About Crypto Monitoring

Deter fraud and money laundering at every step of the user journey.

The Crypto Monitoring solution is part of Sumsub's Transactions monitoring for screening crypto wallet addresses and determining the values in the context of its risk.

As a crypto monitoring business, you will be able to:

  • Protect your applicants from sending funds to hacked exchanges, darknet, and other risky sources.
  • Prevent money laundering and terrorist financing.
  • Comply with the regulator’s requirements.
  • Complement internal risk policies related to crypto.
  • Follow the Travel Rule FATF recommendations identifying risky wallet addresses or VASPs.

Crypto and Chainalysis rules

The Crypto rules are based on our natively integrated Crystal logic. They are intended to process transactions in crypto currencies and check the crypto currency exchanges.

The crypto rules can be customized for any of your business needs. All alerts with detailed explanations will be shown right in our Dashboard.

There are 4 pre-made rules in the Crypto bundle:

  • Crypto Monitoring (Crystal): New Screening
  • Crypto Monitoring (Crystal): Screening failed
  • Crypto Monitoring (Crystal): High Risk
  • Crypto Monitoring (Crystal): Privacy coin

The Chainalysis rules should be set up on your side in the Chainalysis dashboard. Then, we will get the signals from Chainalysis in accordance with the work of their system. To check out what exactly triggered an alert, you will need to navigate to the Chainalysis dashboard.

There are 3 pre-made rules in the Chainalysis bundle:

  • Crypto Monitoring (Chainalysis): New screening
  • Crypto Monitoring (Chainalysis): Alerts to review
  • Crypto Monitoring (Chainalysis): High Risk

Both of the pre-made rule bundles can be found in the Rules Library section.

Compliance with Travel Rule

The crypto transactions exceeding a specific threshold will be screened on the risks associated with criminal financial activities, as is required in the FATF Travel Rule recommendation.

The Sumsub Travel Rule solution can be seamlessly implemented since it perfectly works with the rest of the products belonging to the Sumsub ecosystem, such as, for example — Transactions monitoring.

How it works

With the Crypto Monitoring solution, we offer two options for conducting the checks:

  • Crypto monitoring via the Crystal provider (default) — our established partner that provides the information for estimating the risks of wallet addresses. All of the settings and results are available in our Dashboard.
  • Crypto monitoring via Chainalysis.

For monitoring crypto via Chaninalysis, you can also link your Chainalysis credentials, so the risk estimation process could include the alerts from this provider.

Once the transaction is initiated, it will be processed and accompanied with a report containing the following check results:

  • Transaction information
  • Transaction crypto info (transfer details and destination address connections)
  • Matched rules
  • Applicant information
  • Counterparty information
  • Events

For crypto, the Transaction crypto info details are the most determining for checking the risks associated with the wallet addresses.

📘

Note

This section is only visible for transactions monitored via Crystal. If you analyze your transactions by Chainalysis, you will need to go to the Chainalysis dashboard to see more details.

👍

Tip

Learn more on how to create Chainalysis crypto transactions.

Transfer details

In Transfer details, Sumsub shows the transaction address and estimates the risk level and risk score for a particular transaction. Both values are calculated by Crystal and show whether the transaction might be considered risky due to the different factors indicating connections with criminal activities.

The Risk level and Risk score values are shown as follows:

  • A score from 0 to 0.25 indicates the Low value in the Risk level field.
  • A score from 0.25 to 0.6 indicates the Medium value in the Risk level field.
  • A score from 0.6 indicates the High value in the Risk level field.

Destination address connections

The detailed information on percentage of transactions/exchanges with particular connections is shown in the Destination address connections section. There are the signals indicating the source of funds of a particular transaction.

The following table illustrates the response types that can be provided in the results:

Signal nameDescription
ATMA cryptocurrency ATM operator.
Child ExplorationAn organization which operates via darknets and is suspected of child abuse and exploitation.
Darknet MarketplaceAn online marketplace which operates via darknets and is used for trading illegal products for cryptocurrency.
Darknet ServiceAn organization which operates via darknets and offers illegal services for cryptocurrency.
Enforcement ActionAn entity is subject to legal proceedings. Jurisdiction will be annotated as a subtype.
Exchange FraudulentExchange that was involved in illegal activity.
Exchange LicensedAn organization that is licensed to provide exchange services.
Exchange UnlicensedAn organization that is not licensed to provide exchange services.
GamblingAn online resource offering gambling services using cryptocurrency.
Illegal ServiceA resource offering illegal services or engaged in illegal activities.
Liquidity PoolsSmart contracts where tokens are locked for the purpose of providing liquidity.
MarketplaceAn entity offering legal services/trading goods for cryptocurrency.
MinerAn organization which utilizes its computing power for mining cryptocurrency blocks.
Mixing ServiceA service for mixing funds from different sources to make tracing them back harder or almost impossible. It is mostly used for money laundering.
P2P Exchange LicensedAn organization that is licensed to provide P2P exchange services.
P2P Exchange UnlicensedAn organization that is not licensed to provide P2P exchange services.
Payment ProcessorA service which acts as an intermediary between customers and the company which provides services for making a payment.
Ransom ExtortionerExtortioners demand payment in the form of cryptocurrency.
SanctionsAn organization that is found in sanctions lists.
Seized AssetsIf the crypto is seized by the government, the default Risk Score is 0%.
Stolen CoinsEntities which have taken possession of someone else’s cryptocurrency by hacking.
Terrorism FinancingAn organization which operates via darknets and is involved in terrorism financing with cryptocurrency.
Online WalletA service for storage and making payments with cryptocurrency.
OtherNone of the specified entities above. It may include a subtype.

Set up rules for signals

For each signal, you can set up a custom rule that will be triggered accordingly.

For instance, to configure a rule for the scam signal:

  1. Add a condition with the following Field expression: preScoringContext.cryptoTxnInfo.signals.scam.
  2. Add a value and determine its relation. For instance, a value of the scam signal equals to 0.01 or 1 in percentage.

When done, the rule from the example will be triggered during crypto monitoring if there is a 1 % chance of exposure associated with organizations scamming their customers.

The scam attribute is selected for demonstration here, you can put any signal from the list that you need.

Get started

To start using Crypto Monitoring:

  1. Install the Crypto or Chainalysis rule bundles or create a custom rule.
  2. Test your setup to double-check if the rules work as expected.
  3. Submit transactions using any of the following methods:
  4. Handle monitoring results using the webhooks or Dashboard functionality.

📘

Note

When creating a custom rule for crypto, select the finance or travelRule transaction type.

To download the results in PDF, select a particular transaction in the Dashboard, click the kebab menu, and select Summary report.