Introduction
Overview
What is BEI?
The Know Your Transaction and Know Your Wallet (KYT/KYW) Blockchain Ecosystem Intelligence (BEI) API is an AI/ML powered solution that allows developers, investigators and compliance officers to manage risk in Web3 applications/projects. When a wallet comes to your application for a transaction, how do we make sure this is not a sanctioned individual, hacker, scammer, or other bad actor?
Our API enables users to quickly and easily access accurate, live risk scores, attribution data, sanctions information, and more for the purposes of screening transactions, and meeting anti-money laundering and counter finance of terrorism (AML/CFT) compliance regulatory requirements from day one.
Why does this matter?
Should your project involve cryptocurrencies, be advised that it will inevitably be subject to stringent and multifaceted regulatory frameworks across one or more various jurisdictions. See more on that here. We don’t make the rules, but AnChain.AI’s BEI integration can help in taking the necessary action to remain compliant and avoid financial and reputational harm caused by adverse actions from regulators.
Sketchy Dapps with little customer vetting are no longer considered tolerable in this phase of web3 - wallet screening and transaction monitoring secures applications, protects your brand, and thereby facilitates growth.
All developers building in blockchain ecosystems should have the ability to proactively make sure their risk tools are in the right place. Contact us to get started.
API Endpoint Summary
The BEI API conforms to the RESTful architecture style. Each endpoint requires a different set of parameters formatted as an HTTP GET request. See the API endpoints section for a more detailed description of each endpoint.
The information returned by the following BEI API endpoints is based on the collection of data gathered by blockchain ecosystem communities and AnChain.AI’s threat intelligence team:
- Address Label - category and entity associated with passed address
- Address Risk Score - address label, risk score and risk level associated with passed address
- Address Risk Activity - address label, risk score, risk level, and suspicious activity history associated with passed address
- Address Risk Attribution -detailed inflow and outflow transactions aggregated by category and then by entity
- Transaction Risk Score - risk score and risk level associated with passed transaction hash
- Dark Web Wallet - dark web sites associated with passed wallet address
- Dark Web Onion Site - wallets associated with passed dark web URL
Compliance
Don’t let anyone tell you differently - compliance IS sexy. That being said, there are some important bits to be aware of:
Financial Action Task Force (FATF)
The FATF (https://www.fatf-gafi.org/) is a global inter-governmental money laundering and terrorist financing watchdog and international compliance standards advisory organization. They’ve been around for a while (since 1989). The FATF makes recommendations to jurisdictions it oversees (which is most of the world) as to how they need to operate their AML/CFT procedures. In the Web3 realm, these recommendations help to prevent criminal and terrorist misuse of blockchain technologies.
While FATF can only recommend regulatory reforms and have no enforcement authority over their member nations, they call the shots in the background on the world stage of anti-financial crime policy and rulemaking. Member nations are strongly committed to implementation of the FATF recommendations, and regulatory and enforcement bodies worldwide do treat FATF’s guidance as quasi-law. So much so, that when FATF issues a negative finding or even adds a country to a “disallow” list for regulatory failures, member nations react with swift and decisive action to cut economic and sometimes even diplomatic ties with such nations.
The FATF recommends that all virtual asset service providers (VASPs) build and scale with a risk based approach from day one.
VASPs
A VASP is defined by the FATF as a business that conducts one or more of the following actions on behalf of its clients:
- Exchange between virtual assets and fiat currencies;
- Exchange between one or more forms of virtual assets;
- Transfer of virtual assets;
- Safekeeping and/or administration or virtual assets or instruments enabling control over virtual assets;
- Participating in and provisioning of financial services related to an issuer’s offer and/or sale of a virtual asset;
This definition encompasses a range of crypto businesses, including exchanges, money services businesses (MSBs), ATM operators, wallet custodians, and hedge funds.
Most VASPs fall under the given definition. A crypto exchange, for example, Coinbase, is obviously a VASP, but the definition is starting to narrow. DeFi protocols all the way down to the smart contract level are being included under this umbrella of VASPs.
AML/CFT
Criminals are very creative in developing methods to launder money and finance terrorism. FATF attempts to monitor and report on criminal trends in order to develop recommendations to specifically address evolving money laundering and terrorist financing risks.
FATF requires originating VASPs to conduct due diligence on beneficiary VASPs before allowing a transaction.
What does this mean for your business? The onus is on digital asset businesses to implement compliance solutions that alert for potentially suspicious activity both on and off the blockchain, enable the detection and prevention of crypto-related fraud, and effectively manage risk, in order to ensure that your product or service remains compliant with the latest regulations.
KYC
KYC means "know your customer". It refers to a financial institution's obligation to carry out certain identity and background checks on its clients before allowing them to use its product or platform. It is part of a broader set of measures that regulators around the world use to fight money laundering.
In other words, it stops bad actors from hiding the illicit source of their money behind legitimate financial activity.
