KYT Core Concepts

What is KYT

KYT (Know Your Transaction) is a risk identification mechanism for individual cryptocurrency transactions, providing real-time analysis of each on-chain transaction to determine its risk level and provide handling recommendations.

Core Question: Is this transaction safe?KYT helps you quickly identify the risk level and associated risk entities before processing each transaction.

Comparison with Traditional Finance

Dimension	Traditional Finance	Crypto KYT
Monitoring Method	Bank transaction monitoring	On-chain transaction analysis
Data Foundation	Account history based	Address association based
Processing Time	T+1 batch processing	Real-time/near real-time
Rule Engine	Primarily manual rules	Algorithm + label driven

How It Works

Analysis Flow

Fund Tracing: Trace fund sources and destinations forward/backward
Entity Identification: Identify known entities involved in transactions (exchanges, protocols, labeled addresses)
Pattern Detection: Identify suspicious transaction patterns (splitting, obfuscation, layering)
Sanctions Screening: Match against sanctions lists

Risk Level Definitions

ChainStream uses a four-tier risk classification system:

Level	Indicator	Definition	Typical Triggers
SEVERE	🔴	Known criminal association	Sanctioned addresses, confirmed hacker addresses, darknet markets
HIGH	🟠	High-risk patterns	Mixer outputs, scam associations, unlicensed gambling
MEDIUM	🟡	Requires attention	High-risk exchanges, privacy coin swaps, anomalous patterns
LOW	🟢	Normal	Known compliant entities, regular user behavior

Level Details

SEVERE

Definition: Direct association with confirmed criminal activity
Data Sources: OFAC sanctions list, law enforcement reports, confirmed hacking incidents
False Positive Rate: Very low (<0.1%)
Recommended Action: Immediate freeze, report to regulators

HIGH

Definition: High-risk characteristics but unconfirmed criminal activity
Data Sources: Mixer identification, scam address clustering, behavior pattern analysis
False Positive Rate: Low (<5%)
Recommended Action: Manual review, delayed processing

MEDIUM

Definition: Risk signals present but requires further evaluation
Data Sources: Association analysis, behavioral anomaly detection
False Positive Rate: Moderate (5-15%)
Recommended Action: Enhanced monitoring, may proceed

LOW

Definition: No obvious risk characteristics
Data Sources: Normal transaction patterns, known compliant entities
Recommended Action: Process normally

Recommended Action Mapping

Based on risk level, the system provides standardized action recommendations:

Risk Level	Recommended Action	Automation Level	SLA
SEVERE	Freeze	Automatic	Immediate
HIGH	Manual Review	Requires manual confirmation	4 hours
MEDIUM	Enhanced Monitoring	Semi-automatic	24 hours
LOW	Pass	Automatic	Immediate

Action Flow

Exposure Types

ChainStream distinguishes between two types of risk exposure:

Direct Exposure
Indirect Exposure

Definition: Transaction directly interacts with a risk address

Risk Address ──────────────> Target Address
             Direct Transfer
             
Exposure Type: DIRECT
Risk Transmission: 100%

Characteristics:

One-hop association
High certainty of risk
Typically triggers immediate response

Example Scenarios:

Receiving funds from known hacker address
Sending to sanctioned address
Receiving directly from mixer output

{
  "type": "DIRECT",
  "category": "SANCTIONS",
  "entity": "OFAC Sanctioned Address",
  "percentage": 100
}

Definition: Associated with risk address through N hops

Risk Address ──> Intermediate1 ──> Intermediate2 ──> Target Address
             N-hop Association
             
Exposure Type: INDIRECT
Risk Transmission: Decay calculation

Characteristics:

Multi-hop association (typically 2-5 hops)
Risk decays with distance
Requires comprehensive evaluation

Decay Model:Risk Score = Base Risk × (Decay Factor ^ Hops)Example: Base risk 100, decay factor 0.5, after 3 hops = 100 × 0.5³ = 12.5

{
  "type": "INDIRECT",
  "category": "MIXER",
  "entity": "Tornado Cash",
  "percentage": 12.5,
  "hops": 3
}

