CredScore verdict
0x5b94…408ceth-mainnet
Score
58
0 = max risk · 100 = clean
Medium riskReviewConfidence:80%
Review before proceeding
CredScore sees a 5.2-year-old wallet with 142 transfers. Source return flow detected and Review-sensitive fan-out distribution pattern warrant manual review before this case is treated as routine. Observed entity context: WETH Token, Metamask Swaps.
Wallet snapshot
Wallet age
5.2 years
Transfers observed
142
Native balance
0.0000 ETH
Last activity
1.2 years ago
Counterparties
55
Primary risk drivers
Source return flow detected
Source return count: 5 · Repeated amount-band recirculation: 1 · Funding dependency concentration: 18% · Multi-hop pressure: 22/100
Observed sources later reappear as return destinations, which reduces legibility and suggests recirculating flow rather than clean one-direction settlement.
Review-sensitive fan-out distribution pattern
Transfers observed: 142 · Unique counterparties: 55 · Top counterparty share: 32%
A review-sensitive fan-out distribution pattern was detected. The structural heuristics indicate this wallet distributes funds to multiple distinct recipients in a compressed fashion that raises review priority when combined with other signals.
Rapid outflow pattern
Rapid outbound events observed: 29
Rapid outflow behavior can indicate routing, distribution, or non-routine operational flow that deserves review.
Sanctioned counterparty interactions
Lazarus Group (DPRK)
0x098b716b8aaf21512996dc57eb0615e2383e2f96
OFAC_SDN · Axie Infinity Ronin Bridge hack proceeds
Observed entity context
Labels
WETH TokenMetamask SwapsuniswapUniswap V3 Routermetamask
Protocols
ENS Registrar Controllerwrapped-ethmetamaskUniswap V2 RouterENS Registry
Offsetting factors
Established history
Wallet age: 5.2y (observed)
Observable activity present
Transfers observed: 142
Moderately distributed counterparties
Unique counterparties observed: 55
Analyst briefing
Executive Risk Verdict
This 5.2-year-old address presents moderate counterparty risk. The leading concerns are Source return flow detected and Review-sensitive fan-out distribution pattern, which warrant manual review before this case is treated as routine.
Decision Posture
Review before proceeding. This case is not an automatic stop, but the current signal mix or confidence level is not strong enough to treat it as routine without human review.
Primary Risk Drivers
Source return flow detected Source return count: 5 Repeated amount-band recirculation: 1 Funding dependency concentration: 18% Observed sources later reappear as return destinations, which reduces legibility and suggests recirculating flow rather than clean one-direction settlement.
Review-sensitive fan-out distribution pattern
Transfers observed: 142
Unique counterparties: 55
Top counterparty share: 32%
A review-sensitive fan-out distribution pattern was detected. The structural heuristics indicate this wallet distributes funds to multiple distinct recipients in a compressed fashion that raises review priority when combined with other signals.
Rapid outflow pattern
Rapid outbound events observed: 29
Rapid outflow behavior can indicate routing, distribution, or non-routine operational flow that deserves review.
Offsetting Factors
Established history Wallet age: 5.2y (observed)
Observable activity present
Transfers observed: 142
Moderately distributed counterparties
Unique counterparties observed: 55
Structural Pattern Observations
Fan-out distribution (high confidence) The observed flow pattern is consistent with fan-out distribution behavior and also carries additional review pressure from thin visibility, limited history, or sensitive exposure. This is not a misconduct finding, but it is not a routine pattern under current coverage.
Behavior Distribution
DEX-related interactions: 5% of observed activity. Bridge-related interactions: 1% of observed activity. Router / aggregator interactions: 3% of observed activity. Attributed interactions: 100% of observed activity, but only 8% resolved with high confidence, the remainder are unlabeled contract interactions, which is opacity rather than meaningful attribution coverage. High-confidence attributed interactions: 8% of observed activity.
Normalization Context
Observed bridge activity is being treated primarily as cross-chain operational context, not as a standalone adverse signal.
DEX and router usage further support a normal DeFi execution interpretation unless paired with sensitive exposure or suspicious concentration.
Observed Entity / Protocol Context
WETH Token Metamask Swaps uniswap Uniswap V3 Router metamask
Observed Protocol Attribution
ENS Registrar Controller wrapped-eth metamask Uniswap V2 Router ENS Registry
Confidence Statement
Overall assessment confidence is high (80%), reflecting stronger sample depth, better coverage, and more stable observable behavior.
Sensitivity notes
Fresh activity could change this classification because the current signal is not recent.
Off-chain context would be particularly valuable here, the detected structural patterns raise interpretive ambiguity that on-chain data alone cannot resolve.
For analysts
Generate a Defensible Verdict Report — engine version + timestamp baked in, exportable as PDF or copy-pasted as Markdown into a SAR narrative or case file.
Open report →
Run your own wallet through CredScore

Deterministic Ethereum wallet risk scoring with a full audit trail. Every signal has an explicit numeric weight, output is reproducible. Paste any wallet to see your own verdict.

First analysis is free, no credit card. Or see pricing.
Shared Jul 13, 2026