite risk model against live on-chain data and a continuously updated sanctions / label registry. No black box — here's exactly what we check.
Risk categories & weights
| Category | Weight | What we look for |
|---|---|---|
| Sanctions | 30 | OFAC SDN, UN, EU, UK HMT and OpenSanctions matches against the queried address and its counterparties. |
| Mixer / Privacy | 18 | Direct interaction with Tornado Cash pools, Wasabi/Samourai CoinJoin clusters, Railgun and ChainFlip-style obfuscators. |
| Scam / Phishing | 12 | Drainer kits, approval-phishing operators, fake airdrops and impersonation wallets reported to our registry. |
| Darknet Market | 12 | Hot wallets and deposit addresses tied to known darknet marketplaces. |
| Ransomware | 10 | Payment addresses associated with active ransomware families. |
| Theft / Exploit | 8 | Wallets receiving stolen funds from bridge hacks, protocol exploits and rug-pulls. |
| Exchange Exposure | 5 | Hot/deposit wallets of major CEXs — neutral signal, used for source-of-funds attribution. |
| Smart Contract | 5 | Contract heuristics (age, verification, proxy patterns) for token / contract addresses. |
Data sources
OFAC SDN list
U.S. Treasury sanctions for crypto wallets.
EU / UK / UN sanctions
Cross-jurisdiction screening.
OpenSanctions
Aggregated global watchlists and PEPs.
Blockscout / Etherscan / Blockstream / mempool.space
Live on-chain telemetry for balances, txs and counterparties.
Solana RPC + Helius
Solana account, signature and token data.
TronGrid
Tron account and TRC-20 activity.
Curated registry
Internal label set for exchanges, mixers, scam operators and bridges.
Scoring methodology
- Fetch live on-chain state — balance, tx count, age, recent counterparties from public node APIs.
- Label every counterparty against our registry + sanctions lists.
- Score each of 8 categories from 0–100 based on hits, direction, recency and volume.
- Composite the weighted sum into a 0–100 risk index, capped per category and clamped to a level (Low / Caution / High / Severe).
- Cache the result so repeat lookups are deterministic and reviewable.
Security & data handling
- • Read-only. We never request signing or wallet permissions.
- • Public data only. All chain data is queried from public node APIs.
- • Row-level security. User watchlists and alerts are isolated per account.
- • Transport security. All traffic is served over HTTPS.
- • No PII required. An email is the only identifier needed to use the product.
Not a substitute for formal KYT
amlcoins is a forensic intelligence tool. For regulated compliance workflows it should sit alongside, not replace, a licensed KYT provider.
Talk to compliance