Risk Engine
Risk Scores
- Our risk scores reflect the live state of the blockchain, and responds within minutes of new sanctions, unusual wallet behaviors, or criminal activity in addresses multiple transactions removed from the entity/wallet of interest.
- Our risk scores utilize a combination of open-source intelligence, in-house threat intelligence, proximity to known bad actor wallets, exposure to illicitly acquired funds, and patterns of transaction behavior to create a holistic representation of a wallet/transaction’s risk.
- Our AI/ML capabilities allow the risk scores to take into consideration patterns of transaction behavior as well as illicit activity far upstream of a given transaction/wallet, allowing them to update both more quickly, and to represent a higher degree of accuracy.
Data Sources
- Our engine is powered by a variety of data sources including but not limited to:
- Public Sanction Databases: US OFAC, United Nations, European Union, Canadian, UK, Switzerland and Australian sanctions lists
- Blockchain ledgers
- Internal research
- Work of threat intel teams
- Data partners
- Open Source Intelligence (OSINT) - the collection and analysis of data gathered from open sources to produce actionable intelligence
- Our data goes through a rigorous vetting process before being implemented into our systems.
- AnChain.AI’s threat intelligence team conducts 24/7 monitoring of on-chain, social media, and dark-web activities in order to quickly and accurately flag emerging threats.
Community and Support
Quickstart
Check out our Github for use case examples.
Social
For questions or suggestions, please reach out to us on our main site, X, or LinkedIn
Other Useful Resources
Investigations or forensics team? Be sure to check out our compliance, investigations, and security and operations tool, CISO.
Are you a blockchain researcher, analyst, or vigilante? Report suspicious activity using our community reporting tool, Web3Guard.
In addition, we provide self-paced certification courses through AnChain.AI University.
Security and Privacy
- Data privacy is of the upmost importance to us. We do not retain user information for any internal analytics. See our privacy policy for more information.
- AnChain.AI follows industry best-practices in regards to securing data and transport-level encryption.
Authorization
Authorization is the process of determining whether an authenticated user is allowed to do certain actions or access certain data - this is at the core of API security.
Usage of the BEI API requires an AnChain.AI distributed API key, which can be acquired here. Once you obtain your API key, you can make requests to the BEI API.
API Endpoints
Address Label
var request = require('request')
request('https://bei.anchainai.com/api/address_label?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>', function (error, response, body) {
})
import requests
url = 'https://bei.anchainai.com/api/address_label'
payload = {
'proto': '<PROTO>',
'address': '<ADDR>',
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
curl -XGET 'https://bei.anchainai.com/api/address_label?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>'
The above command returns JSON structured like this:
{
"data": {
"12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw": {
"is_address_valid": true,
"self": {
"category": [
"ransomware",
"abuse"
],
"detail": [
"ransomware:WannaCry"
]
}
}
},
"err_msg": "",
"status": 200
}
Summary
The address label endpoint returns an address category, and, if available, the entity associated with that category.
Category
In blockchain ecosystems, addresses can appear to ambiguously represent anything. We define labels and categorize addresses implemented in our system based on our data sources and intel to reflect the general identity of each address. For example, an address could represent a hacker, exchange, token, etc. Below is a full list of categories and descriptions:
|
● hacker - A hacker is a person or group of people who gain unauthorized access and steal cryptocurrency or other digital assets. |
● sanction - A sanction is a type of penalty and restriction placed by nation states on other nation states, groups or individuals. |
● ransomware - A ransomware is a type of malware that threatens a victim by releasing personal data or restricting access to their data unless a ransom is paid. |
|
● scam - A scam is a fraudulent scheme that steals users’ cryptocurrencies or gets users to invest cryptocurrency into a fraudulent project. |
● blackmail - A blackmail is a form of extortion to obtain crypto, money, goods, or services from an individual/entity through the threat of revealing embarrassing, incriminating, or socially damaging information. |
● darknet market - A darknet market is a commercial marketplace operating on the dark web that offers illegal goods and services for exchange of cryptocurrencies. |
|
● malware - A malware is a computer software intentionally designed to cause disruption to a computer or gain unauthorized access. |
● bot - A bot is a cryptocurrency trading bot that automatically buys and sells cryptocurrencies.
|
● whale - A whale is an individual or entity that holds a large amount of cryptocurrency. Whales have enough holdings to cause an impact on the market prices. |
|
● exchange - An exchange is a business that allows customers to purchase cryptocurrencies with FIAT currency or other cryptocurrencies. The three most popular types of exchanges are centralized exchanges, decentralized exchanges, and peer to peer (P2P) exchanges. |
● miner - A miner is a person or entity that mines cryptocurrency. Mining is the process of creating a hash of a block of transactions. Mining is necessary for a Proof-of-work blockchain that requires computer power in order to generate more of a currency. |
● dapp - A DApp "Decentralized Application" is an application that runs on a blockchain network of computers instead of a single computer. DApps are decentralized in nature and are not controlled by a single authority or entity. |
|
● terrorism - terrorist organizations that uses cryptocurrency to raise money or to purchase weapons and equipment |
● wallet - A wallet is a physical device or software which stores the private and public keys. |
● unaffiliated - An unaffiliated means a wallet address with no entity label. |
|
● pass-through - A pass-through wallet address works as an intermediate transfer of funds, usually received and sent out within a short period of time.
