Risk Classification Definitions

CipherTrace currently classifies risk for a target transaction by looking at transactions that are one hop away (direct) and two hops away. A “hop” is one portion of the path between the source and destination. For example: if Susan sends money to Bob, that transaction is “direct” or “one hop away” from Sue. If Susan sends money to Bob and Bob sends money to Dieter, then the Bob-Dieter transaction is “two hops” away from Susan
Risk classification levels are:

  • 0: No attribution exists for this address, the address has no transactions, or this is a new address which CipherTrace is currently evaluating (in this situation, the updated risk classification should appear within a few hours.)
  • 1: No transactions with any level 9 or 10 addresses within one hop.
  • 2: This address is controlled by a trusted exchange that has not been labelled ‘High Risk Exchange’ and that has transacted with level 9 or 10 addresses one or more times within one hop.
  • 4: This address has transacted with a level 9 address once within one hop. Does not propagate further.
  • 5: This address has transacted with a level 10 address once within one hop. Does not propagate further.
  • 8: This address has transacted with level 9 addresses two or more times, or with a level 10 address once and level 9 addresses one or more times, within one hop. Does not propagate further.
  • 9: This address has transacted with level 10 addresses two or more times within one hop.
  • 10: Attribution data exists for this address that attributes it to a sanctioned entity or labels it as Criminal, Dark Market, Gambling, Malware, Ransomware, or Mixer. (When using the gamblingOkRisk parameter in the API, gambling is whitelisted.)
Back To Top