KYC (Know Your Customer) answers "who is your user"; KYT (Know Your Transaction) answers "is this transaction, this address, clean". For exchanges, wallets, payments, and compliance firms, KYT is the AML core engine: at the instant of deposit/withdrawal/trade, it judges whether the counterparty address touches scams, gambling, sanctions, or mixers.
1. Overall architecture
A production KYT engine comprises five modules: data ingestion, label library, fund-graph network, scoring engine, and rule adjudication.
Ingestion feeds raw multi-chain data in; the label library and fund graph carry the "relationships" and "knowledge"; scoring quantifies relationships into numbers; the rule engine translates numbers into actions. The overall flow:
2. Data layer: multi-chain ingestion and the address label library
Multi-chain ingestion: archive full nodes + explorer APIs + third-party sources, covering BTC/ETH/Tron and major stablecoins, with historical state replay.
Address label library: KYT's "knowledge" lives here — entity labels for exchanges, mixers, scams, sanctions lists (e.g. OFAC SDN), darknet markets, OTC desks — each label carrying source, timestamp, and confidence.
Delta & Capital maintains a continuously updated label library with tens of millions of entities — the foundation of KYT scoring accuracy. Label quality directly sets false-positive and false-negative rates, which is why KYT cannot be conjured from open-source code and must be accumulated over time.
3. Risk scoring: exposure and propagation decay
Core idea: an address's risk is not only whether it is "black" itself, but its fund distance to high-risk entities. Direct trades with sanctioned addresses are extreme risk; five hops removed, risk decays sharply.
A workable model: address risk score = Σ (hit-label weight × fund share × distance decay).
RISK_WEIGHTS = {
"sanctioned": 100, # 制裁名单
"scam": 90, # 诈骗
"darkmarket": 80, # 暗网市场
"mixer": 70, # 混币器
"gambling": 40, # 涉赌
"exchange": 5, # 普通交易所(低风险)
}
def address_risk_score(address, max_hops=5, decay=0.5):
"""
基于资金敞口的地址风险评分(0-100)。
get_exposures 返回 [(风险类别, 资金占比, 距离hops), ...],
由资金图谱 + 标签库 + 污点分析计算得到。
"""
score = 0.0
for category, ratio, hops in get_exposures(address, max_hops):
weight = RISK_WEIGHTS.get(category, 0)
score += weight * ratio * (decay ** hops) # 距离越远,衰减越多
return min(round(score, 1), 100)
get_exposures here is built on the fund graph plus taint analysis — which is why a KYT engine cannot exist without a high-quality fund graph. Delta & Capital's scoring engine adds multi-model taint analysis (Haircut / FIFO / Poison) and cross-chain continuation, quantifying even "indirect risk".
4. Rule engine: translating scores into actions
Above scoring sits the rule engine, translating scores into pass / step-up verification / block. Rules must be configurable, auditable, and replayable:
RULES = [
{"if": lambda ctx: ctx["risk"] >= 90, "then": "BLOCK", "reason": "高风险:疑似制裁 / 诈骗关联"},
{"if": lambda ctx: ctx["risk"] >= 60, "then": "REVIEW", "reason": "中风险:转人工复核"},
{"if": lambda ctx: ctx["mixer_hops"] is not None and ctx["mixer_hops"] <= 2,
"then": "REVIEW", "reason": "两跳内关联混币器"},
{"if": lambda ctx: ctx["amount"] >= 100000, "then": "REVIEW", "reason": "大额交易"},
]
def evaluate(ctx):
for rule in RULES:
if rule["if"](ctx):
return rule["then"], rule["reason"]
return "PASS", "低风险放行"
In practice Delta & Capital customizes rule sets per client license region, business type, and risk appetite, snapshotting every hit for regulator review — half of compliance risk-control's value is judgment, the other half is explainability and traceability.
5. Fund graph: multi-hop association on a graph database
Scoring must "see multiple hops", which requires a fund graph. A graph database (e.g. Neo4j) stores address–transaction relations, supporting multi-hop queries and taint propagation:
// 查询某地址 3 跳内是否关联到任意「制裁」标签地址
MATCH path = (a:Address {addr: $addr})-[:SENT*1..3]->(b:Address)
WHERE b.label = 'sanctioned'
RETURN path LIMIT 10
Delta & Capital layers multi-model taint analysis on top, judging not just "whether associated" but "how much" — the key differentiator when issuing compliance reports and judicial evidence.
6. Real-time constraints and engineering challenges
KYT must answer within a few hundred milliseconds of the user pressing "withdraw". Engineering challenges include:
- Precompute + cache: hot addresses' scores computed ahead and refreshed periodically, avoiding live full-graph traversal.
- Stream processing: message queues + stream computing (Kafka / Flink) consume new blocks in real time, incrementally updating graph and labels.
- Tiered response: low risk passes from cache in seconds; only high risk / rule hits trigger deep traversal and human review.
- Multi-source failover and rate control: never depend on a single data source; avoid API rate limits stalling the whole pipeline.
7. Delta & Capital's KYT practice
Making all of this production-grade and regulator-proof is one of Delta & Capital's core capabilities:
- a continuously updated, confidence-scored entity label library at tens-of-millions scale;
- a multi-chain fund graph with multi-model taint analysis;
- a configurable, auditable, replayable rule engine;
- licensed legal experts connecting technical conclusions to compliance and judicial processes.
For platform clients this means out-of-the-box on-chain AML risk control; for individuals it means that when an address is risk-controlled or frozen, Delta & Capital can rapidly locate the risk source and chart a compliant path forward.
8. Summary
The essence of a KYT engine = a high-quality label library + fund graph + risk scoring + rule engine + real-time engineering. It is not one flashy algorithm but a system built on long-term data and engineering accumulation. Delta & Capital's depth here shows in label breadth, taint-analysis precision, and the bridge into compliance and judicial processes.
Risk & compliance notice: this article is technical-architecture education; sample code and weights are illustrative only, not a specific compliance solution — implementation must follow your jurisdiction's regulatory requirements. For account risk controls / freezes, proceed through lawful channels.