|
● contract - A smart contract is a program that runs on a blockchain when certain predefined conditions are satisfied. |
● token - A token is anything that has value and can be exchanged for goods or services. Example of a token is USDT (Tether) |
|
● mixer - A mixer also known as a tumbler, is a service that obscures the trail of funds from their original source. Mixers are used to launder cryptocurrency and provide anonymity. |
● defi - A DeFi "Decentralized Finance" are financial institutions that do not rely on intermediaries such as banks or exchanges. DeFi protocols allow users to lend and borrow funds, trade cryptocurrencies, and earn interest by invoking smart contracts on a blockchain. |
● Validator - A validator is a participant in a blockchain network that checks and approves new transactions to keep the network secure and accurate. In Proof-of-Stake (PoS) systems, validators are selected based on how much cryptocurrency they stake as a guarantee. |
|
|
|
|
Entity
Depending on the level of intel on each address in the risk engine, we associate entities with their respective categories. For example, a ransomware address could be associated with the WannaCry cryptoworm entity, an exchange address could be associated with the Huobi entity, or a sanctioned address could be associated with OFAC_SDN (Specially Designated Nationals) sanctions list entity.
Supported Protocols
The address label endpoint currently supports the following protocols:
- btc - Bitcoin
- eth - Ethereum*
- bnb - Binance Smart Chain
- sol - Solana
- xrp - Ripple
- avax - Avalanche
- trx - Tron
- matic - Polygon
- ltc - Litecoin
- bch - Bitcoin Cash
- xlm - Stellar
- bsv - Bitcoin SV
- egld - MultiversX
- algo - Algorand
- flow - Flow
- klay - Klaytn
- btg - Bitcoin Gold
- zec - Zcash
- dash - Dash
- one - Harmony
- xvg - Verge Currency
- hash - Provenance
- sui - SUI
- eos - EOS
- doge - Dogecoin
- ada - Cardano
- cfx - Conflux
- atom - Cosmos
- etc - Ethereum Classic
- celo - Celo
- ftm - Fantom
- glmr - Moonbeam
- cro - Cronos
- ever - Everscale
- fil - Filecoin
- hbar - Hedera
- xtz - Tezos
- coreum - Coreum
- coti - COTI
*We currently support ERC20, ERC721, and ERC1155 token standards
Request
HTTP Request
GET https://bei.anchainai.com/api/address_label
URL Parameters
3 parameters are required for the address_label endpoint:
- proto - Blockchain protocol of the address you are querying. See supported protocols above
- address - The actual address you are requesting information on
- apikey - Your API key. Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
Response
- is_address_valid: true or false value indicating whether or not the address passed is valid
- category: address label
- detail: address label and entity combination (label:entity)
- err_msg: detail of error based on status code
- status: status code
Address Risk Score
var request = require('request')
request('https://bei.anchainai.com/api/address_risk_score?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>', function (error, response, body) {
})
import requests
url = 'https://bei.anchainai.com/api/address_risk_score'
payload = {
'proto': '<PROTO>',
'address': '<ADDR>',
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
curl -XGET 'https://bei.anchainai.com/api/address_risk_score?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>'
The above command returns JSON structured like this:
{
"data": {
"12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw": {
"is_address_valid": true,
"risk": {
"level": 4,
"score": 100,
"verdict_time": 1605920588
},
"self": {
"category": [
"abuse",
"ransomware"
],
"detail": [
"ransomware:WannaCry"
]
}
}
},
"err_msg": "",
"status": 200
}
Summary
The Address Risk Score endpoint returns an address risk score, address risk level, address category, and, if available, the entity associated with that category.
Risk Score
AnChain.AI’s data science team has developed proprietary machine learning models which assign risk scores to every address in our system. The machine learning model creates a range with which you can work with, on a scale of 0-100. Let’s set the scene: a hacker stole 100M dollars worth of Ethereum, then shuffled funds to 100 different addresses over a two year time period. It’s difficult to follow these movements manually - the AI algorithm tracks these activities. If the address passed in the address risk score API query was involved in this scam, the returned holistic risk score of 70 indicates that, while the address didn’t do anything specifically wrong themselves, they did interact with hacker activity. It’s up to you to do whatever you want with this information.
