skip to Main Content

Risk Classification Definitions

We currently classify risk for a target transaction by looking at transactions that are one hop away (direct) and two hops away. A “hop” is one portion of the path between the source and destination.

Risk classification levels are:
0: No attribution exists for this address, the address has no transactions, or this is a new address for which CipherTrace is in the process of calculating its risk classification (in this situation, the updated risk classification should appear within a few hours).
1: No transactions with any level 9 or 10 addresses within one hop.
2: This address is controlled by a trusted exchange that has not been labelled ‘High Risk Exchange’ and that has transacted with level 9 or 10 addresses one or more times within one hop.
4: This address has transacted with a level 9 address once within one hop. Does not propagate further.
5: This address has transacted with a level 10 address once within one hop. Does not propagate further.
8: This address has transacted with level 9 addresses two or more times, or with a level 10 address once and level 9 addresses one or more times, within one hop. Does not propagate further.
9: This address has transacted with level 10 addresses two or more times within one hop.
10: Attribution data exists for this address that attributes it to a sanctioned entity or labels it as Criminal, Dark Market, Gambling, Malware, Ransomware, or Mixer.

Back To Top