7 min read

Wallet Screening and KYT: A Practical Guide to Crypto AML Compliance

What wallet and transaction screening actually does, how KYT differs from KYC, what risk scoring really measures, and how to screen deposits without freezing your legitimate users.

Wallet ScreeningKYTCrypto AML

You can run perfect KYC and still take in tainted money. KYC verifies an identity at signup; it says nothing about where the funds that arrive three months later actually came from. Closing that gap is the entire point of wallet and transaction screening — and getting it wrong in either direction is expensive.

KYT is not KYC

KYC (Know Your Customer)answers "who is this person." KYT (Know Your Transaction)answers "where did this money come from, and where is it going." A fully verified user can still deposit funds two hops from a sanctioned entity. KYC will not catch that. KYT is designed to.

What screening actually checks

A screen is not a yes/no lookup against one blacklist. A useful screen evaluates an address along several independent axes:

  • Sanctions exposure. Direct and indirect links to OFAC, EU, and UN designated addresses — including funds that touched them several hops back.
  • Illicit-source proximity. Distance from known hacks, ransomware, darknet markets, and fraud clusters.
  • Obfuscation behavior. Exposure to mixers, privacy protocols, and bridge patterns consistent with laundering rather than ordinary use.
  • Counterparty risk. Whether funds came through high-risk exchanges, unhosted-wallet chains, or sanctioned jurisdictions.
  • Behavioral anomalies. Structuring, rapid pass-through, and patterns that do not match a real user.

What a risk score does and does not mean

A risk score is a prioritization signal, not a verdict. A 0.9 means "a human should look at this before funds move," not "this person is a criminal." Treating the score as a binary is how compliant platforms end up freezing legitimate users — which is its own form of failure.

The two ways screening fails: letting illicit funds in (regulatory and reputational damage) and blocking clean users (churn and support load). A program tuned for only one of these is misconfigured. Both error rates are the metric.

Real-time, not retrospective

Screening a deposit a day later tells you that you already have a problem. The value is at the decision point — before credit, before a withdrawal clears. That means low-latency scoring on incoming transactions and continuous monitoring of addresses whose risk can change after they are first seen. This is how our wallet & transaction screening is designed to operate: at the moment the decision is made, not in a report afterwards.

Who actually needs this

  • Exchanges and on/off-ramps — non-negotiable.
  • DeFi front-ends and platforms with regulatory exposure or institutional users.
  • OTC desks, payment processors, and treasuries accepting third-party deposits.
  • Any protocol that wants to demonstrate good-faith AML controls if it is ever questioned.

Screening is one layer, not the whole wall

Screening keeps known-bad value out. It does not make your contracts safe — that is what a smart contract audit is for — and it does not help once funds are already gone, which is when on-chain investigation takes over. The teams that lose the least treat all three as one program rather than three vendors.

Need deposit screening that blocks illicit flows without punishing real users? Talk to us about KYT →

Keep reading

How Stolen Crypto Is Traced On-Chain — and When Recovery Is Actually Possible

After an exploit, the chain is both the crime scene and the evidence — it never forgets. Here's how stolen funds are actually traced, where the trail goes cold, and the narrow window where recovery is realistic.

Smart Contract Audit Checklist: What a Real Security Audit Covers in 2026

Most exploited protocols had an "audit." The difference between a report that protects you and a PDF that doesn't comes down to what was actually inspected. Here's the checklist we work through on every engagement.