Risk Level
The risk level is a number between 1 and 4 indicating Low, Guarded, Elevated, and Severe levels of risk. This corresponds to the risk score ranges. See the description of each level below.
|
Risk score |
Risk level |
Description |
|
0-29 |
1 |
GREEN or LOW indicates established history of low risk. Transaction history of queried address exhibits no known unusual activity beyond the normal risk of future exposure to known hacking activities, known viruses, or other malicious activity. |
|
30-50 |
2 |
BLUE or GUARDED indicates a guarded risk of illicit activity.* The potential exists for hacking, known viruses, or other malicious cyber activity, but no such activities have been identified - or - where exploits have been identified no significant impact on the associated addresses has occurred. |
|
51-79 |
3 |
ORANGE or ELEVATED indicates an elevated risk of illicit activity. At this level, the potential for exposure to illicit activity is elevated, or indirect exposure has occurred, but no direct exploitation has been observed. |
|
80-100 |
4 |
RED or SEVERE indicates an established history of past illicit activity and cybercrime engagement. At this level, addresses have been actively involved in illegal action, and are highly likely to see future involvement. |
*We are a security-forward organization. Nothing is ever 100% secure, so we assign a risk score of 50 to every new address brought on-chain to account for the potential risk.
Supported Protocols
The address risk score endpoint currently supports the following protocols:
- btc - Bitcoin
- eth - Ethereum*
- bnb - Binance Smart Chain
- sol - Solana
- xrp - Ripple
- avax - Avalanche
- trx - Tron
- matic - Polygon
- ltc - Litecoin
- bch - Bitcoin Cash
- xlm - Stellar
- bsv - Bitcoin SV
- egld - MultiversX
- algo - Algorand
- flow - Flow
- klay - Klaytn
- btg - Bitcoin Gold
- zec - Zcash
- dash - Dash
- one - Harmony
- xvg - Verge Currency
- hash - Provenance
- sui - SUI
- eos - EOS
- doge - Dogecoin
- ada - Cardano
- cfx - Conflux
- atom - Cosmos
- etc - Ethereum Classic
- celo - Celo
- ftm - Fantom
- glmr - Moonbeam
- cro - Cronos
- ever - Everscale
- fil - Filecoin
- hbar - Hedera
- xtz - Tezos
- coreum - Coreum
- coti - COTI
*We currently support ERC20, ERC721, and ERC1155 token standards
Request
HTTP Request
GET https://bei.anchainai.com/api/address_risk_score
URL Parameters
3 parameters are required for the address risk score endpoint:
- proto - Blockchain protocol of the address you are querying. See supported protocols
- address - The actual address you are requesting information on
- apikey - Your API key. Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
Response
- is_address_valid: true or false value indicating whether or not the address passed is valid
- level: address risk level
- score: address risk score
- verdict_time: time since request was made (Unix time)
- category: address label
- detail: address label and entity combination (label:entity)
- err_msg: detail of error based on status code
- status: status code
Address Risk Activity
var request = require('request')
request('https://bei.anchainai.com/api/address_risk_activity?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>', function (error, response, body) {
})
url = 'https://bei.anchainai.com/api/address_risk_activity'
payload = {
'proto': '<PROTO>',
'address': '<ADDR>',
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
curl -XGET 'https://bei.anchainai.com/api/address_risk_activity?proto=<PROTO>&address=<ADDR>&apikey=<APIKEY>'
The above command returns JSON structured like this:
{
"data": {
"12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw": {
"activity": {
"suspicious_activity": [
{
"aggr_type": "entity",
"category": "exchange",
"description": "Received money from exchange:Zaif wallet(s) 1 time",
"entity": "Zaif",
"txn_cnt": 1,
"txn_direct": 1,
"txn_hashes": [
"a3b15590878dc216c7c5b9b5bc109a1e07caab93928920b4bb5b82a7e98266f0"
],
"txn_hashes_detail": [
{
"suspicious_address": "1CZV316KMt9DR9kWFNjed8s5AB6RGUPmAr",
"txn_hash": "a3b15590878dc216c7c5b9b5bc109a1e07caab93928920b4bb5b82a7e98266f0",
"txn_timestamp": 1494864282,
"value": 0.01290216
}
],
"txn_vol": 0.01290216
},
{
"aggr_type": "entity",
"category": "unaffiliated",
"description": "Sent money to unaffiliated:unaffiliated wallet(s) 2 times",
"entity": "unaffiliated",
"txn_cnt": 2,
"txn_direct": 0,
"txn_hashes": [
"409803bb5e124fd028c0482027c7722e84ce55b78204b279d3a44aba5e7c1698",
"35e5d5fe8c8128cfa6884f56be5817e4138c58c91b79d78d3e78a8d365b9d8a7"
],
"txn_hashes_detail": [
{
"suspicious_address": "16dfTuSx4f78eQ81PzTgBtBDyZ7QhNZ8Vy",
"txn_hash": "35e5d5fe8c8128cfa6884f56be5817e4138c58c91b79d78d3e78a8d365b9d8a7",
"txn_timestamp": 1501735294,
"value": 9.02796322
},
{
"suspicious_address": "1JC41YHmjKEcW1rLH6pmMWEFHkoNwSmhnC",
"txn_hash": "409803bb5e124fd028c0482027c7722e84ce55b78204b279d3a44aba5e7c1698",
"txn_timestamp": 1501734500,
"value": 0.01227173
},
{
"suspicious_address": "1FQQ86tMuvhQ4Ruyggbb8j7iaNfUZ69gpY",
"txn_hash": "409803bb5e124fd028c0482027c7722e84ce55b78204b279d3a44aba5e7c1698",
"txn_timestamp": 1501734500,
"value": 8.71529348
}
],
"txn_vol": 9.02796322
}
],
"suspicious_activity_declare": "Suspicious Activity is summarized based on most recent 2000 suspicious transactions",
"verdict_time": 1509494400
},
"is_address_valid": true,
"risk": {
"level": 4,
"score": 100,
"verdict_time": 1509494400
},
"self": {
"category": [
"abuse",
"ransomware"
],
"detail": [
"ransomware:WannaCry"
]
}
}
},
"err_msg": "",
"status": 200
}
Summary
The address risk activity endpoint returns suspicious activity associated with passed address in addition to address risk score, address risk level, address category, and, if available, the entity associated with the address category.
