Methodology
How WalletDNA scores wallets.
Documented, not magic.
A risk score is only useful if you can defend it. This page documents the confidence tiers, score components, data sources per chain, refresh cadence, and known limitations behind every WalletDNA report.
Confidence tiers
Every wallet attribution is labeled with one of four confidence tiers. The tier describes how much corroborating evidence supports the entity label — not how risky the wallet is.
VERIFIED
Direct on-chain proof or first-party attestation.
Examples: OFAC / EU / UK / UN sanctions list match by address; signed Proof-of-Reserves commitment from the exchange; smart-contract owner is a publicly known multisig.
HIGH
Match in two or more independent reputable sources, or a strong primary signal.
Examples: Address appears in multiple independent attribution databases; verified contract bytecode matches a known protocol deployment.
MEDIUM
Identified from a single third-party data source.
Examples: Entity label from a chain-specific explorer (e.g. XRPSCAN), Blockchair address tag, or community-curated dataset.
LOW
Heuristic or behavioral inference only — no external attribution.
Examples: Wallet age, balance tier, transaction pattern (CoinJoin, mixer proximity), or hop distance to a known entity.
Score components
Scores are produced from a baseline of 5 plus the signed contributions below, clamped to the 0–100 range. Every report shows the full breakdown — there are no hidden factors.
| Component | Contribution |
|---|---|
Entity type Known threat actors and mixers contribute the largest entity-driven adders. Generic protocol contracts add a small amount; known exchanges receive a small deduction. | −4 to +65 |
Sanctions list match An address matched against OFAC SDN, EU, UK, or UN sanctions lists triggers a score floor — the final score will not fall below the floor regardless of other signals. The jurisdiction(s) that matched are surfaced in the breakdown. | Floor at 82 |
Counterparty exposure Percentage of inbound/outbound volume that touches sanctioned, high-risk, or verified-exchange counterparties. Computed from the full counterparty graph (hop-cache analysis), not a rolling transaction sample — so the figure is stable across re-analyses. | −5 to +45 |
Behavioral signals Mixer proximity (Tornado Cash, Railgun), CoinJoin pattern, unverified contract code, wallet age, balance tier, and direct exchange transactions each contribute small adjustments. | −8 to +25 per signal |
Attribution confidence Higher attribution confidence reduces noise in the score; an unattributed wallet with low confidence carries a small upward adjustment. | −12 to +6 |
Score bands: LOW (0–20) · MODERATE (21–40) · ELEVATED (41–60) · HIGH (61–80) · CRITICAL (81–100).
Data sources per chain
WalletDNA supports 18 chains. Each chain uses native RPC or a primary indexer for on-chain data, plus chain-specific attribution sources. Sanctions screening (OFAC, EU, UK, UN) is applied uniformly across all chains.
| Chain | Primary data | Attribution |
|---|---|---|
| Bitcoin (BTC) | Blockchair, Mempool.space | Curated address tags, CoinJoin pattern detection |
| Ethereum (ETH) | Etherscan, native RPC | Curated DEX / bridge / mixer contracts, Etherscan public labels |
| Solana (SOL) | Helius, Solscan | Solscan public labels, curated program list |
| XRP Ledger (XRP) | XRPSCAN, XRPL public node | XRPSCAN verified account tags |
| TRON (TRX) | TronGrid, TronScan | TronScan address tags |
| Litecoin (LTC) | Blockchair | Curated exchange wallets |
| EVM L2s & sidechains | Native RPC + Blockscout (BASE, ARB, OP, AVAX, BNB, MATIC) | Shared curated registry of bridges, routers, and exchange deposit wallets |
| Cosmos ecosystem | Mintscan, public RPC (ATOM, XLM) | Validator and IBC channel registry |
| ADA / DOT / TON / SUI | Native explorers and indexers | Public address tags from chain-specific explorers |
Refresh cadence
On-demand analysis
Triggered every time a wallet is submitted. Counterparty exposure is recomputed from the current graph.
Monitored wallets
Re-checked daily by cron. Material changes trigger alerts to the watcher.
Sanctions lists
OFAC SDN, EU, UK, and UN consolidated lists are refreshed daily from official sources.
Attribution data
Chain-specific explorers and curated registries are refreshed at varying cadences; high-traffic entities are prioritized.
Known limitations
- •MEDIUM-confidence attributions inherit upstream errors. If a third-party explorer mislabels an address, our MEDIUM-tier label inherits the error until a second source contradicts it.
- •Counterparty exposure has a finite hop depth. Very distant interactions may not be reflected in the exposure breakdown.
- •Brand-new addresses are scored on heuristics only. Without transaction history, attribution and behavioral signals are limited; expect LOW confidence and a near-baseline score.
- •Off-chain context is not captured. WalletDNA scores on-chain signals; legal filings, internal KYC, and off-chain intelligence remain the responsibility of your compliance workflow.
Frequently asked
Why is a confidence level only MEDIUM when the entity is named (e.g., Crypto.com)?
MEDIUM means the entity name comes from a single third-party data source — typically a chain-specific explorer like XRPSCAN. The label is generally accurate, but we haven't cross-verified it against a second independent source or against a signed first-party attestation. A match in two or more independent sources promotes the wallet to HIGH; a signed PoR commitment or sanctions list match promotes it to VERIFIED.
How often is data refreshed?
Wallet analyses are computed on demand and cached briefly to keep responses fast. Monitored wallets (Pro plan and above) are re-checked daily by our cron and trigger alerts on material changes. Sanctions lists are refreshed daily from official sources. Counterparty exposure is recomputed whenever a wallet is re-analyzed.
Can I appeal a label or risk score?
Yes. Email support and we will investigate. If we agree the attribution is wrong, the correction is applied across the platform — not just to the report you filed against. We treat attribution errors seriously because every customer is downstream of them.
What are the known limitations?
Three to be aware of: (1) MEDIUM-confidence attributions inherit any errors in the upstream data source. (2) Counterparty exposure is computed against a finite hop depth; very distant interactions may not be reflected. (3) Brand-new addresses with no transaction history can only be scored on heuristics until they have on-chain activity to analyze.
Why does WalletDNA publish its methodology?
Risk scores are only useful if you understand what they measure. We publish how scores are produced, what each confidence tier means, and where the data comes from so that compliance teams can defend the figures in their workflows — to auditors, regulators, or internal review committees.
Try it on a real wallet
Every report shows the full score breakdown, the confidence tier, and the sources behind every label. No black boxes.
Analyze a wallet freePro plan from $29/month · No credit card for free tier