Risk Labels
Each matched address returns one or more labels. Labels explain why the address is flagged and which source reported it.
Some results may reflect community-maintained or third-party threat-intelligence sources rather than official government lists. Such labels are unofficial, may be inaccurate, incomplete, contested, or out of date, and do not constitute an accusation, finding, or determination against any person. You must independently verify any such result and must not take adverse action against any person on the basis of a community-sourced label without your own verification and a lawful basis.
Label reference
| Label | Score | Level | Description | Sources |
|---|---|---|---|---|
sanctions | 100 | CRITICAL | Address appears on an official government sanctions list. | OFAC_SDNEU_CONSOLIDATEDUK_CONSOLIDATED |
hack_exploit | 90 | CRITICAL | Address known to have received or laundered funds from a protocol hack or exploit. | COMMUNITY_BADLIST |
scam | 75 | HIGH | Address involved in reported scam or fraud activity. | COMMUNITY_BADLIST |
phishing | 75 | HIGH | Address used in phishing campaigns or impersonation attacks. | COMMUNITY_BADLIST |
high_risk_entity | 40 | MEDIUM | Address associated with a high-risk entity not fitting other categories. | COMMUNITY_BADLIST |
Multiple labels
An address can have multiple labels from multiple sources. For example, an address might carry both sanctions (from OFAC_SDN) and scam (from COMMUNITY_BADLIST).
The risk score is the maximum of all matched label scores. The labels array contains every matched signal, giving you full context for your compliance decision.
Label stability
Label values are stable strings. Match on the exact string value in your code. New labels may be added over time; handle unknown labels by treating them conservatively (e.g., at least MEDIUM risk) rather than ignoring them.