Suspicious Activity
Usually machine learning models can seem like a black box. You put something in, you get something out. It’s important for compliance teams and developers to understand why an address is flagged as risky, and the suspicious activity data provides that explanation. The endpoint takes the last 2000 interactions into consideration. The suspicious activity data consists of two parts:
1) a summary of the number of suspicious transactions the passed address had with a specific entity.
2) the related evidence by transaction hash.
Supported Protocols
The address risk activity endpoint currently supports the following protocols:
- btc - Bitcoin
- eth - Ethereum*
- bnb - Binance Smart Chain
- dash - Dash
- bch - Bitcoin Cash
- bsv - Bitcoin SV
- btg - Bitcoin Gold
- ltc - Litecoin
- zec - Zcash
- avax - Avalanche
- klay - Klaytn
- matic - Polygon
- algo - Algorand
- egld - MultiversX
- flow - Flow
- hash - Provenance
- one - Harmony
- sol - Solana
- trx - Tron
- xlm - Stellar
- xrp - XRPL
- xvg - Verge
- sui - SUI (Coming soon)
- coreum - Coreum (Coming soon)
- coti - COTI (Coming soon)
*We currently support ERC20, ERC721, and ERC1155 token standards
Request
HTTP Request
GET https://bei.anchainai.com/api/address_risk_activity
URL Parameters
4 parameters are required for the address risk activity endpoint:
- proto - Blockchain protocol of the address you are querying. See supported protocols
- address - The actual address you are requesting information on
- apikey - Your API key. Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
- token - Native currency transactions will be returned for the protocol if no token is specified in the request.
Response
- is_address_valid: true or false value indicating whether or not the address passed is valid
- category: address label
- detail: address label and entity combination (label:entity)
- suspicious_activity: summary of suspicious activity
- suspicious_activity_declare: statement describing number of transactions summary is based on
- verdict_time: time since request was made (Unix time)
- entity_score: risk score of returned entity
- entity_level: risk level of returned entity
- score: risk score of VASP, if address passed is a VASP
- level: risk level of VASP, if address passed is a VASP
- risk_event_link: link to website describing risk event
- risk_event_title: title of risk event
- err_msg: detail of error based on status code
- status: status code
- address_base_score, suspicious_activity_gain_real, suspicious_activity_gain, hackishness_gain_real, and hackishmess_gain are all breakdowns for how the total BEI risk score is calculated. Please reach out to us if you request further explanation.
