Documentation
API ReferenceChangelogFAQDashboard

Crypto Monitoring

Safeguard cryptocurrency exchanges and uphold security throughout the entire experience.

Crypto Monitoring is part of the Sumsub Transaction Monitoring solution for screening crypto wallet addresses and determining the values in the context of its risk.

As a VASP, you will be able to:

  • Protect your applicants from sending funds to hacked exchanges, darknet, and other precarious sources.
  • Prevent money laundering and terrorist financing through your platform.
  • Comply with the regulator requirements to minimize legal risks, protect your reputation, and avoid fines and license withdrawals.
  • Complement internal risk policies related to crypto.
  • Follow the Travel Rule FATF recommendations identifying suspicious wallet addresses or VASPs.

How Crypto Monitoring works

We provide the following options for conducting the checks:

  • Crypto monitoring via Crystal (default) — our established partner that provides information for estimating the risks of wallet addresses.
  • Crypto monitoring via Chainalysis. To learn more on how to create Chainalysis crypto transactions, see this article.
  • Crypto monitoring via Elliptic — provides crypto compliance for wallets and crypto assets in the blockchain.

For monitoring crypto via Chaninalysis or Elliptic, you can link your Chainalysis or Elliptic credentials, so the risk estimation process could include the alerts from these providers.

In the Rules Library, you can find three pre-made Crypto Monitoring rule bundles.

  • Crypto Monitoring - Crystal Intelligence. These rules are based on our natively integrated Crystal Intelligence logic. They are intended to process transactions in crypto currencies and check the crypto currency exchanges. These rules can be customized for any of your business needs. All alerts with detailed explanations will be displayed in our Dashboard.
  • Crypto Monitoring - Chainalysis. Before installing the Chainalysis bundle, you need to get access to the Chainalysis dashboard. See this article for more instructions.
  • Crypto Monitoring - Elliptic. Before installing the Elliptic bundle, you need to get access to the Elliptic dashboard. See this article for more instructions.

Once the rules are installed and the transaction is initiated, it will be processed and accompanied with a report containing the following check results:

  • Transaction information
  • Crypto transaction information (transfer details and destination address connections)
  • Matched rules
  • Applicant information
  • Counterparty information
  • Events

Enable Crypto Monitoring

The following is a sequence of steps to be taken to start using Crypto Monitoring.

Step 1: Install rules

To install the Chainalysis, Crystal Intelligence, or Elliptic rule bundles do the following:

  1. In the Dashboard, open the Rules Library.
  2. Select one of the Crypto Monitoring bundles and install the rules.

We recommend installing all the rules available in the bundle, as it is the quickest and easiest way to cover all of the check steps.

In addition to the pre-installed rules, you can also create a custom rule. During the Crypto Monitoring, Sumsub checks the source of funds of a particular transaction. There are signals that indicate these sources. For each signal, you can set up a custom rule that will be triggered accordingly.

For instance, to configure a rule for the sanctions signal:

  1. Add a condition with the following Field expression: preScoringContext.cryptoTxnInfo.signals.sanctions.
  2. Add a value and determine its relation. For instance, a value of the sanctions signal equals to 0.01 or 1 in percentage.

When done, the rule from the example will be triggered during crypto monitoring if there is a 1 % chance of exposure associated with organizations scamming their customers.

The scam attribute is selected for demonstration here, you can put any signal from the list in the Step 5: Review results.

Step 2: Test rules

Test your setup to double-check if the rules work as intended.

📘

Note

The rules you install remain in Test mode until you activate them.

Step 3: Submit transaction

Submit transactions using any of the following methods:

See the following examples:

POST /resources/applicants/67e41ba6b97b2046cd4c1c1f/kyt/txns/-/data

{
  "txnId": "f4bs8tvrzis1co4k7qkkgd",
  "type": "finance",
  "applicant": {
    "paymentMethod": {
      "type": "crypto",
      "accountId": "19jUgPvUdSLZyuJyaydcaTcbLYPgFuxoFb"
    }
  },
  "counterparty": {
    "externalUserId": "u2rf1aeodmmnumrht46qc8",
    "fullName": "Jack Posek",
    "type": "individual",
    "paymentMethod": {
      "type": "crypto"
    }
  },
  "info": {
    "direction": "in",
    "amount": 2,
    "currencyCode": "BTC",
    "paymentTxnId": "84bf83c10dfddc9d1f0ea6a1a131c638488fb161e819dae25fd8128c671d2d5a",
    "paymentDetails": "Birthday Present",
    "type": "On-chain transfer"
  },
  "props": {
    "customProperty": "Custom value that can be used in rules",
    "dailyOutLimit": "10000"
  },
  "txnDate": "2025-03-27 12:12:33+0000"
}

