GH GambleHub

Chain analytics and risk assessment

1) What is chain analytics in the context of iGaming

Chain analytics is the collection and interpretation of chain events (transactions, balances, relationships) turned into a graph of addresses and entities in order to:
  • recognize risky patterns (sanctions, mixers, phishing, ranochein mules);
  • estimate the proximity/taint% of the origin of funds;
  • make RBA decisions on deposits/withdrawals without loss of conversion;
  • document the evidence base for audits, banks and regulators.

2) Pipeline architecture (reference)

Collection → Normalization → Graph → Tags/Scoring → Solutions → Reporting

1. Data collection

Nodes/RPC over key networks (TRON, EVM L1/L2, BTC/UTXO, Solana, XRP/XLM, etc.).
Webhooks/mempool wiretaps (where appropriate), periodic backtill for completeness.

2. Normalization

Cast to unified schema: 'tx', 'address', 'entity', 'label', 'edge (from→to, amount, ts, chain)'.
Parsing specifics (memo/tag, UTXO inputs/outputs, internal tx).

3. Entity graph

Clustering of addresses in entity (co-spend/change/temporal heuristics, provider clusters).
Storing multi-chain links (bridge/mint/burn).

4. Attribution and labels

Import of provider labels (exchanges/VASP, mixers, dark markets, scam, sanctions).
Own attribution (service pool addresses, payment providers, internal wallets).

5. Scoring and solutions

Counting risk score 0-100 for address/tx/chain, RBA matrix (allow/limit/hold/reject).

6. Reporting and auditing

Solution logs, tag versions, chain snapshots, artifacts for SAR/STR and controversial cases.

3) Data model and graphs

Key entities

'Address' (over the network), 'Entity' (cluster of addresses), 'Tx', 'Edge', 'Label', 'Case'.
Атрибуты: `chain`, `ts`, `amount`, `counterparty_type` (VASP, mixer, bridge, DEX, P2P, gambling), `risk_vector`.

Indexes and storage

Graph database (or column storage + edge tables).
Indexes on 'address', 'entity _ id', 'label', 'ts', 'chain' for quick traces.

4) Path metrics: proximity and taint

Proximity (hop distance): minimum number of transitions to the risk mark/cluster.
Taint% (share of pollution): the share of funds in transit, originating from "dirty" sources, taking into account branches.
Path score: function of distance, taint and event freshness (time-decay).
Entity confidence: confidence in clustering (heuristics/sources).

5) Feature set for risk assessment

A. Graph

Fan-in/fan-out, medium degree, centrality (betweeness, pagerank).
Share of inputs from exchanges/VASP vs anonymous clusters, bridges.
Density of links with high-risk labels.

B. Behavioral

Periodicity and rhythm of translations, "even" amounts, burst patterns.
Speed-chain: speed through intermediate wallets.
Rapid in → out.

C. Content/Context

Tags: sanctions, mixers, dark market, phishing, ransom, high-risk P2P.
Geo/regional flags (indirectly through exchanges/time zones).
Counterparty type (DEX/bridge vs VASP).

D. Transactional

Networks/fees/confirmation, memos/tags correctness.
Address/wallet age, cluster survivability.

6) Risk rate and calibration (0-100)

Example of aggregation: 

score = w1LabelRisk + w2Proximity + w3Taint% + w4Behavior + w5Counterparty + w6TimeDecay

Порог T1 (allow), T2 (hold/verify), T3 (reject/escalate).
Separate profiles by network/asset (UTXO vs EVM vs tag-network).

Calibration

PR/ROC with value weights (false reject vs fraud loss).
Brier score for probability calibration.
Backtesting on historical cases (TP/FP/FN).

7) Matrix of RBA solutions (sketch)

ScenarioConditionsAction
Allowscore ≤ T1, clear pathCredit/pay; standard confirmations
Allow + limitsscore ≤ T2, low taint, new addressesAmount/frequency limit, more confirmations
Hold & VerifyT2 Hold, SoF request/address confirmation, Travel Rule
RejectSanctions/mixer/stolen fundsRefusal, case in compliance, if necessary SAR/STR

8) Integration with KYT, Travel Rule and KYC/KYB

KYT: complements its own graph (industrial labels, attribution, reports). Log the version of the database and the source of the labels.
Travel Rule: Link IVMS101 messages to 'tx/case'. Pre-KYT before data exchange.
KYC/KYB: associate graph anomalies with the customer/partner profile (PEP, adverse media, geo).

9) UX and operations (minimum friction)

Transparent hold reasons: "You need to confirm the source of funds "/" Confirm ownership of the address."

Whitelist addresses with TTL and KYT thresholds.
Partial release with a partially clean path.
Automatic ETA based on scan time and network.

10) Privacy, data and compliance

PII minimization: separate the online graph from personal data (PII Vault).
Encryption "at rest" and "in transit," RBAC/SoD, signed webhooks.
Artifact versioning: chain snapshots, KYT reports, tag versions at the time of solution.
Retention: storage of case materials according to the rules of jurisdiction (often 5 + years).

11) Observability and dashboards

Operations

Approval Rate of the post-filter, Time-to-Decision p50/p95, Hold %/Reject%.
Peaks by network/asset, RPC degradation/fee.

Risk/quality

KYT hit% by label type, SAR-conversion.
False Positive %, Precision/Recall для High-risk.
Share of proximity≤N and taint% in flows.

Economics

Cost per Approved (all-in),% of manual cases, cost of investigations.

12) Case playbooks (L1/L2/L3)

L1 (triage): checking labels, proximity/taint, matching with client, fast allow/hold.
L2 (investment): in-depth tracing, SoF/SoW, Travel Rule-answer, solution: partial release/decline.
L3 (escalation): sanctions/stolen funds/public incidents, preparation of SAR/STR and regulatory communication.

SLA landmarks: auto-triage 5-15 with p95, L2 up to 4 hours for High, standard ≤ 24 hours.

13) Anti-patterns

Blind faith in "blacklists" excluding chain and taint%.
Same thresholds for all networks/assets and geo.
No versioning of labels/sources → unprotected solutions.
Bridge/L2 and multi-chain transition ignored.
"Deaf" locks without partial release and intelligible communication.
No idempotency in webhooks/solutions → hold/unlock doubles.

14) Implementation checklist (short)

  • Nodes/RPC over networks, unified data schema, edge model.
  • Clustered and confidence-valued entity graph.
  • Import KYT labels + native attribution, versions/sources.
  • Attributes: graph/behavior/content/tx; scoring 0-100 s T1/T2/T3.
  • RBA matrix and playbooks (allow/limit/hold/reject/escalate).
  • Travel Rule (IVMS101) and unhosted policy.
  • Dashboards: AR, Time-to-Decision, FP%, SAR, taint/proximity.
  • PII Vault, RBAC/SoD, encryption, retention, and auditing.
  • Idempotency, anti-takes, backoff + jitter; signed webhooks.
  • Regular calibration of thresholds, retrospective of lost cases.

15) Summary

Chain analytics is not just "transaction viewing," but a system of graph, labels and solutions built into payment transactions. Connect a complete proximity/taint with KYT/Travel Rule and RBA matrices, draw up evidence and quality metrics, keep privacy under control - and you get fast, compliant and cost-effective payment processes in iGaming.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.