Address Risk Attribution
var request = require('request')
request('https://bei.anchainai.com/api/address_risk_attribution?apikey=<APIKEY>&proto=<PROTO>&address=<ADDRESS>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/address_risk_attribution?apikey=<apikey>&proto=<PROTO>&address=<ADDRESS>'
url = 'https://bei.anchainai.com/api/address_risk_attribution'
payload = {
'apikey': '<APIKEY>',
'proto':'<PROTO>',
'address':'<ADDRESS>'
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": {
"attribution": {
"txns_total": 480000,
"inbound": {
"value_usd": 9410766937.4572,
"count": 369,
"categories": {
"exchange": {
"value_usd": 9410725157.48572,
"count": 307,
"entities": {
"Binance": {
"value_usd": 9410714516.809587,
"count": 303,
"value_usd_percent": 99.999887
},
"Bitkub Hot Wallet": {
"value_usd": 10540.4817708306,
"count": 1,
"value_usd_percent": 0.000112
},
},
"value_usd_percent": 99.999556
},
"unaffiliated": {
"value_usd": 41779.97148961006,
"count": 62,
"entities": {
"unaffiliated": {
"value_usd": 41779.97148961006,
"count": 62,
"value_usd_percent": 100.0
}
},
"value_usd_percent": 0.000444
}
}
},
"outbound": {
"value_usd": 7860663971.009165,
"count": 10000,
"categories": {
"unaffiliated": {
"value_usd": 5761055215.71709,
"count": 7738,
"entities": {
"unaffiliated": {
"value_usd": 5761055215.71709,
"count": 7738,
"value_usd_percent": 100.0
}
},
"value_usd_percent": 73.289677
},
"exchange": {
"value_usd": 1581349564.6829941,
"count": 1998,
"entities": {
"OKX": {
"value_usd": 278429787.53651196,
"count": 424,
"value_usd_percent": 17.607099
},
"Bitfinex": {
"value_usd": 207310173.97043434,
"count": 194,
"value_usd_percent": 13.109699
}
},
"value_usd_percent": 20.117252
},
}
}
},
"txns_detail": {
"inbound": [
{
"hash": "0x1ef614997610c9b8ddf7f5f5c7349cc7944b5f48a98f4300733300354e4a6618",
"peer": "0x28c6c06298d514db089934071355e5743bf21d60",
"timestamp": 1707471635,
"token_address": "eth",
"value": 36927.9817959,
"value_usd": 138504330.1260535
},
{
"hash": "0xbb4109ed1b5e8d2a67feac462bf0589417fa30c4f75d062b4ce065786ad4bcde",
"peer": "0x28c6c06298d514db089934071355e5743bf21d60",
"timestamp": 1709025647,
"token_address": "eth",
"value": 30668.3067817,
"value_usd": 115026413.04300229
},
],
},
"labels_mapping": {
"0x77f7b398a23ef4cab31dd5503fd8446c4480c70b": {
"is_address_valid": true,
"self": {
"category": [
"exchange"
],
"detail": [
"exchange:Bitfinex"
]
}
},
"0x572c3841fc73ea24a2768c7dca3a927d6115ed83": {
"is_address_valid": true,
"self": {
"category": [
"exchange"
],
"detail": [
"exchange:OKEx"
]
}
},
},
"tokens_mapping": {
"0x0391d2021f89dc339f60fff84546ea23e337750f": {
"decimals": 18,
"logo": "https://s3.us-west-2.amazonaws.com/public.anchainai/bei/logo/eth/0x0391d2021f89dc339f60fff84546ea23e337750f.png",
"name": "BarnBridge Governance Token",
"price_usd": 3.22,
"symbol": "BOND",
"top_number": 2,
"type": "ERC-20"
},
"eth": {
"decimals": 18,
"logo": "https://s3.us-west-2.amazonaws.com/public.anchainai/bei/logo/eth/eth.png",
"name": "Ethereum",
"price_usd": 3750.660702,
"symbol": "ETH",
"top_number": 1,
"type": ""
}
}
}
}
Summary
The New Attribution API provides comprehensive insights into the inflow and outflow activities of BTC or ETH wallet addresses. By inputting a wallet address, users can receive detailed aggregated data about the wallet's transactions, categorized by entities with a percentage breakdown, and detailed breakdowns of individual transactions.
Description
Impact of user input on ‘token’ parameter
-
If no input:
- The system automatically selects the top 20 tokens with the largest transaction volume associated with the address.
- Only transactions related to popular tokens (with available prices) are returned.
- Sorted by USD value.
- If input is provided:
- The system will only search for transactions related to these tokens.
- All transactions related to these tokens are returned.
- Sorted by USD value, and if USD values are equal (tokens without prices are considered as 0), then sorted by transaction value.
Aggregate Statistics
Transactions are grouped and aggregated by category, and then by entity within each category.
-
Categories are prioritized as follows if multiple categories are found for one address:
- Sanction
- Hacker
- Ransomware
- Scam
- Blackmail
- CSAM (Child Sexual Abuse Material)
- Darknet Market
- Malware
- Abuse
- Phishing
- Exchange
- Mixer
- App Wallet
- DApp (Decentralized Application)
- Wallet
- Miner
- DeFi (Decentralized Finance)
- Bot
- Bridge
- Contract
- Token
- Forwarding Agent
- Pass-through
- Whale
- Validator
- Unaffiliated
-
If multiple entities (‘detail’) are found for one address:
- The entity that matches the prioritized category will be selected.
- If no match is found, it defaults to unaffiliated.
Supported Protocols
The address risk attribution endpoint currently supports the following protocols:
- btc - Bitcoin
- eth - Ethereum
Request
HTTP Request
GET https://bei.anchainai.com/api/address_risk_attribution
URL Parameters
7 parameters are required for the address risk attribution endpoint:
- proto - Blockchain protocol. Available options: BTC, ETH.
- address - The wallet address to query.
- apikey - Your API key. Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
- time_from - The start time for the query (Unix Epoch time). - (Optional,default:one year before 'time_to').
- time_to - The end time for the query (Unix Epoch time). - (Optional,default:now).
