Being blacklisted is the obvious risk, but compliance teams look at something subtler: proximity. If your address is connected through fund flows to an entity that was later blacklisted—even through intermediaries—that connection creates a traceable risk signal. Here's how it works.
What is proximity?
Proximity measures how many transaction hops separate your address from a blacklisted entity. Think of it as tracing how funds connect through the blockchain:
In this example, the investigated address is 3 hops away from the blacklisted entity. Funds flowed outward from the address, through two intermediaries, and reached an address that is blacklisted. This chain of transfers is what creates the compliance risk.
Why direction matters
Not all blockchain connections carry the same compliance weight. The direction funds flow between your address and a blacklisted entity significantly changes the risk profile:
Outgoing funds (higher risk)
If you sent funds that ultimately reached a blacklisted address, this suggests your address may have been used to move value toward an illicit actor—whether intentionally or through intermediaries. Compliance teams weigh outgoing flows more heavily because the sender initiated the transfer.
Incoming funds (lower controllability)
If a blacklisted address sent funds that reached you, the connection may be outside your control. Anyone can send tokens to any address on a public blockchain. While incoming exposure is still flagged, it typically carries less compliance weight because the recipient did not initiate the transaction.
Counting hops
Hops are counted by following the flow of funds from the investigated address through the transaction graph:
0 Hops (Direct)
Your address IS the blacklisted address. Funds are frozen.
1 Hop
You sent funds directly to a blacklisted address.
2 Hops
You sent funds to someone who then sent to a blacklisted address.
3+ Hops
Multiple intermediaries between you and the blacklisted address.
Risk levels by proximity
Different hop counts carry different risk profiles:
| Proximity | Risk Level | Typical Response |
|---|---|---|
| 0 Hops | Critical | Funds frozen. Cannot transfer. Potential legal investigation. |
| 1 Hop | High | Exchange account holds. Enhanced due diligence. Possible SAR filing. |
| 2 Hops | Medium | Flagged for review. May require source of funds documentation. |
| 3+ Hops | Low | Generally acceptable. Some conservative platforms may still flag. |
Amount matters too
Sending $10 to a 1-hop-away address is different from sending $100,000. Most compliance systems consider both proximity AND amount when assessing risk. A small incidental transfer may be noted; a large one triggers investigation.
Why compliance teams care
Proximity analysis exists because criminals try to obscure fund origins by moving tokens through multiple wallets. By analyzing transaction proximity, compliance teams can:
Trace fund flows
Follow where funds went after leaving an address, even through multiple transfers.
Identify intermediaries
Find addresses that may be knowingly helping launder funds through mixing services or nested exchanges.
Protect platforms
Exchanges must demonstrate they're not facilitating the movement of illicit funds, even indirectly.
Regulatory compliance
AML regulations increasingly require looking beyond direct transactions to assess exposure.
Protecting yourself
You can't always know who you're transacting with, but you can reduce risk:
Screen counterparties before transacting
Before sending large payments, check the recipient's address for blacklist status and proximity. If they're already close to blacklisted funds, sending to them creates a traceable link from your address.
Use fresh addresses for unknown counterparties
Keep your main holdings in addresses that only transact with known, trusted parties. Use separate addresses for peer-to-peer trades or new business relationships.
Document your transactions
Keep records of who you transacted with and why. If flagged by an exchange, documentation proving legitimate business purpose helps resolve issues.
Monitor ongoing exposure
Addresses can be blacklisted retroactively. Set up monitoring to alert you if any of your past counterparties become blacklisted—your proximity score changes when they do.
Key takeaways
Frequently asked questions
What is blacklist proximity in crypto?
Blacklist proximity measures the number of transaction hops between a cryptocurrency address and a blacklisted entity. One hop means a direct transfer; two hops means one intermediary address sits between them. The fewer the hops, the stronger the compliance risk signal.
How many hops from a blacklisted address is considered risky?
One hop (a direct transaction) is considered high risk and typically triggers exchange account holds, enhanced due diligence, and possible SAR filings. Two hops is medium risk and may require source-of-funds documentation. At three or more hops, risk is generally low, though some conservative platforms may still flag the connection.
Can my proximity score change after a transaction?
Yes. Proximity scores update retroactively. If an address you previously transacted with gets blacklisted, your proximity to that newly blacklisted entity is immediately established. This is why ongoing monitoring matters—past transactions can create new risk signals.
Does receiving funds from a blacklisted address affect my risk score?
It can, but direction matters. Receiving unsolicited funds from a blacklisted address is typically weighted less heavily than sending funds toward one, because the recipient did not initiate the transfer. However, the connection is still recorded and may be flagged during compliance reviews.