Exposure Handling Guidelines

Scenario	Direct Handling	Indirect Handling
SEVERE source	Immediate freeze	Freeze within 2 hops, 3+ hops manual review
HIGH source	Manual review	Flag for monitoring
MEDIUM source	Process normally	Ignore

Business Flow

Standard KYT Flow

Submit transaction information to KYT API

POST https://api-dex.chainstream.io/v1/kyt/transfer
Authorization: Bearer <access_token>
Content-Type: application/json

{
  "network": "ethereum",
  "asset": "ETH",
  "transferReference": "0x1234...abcd:0xRecipientAddress",
  "direction": "received"
}

Wait for Analysis

Wait for analysis completion via polling (typically within 30 seconds)

Query Results

Retrieve risk assessment results

GET https://api-dex.chainstream.io/v1/kyt/transfers/{externalId}/summary
Authorization: Bearer <access_token>

Execute Decision

Execute business logic based on risk level and recommendations

Processing Times

Stage	Target Time	SLA Commitment
Transaction Registration	<100ms	99.9%
Risk Analysis	<30s	95%
Result Return	<30s	95%
End-to-end	<1min	90%

Valid transactions complete analysis within 30 seconds. Complex associations may require longer processing time.

Data Elements

Input Data (Register Transfer)

Field	Required	Description
`network`	✅	Network: `bitcoin`, `ethereum`, `Solana`
`asset`	✅	Asset type: `BTC`, `ETH`, `SOL`, etc.
`transferReference`	✅	Transfer reference (tx hash:address)
`direction`	✅	Direction: `sent` or `received`

Input Data (Register Withdrawal)

Field	Required	Description
`network`	✅	Network: `bitcoin`, `ethereum`, `Solana`
`asset`	✅	Asset type
`address`	✅	Withdrawal destination address
`assetAmount`	✅	Asset amount
`attemptTimestamp`	✅	Attempt timestamp
`assetPrice`	Optional	Asset price

Output Data

{
  "externalId": "393905a7-bb96-394b-9e20-3645298c1079",
  "asset": "ETH",
  "network": "ethereum",
  "transferReference": "0x1234...abcd:0xAddress",
  "direction": "received",
  "tx": "0x1234...abcd",
  "outputAddress": "0xAddress",
  "assetAmount": "1.5",
  "usdAmount": "3000.00",
  "timestamp": "2024-01-15T10:30:00.000Z",
  "updatedAt": "2024-01-15T10:30:15.000Z"
}

Response Field Description

Field	Type	Description
externalId	string	Transfer ID (UUID), used for subsequent queries
asset	string	Asset type
network	string	Blockchain network
transferReference	string	Transfer reference
direction	string	Transfer direction
tx	string	Transaction hash
outputAddress	string	Output address
assetAmount	string	Asset amount
usdAmount	string	USD amount
timestamp	string	Transaction timestamp
updatedAt	string	Update time

API Usage

Register Deposit Transaction (Transfer)

POST https://api-dex.chainstream.io/v1/kyt/transfer
Authorization: Bearer <access_token>
Content-Type: application/json

{
  "network": "ethereum",
  "asset": "ETH",
  "transferReference": "0x9f318afbad2a183f97750bc51a75b582ad8f9e9c:0x17A16QmavnUfCW11DAApi",
  "direction": "received"
}

Register Withdrawal Transaction

POST https://api-dex.chainstream.io/v1/kyt/withdrawal
Authorization: Bearer <access_token>
Content-Type: application/json

{
  "network": "Solana",
  "asset": "SOL",
  "address": "D1Mc6j9xQWgR1o1Z7yU5nVVXFQiAYx7FG9AW1aVfwrUM",
  "assetAmount": "5",
  "attemptTimestamp": "2024-01-15T10:30:00.000Z"
}