- token - A comma-separated list of up to 20 tokens.If not specified, the top 20 tokens with the highest number of transactions associated with the address will be selected. - (String,optional,default:<empty>).
- limit - The maximum number of transactions to return, up to 10,000. Transactions are primarily sorted by USD value in descending order, and secondarily by transaction value if no USD value is found. - (Integer,optional,default:1000).
Response
- status: <Integer>, http status code, 200 is OK
- err_msg: <Integer>, empty if successful
-
data: <Dict>, result
-
attribution: <Dict>
- txns_total: <Integer>
- inbound: <Dict>
- count: <Integer>
- value_usd: <Float>
- categories: <Dict>
- <category_1>
- count: <Integer>
- value_usd: <Float>
- value_usd_percent: <Float>
- entities: → …
- <category_2>
- <category_1>
- outbound:...
- txns_detail:<Dict>
-
inbound:<List>
-
<txn_1>
- hash
- peer
- timestamp
- token_address
- value
- value_usd
- <txn_2>...
-
<txn_1>
- outbound :<List>
-
inbound:<List>
-
labels_mapping:<Dict>
-
<address_1>
- is_address_valid:<Bool>
-
self
-
category
- <category_1>
- <category_2>
- ...
-
detail
- <category_1:entity_1>
- <category_2:entity_2>
- ...
-
category
- <address_2>...
-
<address_1>
-
tokens_mapping:<Dict>
-
<token_1>
- type
- name
- symbol
- decimals
- logo
- price_usd
- <token_2>...
-
<token_1>
-
attribution: <Dict>
Transaction Risk Score
var request = require('request')
request('https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score?apikey=<APIKEY>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score?apikey=<apikey>'
url = 'https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score'
payload = {
'apikey': '<APIKEY>'
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": {
"overview": {
"blockno": 7146988,
"timestamp": "2019-01-30 03:29:31 UTC",
"fee": 0.0004
},
"risk": {
"score": 100,
"level": "Severe",
"direction": "outputs",
"breakdown": {
"inputs": 50,
"outputs": 100,
"internals": 50
}
},
"labels": {
"inputs": {
"0xc67813f468975099b09dd76b55ae6011a9f359ca": {
"category": [
"unaffiliated"
],
"detail": [
]
}
},
"outputs": {
"0x4ac6307a85d83962503f86457de9c331a6926f48": {
"category": [
"hacker"
],
"detail": [
"hacker:fake_phishing"
]
}
},
"internals": {
"0x7297862b9670ff015192799cc849726c88bf1d77": {
"category": [
"unaffiliated"
],
"detail": [
]
}
}
},
"transfers": {
"ERC-20": 1
}
}
}
Summary
Transaction risk score endpoint returns the risk score of the passed transaction and the label information of the associated addresses. Our machine learning model comprehensively evaluates the risks associated with any transaction.
Supported Protocols
The transaction risk score endpoint currently supports the following protocol:
- eth - Ethereum
Request
HTTP Request
GET https://bei.anchainai.com/api/kyt/<proto>/<hash>/risk_score
URL Parameters
3 parameters are required for the transaction risk score endpoint:
- proto - blockchain protocol of the queried transaction hash
- hash - transaction hash
- apikey - your API key. Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
Response
Returns the risk score of the passed transaction and the label information of the associated addresses
Dark Web Wallet
var request = require('request')
request('https://bei.anchainai.com/api/cdi/indicator?apikey=<CDI-APIKEY>&address=<ADDR>&proto=<PROTO>&type=<TYPE>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/cdi/indicator?apikey=<CDI-APIKEY>&address=<ADDR>&proto=<PROTO>&type=<TYPE>'
url = 'https://bei.anchainai.com/api/cdi/indicator'
payload = {
'apikey': '<CDI-APIKEY>',
'address': '<ADDR>',
'proto': '<PROTO>',
'type': '<TYPE>',
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": [
{
"btc": [
{
"indicator": "3QmaJdWqQKZszSbriB3LVwLcQHF59tMbGh",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"doge": [
{
"indicator": "DAyLTAuMTQzLTAuMDA5LTAuMjE5LTAuMDQ",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"email": [
{
"indicator": "cheena@cheena.net",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"javascript": [
{
"indicator": "http://cheenazap345z6a7.onion/app.js?b95fafe537c8474d9172",
"reference": [
"cheenazap345z6a7.onion"
]
}
],
"links": [
{
"indicator": "cheenazap345z6a7.onion",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
],
"onion": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
],
"xmr": [
{
"indicator": "44C9RkTNeaFe2nJa8jnw22iQfYsKqgXuWigip4X2w3eFJEigZXNR61pi5kj2JKt7mJBu5qsvED7NGaFG8UnQPQkUDUoW9Yx",
"reference": [
"cheenazap345z6a7.onion",
"cheenahrz5kyrefo4s4x22yc4o5zi662o6sjsbtxwod6axybyqbldxyd.onion"
]
}
]
}
]
}
Summary
With the Dark Web API endpoint, users can query wallet addresses and identify the dark web sites these addresses have been found on, as well as other addresses and relevant indicators (such as email addresses or IP addresses) also found on those sites.
