Crypto monitoring

Deter fraud and money laundering at every step of the user journey.

The Crypto monitoring solution is part of Sumsub's Transactions monitoring for screening crypto wallet addresses and determining the values in the context of its risk.

As a crypto monitoring business, you will be able to:

  • Protect your applicants from sending funds to hacked exchanges, darknet, and other risky sources.
  • Prevent money laundering and terrorist financing.
  • Comply with the regulator’s requirements.
  • Complement internal risk policies related to crypto.
  • Follow the Travel Rule FATF recommendations identifying risky wallet addresses or VASPs.

Within the Crypto monitoring solution, Sumsub can offer two options of conducting the checks:

  • Crypto monitoring via the Crystal provider (default).
  • Crypto monitoring via Chaninalysis.

By default, crypto checks are done by Crystal — our established partner that provides the information for estimating the risks of wallet addresses. All of the settings and results are available in our Dashboard. For monitoring crypto via Chaninalysis, you can also link your Chainalysis credentials, so the risk estimation process could include the alerts from this provider.

Crypto and Chainalysis rules

The bundle of Crypto rules are based on our natively integrated Crystal logic. They are intended to process transactions in crypto currencies and check the crypto currency exchanges. The crypto rules can be customized for any of your business needs. All alerts with detailed explanations will be shown right in our Dashboard.

There are 4 pre-made rules in the Crypto bundle:

  • Check crypto txn for risks
  • Put transaction on hold on evaluation error
  • High risk score via 3rd party provider
  • Privacy coin

The Chainalysis rules should be set up on your side in the Chainalysis dashboard. Then, we will get the signals from Chainalysis in accordance with the work of their system. To check out what exactly triggered an alert, you willl need to navigate to the Chainalysis dashboard.

There are 3 pre-made rules in the Chainalysis bundle:

  • Chainalysis crypto txn check
  • Screen Chainalysis alerts
  • Risky transaction - Chainalysis source

Both of the pre-made rule bundles can be found in the Rules Library section:

  1. In the Dashboard, open Rules Library.
  2. In the Bundle name field, select Crypto or Chainalysis.

Compliance with Travel Rule

The crypto transactions exceeding a specific threshold will be screened on the risks associated with criminal financial activities, as is required in the FATF Travel Rule recommendation. The Sumsub Travel Rule solution can be seamlessly implemented since it perfectly works with the rest of the products belonging to the Sumsub ecosystem, such as, for example — Transactions monitoring.

How it works

Once the transaction is initiated, it will be processed and accompanied with a report containing the results. The results, in turn, show the following information on the crypto check:

  • Transaction information
  • Transaction crypto info (Transfer details and Destination address connections)
  • Matched rules
  • Applicant information
  • Counterparty information
  • Events

For crypto, the Transaction crypto info details are the most determining for checking the risks associated with the wallet addresses.



This section of results is only visible for transactions monitored via Crystal. If you analyze your transactions by Chainalysis, you will need to go to the Chainalysis dashboard to see more details.



Learn more on how to create Chainalysis crypto transactions.

Transfer details

In Transfer details, Sumsub shows the transaction address and estimates the risk level and risk score for a particular transaction. Both values are calculated by Crystal and show whether the transaction might be considered risky due to the different factors indicating connections with criminal activities. The Risk level and Risk score values are shown as follows:

  • A score from 0 to 0.25 indicates the Low value in the Risk level field.
  • A score from 0.25 to 0.6 indicates the Medium value in the Risk level field.
  • A score from 0.6 indicates the High value in the Risk level field.

Destination address connections

The detailed information on percentage of transactions/exchanges with particular connections is shown in the Destination address connections section. There are the signals indicating the source of funds of a particular transaction.

The following table illustrates the response types that can be provided in the results:

Signal nameDescription
ATMA cryptocurrency ATM operator.
Child ExplorationAn organization which operates via darknets and is suspected of child abuse and exploitation.
Darknet MarketplaceAn online marketplace which operates via darknets and is used for trading illegal products for cryptocurrency.
Darknet ServiceAn organization which operates via darknets and offers illegal services for cryptocurrency.
Enforcement ActionAn entity is subject to legal proceedings. Jurisdiction will be annotated as a subtype.
Exchange FraudulentExchange that was involved in illegal activity.
Exchange LicensedAn organization that is licensed to provide exchange services.
Exchange UnlicensedAn organization that is not licensed to provide exchange services.
GamblingAn online resource offering gambling services using cryptocurrency.
Illegal ServiceA resource offering illegal services or engaged in illegal activities.
Liquidity PoolsSmart contracts where tokens are locked for the purpose of providing liquidity.
MarketplaceAn entity offering legal services/trading goods for cryptocurrency.
MinerAn organization which utilizes its computing power for mining cryptocurrency blocks.
Mixing ServiceA service for mixing funds from different sources to make tracing them back harder or almost impossible. It is mostly used for money laundering.
P2P Exchange LicensedAn organization that is licensed to provide P2P exchange services.
P2P Exchange UnlicensedAn organization that is not licensed to provide P2P exchange services.
Payment ProcessorA service which acts as an intermediary between customers and the company which provides services for making a payment.
Ransom ExtortionerExtortioners demand payment in the form of cryptocurrency.
SanctionsAn organization that is found in sanctions lists.
Seized AssetsIf the crypto is seized by the government, the default Risk Score is 0%.
Stolen CoinsEntities which have taken possession of someone else’s cryptocurrency by hacking.
Terrorism FinancingAn organization which operates via darknets and is involved in terrorism financing with cryptocurrency.
Online WalletA service for storage and making payments with cryptocurrency.
OtherNone of the specified entities above. It may include a subtype.

Set up rules for signals

For each signal, you can set up a custom rule that will be triggered respectively. For instance, to configure a rule for the scam signal, you may need to go through the following steps:

  1. In the Dashboard, go to the Rules page and click Create rule.
  2. Give your rule a preferable name and optional description.
  3. Define rule triggers to match specific transaction types and sources.
  4. Set up rule actions to define how to treat transactions and applicants if the rule matches.
  5. Add a condition:
    • Select the Field option.
    • Configure the attributes as follows: preScoringContext.cryptoTxnInfo.signals.scam. The scam attribute is selected for demonstration here, you can put any signal from the list that you need.
    • Add a value and determine relation (for instance, a value of the scam signal equals 0.01 or 1 in percentage).
  6. Configure applicant actions.
  7. Save and test your rule.

When done, the rule from the example will be triggered during crypto monitoring if there is a 1 % chance of exposure associated with organizations scamming their customers.

Get started

To start using Crypto monitoring:

  1. Integrate with our API.
  2. Install bundles of rules (Crypto or Chainalysis) that are needed for your business processes or create a custom rule.
  3. Test your setup.
  4. Process transactions.
  5. Handle results.



When creating a custom rule for crypto, select the finance or travelRule transaction type.

Handle results

You can check out the crypto monitoring results and make a decision by the following means:

To download the results in PDF, select a particular transaction in the Dashboard, click the kebab menu, and select Summary report.