What should a crypto exchange's compliance officer see on the dashboard at 9 a.m.? That out of last night's 4,200 deposits, four sat three hops from a Tornado Cash withdrawal, two touched a Lazarus Group-attributed cluster, and one fell into the same cluster as an OFAC SDN-listed address. That is what blockchain AML actually is — far beyond list lookups, a real-time on-chain intelligence layer. This guide walks an exchange, custodian, or crypto-accepting payments provider through standing up that layer from scratch: which signals genuinely carry risk, how clustering heuristics work, what hop-distance analysis tells you, and how to integrate the whole flow without breaking the operations team's day.
Why blockchain AML is different from traditional AML
In traditional AML a bank gets the "from-to" information of a transfer from SWIFT, IBAN, or a similar centralized system. Sanctions screening is static: names, IDs, and jurisdictions of parties are known, and you query the list. In a crypto deposit there are three fundamental differences:
1. Pseudonymity. An address is bound to a cryptographic keypair, not to an identity. The blockchain does not tell you who is behind a wallet. Building that identity requires clustering heuristics and attribution databases.
2. Historical transparency. At a bank, you would see less than 0.01% of a customer's prior-year transfers. On Bitcoin or Ethereum, every transfer is open back to 2009/2015. You can find which mixer a depositing wallet entered 18 months ago, which darknet vendor it bought from.
3. Programmable money. DeFi, atomic swaps, cross-chain bridges and flash loans create topologies traditional payment rails were never designed to model. A wallet can cross four chains, two DEXes and a bridge in three seconds.
Because of these three differences, blockchain AML is not a replacement for the list-based approach we cover in our AML screening guide — it sits on top of it. List screening remains relevant (OFAC SDN has carried hundreds of crypto addresses since 2022), but the real work is cluster attribution and behavioral signal.
Architecture: four layers
A pragmatic blockchain AML stack has four layers. You can buy them from one provider, or build them in-house piece by piece — for most exchanges, the in-house path is a 12-18 month engineering investment and rarely pencils out.
Layer 1: Address normalization and cluster lookup
Every incoming address is first normalized: Bitcoin checksum verification, mapping segwit/legacy/taproot formats to a canonical representation, EIP-55 checksumming on EVM chains, base58 validation for Solana. Then a cluster lookup runs: is this address part of a known cluster? If a cluster ID comes back — for instance "Binance hot wallet 12", "Hydra Market vendor cluster", "OFAC SDN-listed Lazarus cluster 3" — risk evaluation is performed at cluster level rather than address level.
Clustering heuristics rest on two foundations:
- Common-input ownership: On Bitcoin, when a transaction has multiple inputs, the same wallet/owner typically signed them all (with notable exceptions like Schnorr/PayJoin).
- Change-address detection: When one of the outputs is "leftover change" returning to the sender, that address usually belongs to the sender's cluster. Modern heuristics infer change from a combination of amount, output ordering, script type, and subsequent spend behavior.
Common-input does not apply on EVM chains; EVM clustering is therefore built more on behavioral footprints, contract-deployer matching, and cross-chain bridge in/out pairing.
Layer 2: Risk-signal categorization
Once a cluster is identified, the system checks for pre-loaded risk labels. The industry-standard taxonomy has eight major categories:
- Sanctions — wallets appearing on or connected to OFAC SDN, UN, EU, and UK sanctions lists
- Mixer / tumbler — Tornado Cash (added to OFAC SDN August 2022), Wasabi/Samourai, ChipMixer (taken down in a coordinated German/US action March 2023), and similar privacy-tool outflows
- Darknet market — Hydra (seized by German authorities April 2022), AlphaBay v2, Genesis Market, ASAP Market, etc.
- Ransomware — Conti, LockBit, Hive, ALPHV/BlackCat, Cl0p payment addresses and their cash-out clusters
- Scam / fraud — rug pull token contracts, romance-scam shared addresses, pig-butchering deposit wallets
- Stolen funds — hack outflows (Lazarus Group-attributed activity especially), exchange exploit drainings
- Gambling — unlicensed gambling sites (licensed operators are low-to-moderate risk; filter by jurisdiction)
- Child sexual abuse material (CSAM) — wallets known to collect CSAM donations; in this category, auto-decline regardless of hop distance is typical
The distinction between direct match (the depositing wallet itself is labeled) and indirect exposure (one hop away, or further) sits at the heart of the architecture. We handle that in the next layer.
Layer 3: Hop-distance and exposure analysis
A depositing wallet may look clean on its own — but might have left a mixer 24 hours ago and reached the exchange two hops later. A healthy system runs forward and reverse hop traces for every incoming wallet, typically to 5-10 hop depth.
