The volume of illicit cryptocurrency operations in 2025 reached a record $154 billion, according to Chainalysis: growth amounted to 162% year over year. For the owner of an exchange service, every incoming transaction potentially contains funds linked to fraud or sanctions.

Allowing such a transaction into the system means putting bank accounts, the licence, and reputation at risk. Let us examine how the verification mechanism works and which tools professionals use.

What Is “Dirty” Cryptocurrency

Dirty cryptocurrency: coins or tokens that have passed through addresses linked to criminal activity. Ransomware attacks, trading on darknet markets, sanctions evasion, terrorism financing, investment scams. The “dirt” is not tied to a specific coin, but to the history of its movements across the blockchain: the chain of addresses determines the level of risk.

A key trend: stablecoins have become the main instrument for illicit operations. Chainalysis states: 84% of all illicit transactions in 2025 involved stablecoins. The reason is simple: a stable exchange rate, high liquidity, and convenience for cross-border transfers. USDT with a non-obvious history carries the same risk for an exchange service as bitcoin from a darknet market.

Why Cryptocurrency Transactions Are Checked

From the regulatory side, pressure is increasing. FATF updated Recommendation 16 (the travel rule) in June 2025, tightening transfer transparency requirements. According to FATF, 85 out of 117 jurisdictions have already adopted travel rule legislation. Virtual asset service providers (VASPs) that ignore AML checks risk losing their licence.

For an exchange service, checking a cryptocurrency transaction is not a formality, but direct protection. Toxic funds in the system lead to the freezing of an account on a counterparty exchange, termination of an agreement with a payment partner, and an investigation by the regulator. The cost of one missed check may prove higher than the annual profit of a small service: fines, legal expenses, and loss of the customer base add up quickly.

How Cryptocurrency Screening Works (AML Analysis)

The system takes a wallet address or transaction hash, traces the transfer graph, and compares intermediate addresses with a database of risky wallets. The databases contain addresses from OFAC sanctions lists, as well as addresses linked to darknet markets, scam projects, mixers, and ransomware programmes. The output is a risk score: a numerical assessment of the share of “dirty” funds.

The analysis is not limited to direct contacts. Coins that have passed through three intermediary wallets after a sanctioned address retain part of the criminal trail. The depth of analysis, meaning the number of hops, depends on the AML provider’s settings. According to Elliptic, the company clusters more than a billion addresses: the broader the coverage, the fewer false positives.

Which Tools Are Used for Screening

• Chainalysis KYT: real-time transaction monitoring, coverage of 70+ countries. Chainalysis data underpins most public reports on crypto crime.
• TRM Labs: mentioned by FATF as a contributor to its reviews. 30+ blockchains, with strong analytics of sanctions-related flows.
• Crystal Blockchain: a solution by Bitfury, strong in visualising links between addresses.
• Elliptic: 65+ blockchains, with a focus on DeFi monitoring and cross-chain tracing.

The logic of all tools is similar: cluster analysis of addresses, heuristics for grouping wallets belonging to one owner, comparison with blacklists. The differences lie in blockchain coverage, database update speed, and the depth of cross-chain analysis.

How Transaction Screening Works in Practice

An operator receives an exchange request for 5,000 USDT. The system accepts the sender’s address and the transaction hash. Through API access, the AML service analyses the address history: where the funds came from, through which wallets they passed, and whether there are intersections with risky clusters. A risk score is generated: some providers use a 0-100 scale, others use categories such as low, medium, high, and severe.

If the risk is low, the transaction passes automatically. If it is medium, the operator conducts a manual review. If it is high, the transaction is blocked and documents are requested.

Checking a transaction before exchange takes seconds: most of the time is spent on the API request and processing the transfer graph. For the customer, the process is usually invisible.

What Happens If Cryptocurrency Is Recognised as “Dirty”

Centralised exchanges freeze the funds and send a SAR (suspicious activity report) to the regulator. Stablecoin issuers such as Tether block the address at the smart contract level: USDT simply stops being transferable.

For the user, this means losing access to funds for months. For the exchange service, it means an obligation to disclose customer data, loss of bank accounts, and sanctions against the service. Example: in 2025, the exchange Garantex was shut down after processing illicit flows worth billions of dollars. All counterparties that had worked with Garantex came under additional scrutiny: reputational damage spread along the chain.

How to Check Cryptocurrency Before Sending

How do you check cryptocurrency before it enters the system? Integrate an AML API into the request intake process: the response arrives within 1-3 seconds. Set risk thresholds according to the business model: a conservative approach blocks everything above a 30% risk score, while a flexible one allows up to 50% with manual verification.

Carry out a separate USDT cleanliness check: stablecoins account for the bulk of illicit flows. Store the screening results: this provides an evidential basis when regulators make requests.

Checking cryptocurrency for cleanliness is not a one-off action, but an embedded process. An address that was “clean” yesterday may appear on a blacklist today: databases are updated daily. Continuous rescreening of previously approved addresses is standard practice for large services and protects against delayed risks.

Why Cryptocurrency Screening Is Becoming a Market Standard

Three factors. Regulatory pressure: FATF has included in its monitoring jurisdictions covering about 98% of the global market. MiCA came into force in the EU in 2025, requiring crypto services in 27 countries to comply with unified AML requirements.

The scale of the threat. The volume of dirty crypto grew by 162% in a year. North Korean hackers stole $2 billion in 2025, including the $1.5 billion Bybit hack. Scammers collected at least $14 billion. These figures make AML screening not a precaution, but a necessity.

Cost reduction: an API check of a single transaction costs cents, which is cheaper than the consequences of a missed risk. The BoxExchanger platform makes it possible to integrate AML checks into the exchange service workflow without manual processing of requests.

Conclusion

Checking transactions for links to illicit activity is a basic requirement for any crypto service. For an exchange owner, AML integration protects the business, its reputation, and access to banking infrastructure. Services that implement checks now gain a competitive advantage over those that delay.