Methodology and controls

How taintscan runs a professional wallet risk review

This page documents the real taintscan workflow from login entrypoint to final evidence package: inbound and outbound transfer collection, blacklist and sanctions validation, exchange and mixer tagging, second-hop checks, clustering signals, multi-factor scoring, and operator-ready outputs.

TRON / Ethereum Blacklist + sanctions checks Traceability flow + PDF evidence Read-only workflow (no wallet connection)

1. Workflow sequence

The page follows the same operator sequence users experience after entering through the login page: start a screening session, run the compliance analysis, then review and export the results.

1

Start from login and submit the target wallet

From the login entrypoint, the user starts a screening session and submits a wallet address with selected chain and token.

Login entrypointWallet + chain + token
2

Run the validation pipeline

taintscan collects transfers, screens counterparties, checks the target address, computes risk factors, and stores evidence records.

Blacklist + sanctionsScoring + persistence
3

Review, export, and monitor

The operator reviews risk outputs, explores the traceability flow, downloads PDF evidence, and can move wallets into watchlist monitoring.

Web UI + PDFWatchlist alerts

What taintscan validates during analysis

  • Target wallet token balance and direct blacklist status
  • Sanctions screening for the target address (separate from blacklist)
  • Inbound sender aggregation, blacklist checks, and labeling (exchange / mixer)
  • Second-hop screening for top non-flagged senders
  • Outgoing recipient screening and sender-recipient cross-reference loops
  • Behavioral and structural signals used by the risk engine

Evidence produced for operators and compliance review

  • Persisted transaction, sender, and recipient evidence records
  • 0-100 risk score and final risk level classification
  • Interactive traceability flow on the result page
  • WeasyPrint-compatible PDF report with static SVG trace map
  • Optional AI compliance summary (non-blocking to scan completion)
  • Watchlist monitoring path for recurring checks and alerts

2. Technical pipeline walkthrough

This is the execution order taintscan follows during a wallet scan. Select any stage to inspect the validation objective, evidence captured, and what is persisted for downstream outputs.

Step 1 / 10

3. Validation coverage matrix

Every scan combines protocol checks, behavioral heuristics, and reporting outputs. Use the filters to isolate the control family you want to review.

Incoming transfer fetch

Loads inbound token transfers for the selected chain/token pair and normalizes sender addresses before analysis.

Chain-aware normalizationTransaction history

Target blacklist + sanctions

Checks whether the target wallet itself is blacklisted and runs sanctions screening (OFAC identifiers) independently.

Tether/Circle checksSanctions match capture

Sender dedupe and aggregation

Builds a unique sender map with transaction count, total volume, first seen, and last seen timestamps.

Deduped sendersVolume metrics

Cached blacklist + balance checks

Runs concurrent blacklist and token balance checks with cache reuse to reduce repeated API latency and cost.

Cache TTLConcurrency limits

Exchange, mixer, and cluster tagging

Classifies high-volume/exchange wallets, detects known mixers, and resolves shared gas-funder clustering signals.

Exchange labelsMixer heuristicsCoordinated funding

Second-hop screening

Fetches recent transfers for top non-flagged senders to detect hidden blacklist exposure or mixer activity one hop deeper.

Hop-2 flagsLayering detection

Outgoing recipient analysis

Fetches outgoing transfers from the target, aggregates recipients, screens them, and cross-references loops back to sender set.

Recipient mapCross-reference

10-factor risk scoring engine

Computes a 0-100 score from blacklist counts, recency, concentration, pass-through, wallet age, structuring, mixers, clusters, and discounts.

Risk level bandsAuto-critical if target flagged

Interactive traceability flow

Renders node-to-node chronology in the scan result page with pan/zoom, click-through to explorers, and flagged edge coloring.

Web canvasExplorer links

PDF report generation

Builds a static SVG trace map for WeasyPrint and exports compliance-ready report snapshots and evidence tables.

WeasyPrint-safe SVGShareable artifact

AI compliance summary

Generates a narrative summary after the scan completes; failures are isolated so the core scan result still ships.

Non-blocking generationAnalyst-ready narrative

Watchlist monitoring

Completed scans can move into recurring monitoring with alerts for new blacklist exposure and status changes.

Recurring scansEmail alerts

4. Scoring rationale simulator

This simulator mirrors the production scoring concepts (not exact internal weights) so teams can understand how different validation outcomes move a wallet toward low, medium, high, or critical risk.

1
25%
70%
30d
Tap to toggle

5. Outputs and operator workflow

After validations finish, taintscan packages the result into multiple operator-ready outputs: web review, traceability visualization, PDF evidence, and continuous monitoring.

Risk summary

Score, risk level, flagged senders, target blacklist status, and sanctions signals summarized first.

Counterparty tables

Inbound senders and outgoing recipients with labels, balances, and relationship context.

Analyst workflow

Interactive exploration, filtering, and report generation without requiring wallet connection.

  1. Open the completed scan result page.
  2. Review top-level flags and score rationale.
  3. Inspect counterparties and transaction chronology.

Node graph timeline

Wallet nodes and chronological edges for incoming and outgoing paths.

Flag highlighting

Flagged nodes and edges use stronger visual cues for fast triage.

Explorer linking

Click a node to open the corresponding address in the chain explorer.

  1. Pan and zoom through transaction context.
  2. Focus on suspicious counterparties or loops.
  3. Export the same sequence in a PDF-safe static SVG view.

Static SVG trace map

WeasyPrint-compatible map with clickable nodes and colored legends.

Evidence-ready tables

Transactions, counterparties, and risk summary rendered in a shareable artifact.

Compliance handoff

Designed for counterparties, clients, or internal review trails.

  1. Generate PDF after scan completion.
  2. Share report as evidence package.
  3. Use consistent output regardless of web interactivity.

Recurring scans

Move validated wallets into watchlist monitoring and keep evidence fresh.

Alerting

Email notifications when exposure changes or new flagged counterparties appear.

Portfolio visibility

Track monitored wallets and prioritize risk review across many addresses.

  1. Add important wallets to the watchlist.
  2. Receive updates on state changes.
  3. Re-open detailed reports only when risk shifts.

Ready to run a real wallet validation?

Start with a public wallet address. taintscan will collect inbound and outbound transfers, validate counterparties, score risk, and generate a traceability report you can review and share.