Dark Web
The dark web consists of websites accessible only through special networks - the most commonly used being Tor ("The Onion Routing" project).
Tor is a free and open-source software enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than seven thousand relays, to conceal a user's location and usage from anyone performing network surveillance or traffic analysis.
Using Tor makes it more difficult to trace a user's Internet activity. Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to communicate confidentially through IP address anonymity using Tor exit nodes.
Supported Protocols
The dark web wallet endpoint currently supports the following protocols:
- btc - Bitcoin
- eth - Ethereum
- xmr - Monero
- doge - Doge
Request
HTTP Request
GET https://bei.anchainai.com/api/cdi/indicator
URL Parameters
4 parameters are required for the dark web wallet endpoint:
- apikey - Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
- address - Wallet of the queried address
- proto - Blockchain protocol of queried address
- type - Type of requested data. Defaults to all, which includes data relating to onion sites , btc, eth, xmr, doge, email, ip address, port, links, javascript, and pgp
Response
Returns dark web sites associated with passed wallet address
Dark Web Onion Site
var request = require('request')
request('https://bei.anchainai.com/api/cdi/oniondetails?apikey=<CDI-APIKEY>&onion=<ONION-SITE-URL>&type=<TYPE>', function (error, response, body) {
})
curl -XGET 'https://bei.anchainai.com/api/cdi/oniondetails?apikey=<CDI-APIKEY>&onion=<ONION-SITE-URL>&type=<TYPE>'
url = 'https://bei.anchainai.com/api/cdi/oniondetails'
payload = {
'apikey': '<CDI-APIKEY>',
'onion': '<ONION-SITE-URL>',
'type': '<TYPE>',
}
res = requests.get(url=url, params=payload)
The above command returns JSON structured like this:
{
"status": 200,
"err_msg": "",
"data": [
{
"btc": [
"18hBL7uiunfZmSYAgKg4zeo8nhBnBSzqAC",
"3QmaJdWqQKZszSbriB3LVwLcQHF59tMbGh"
],
"doge": [
"DAyLTAuMTQzLTAuMDA5LTAuMjE5LTAuMDQ",
"DAgMi45MjQtMS4zNzcgMi45MjQtMy4xMjN",
"DAtMi4zNzUgMC4xMjgtNC43MjkgMC4zNzE",
"DAuMTE1LTAuMzQ4LDAuMTJjLTAuMDY5LDA",
"DUgMTAuMTgzLTE4LjkwNWgxMy44MzJ2Mjk",
"DQuNywxMC41LDEwLjUsMTAuNWgxNTcuN2M"
],
"email": [
"cheena@cheena.net",
"cheena@xmpp.is"
],
"javascript": [
"http://cheenazap345z6a7.onion/app.js?b95fafe537c8474d9172"
],
"links": [
"cheenazap345z6a7.onion"
],
"onion": "cheenazap345z6a7.onion",
"xmr": [
"44C9RkTNeaFe2nJa8jnw22iQfYsKqgXuWigip4X2w3eFJEigZXNR61pi5kj2JKt7mJBu5qsvED7NGaFG8UnQPQkUDUoW9Yx",
"40MjYsMy4zNzRjMCwwLTAuMTQ5LDAuMTE1LTAuMzQ4LDAuMTJjLTAuMDY5LDAuMDAyLTAuMTQzLTAuMDA5LTAuMjE5LTAuM"
]
}
]
}
Summary
Users can query onion site URLs and identify wallet addresses found on the passed site.
Onion Site
When people refer to the dark web, they're usually talking about onion sites, which aren't searchable via Google or accessible via standard web browsers. Onion sites are websites on the dark web with the '. onion' domain name extension. They use Tor's hidden services to hide their location and their owner's identities. You can only access onion sites through Tor browser.
Request
HTTP Request
GET https://bei.anchainai.com/api/cdi/oniondetails
URL Parameters
4 parameters are required for the dark web wallet endpoint:
- apikey - Accessible on your AnChain.AI dashboard. If you do not have a key, register for one here.
- onion - Onion site URL
- type - Type of requested data. Defaults to all, which includes data related to onion sites, btc, eth, xmr, doge, email, ip address, port, links, javascript, and pgp
Response
Returns wallets associated with passed dark web URL
Errors
When an error is encountered, you will receive an HTTP status code along with a message and error code in the body of your query response. We use the following status codes for errors:
|
Code |
Meaning |
|
200 |
Information is found and returned properly |
|
400 |
Invalid API key or missing parameters or rate-limited |
|
403 |
Too many addresses in bulk input |
|
404 |
Label not found |
|
500 |
Internal server error |