POST /resources/applicants/-/kyt/txns/-/data

{
  "txnId": "fwustxf68ad95pdowuk87",
  "type": "finance",
  "applicant": {
    "type": "individual",
    "externalUserId": "4bhd4x1oxlt8sxcvehda9",
    "nameType": "birthName",
    "dob": "1992-05-08",
    "placeOfBirth": "Paris, France",
    "paymentMethod": {
      "type": "crypto"
    }
  },
  "counterparty": {
    "externalUserId": "inlxbzsbd73evu3f9y91",
    "fullName": "Jack Posek",
    "type": "individual",
    "paymentMethod": {
      "type": "crypto",
      "accountId": "19jUgPvUdSLZyuJyaydcaTcbLYPgFuxoFb"
    }
  },
  "info": {
    "direction": "out",
    "amount": 2,
    "currencyCode": "BTC",
    "paymentTxnId": "dfgdfgdfg",
    "paymentDetails": "Birthday Present",
    "type": "On-chain transfer"
  },
  "props": {
    "customProperty": "Custom value that can be used in rules",
    "dailyOutLimit": "10000"
  },
  "txnDate": "2025-03-27 15:00:11+0000"
}

{
  "applicantId": "67ef9cb7adfaa2667c2d0f2e",
  "data": {
    "txnId": "f4bs8tvrzis1co4k7qkkgd",
    "type": "finance",
    "applicant": {
      "paymentMethod": {
        "type": "crypto",
        "accountId": "19jUgPvUdSLZyuJyaydcaTcbLYPgFuxoFb"
      }
    },
    "counterparty": {
      "externalUserId": "u2rf1aeodmmnumrht46qc8",
      "fullName": "Jack Posek",
      "type": "individual",
      "paymentMethod": {
        "type": "crypto"
      }
    },
    "info": {
      "direction": "in",
      "amount": 2,
      "currencyCode": "BTC",
      "paymentTxnId": "84bf83c10dfddc9d1f0ea6a1a131c638488fb161e819dae25fd8128c671d2d5a",
      "paymentDetails": "Birthday Present",
      "type": "On-chain transfer"
    },
    "txnDate": "2025-03-27 12:12:33+0000"
  }
}/n{
  "applicantId": "67ef9cb7adfaa2667c2d0f2e",
  "data": {
    "txnId": "654645342423423",
    "type": "finance",
    "applicant": {
      "paymentMethod": {
        "type": "crypto",
        "accountId": "19jUgPvUdSLZyuJyaydcaTcbLYPgFuxoFb"
      }
    },
    "counterparty": {
      "externalUserId": "u2rf1aeodmmnumrht46qc8",
      "fullName": "Jack Posek",
      "type": "individual",
      "paymentMethod": {
        "type": "crypto"
      }
    },
    "info": {
      "direction": "in",
      "amount": 1,
      "currencyCode": "BTC",
      "paymentTxnId": "54bf83c10dfddc9d1f0ea6a1a131c638488fb161e819dae25fd8128c671d2d5a",
      "paymentDetails": "Birthday Present 2",
      "type": "On-chain transfer"
    },
    "txnDate": "2025-03-27 13:12:33+0000"
  }
}

📘

Note

As an alternative, you can create transactions manually in the Dashboard.

Step 4: Receive webhook

Once you have submitted the transaction, you will receive a webhook. The webhooks indicate the status of the transaction after checking the transfer against the installed rules.

If the transaction has been approved, you will receive the applicantKytTxnApproved webhook:

{
  "applicantId": "634829375766b80001a40152",
  "applicantType": "individual",
  "correlationId": "f24f6616020245053139a6537303a251",
  "sandboxMode": false,
  "externalUserId": "customExternalUserId",
  "type": "applicantKytTxnApproved",
  "reviewResult": {
    "reviewAnswer": "GREEN"
  },
  "reviewStatus": "completed",
  "createdAt": "2024-04-24 11:15:09+0000",
  "createdAtMs": "2024-04-24 11:15:09.446",
  "clientId": "coolClientId",
  "kytTxnId": "64a7dc05fbf57c624afcb72d",
  "kytDataTxnId": "uauu08x44xexbohyh4lkp9",
  "kytTxnType": "finance"
}

If, based on the check results, the transaction has been rejected, you will receive the applicantKytTxnRejected webhook:

{
  "applicantId": "634829375766b80001a40152",
  "applicantType": "individual",
  "correlationId": "0f5a7c828bab750775564534fc0470a8",
  "sandboxMode": false,
  "externalUserId": "customExternalUserId",
  "type": "applicantKytTxnRejected",
  "reviewResult": {
    "reviewAnswer": "RED",
    "reviewRejectType": "FINAL"
  },
  "reviewStatus": "completed",
  "createdAt": "2024-04-24 11:15:09+0000",
  "createdAtMs": "2024-04-24 11:15:09.446",
  "clientId": "coolClientId",
  "kytTxnId": "64a7dc05fbf57c624afcb72d",
  "kytDataTxnId": "j8bqz29yn491vksi9qfydw",
  "kytTxnType": "finance"
}

If the transaction that was previously put on hold was reviewed by the officer and removed from the on-hold queue, you will receive the applicantKytTxnReviewed webhook:

{
  "applicantId": "634829375766b80001a40152",
  "applicantType": "individual",
  "correlationId": "0f5a7c828bab750775564534fc0470a8",
  "sandboxMode": false,
  "externalUserId": "customExternalUserId",
  "type": "applicantKytTxnReviewed",
  "reviewResult": {
    "reviewAnswer": "RED",
    "reviewRejectType": "FINAL"
  },
  "reviewStatus": "completed",
  "createdAt": "2024-04-24 11:15:09+0000",
  "createdAtMs": "2024-04-24 11:15:09.446",
  "clientId": "coolClientId",
  "kytTxnId": "64a7dc05fbf57c624afcb72d",
  "kytDataTxnId": "j8bqz29yn491vksi9qfydw",
  "kytTxnType": "finance"
}

If you receive the applicantKytOnHold webhook, your transaction has been suspended and queued for manual review by the dedicated compliance officer:

{
  "applicantId": "634829375766b80001a40152",
  "applicantType": "individual",
  "correlationId": "98d4dac61c977c1b3f81d6ab78d29c3c",
  "sandboxMode": false,
  "externalUserId": "customExternalUserId",
  "type": "applicantKytOnHold",
  "reviewStatus": "onHold",
  "createdAt": "2024-04-24 11:15:09+0000",
  "createdAtMs": "2024-04-24 11:15:09.446",
  "clientId": "coolClientId",
  "kytTxnId": "64a7dc05fbf57c624afcb72d",
  "kytDataTxnId": "j8bqz29yn491vksi9qfydw",
  "kytTxnType": "finance"
}

If you have received the applicantKytTxnAwaitingUser webhook, the rule requiring the applicant action, such as passing an additional check, has been triggered. The scoring is stopped until the applicant completes the required flow:

{
  "applicantId": "6447b564728bf40939a7664f",
  "applicantType": "individual",
  "correlationId": "7310f3ffddbff223cdf10221cdf12064",
  "sandboxMode": false,
  "externalUserId": "customExternalUserId",
  "type": "applicantKytTxnAwaitingUser",
  "reviewStatus": "awaitingUser",
  "createdAt": "2023-12-11 10:41:54+0000",
  "createdAtMs": "2023-12-11 10:41:54.431",
  "clientId": "coolClientId",
  "kytTxnId": "6576e772b2f80732714d1de0",
  "kytDataTxnId": "m26m980m9jd7pozq72se4",
  "kytTxnType": "finance"
}

Step 5: Review results

After the check is completed, you will get a report with the results.

You can download the results in PDF. In the Dashboard, go to the Transactions and Travel rule section and open Transactions. Select the transaction you need, open the menu at the right top and click Summary report.

For crypto, the transfer details and the destination address connections are the most determining for checking the risks associated with the wallet addresses.

Transfer details

In Transfer details, Sumsub shows the transaction address and estimates the risk level and risk score for a particular transaction. Both values show whether the transaction might be considered risky due to the different factors indicating connections with criminal activities.

The Risk level and Risk score values are shown as follows:

  • A score from 0 to 0.25 indicates the Low value in the Risk level field.
  • A score from 0.25 to 0.6 indicates the Medium value in the Risk level field.
  • A score from 0.6 indicates the High value in the Risk level field.

Destination address connections

The detailed information on percentage of transactions/exchanges with particular connections is shown in the Destination address connections section. There are the signals indicating the source of funds of a particular transaction.

The following table illustrates the response types that can be provided in the results:

Signal nameDescription
ATMA cryptocurrency ATM operator.
Child exploitationAn organization which operates via darknets and is suspected of child abuse and exploitation.
Darknet marketplaceAn online marketplace which operates via darknets and is used for trading illegal products for cryptocurrency.
Darknet serviceAn organization which operates via darknets and offers illegal services for cryptocurrency.
Enforcement actionAn entity is subject to legal proceedings. Jurisdiction will be annotated as a subtype.
Exchange fraudulentExchange that was involved in illegal activity.
Exchange licensedAn organization that is licensed to provide exchange services.
Exchange unlicensedAn organization that is not licensed to provide exchange services.
Illegal serviceA resource offering illegal services or engaged in illegal activities.
Liquidity poolsSmart contracts where tokens are locked for the purpose of providing liquidity.
MarketplaceAn entity offering legal services/trading goods for cryptocurrency.
MinerAn organization which utilizes its computing power for mining cryptocurrency blocks.
Mixing serviceA service for mixing funds from different sources to make tracing them back harder or almost impossible. It is mostly used for money laundering.
P2P exchange licensedAn organization that is licensed to provide P2P exchange services.
P2P exchange unlicensedAn organization that is not licensed to provide P2P exchange services.
Payment processorA service which acts as an intermediary between customers and the company which provides services for making a payment.
Ransom extortionerExtortioners demand payment in the form of cryptocurrency.
SanctionsAn organization that is found in sanctions lists.
Seized assetsIf the crypto is seized by the government, the default Risk Score is 0%.
Stolen coinsEntities which have taken possession of someone else’s cryptocurrency by hacking.
Terrorism financingAn organization which operates via darknets and is involved in terrorism financing with cryptocurrency.
Online walletA service for storage and making payments with cryptocurrency.
OtherNone of the specified entities above. It may include a subtype.

Updated 3 days ago