AML Risk Categories
This page describes the AML risk categories used in the BitOK KYT platform. Each category reflects the primary nature of an entity or service observed on the blockchain and helps assess its AML/CFT risk profile.
Risk levels shown here are general guidelines. The actual risk of a specific address, transaction, or entity depends on context, volume, behaviour over time, and applicable regulation.
Risk Levels Legendβ
| Level | Description |
|---|---|
| π΄High risk | Categories typically associated with serious predicate offences (sanctions, child abuse material, darknet markets, fraud, terrorist financing, large hacks, etc.). These flows usually require enhanced due diligence and may be unacceptable for regulated institutions. |
| π‘Medium risk | Categories that significantly increase AML risk but are not always criminal by design (mixers, privacy protocols, unlicensed gambling, ICOs, certain P2P activity). These often trigger additional review, monitoring, or limitations. |
| π’Lower risk | Standard, broadly legitimate services (regulated exchanges, PSPs, marketplaces, mining, infrastructure). They can still be abused, but risk is primarily driven by counterparties and behaviour, not by the category itself. |
| βοΈSystem | Technical or neutral labels used by BitOK (e.g. Dust, Undefined, Seized funds) to describe how the data is treated inside the platform rather than the inherent AML risk. |
High-Risk Categoriesβ
| Category | Risk | Description |
|---|---|---|
| Child Abuse Material (CAM) | π΄High risk | Entities distributing or facilitating access to child sexual abuse material, usually via darknet forums and hidden services. |
| Darknet Market | π΄High risk | Marketplaces on Tor / I2P selling illegal goods and services such as narcotics, weapons, counterfeit documents, and stolen data. |
| Fraud Shop | π΄High risk | Single-vendor markets selling stolen personal data, cards, credentials, or identity documents. Behaviour differs from multi-vendor darknet markets. |
| Illegal Service | π΄High risk | Services directly supporting criminal activity (darknet operations, hacking groups, terrorist networks, illegal goods distribution, etc.). |
| Scam | π΄High risk | Fraudulent schemes including fake exchanges, investment platforms, Ponzi schemes, phishing and extortion campaigns pretending to be legitimate services. |
| Stolen Funds | π΄High risk | Addresses holding proceeds of theft or hacks (e.g. exchange hot-wallet breaches, protocol exploits, compromised customer wallets). |
| Ransomware | π΄High risk | Wallets and services associated with ransomware operators and ransom payments collected from victims. |
| Terrorist Financing | π΄High risk | Entities involved in raising, moving, or holding funds for terrorist groups and affiliated individuals. |
| High-Risk Jurisdiction | π΄High risk | Crypto entities based in jurisdictions under comprehensive sanctions or embargoes (e.g. OFAC-sanctioned countries and regions). |
| Sanctions | π΄High risk | Individuals or entities listed on sanctions lists (OFAC SDN, EU, UN, etc.) where dealing with them is prohibited or heavily restricted. |
| Online Pharmacy | π΄High risk | Services selling controlled or unregulated pharmaceuticals, often without prescriptions and sometimes overlapping with darknet markets. |
| Gambling | π΄High risk | Unlicensed or weakly-regulated online gambling platforms (casinos, betting sites, games of chance) lacking effective AML/KYC controls. |
| High-Risk Exchange | π΄High risk | Exchanges with no mandatory KYC, known links to illicit services, or substantial involvement in laundering and high-risk flows. |
Medium-Risk Categoriesβ
| Category | Risk | Description |
|---|---|---|
| Mixer | π‘Medium risk | Mixing / tumbling services that obfuscate links between inputs and outputs by pooling and redistributing funds. |
| Privacy Protocol | π‘Medium risk | Protocols and assets with built-in privacy features (e.g. Monero, Secret) where counterparties are hidden by design. |
| P2P Exchange | π‘Medium risk | Peer-to-peer trading platforms connecting individual buyers and sellers. Some do not enforce KYC, making them attractive for layering and ML. |
| DEX | π‘Medium risk | Decentralized exchanges enabling token swaps via smart contracts, without centralized custody. Popular among both legitimate users and bad actors. |
| Lending | π‘Medium risk | Lending/borrowing protocols where users provide collateral and borrow against it. Over-collateralization reduces credit risk, but flows may still require monitoring. |
| Bridge | π‘Medium risk | Cross-chain bridges transferring value between blockchains. Frequently targeted by exploits and used to move value between ecosystems. |
| ICO | π‘Medium risk | Initial Coin Offering platforms raising funds for new projects. Many ICOs have been fraudulent or non-compliant, so flows require careful assessment. |
| Enforcement Action | π‘Medium risk | Entities subject to court proceedings, regulatory enforcement or other official legal actions by authorities. |
Standard & Lower-Risk Service Categoriesβ
| Category | Risk | Description |
|---|---|---|
| Exchange | π’Lower risk | Centralized exchanges and brokers allowing users to buy, sell and trade cryptocurrency. Risk depends heavily on licensing and KYC quality. |
| Payment Service Provider | π’Lower risk | PSPs / payment gateways processing crypto payments for merchants and businesses. |
| Marketplace | π’Lower risk | Online stores selling legitimate goods and services, accepting crypto as a payment method. |
| Mining | π’Lower risk | On-chain entities receiving block rewards for proof-of-work mining. |
| Mining Pool | π’Lower risk | Pooled mining services distributing rewards to participating miners. Risk increases if the pool also accepts unrelated deposits. |
| IaaS | π’Lower risk | Infrastructure-as-a-Service providers (VPN, VPS, domain registrars, hosting and other technical infrastructure services). |
| Personal Wallet | π’Lower risk | Verified wallets belonging to identified end-users. |
| Custodial Wallet | π’Lower risk | Hosted wallets where a service controls private keys on behalf of customers (hot wallets, omnibus wallets). |
| Token Contract | π’Lower risk | Smart contracts representing fungible or non-fungible tokens (e.g. ERC-20, ERC-721). Used as technical anchors rather than service providers. |
| Smart Contract | π’Lower risk | General-purpose contracts with custom logic (vaults, protocols, automated services) not falling into a more specific category. |
| NFT Marketplace | π’Lower risk | Platforms focused on minting, listing and trading NFTs. Depending on design, may overlap with DEXs or smart-contract platforms. |
| ATM | π’Lower risk | Crypto ATM operators allowing cashβtoβcrypto and cryptoβtoβcash conversion. |
System & Uncategorized Categoriesβ
| Category | Type | Description |
|---|---|---|
| Seized Funds | βοΈSystem | Addresses under control of law-enforcement agencies where assets have been seized or frozen. |
| Dust | βοΈSystem | Very small transactions below BitOK trading thresholds. Categorisation depends on size and share of the underlying risk category. |
| Unnamed Wallet | βοΈSystem | Unknown wallet type, typically appearing during analysis of outgoing transactions when no service attribution is available. |
| Unnamed Service | βοΈSystem | Unclassified services or providers that do not yet match a specific BitOK category. |
| Other | βοΈSystem | All other entities not assigned to a defined category. |
| Undefined | βοΈSystem | Wallets or entities of unknown nature where available data is not sufficient to make an attribution. |
Last updated: 29 April 2024 (BitOK AML team)