KYC (Know Your Customer) answers "who is your user"; KYT (Know Your Transaction) answers "is this transaction, this address, clean". For exchanges, wallets, payments, and compliance firms, KYT is the AML core engine: at the instant of deposit/withdrawal/trade, it judges whether the counterparty address touches scams, gambling, sanctions, or mixers.

1. Overall architecture

A production KYT engine comprises five modules: data ingestion, label library, fund-graph network, scoring engine, and rule adjudication.

Ingestion feeds raw multi-chain data in; the label library and fund graph carry the "relationships" and "knowledge"; scoring quantifies relationships into numbers; the rule engine translates numbers into actions. The overall flow:

KYT 风控引擎整体架构
Overall architecture and module split of Delta & Capital's real-time KYT engine

2. Data layer: multi-chain ingestion and the address label library

Multi-chain ingestion: archive full nodes + explorer APIs + third-party sources, covering BTC/ETH/Tron and major stablecoins, with historical state replay.

Address label library: KYT's "knowledge" lives here — entity labels for exchanges, mixers, scams, sanctions lists (e.g. OFAC SDN), darknet markets, OTC desks — each label carrying source, timestamp, and confidence.

Delta & Capital maintains a continuously updated label library with tens of millions of entities — the foundation of KYT scoring accuracy. Label quality directly sets false-positive and false-negative rates, which is why KYT cannot be conjured from open-source code and must be accumulated over time.

3. Risk scoring: exposure and propagation decay

Core idea: an address's risk is not only whether it is "black" itself, but its fund distance to high-risk entities. Direct trades with sanctioned addresses are extreme risk; five hops removed, risk decays sharply.

A workable model: address risk score = Σ (hit-label weight × fund share × distance decay).

RISK_WEIGHTS = {
    "sanctioned": 100,  # 制裁名单
    "scam": 90,        # 诈骗
    "darkmarket": 80,  # 暗网市场
    "mixer": 70,       # 混币器
    "gambling": 40,    # 涉赌
    "exchange": 5,     # 普通交易所(低风险)
}

def address_risk_score(address, max_hops=5, decay=0.5):
    """
    基于资金敞口的地址风险评分(0-100)。
    get_exposures 返回 [(风险类别, 资金占比, 距离hops), ...],
    由资金图谱 + 标签库 + 污点分析计算得到。
    """
    score = 0.0
    for category, ratio, hops in get_exposures(address, max_hops):
        weight = RISK_WEIGHTS.get(category, 0)
        score += weight * ratio * (decay ** hops)  # 距离越远,衰减越多
    return min(round(score, 1), 100)

get_exposures here is built on the fund graph plus taint analysis — which is why a KYT engine cannot exist without a high-quality fund graph. Delta & Capital's scoring engine adds multi-model taint analysis (Haircut / FIFO / Poison) and cross-chain continuation, quantifying even "indirect risk".

4. Rule engine: translating scores into actions

Above scoring sits the rule engine, translating scores into pass / step-up verification / block. Rules must be configurable, auditable, and replayable:

RULES = [
    {"if": lambda ctx: ctx["risk"] >= 90, "then": "BLOCK", "reason": "高风险:疑似制裁 / 诈骗关联"},
    {"if": lambda ctx: ctx["risk"] >= 60, "then": "REVIEW", "reason": "中风险:转人工复核"},
    {"if": lambda ctx: ctx["mixer_hops"] is not None and ctx["mixer_hops"] <= 2,
     "then": "REVIEW", "reason": "两跳内关联混币器"},
    {"if": lambda ctx: ctx["amount"] >= 100000, "then": "REVIEW", "reason": "大额交易"},
]

def evaluate(ctx):
    for rule in RULES:
        if rule["if"](ctx):
            return rule["then"], rule["reason"]
    return "PASS", "低风险放行"

In practice Delta & Capital customizes rule sets per client license region, business type, and risk appetite, snapshotting every hit for regulator review — half of compliance risk-control's value is judgment, the other half is explainability and traceability.

5. Fund graph: multi-hop association on a graph database

Scoring must "see multiple hops", which requires a fund graph. A graph database (e.g. Neo4j) stores address–transaction relations, supporting multi-hop queries and taint propagation:

// 查询某地址 3 跳内是否关联到任意「制裁」标签地址
MATCH path = (a:Address {addr: $addr})-[:SENT*1..3]->(b:Address)
WHERE b.label = 'sanctioned'
RETURN path LIMIT 10

Delta & Capital layers multi-model taint analysis on top, judging not just "whether associated" but "how much" — the key differentiator when issuing compliance reports and judicial evidence.

6. Real-time constraints and engineering challenges

KYT must answer within a few hundred milliseconds of the user pressing "withdraw". Engineering challenges include:

7. Delta & Capital's KYT practice

Making all of this production-grade and regulator-proof is one of Delta & Capital's core capabilities:

For platform clients this means out-of-the-box on-chain AML risk control; for individuals it means that when an address is risk-controlled or frozen, Delta & Capital can rapidly locate the risk source and chart a compliant path forward.

8. Summary

The essence of a KYT engine = a high-quality label library + fund graph + risk scoring + rule engine + real-time engineering. It is not one flashy algorithm but a system built on long-term data and engineering accumulation. Delta & Capital's depth here shows in label breadth, taint-analysis precision, and the bridge into compliance and judicial processes.

Risk & compliance notice: this article is technical-architecture education; sample code and weights are illustrative only, not a specific compliance solution — implementation must follow your jurisdiction's regulatory requirements. For account risk controls / freezes, proceed through lawful channels.