A practical exposure-aggregation rule of thumb:
| Distance | Sanctions / CSAM | Mixer / darknet | Scam / fraud | Ransomware |
|---|---|---|---|---|
| 0 hops (direct) | Auto-decline + SAR | Auto-decline + SAR | Manual review | Auto-decline + SAR |
| 1 hop | Auto-decline | Manual review (high) | Manual review | Manual review (high) |
| 2 hops | Manual review (high) | Manual review | Monitor | Manual review |
| 3+ hops | Manual review | Monitor | Pass | Monitor |
This table is a starting point; every operator calibrates it to their risk appetite and regulator expectations. In the EU under MiCA and TFR, supervisors expect documented thresholds and consistent application — undocumented "analyst discretion" raises audit findings.
Computing exposure %: If 0.4 ETH of an incoming 10 ETH came from a Tornado Cash outflow two hops back, exposure is 4%. A pragmatic threshold: any single risky category over 10% exposure → manual review; over 30% → auto-decline. These are value-weighted percentages, not transaction-count percentages.
Layer 4: Decision and audit log
The final layer is arguably the most critical — in a regulator investigation, the maturity of your audit trail is the only thing that proves the rest of the stack existed. Minimum fields to record for every screening decision:
screening_id(immutable UUID)timestamp(UTC, millisecond)address(normalized)cluster_idandcluster_namerisk_categories(labels)direct_match_flag(bool)exposure_percentandexposure_breakdown(per category)hop_distance_min(nearest risky touch)final_score(0-100)decision(auto_clear/manual_review/auto_decline)decision_threshold_version(threshold-policy version)analyst_id(if manual decision)analyst_notes(if manual decision)data_provider_response_raw(provider API response; integrity hash)
Logs must be retained 8-10 years from screening (typical EU AMLD6/MiCA-aligned guidance; US BSA standard is 5 years for most records). Retention format must be immutable append-only — S3 Object Lock, Azure Blob Storage immutability policy, or any WORM (Write Once, Read Many) configuration.
A practical screening flow: how a deposit gets processed
When a user deposits 0.5 BTC to an exchange account, here is what actually happens at a serious operator:
- A mempool listener picks up the broadcast transaction before block confirmation. Screening starts before the first confirmation — this is the pre-trade screening pass.
- The depositing address is normalized; cluster lookup runs (~50-150 ms).
- If the cluster is a known exchange (e.g. another tier-1 exchange's hot wallet), it is flagged low risk and the user is told the deposit is on the way.
- If the cluster is unknown or unlabeled, hop trace fires (5-10 hop depth, ~500 ms - 2 s).
- Exposure is computed, threshold policy executes, decision returns.
- As block confirmations accumulate (6 for BTC, 12-32 for ETH), a post-trade re-screen runs — important, because sometimes between pre-trade and post-trade a 1-2 hop neighbor picks up a new risky label, and the wallet is retroactively repromoted to high risk.
- If decision is
auto_clear, deposit credits to user balance.manual_reviewholds the deposit pending review (typical 4-24 hour SLA).auto_declineeither returns the funds or, on regulator direction, freezes them and triggers a SAR (suspicious activity report).
We walk through this end-to-end implementation in our how to screen a crypto wallet article.
The withdrawal side: counterparty risk
Outbound transfers from the exchange are also screened — because a user might deposit clean funds and withdraw to a known scam-collector, a mixer, or a sanctioned address. Withdrawal screening adds three things:
- Counterparty (destination) cluster screening — same signals as deposit, reversed.
- User behavioral profile — what kinds of destinations does this user normally withdraw to? A sudden new destination + high value = atypical-pattern signal.
- Travel Rule obligation — if the destination is another VASP, FATF Travel Rule requires originator/beneficiary info to be transmitted. Our FATF Travel Rule guide and Travel Rule integration walkthrough cover the technical detail.
Getting the withdrawal side wrong is more costly than the deposit side: "you sent funds to a sanctioned address" is a much more concrete regulator finding than "you accepted funds tainted by sanctions exposure".
Where clustering heuristics break
Clustering heuristics are probabilistic, not deterministic. Three common failure modes:
1. CoinJoin / PayJoin misclustering. Wasabi/Samourai-style CoinJoins combine multiple users' funds into a single transaction; naive common-input heuristics would assign all to one cluster — wrong. Modern systems recognize CoinJoin signatures and refuse to merge.
2. Custodial vs non-custodial misclassification. An exchange hot wallet covers millions of users; labeling that cluster "high risk" because one customer is dirty would be a serious error. Tier-1 exchange clusters are explicitly allow-listed.
