Deterministic wallet risk scoring built for crypto-native compliance teams. Your first analysis is free. Try a wallet →
Defensible onchain risk verdicts

The wallet risk verdict you can defend in writing.

CredScore is the only deterministic wallet risk engine that ships a verdict your analyst can paste into a SAR narrative or attach to a case file. Built for the analyst who has to defend the call six months later — every signal cited, engine version pinned, “what would change this verdict” answered upfront.

First analysis is free. No credit card.
Engine version on every verdict
PDF + Markdown export
6 chains incl. Tron
Free first analysis

Defensible Verdict Report

Every analysis generates a forensic-snapshot report — engine version + timestamp baked in, every driver with cited evidence, exportable to PDF and Markdown. SAR-ready.

Honest about uncertainty

When the engine doesn’t have enough signal, it says so explicitly instead of confabulating a midpoint score. Insufficient Signal is a verdict, not a gap.

Fits next to your existing stack

A second-opinion verdict grounded in behavior, not labels. Run a wallet through CredScore when your primary screening tool says low and your gut says high.

Sample analyst briefing

Engine snapshot
Wallet
0xea9f10c7 — ZachXBT-attributed laundering wallet
55/100
0 = max risk · 100 = clean
Risk tier
Behavior-detected. Wallet is not on any sanctions list — the engine caught the laundering shape from flow alone.
Medium
Decision posture
Review before proceeding
Review
Real engine output on a ZachXBT-named laundering wallet. Caught by the dex_routed_pass_through_pattern flag — behavior shape only, no sanctions exposure, no entity label triggering. This is the “reads behavior, not labels” claim in action. Full driver breakdown below.
192
Analyses run
280
Public verdicts
93
Sanctioned addresses tracked
6
Chains covered
5
Case studies published
Case studyDPRK / Sanctions$1.5B loss

How CredScore flagged the Bybit / Lazarus flow

When Lazarus moved funds from the Bybit exploit, CredScore scored the receiving wallets high-risk with sanctions escalation in under 15 seconds, with the full rationale traceable to specific transaction patterns and entity exposure. Not after the fact. In real time.

Read the full case study →
Defensible Verdict Report

What your analyst actually gets

Engine version and analysis timestamp baked in. Every driver cited with its evidence and impact. Sensitivity notes calling out what would change the verdict. Analyst notes autosaved per user. Exportable to PDF and Markdown for SAR narratives and case files.

