Intermediate
Blacklist Proximity Explained
What does it mean to be "1 hop" from a blacklisted address? Learn how proximity analysis works and why indirect connections matter for compliance.
Crypto Wallet Risk Assessment
Measure the full evidence-backed risk posture of any crypto wallet. Eagle Virtual's graph-based risk assessment analyzes billions of on-chain transfers to quantify exposure to blacklisted, frozen, sanctioned, and mixer-related addresses across multiple chains for USDT, USDC, EURC, EURe, agEUR, BRZ, and other tracked assets.
35.0B+
Transfers Indexed
41+
Tokens Monitored
Sub-second
API Response Time
How Graph-Based Risk Scoring Works
Traditional wallet screening checks an address against a static list. If the address isn't on the list, it's considered clean. This approach misses the vast majority of risk. Criminal actors rarely use sanctioned addresses directly. Instead, they move funds through intermediary wallets, mixers, and DeFi protocols to distance themselves from enforcement events.
Eagle Virtual takes a fundamentally different approach. We build a complete directed graph of all on-chain transfers across every supported blockchain. This graph contains over 35.0B+ edges, representing every token transfer between addresses. When you query an address, our system traverses this graph to find the shortest path to any blacklisted, frozen, or sanctioned address.
The result is a multidimensional risk assessment. A wallet that is 1 hop from a blacklisted address (meaning it received funds directly from a frozen account) carries significantly more risk than a wallet that is 5 hops away, but hop distance is only one factor. Our scoring model also accounts for direct status, chronology validation, materiality, typology, concentration, coverage freshness, the type of enforcement event (issuer blacklist, government sanction, law enforcement freeze), and the chain and token involved.
Because the graph is continuously updated as new blocks are indexed, risk assessments reflect the current state of the blockchain. If a counterparty you transacted with last month gets blacklisted today, your risk assessment updates retroactively to reflect that new proximity.
Key Capabilities
Multi-Chain Graph Traversal
Risk scoring spans all supported blockchains with a unified identity model. The same Ethereum address on Polygon, Arbitrum, Base, and Optimism shares a single risk profile. Funds moving across chains via bridges are tracked, so risk doesn't disappear when assets hop between L1 and L2 networks. This cross-chain visibility is essential as multi-chain activity becomes the norm.
Real-Time Risk Propagation
When a new blacklist event is detected on-chain, risk assessments propagate through the transaction graph automatically. This is not a nightly batch process. Our system continuously indexes new blocks and recomputes affected screening and final-risk records, ensuring that the risk result you receive reflects the latest enforcement actions within minutes of their on-chain confirmation.
Transparent Factor Ladder
Our scoring model is transparent and auditable. Rather than producing an opaque "risk number," we report the exact hop distance between a wallet and the nearest enforcement event, then show how direct status, chronology, materiality, coverage, and evidence quality move the final band. Compliance teams can see the chain of transfers and the reasons behind the final disposition.
REST API Integration
Integrate risk scoring into your existing compliance workflow with a single API call. The /v1/risk/check endpoint
accepts any blockchain address and returns the risk band, confidence band, validated proximity, enforcement event details, and the chain of custody.
Batch endpoints support screening hundreds of addresses per request for high-volume operations like exchange onboarding or
portfolio-wide audits.
How We Measure Risk
Eagle Virtual uses a transparent factor ladder, not a black-box score. Every address gets a risk band (Critical, High, Moderate, Low, Minimal, or Unsupported) based on direct status, validated exposure, and evidence strength. A separate confidence band (Confirmed, Strong, Moderate, Weak, or Insufficient Evidence) tells you how much to trust the result. High severity with weak confidence is shown as high concern with limited certainty — not as a false-precision conclusion.
Direct Status Triggers
Active OFAC sanctions match → Critical. Active issuer freeze/blacklist → High (may rise to Critical). These override all other factors.
Validated Exposure
Proximity is measured with chronology validation. A path only counts if funds actually moved in that time order — not just because a graph connection exists.
Coverage Honesty
If coverage is unsupported, the risk band is Unsupported — never Minimal or Low. You always know what the analysis actually covers.
Who Uses Wallet Risk Scoring
Exchanges and OTC desks use risk scoring during customer onboarding and withdrawal processing. Before allowing a deposit, they screen the sending address to check for validated proximity to frozen funds and direct status hits. Before processing a withdrawal, they verify the destination hasn't received tainted assets. This pre-transaction screening catches risk that simple list-based checks miss.
DeFi protocols and DAOs integrate risk scoring to protect their liquidity pools. When large deposits flow in from addresses close to blacklisted funds, automated rules can flag or hold the transaction pending review. This protects protocol participants from inadvertently co-mingling funds with sanctioned activity.
Compliance teams and investigators use risk scoring as part of their AML program. Rather than manually tracing transactions through block explorers, they get an instant risk assessment backed by a complete transaction graph. The multidimensional model provides defensible evidence for regulatory filings and suspicious activity reports, especially when reviewing euro-denominated assets such as EURC, EURe, and agEUR or Brazil-focused stablecoin activity such as BRZ.
Learn More
Advanced
Compliance 101 for Crypto Businesses
A practical guide for exchanges, DeFi protocols, and OTC desks on implementing blacklist monitoring, transaction screening, and risk policies.
Frequently Asked Questions
How does crypto wallet risk scoring work?
Crypto wallet risk scoring works by analyzing the on-chain transaction graph to determine how many hops (transfers) separate a wallet from known sanctions, blacklist, freeze, and mixer risk sources. Eagle Virtual builds a directed graph of all transfers across multiple chains and computes the shortest validated path between any wallet and those enforcement events. Proximity matters, but the final risk band also reflects direct status, chronology, materiality, coverage, and evidence strength.
What blockchains does Eagle Virtual support for risk scoring?
Eagle Virtual supports risk scoring across supported chains today. Risk assessments are computed using a unified identity model where the same address on multiple EVM chains shares a single risk profile, ensuring consistent scoring regardless of which chain a transaction occurs on.
How often are wallet risk scores updated?
Risk assessments are updated continuously as new blockchain data is indexed. When a new blacklist or freeze event is detected on-chain, the affected screening and final-risk states propagate through the transaction graph automatically. This means a wallet's risk assessment can change retroactively if a counterparty it previously transacted with becomes blacklisted.
Can I integrate wallet risk scoring into my application via API?
Yes. Eagle Virtual provides a REST API that returns risk assessments for any wallet address. A single API call returns the risk band, confidence band, validated hop distance, direct-status flags, the chain and token involved, and additional context about the enforcement event. The API supports both individual lookups and batch screening for high-volume workflows.
Start scoring wallet risk today
Check any address across multiple chains. See the risk band, confidence, validated hop distance, and the path connecting your counterparty to enforcement events across USDT, USDC, EURC, EURe, agEUR, BRZ, and other tracked assets.