3. EVM contract ownership. A DeFi protocol pool wallet represents thousands of users; a sanctioned address depositing into the pool does not taint the entire pool. Exposure for contract addresses follows different rules.
Our DEX and DeFi AML framework article explores this and explains why protocol-level AML remains an unsolved problem.
Picking a data provider: an evaluation matrix
Standing up your own attribution database from zero is not viable; five or six major data providers dominate the space. Selection criteria:
- Label coverage: Which chains, how many categories, labeled-wallet count, last-update freshness.
- Label quality: False-positive rate (test on your own sample set), category clarity (any vague "high risk" buckets?), attribution source disclosure.
- API latency and uptime: Your screening flow's typical SLA is <500 ms p99 — can the provider commit to it?
- Audit and compliance acceptance: Can the provider's reports be submitted as evidence to your regulator? Certifications (SOC 2, ISO 27001)?
- Data residency and language support: For EU operators, is data stored within the EEA? For non-English regulators, can the provider respond to information requests in the right language?
- Pricing model: Per-screening, MAU-based, custom enterprise? How does unit cost behave as volume grows?
A practical recommendation: single-provider lock-in is fragile. A two-provider architecture (primary + fallback) protects against both latency outages and label gaps.
Frequently Asked Questions
What changed after the Tornado Cash sanctions?
OFAC added Tornado Cash protocol contracts and related ETH/USDC addresses to the SDN list on 8 August 2022. This prohibited US persons (and, under broad interpretation, US-connected financial institutions globally) from interacting with Tornado Cash. Practical consequence: no serious exchange accepts direct Tornado Cash outflows, and even 1-2 hop exposure typically goes to manual review. In September 2024 a US appellate court issued a ruling questioning OFAC's authority to sanction smart contracts as "property", but Treasury did not delist — the operational sanctions status holds. Operators should continue treating Tornado Cash as a high-risk label.
Who bears liability when clustering heuristics are wrong?
Provider contracts almost always disclaim this to the operator — "data is provided as-is". In practice, regulators do not test you on cluster accuracy; they test you on decision-process reasonableness: which signals were consulted, which thresholds applied, how manual review was conducted. Even when cluster data turns out wrong, a defensible due-diligence process holds up. That is why audit log quality is a more critical defense layer than cluster data quality.
Is a mixer outflow always illicit?
No. Privacy tools have legitimate uses (journalists, activists, institutional treasury privacy). But from an operator's perspective, disambiguating legitimate from illicit mixer use is technically impossible — by design, the legitimate user's funds are commingled with the illicit user's. So most operators take a risk-appetite stance: flag mixer outflows as high risk and either auto-decline or manual review. The CSAM and sanctions categories admit no debate; for mixer the debate is about threshold policy, not whether to screen.
How do cross-chain bridges break the screening flow?
When a wallet bridges from ETH to BNB Chain, the source and destination addresses differ; a naive system does not see the prior chain history. Robust bridge tracking requires a provider that (a) recognizes major bridges' (Wormhole, LayerZero, Stargate, Across, etc.) wrapping transactions, (b) pairs source and destination addresses, and (c) adds the linkage as edges in the cluster graph. Bridge-tracking maturity is one of the highest-differential criteria when comparing providers.
What is the minimum compliance posture for a new exchange launching today?
OFAC + UN + EU + UK sanctions list screening on every deposit and withdrawal; on-chain risk scoring with documented thresholds for the eight major risk categories; manual review queue with documented SLA; immutable audit log with 8-10 year retention; FATF Travel Rule capability for transfers to other VASPs; and a written compliance policy approved by a named MLRO (or local equivalent). Without these, you cannot pass a regulator examination — and increasingly, you cannot pass a banking-partner due diligence either.
How Legichain helps
Legichain's blockchain AML stack wraps the four layers in this guide into a single API: address normalization and cluster lookup on 12+ chains, continuously updated label database covering the eight risk categories, configurable hop-distance and exposure threshold engine, and immutable audit logging. Travel Rule integration sits next to it under MiCA/TFR for EU operators and FATF guidance for international exchanges. If you have an existing screening provider, Legichain deploys cleanly as a fallback/secondary so you can run dual-source comparison before any cutover — contracted pilots typically reach production within 4-6 weeks.
Next steps
- How to screen a crypto wallet: on-chain risk signals — end-to-end screening flow, code, decisions
- Mixer, tumbler and darknet AML signals — privacy-tool anatomy and risk interpretation
- DEX and DeFi AML framework — protocol-level vs front-end-level controls
- Crypto exchange wallet screening: pre-trade vs post-trade — exchange operator BOFU use case
- AML screening complete guide — traditional AML fundamentals