Sample Defensible Verdict Report — pig-butchering laundering wallet
Open the sample report →
Real engine output on a ZachXBT-attributed pig-butchering laundering wallet.
Supported chainsEthereumTronBaseArbitrumOptimismPolygon
15s
Analysis time
6
Chains supported
100%
Deterministic scoring
0
Black boxes
Built for
Compliance analystsAML investigatorsOn-chain investigatorsProtocol security teams
Real engine output, no marketing screenshots
ZachXBT-named laundering wallet, caught by behavior alone
0xea9f…10c7eth-mainnet
Score
55
0 = max risk · 100 = clean
Medium riskReviewConfidence:84%
Review before proceeding
CredScore sees a 4.9-year-old wallet with 186 transfers. DEX-routed pass-through pattern and Rapid outflow pattern warrant manual review before this case is treated as routine. Observed entity context: Metamask Swaps, Uniswap V3 Router.
Wallet snapshot
Wallet age
4.9 years
Transfers observed
186
Native balance
0.0000 ETH
Last activity
9 days ago
Counterparties
85
Primary risk drivers
DEX-routed pass-through pattern
Single inbound source supplied 75% of inbound value · DEX + aggregator routing share: 54% of activity · Flow directionality: heavily one-sided (balance score 0.01)
A dominant share of the wallet's inbound value came from a single source, was routed through DEX or aggregator swap activity, and was drained from the wallet rather than retained. This is the laundering fingerprint observed on documented social-engineering theft cases: a large victim transfer arrives, gets fragmented into many DEX swaps to convert and obscure the asset trail, and the wallet is emptied. It is also consistent with one-shot legitimate behavior (an ICO recipient or grant payee cashing out via DEX), so it warrants review until the funding-source provenance is established.
Rapid outflow pattern
Rapid outbound events observed: 90
Rapid outflow behavior can indicate routing, distribution, or non-routine operational flow that deserves review.
Dense contract interaction pattern
Unique contracts observed: 93 · Contract interaction density: 0.50 · Observed labels: Metamask Swaps, Uniswap V3 Router, WETH Token
Heavy interaction with many contracts raises complexity and can increase behavioral uncertainty, although this may be normal for protocol-native wallets.
Observed entity context
Labels
Metamask SwapsUniswap V3 RouterWETH Tokenapproveuniswap
Protocols
Uniswap V3 Positions NFTmetamaskuniswapwrapped-ethUniswap UNI Token
Offsetting factors
Established history
Wallet age: 4.9y (observed)
Observable activity present
Transfers observed: 186
Moderately distributed counterparties
Unique counterparties observed: 85
Analyst briefing
Executive Risk Verdict
This 4.9-year-old address presents moderate counterparty risk. The leading concerns are DEX-routed pass-through pattern and Rapid outflow pattern, which warrant manual review before this case is treated as routine.
Decision Posture
Review before proceeding. This case is not an automatic stop, but the current signal mix or confidence level is not strong enough to treat it as routine without human review.
Primary Risk Drivers
DEX-routed pass-through pattern Single inbound source supplied 75% of inbound value DEX + aggregator routing share: 54% of activity Flow directionality: heavily one-sided (balance score 0.01) A dominant share of the wallet's inbound value came from a single source, was routed through DEX or aggregator swap activity, and was drained from the wallet rather than retained. This is the laundering fingerprint observed on documented social-engineering theft cases: a large victim transfer arrives, gets fragmented into many DEX swaps to convert and obscure the asset trail, and the wallet is emptied. It is also consistent with one-shot legitimate behavior (an ICO recipient or grant payee cashing out via DEX), so it warrants review until the funding-source provenance is established.
Rapid outflow pattern
Rapid outbound events observed: 90
Rapid outflow behavior can indicate routing, distribution, or non-routine operational flow that deserves review.
Dense contract interaction pattern
Unique contracts observed: 93
Contract interaction density: 0.50
Observed labels: Metamask Swaps, Uniswap V3 Router, WETH Token
Heavy interaction with many contracts raises complexity and can increase behavioral uncertainty, although this may be normal for protocol-native wallets.
Offsetting Factors
Established history Wallet age: 4.9y (observed)
Observable activity present
Transfers observed: 186
Moderately distributed counterparties
Unique counterparties observed: 85
Structural Pattern Observations
Fan-out distribution (medium confidence) The observed flow pattern is consistent with organized distribution behavior, but recognizable exchange or protocol context partially normalizes the structure and makes a benign operational explanation more plausible.
Behavior Distribution
Exchange-related interactions: 5% of observed activity. DEX-related interactions: 40% of observed activity. Router / aggregator interactions: 13% of observed activity. Attributed interactions: 100% of observed activity. High-confidence attributed interactions: 22% of observed activity.
Observed Entity / Protocol Context
Metamask Swaps Uniswap V3 Router WETH Token approve uniswap
Observed Protocol Attribution
Uniswap V3 Positions NFT metamask uniswap wrapped-eth Uniswap UNI Token
Confidence Statement
Overall assessment confidence is high (84%), reflecting stronger sample depth, better coverage, and more stable observable behavior.
Sensitivity notes
No immediate sensitivity drivers were identified from generalized metrics. Larger changes would likely come from stronger exposure and attribution intelligence.
For contrast: a legit, low-risk wallet
A vintage protocol-native wallet with thousands of unique counterparties. Engine snapshot as of June 2026 — scores move as new activity accrues.
0xd8da…6045eth-mainnet
Score
72
0 = max risk · 100 = clean
Low riskProceedConfidence:54%
Proceed with normal caution
CredScore sees a 10.7-year-old wallet holding 5.7 ETH with at least 1,201 transfers with observed context including Vitalik Buterin (Public), Null / Burn Address. No dominant adverse drivers under current coverage; this case can proceed with normal caution.
Wallet snapshot
Wallet age
10.7 years
Transfers observed
1,201
Native balance
5.69 ETH
Last activity
today
Counterparties
117
Observed entity context
Labels
Vitalik Buterin (Public)Null / Burn AddressCoinbase Hot Wallet 2USDC contractUniswap V2 Router
Protocols
Null / Burn AddressUSDC contractUniswap V2 Router
Offsetting factors
Established history
Wallet age: 10.7y (observed)
Recognizable exchange or protocol context
Observed label: Vitalik Buterin (Public) · Observed label: Null / Burn Address · Observed label: Coinbase Hot Wallet 2
Recognizable protocol attribution
Observed protocol: Null / Burn Address · Observed protocol: USDC contract · Observed protocol: Uniswap V2 Router
Observed activity context
Signals worth knowing about, but not strong enough to change the low-risk verdict above.
History capped by fetch limit
Transfers observed: At least 1,201 · History cap: observed count may be a lower bound (cap 1,200)
Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.
Bursty activity pattern
Average observed activity: 34.2 tx/day
A compressed activity window can indicate non-routine behavior and deserves added caution.
High transfer activity
Transfers observed: At least 1,201 · History cap: observed count may be a lower bound (cap 1,200)
Higher activity increases interpretive complexity, but should not be treated as adverse on its own unless paired with suspicious concentration, rapid routing, or sensitive exposure.
Analyst briefing
Executive Risk Verdict
This 10.7-year-old address presents lower relative counterparty risk. The observable behavior is consistent with stable usage and no dominant adverse drivers were detected, though it should still be contextualized with broader exposure intelligence when available.
Decision Posture
Proceed with normal caution. No dominant adverse drivers were identified under the current coverage, and the signal quality is strong enough to support a lower-risk routine posture.
Primary Risk Drivers
History capped by fetch limit Transfers observed: At least 1,201 History cap: observed count may be a lower bound (cap 1,200) Incomplete transfer coverage reduces confidence because observed totals may be lower bounds.
Bursty activity pattern
Average observed activity: 34.2 tx/day
A compressed activity window can indicate non-routine behavior and deserves added caution.
High transfer activity
Transfers observed: At least 1,201
History cap: observed count may be a lower bound (cap 1,200)
Higher activity increases interpretive complexity, but should not be treated as adverse on its own unless paired with suspicious concentration, rapid routing, or sensitive exposure.
Offsetting Factors
Established history Wallet age: 10.7y (observed)
Recognizable exchange or protocol context
Observed label: Vitalik Buterin (Public)
Observed label: Null / Burn Address
Observed label: Coinbase Hot Wallet 2
Recognizable protocol attribution
Observed protocol: Null / Burn Address
Observed protocol: USDC contract
Observed protocol: Uniswap V2 Router
Behavior Distribution
Exchange-related interactions: 0% of observed activity. DEX-related interactions: 0% of observed activity. Attributed interactions: 11% of observed activity. High-confidence attributed interactions: 5% of observed activity.
Observed Entity / Protocol Context
Vitalik Buterin (Public) Null / Burn Address Coinbase Hot Wallet 2 USDC contract Uniswap V2 Router
Observed Protocol Attribution
Null / Burn Address USDC contract Uniswap V2 Router
Confidence Statement
Overall assessment confidence is moderate (54%), reflecting partial coverage with usable but still incomplete behavioral signal.
Sensitivity notes
Improved transaction coverage could materially change activity-based interpretation and increase confidence.
Stronger counterparty attribution coverage could materially improve interpretability and sharpen the current score.
Why is confidence lower on the clean wallet? This address has thousands of unique counterparties — more than the engine can fully sample in a single fetch window. The activity-pattern flags are sampling artifacts, not risk signal. The engine surfaces the limitation honestly via the confidence number rather than hiding it, which is the same posture that produces “Insufficient Signal” verdicts when coverage is thin. A low-confidence Low is still Low.
And the decisive end of the range
0/100 · Escalate on the Bybit / Lazarus $1.5B exploiter wallet. Behavior + attribution stacked. Full case study walks through every signal the engine fires.
Read the case study →
Now run a wallet you actually care about.
Try CredScore free → no signup
One free Ethereum analysis. No credit card. Real engine output, not a demo.

