Sumsub Crypto Monitoring solution screens cryptocurrency transactions and the counterparty wallets behind them, so you can assess risk and automatically act on suspicious activity — whether a transfer is still pending or already confirmed on-chain.

You can also screen individual wallets directly, for example at onboarding or as part of ongoing client due diligence. The solution combines blockchain analytics, entity attribution, and sanctions data from leading providers, and surfaces the outcome through ready-made rule bundles, the Dashboard, and the API.

Crypto Monitoring is built for any business that handles virtual assets — VASPs, exchanges, custodians, fintechs, banks, payment processors, OTC desks, and crypto-native platforms. It helps you protect users from exposure to illicit funds, meet AML requirements, sanctions, and Travel Rule obligations, and reduce manual compliance workload.

What you can screen

Crypto Monitoring runs in the context of a transaction your applicant is sending or receiving. Depending on the data available at the time, it operates in one or both of the following modes.

Wallet screening

Wallet screening assesses the risk of the counterparty wallet — the sender of an incoming deposit, or the receiver of an outgoing withdrawal — using the provider blockchain analytics and entity attribution data. It can run before the on-chain transfer takes place (pre-transaction), so you can decide whether to release funds, place the transaction on hold, or reject it.

Typical use cases include the following:

Counterparty due diligence before processing a deposit or withdrawal.
Travel Rule beneficiary screening.
Risk assessment of inbound and outbound counterparties.

📘
Note
Crypto Monitoring always screens the counterparty of a transaction. To screen an applicant's own wallet — for example, during onboarding or as an applicant action — you can use Payment Method Check Advanced, a separate service whose wallet risk screening capability is included with Crypto Monitoring.

Transaction screening

Transaction screening analyses a confirmed on-chain transaction — sender, receiver, transaction hash, asset, and amount — for transfer-level risk such as exposure to sanctioned entities, mixers, darknet markets, scams, ransomware, and stolen funds. Because it inspects an on-chain transfer, it requires a transaction hash and runs after the transaction has been broadcast.

Typical use cases include the following:

Post-transaction monitoring of confirmed transfers.
Exposure and source-of-funds analysis.
Transfer-level risk scoring for high-value or high-risk transfers.

📘
Note
Blockchain analytics providers index on-chain data with a small lag that varies by network. Submitting a transaction for screening immediately after confirmation may produce no result because the provider has not yet indexed the transfer.
Sumsub automatically retries failed screening requests with exponential backoff, but for transaction screening we recommend submitting transactions with a short delay — typically 1–2 minutes after on-chain confirmation — to give the provider time to index the transfer.

Supported providers

Sumsub integrates six blockchain analytics providers. You can enable one or several, depending on the coverage, integration model, and risk taxonomy that fit your programme.

Integration options include the following:

Managed — Sumsub provides the credentials. You do not need a separate contract with the provider, and no API key is required from your side. This is the fastest path to enable Crypto Monitoring.
Managed (dedicated workspace) — Available with Merkle Science. Sumsub provides the credentials, but you receive an isolated Merkle Compass workspace, so your screening data and case files are not shared with other Sumsub clients.
BYOK (Bring Your Own Key) — You hold a direct contract with the provider and supply your API key on the Sumsub Marketplace page. Use this when you already have a relationship with the provider or need billing to go through them directly.

In the table below you can find the full list of providers with their integration options. Refer to each provider page for prerequisites, the rule bundle, supported blockchains, and the risk taxonomy the provider uses.

Provider	Integration options	Wallet screening	Transaction screening
Crystal Intelligence	Managed, BYOK (bring-your-own-key).	✓	✓
Merkle Science	Managed, managed (dedicated workspace), BYOK.	✓	✓
Cyvers	Managed.	✓	—
TRM Labs	BYOK.	✓	✓
Elliptic	BYOK.	✓	✓
Chainalysis	BYOK.	✓	✓

How Crypto Monitoring works

Crypto Monitoring checks cryptocurrency transactions and wallet activity against risk indicators to help detect suspicious behavior and support compliance decisions. This process includes the following steps:

You submit a transaction. Through the API or the Dashboard, submit a transaction with the counterparty wallet address, the asset, and the amount. Include the transaction hash if the transfer has already been broadcast on-chain.
Sumsub screens it with the provider. Sumsub sends a screening request to the provider you have configured. With the counterparty wallet address alone, the provider returns wallet-level risk. With a transaction hash, it also returns transfer-level risk and exposure.
Rules evaluate the result. The provider's Crypto Monitoring rule bundle evaluates the returned risk indicators — risk score, risk level, and exposure to known entities — and assigns the outcome: continue, on hold, or rejected.
The outcome is attached to the transaction. Structured risk details and the rule decisions are stored on the transaction, ready for review in the Dashboard, the API, and reports.

Crypto Monitoring and Travel Rule

Crypto Monitoring is fully integrated with Sumsub Travel Rule solution. You do not need to submit a transaction twice — one submission triggers both flows.

When you create a Travel Rule transaction:

Wallet screening of the counterparty runs automatically. Where a transaction hash is provided, transaction screening of the on-chain transfer is performed in the same pass.
The originator and beneficiary information is exchanged with the counterparty VASP as the Travel Rule flow requires.
Crypto Monitoring rules execute in the same evaluation pass, so a high-risk counterparty or transaction is held or rejected before funds settle on-chain.

The result is a unified compliance flow — one submission, one transaction record, and a single decision point that covers both blockchain risk and Travel Rule compliance before funds move.

Enable Crypto Monitoring

Crypto Monitoring is a paid feature and is off by default. Enable it either by contacting your Customer Success Manager or by requesting it from the Marketplace page in the Dashboard.

Then follow the steps below to fully integrate Crypto Monitoring into your workflow.

Step 1: Provide API key (BYOK providers only)

On the Marketplace page, open the provider tile and paste your API key. Without a valid key, screening requests will fail.

Step 2: Install rules

To install the rule bundles, do the following:

In the Dashboard, navigate to the Rules Library.
Find your provider's Crypto Monitoring bundle and install the rules.

We recommend installing the full bundle for end-to-end coverage. The provider page lists the rules included in its bundle.

Step 3: Configure rules

Tune the rules to your policy. Submit a few test transactions and adjust the rule thresholds and actions to fit your risk appetite and the regulatory framework you operate under.

You can clone, edit, disable, or extend rules with custom conditions. For more instructions on how to manage rules, see this article.

Once the rules behave as expected, you are ready for production traffic.

Review results

For each screened transaction you can review the outcome in four ways:

Triggered rules. You can view the rules that fired and the actions they applied for each transaction in the Dashboard on the Transactions page — for example, High risk — transaction placed on hold. Use this for quick triage and case routing.
Provider widget in the Dashboard. Each provider renders a dedicated panel on the transaction page, with the risk score, risk level, risk signals, exposure breakdown, and counterparty attribution as the provider reports them.
API. Structured risk details from the provider are available on the transaction object under cryptoTxnInfo.<providerName> — for example cryptoTxnInfo.crystalMonitorData, cryptoTxnInfo.chainalysisMonitorData, cryptoTxnInfo.ellipticMonitorData, cryptoTxnInfo.trmLabsMonitorData, cryptoTxnInfo.merkleMonitorData.

Use this to ingest screening results into your own compliance system.
Transaction report. Download the standard PDF or CSV transaction report from the transaction page:
1. In the Dashboard on the Transactions page, open the transaction of your interest.
2. Click the three-dot menu in the upper right corner of the screen and select Summary report.
  Crypto Monitoring details are included alongside the rest of the transaction data.