Risk Labels

Each matched address returns one or more labels. Labels explain why the address is flagged and which source reported it.

Some results may reflect community-maintained or third-party threat-intelligence sources rather than official government lists. Such labels are unofficial, may be inaccurate, incomplete, contested, or out of date, and do not constitute an accusation, finding, or determination against any person. You must independently verify any such result and must not take adverse action against any person on the basis of a community-sourced label without your own verification and a lawful basis.

Label reference

LabelScoreLevelDescriptionSources
sanctions100CRITICALAddress appears on an official government sanctions list.
OFAC_SDNEU_CONSOLIDATEDUK_CONSOLIDATED
hack_exploit90CRITICALAddress known to have received or laundered funds from a protocol hack or exploit.
COMMUNITY_BADLIST
scam75HIGHAddress involved in reported scam or fraud activity.
COMMUNITY_BADLIST
phishing75HIGHAddress used in phishing campaigns or impersonation attacks.
COMMUNITY_BADLIST
high_risk_entity40MEDIUMAddress associated with a high-risk entity not fitting other categories.
COMMUNITY_BADLIST

Multiple labels

An address can have multiple labels from multiple sources. For example, an address might carry both sanctions (from OFAC_SDN) and scam (from COMMUNITY_BADLIST).

The risk score is the maximum of all matched label scores. The labels array contains every matched signal, giving you full context for your compliance decision.

Label stability

Label values are stable strings. Match on the exact string value in your code. New labels may be added over time; handle unknown labels by treating them conservatively (e.g., at least MEDIUM risk) rather than ignoring them.