How it works

CredScore is built for teams and operators who need a faster, clearer way to assess wallets. Instead of manually piecing together activity across explorers, you get a focused output designed for real review workflows.

1

Enter a wallet

Start an analysis from the Analyst Desk using a public wallet address.

2

Review the briefing

Read a structured summary with risk tier, decision posture, key drivers, and notable flags.

3

Use it in real decisions

Apply the output to onboarding, counterparty review, investigations, research, or internal risk checks.

Pricing

Your first wallet analysis is free, no credit card. Solo Analyst is $99 a month for unlimited wallet risk briefings across Ethereum, Tron, and four more EVM chains. Teams that need shared workspaces, higher throughput, or a tailored setup can talk with us directly.

See pricingBook a business call

FAQ

Straight answers to the questions people ask before relying on a wallet risk tool.

How does this compare to just using a block explorer

Block explorers show raw activity. CredScore is built to help you interpret that activity faster by turning it into a structured briefing with risk tier, posture, supporting rationale, and key flags.

Who is this for

CredScore is built for analysts, investigators, researchers, compliance teams, and operators who need a faster way to assess wallet risk and document what they are seeing.

How should I use the output

The output is meant to support review, prioritization, and internal decision-making. It is a decision-support layer, not a substitute for human judgment or a legal conclusion.

How accurate is it

CredScore is designed to be structured, explainable, and useful in practice, but no risk system is perfect. The point is to make wallet review faster and clearer, not to pretend uncertainty does not exist.

Do I need to provide identity or KYC data

No. CredScore evaluates public wallet activity and produces an explainable risk briefing without asking for identity data.

What chains are supported

Ethereum, Tron, Base, Arbitrum, Optimism, and Polygon are all supported. Tron coverage focuses on USDT-TRC20 transfers and TRX native flows, which is where the majority of crypto-laundering volume actually moves. Chain selection is a dropdown in the desk. Support expands carefully so the quality of the signal stays strong on each chain we add.

Can my team use it

Yes. Business access is available for teams that need broader usage, more volume, or a setup that fits a larger workflow.

About us

Built in Denver. CredScore exists because analysts were tired of stitching together explorer tabs and getting handed black-box risk scores they couldn't defend in a review.

Get in touch →