Transaction Monitoring · L3–L4

Chainalysis KYT Integration

Real-time transaction risk scoring via the KYT API, graph-level analysis via Reactor, and code-enforced sanctions screening via the on-chain oracle. Chainalysis is the L3–L4 backbone of stablecoin KYT compliance.

What Chainalysis Provides

Three Layers of Transaction Monitoring

Chainalysis offers three complementary KYT mechanisms:

  • KYT API (L4) — Middleware-layer risk scoring: register every transfer with Chainalysis, receive a real-time risk score (severity, high, medium, low), and get exposure categories (sanctions, darknet, mixer, ransomware). This is policy-enforced, meaning scores come from Chainalysis' risk model, not code.
  • Reactor (L4) — Graph analysis and forensics: full transaction history tracing, fund flow visualization across hops and services, and SAR-quality investigation data. Used by compliance teams for post-hoc analysis.
  • Sanctions Oracle (L3) — Code-enforced screening: immutable smart contract on Ethereum mainnet at 0x40C57923924B5c5c5455c48D93317139ADDaC8fb that calls isSanctioned(address) and returns a boolean. This is the only code-enforced KYT mechanism on general-purpose chains.

KYT API Workflow

From Transfer Event to Risk Score

How it works: Every stablecoin transfer your PPSI processes gets registered with Chainalysis. The KYT API returns a risk assessment in real-time.

  • Register transfer — POST to /v2/transfers with sender address, recipient address, amount, timestamp, and blockchain
  • Receive risk score — Response includes severity (category), exposures (array of risk flags like SANCTION, DARKNET, MIXER), and action recommendation
  • Act on alerts — If severity >= HIGH, freeze the transfer pending investigation. Update customer risk profile. Escalate to compliance team.
  • Log for SAR — Every flagged transfer becomes a potential SAR candidate if amount >$5K and risk is genuine
POST /v2/transfers
{
  "transfers": [
    {
      "transferIndex": "tx-2024-001",
      "address": "0x742d35Cc6634C0532925a3b844Bc9e7595f...",
      "recipients": ["0x8ba1f109551bD432803012645Ac136ddd8..."],
      "amounts": ["1500000000"],
      "blockchain": "ethereum",
      "timestamp": "2024-04-03T14:28:15Z"
    }
  ]
}
Response
{
  "transfers": [
    {
      "transferIndex": "tx-2024-001",
      "identifications": {
        "0x742d35Cc...": {
          "severity": "HIGH",
          "riskScore": 0.78,
          "exposures": [
            "SANCTION",
            "MIXING_SERVICE"
          ],
          "category": "DIRECT_SANCTION_HIT"
        }
      }
    }
  ]
}

Code-Enforced Screening

The On-Chain Sanctions Oracle

At 0x40C57923924B5c5c5455c48D93317139ADDaC8fb on Ethereum mainnet, Chainalysis operates the only code-enforced KYT mechanism on general-purpose chains.

Why this matters: The oracle is L3 (code-enforced), not L4 (policy-enforced). It can be called directly in smart contract code, making it the only sanctions check mechanism that lives on-chain.

  • Direct integration — Stablecoin contracts can call isSanctioned(address) during transfers and revert if true. No API gateway. No latency.
  • Immutable — Once deployed, the oracle contract itself cannot be changed. Updates to the OFAC list happen via oracle updates, but the interface is permanent.
  • Public good — Any protocol can call the oracle. It's not exclusive to Chainalysis customers, though Chainalysis maintains it.
  • §104(d) requirement — This is how PPSIs satisfy the "real-time transaction monitoring" requirement at the code level. All other monitoring is post-transfer.
Solidity Interface
interface IChainalysisOracle {
  function isSanctioned(
    address _address
  ) external view returns (bool);
}

// Usage in StablecoinContract
function transfer(
  address to,
  uint256 amount
) external {
  require(
    !IChainalysisOracle(ORACLE_ADDR)
      .isSanctioned(to),
    "RECIPIENT_SANCTIONED"
  );
  // ... rest of transfer logic
}

GENIUS Act §104(d)/(e) Mapping

Chainalysis Coverage Across Compliance Requirements

Requirement Chainalysis Product Coverage Status
Real-time transaction monitoring for all customer transfers KYT API (L4) Full Coverage
Update customer risk profile when transaction triggers risk threshold KYT API + Manual Review Full Coverage
Behavioral pattern detection (structuring, layering, smurfing) Reactor (Graph Analysis) Partial (Investigation)
Cross-chain transfer tracking across bridge and protocol hops Reactor Gap (Single-Chain)
SAR identification: transactions >$5K with suspicious indicators KYT API Alerts + Reactor Full Coverage
Code-enforced OFAC screening (on-chain) Sanctions Oracle (L3) Full Coverage

Key insight: Chainalysis excels at single-chain monitoring and OFAC screening, but has a blind spot on cross-chain tracing. For PPSI use cases where stablecoins bridge across chains (Ethereum → Base → Polygon), you'll need Elliptic Navigator or TRM Labs for complete §104(d)(4) coverage.

Related Resources

Complete Your KYT Stack

StableKYC
Identity verification, sanctions screening, and secondary market identification. The KYC gate at S2 that complements KYT monitoring at S4–S7.
Visit StableKYC →
Elliptic Lens & Navigator
Wallet screening and cross-chain transaction tracing. Fills the Chainalysis gap on multi-chain fund flows and cross-protocol analytics.
Read Elliptic guide →
Patterns & Behavioral Analysis
Structuring detection, layering analysis, and rapid movement flagging. How to implement behavioral pattern detection for §104(d)(3).
Explore patterns →
StableVASP & FATF
FATF Travel Rule compliance and VASP-to-VASP messaging. How PPSI-to-PPSI transfers integrate with KYT monitoring.
Learn about VASP →