Get Assessment Details

# Get transfer summary
GET https://api-dex.chainstream.io/v1/kyt/transfers/{externalId}/summary

# Get direct risk exposure
GET https://api-dex.chainstream.io/v1/kyt/transfers/{externalId}/exposures/direct

# Get risk alerts
GET https://api-dex.chainstream.io/v1/kyt/transfers/{externalId}/alerts

# Get network identifications
GET https://api-dex.chainstream.io/v1/kyt/transfers/{externalId}/network-identifications

# Get withdrawal summary
GET https://api-dex.chainstream.io/v1/kyt/withdrawal/{withdrawalId}/summary

# Get withdrawal direct exposure
GET https://api-dex.chainstream.io/v1/kyt/withdrawal/{withdrawalId}/exposures/direct

# Get withdrawal alerts
GET https://api-dex.chainstream.io/v1/kyt/withdrawal/{withdrawalId}/alerts

# Get fraud assessment
GET https://api-dex.chainstream.io/v1/kyt/withdrawal/{withdrawalId}/fraud-assessment

Best Practices

Risk Threshold Configuration

Adjust thresholds based on business risk appetite:

Business Type	SEVERE Threshold	HIGH Threshold	Recommendation
Licensed CEX	Default	Default	Strict mode
Wallet Service	Default	Raise 10%	Balanced mode
DeFi Protocol	Default	Raise 20%	Relaxed mode

False Positive Handling

Establish a false positive feedback mechanism:

Record all manually overturned cases
Regularly analyze false positive patterns
Submit false positive feedback to ChainStream
Adjust local threshold configuration

Audit Trail

Ensure compliance audit requirements:

Save all KYT requests and responses
Record manual decisions with reasoning
Retain for at least 5 years (per regulatory requirements)
Support export in standard report formats

Continuous Monitoring

Risk status may change (e.g., address subsequently sanctioned). Recommendations:

Periodically re-evaluate historical transactions
Monitor new activity from associated addresses
Establish alert mechanism for risk status changes

KYA Core Concepts

Learn about address-level risk control

Compliance Integration Guide

Start integrating KYT

API Authentication

Understand authentication methods

KYT API Reference

View API documentation

Getting Started

Data Concepts

Security & Compliance

AI Infrastructure

Resources

Legal & Policies

What is KYT

Comparison with Traditional Finance

How It Works

Analysis Flow

Risk Level Definitions

Level Details

Recommended Action Mapping

Action Flow

Exposure Types

Exposure Handling Guidelines

Business Flow

Standard KYT Flow

Processing Times

Data Elements

Input Data (Register Transfer)

Input Data (Register Withdrawal)

Output Data

Response Field Description

API Usage

Register Deposit Transaction (Transfer)

Register Withdrawal Transaction

Get Assessment Details

Best Practices

KYA Core Concepts

Compliance Integration Guide

API Authentication

KYT API Reference

Getting Started

Data Concepts

Security & Compliance

AI Infrastructure

Resources

Legal & Policies

​What is KYT

​Comparison with Traditional Finance

​How It Works

​Analysis Flow

​Risk Level Definitions

​Level Details

​Recommended Action Mapping

​Action Flow

​Exposure Types

​Exposure Handling Guidelines

​Business Flow

​Standard KYT Flow

​Processing Times

​Data Elements

​Input Data (Register Transfer)

​Input Data (Register Withdrawal)

​Output Data

​Response Field Description

​API Usage

​Register Deposit Transaction (Transfer)

​Register Withdrawal Transaction

​Get Assessment Details

​Withdrawal Related Queries

​Best Practices

​Related Resources

KYA Core Concepts

Compliance Integration Guide

API Authentication

KYT API Reference

What is KYT

Comparison with Traditional Finance

How It Works

Analysis Flow

Risk Level Definitions

Level Details

Recommended Action Mapping

Action Flow

Exposure Types

Exposure Handling Guidelines

Business Flow

Standard KYT Flow

Processing Times

Data Elements

Input Data (Register Transfer)

Input Data (Register Withdrawal)

Output Data

Response Field Description

API Usage

Register Deposit Transaction (Transfer)

Register Withdrawal Transaction

Get Assessment Details

Withdrawal Related Queries

Best Practices

Related Resources