AMLBot - Crypto Risk Screening
Available To
Free for the following exchange plans:
Cloud Plans:
Enterprise
On-Premise Plans:
Enterprise Unlimited
What Is It?
The AMLBot Plugin is a crypto AML and KYT (Know Your Transaction) screening solution integrated into HollaEx exchanges. Powered by AMLBot, it automatically reviews on-hold deposits and withdrawals and decides whether they are safe to release or should be kept for manual review.
For each pending transaction, the plugin queries the AMLBot KYT API with the on-chain transaction hash (deposits) or destination address (withdrawals). AMLBot returns an overall risk score (0–100%), a granular breakdown of risk signals (sanctions, dark markets, scams, stolen coins, ransom, terrorism financing, mixers, etc.), and a blacklist flag.
Transactions whose risk profile exceeds your configured thresholds stay on hold, and the audit team is alerted by email. Transactions are auto-released only after AMLBot returns a completed/successful result below the configured thresholds.
Who Needs It?
This plugin is essential for any HollaEx exchange operator that:
Needs to comply with AML, sanctions, and Travel Rule regulations.
Wants to automatically catch deposits/withdrawals tied to scams, dark markets, sanctioned actors, or stolen funds before settlement.
Prefers a percentage-based, tunable risk engine instead of a binary blocklist.
Wants to reduce the operational load on compliance reviewers by auto-releasing low-risk traffic.
How to Use It?
You can simply install the plugin from the Plugins section inside the Operator Control. After installation, configure the plugin meta with your AMLBot credentials and risk thresholds.
1. Get your AMLBot API credentials
Log in to web.amlbot.com.
Open your Profile → API Keys.
Generate an
accessIdandaccessKeypair and store them somewhere secure. They are used together to compute the MD5 token sent on every API call.
2. Enable manual review of deposits and withdrawals
The plugin only acts on transactions that have been placed on hold. Disable the auto-processing flag for each flow you want AMLBot to screen:
kit.auto_deposit.active = falsefor deposit screening.kit.auto_withdrawal.active = falsefor withdrawal screening.
If both are enabled, the plugin will log that there is nothing to process and exit each cycle.
The plugin does this for you automatically on first install. When the plugin starts for the first time it will switch both
auto_depositandauto_withdrawaloff in your kit configuration and send a one-time alert email to the audit recipient (or to the address configured inalert_email) explaining what changed and what it means for transactions. After that, the change is recorded in Redis and will not be reapplied — you remain free to re-enable either toggle at any time from Operator Control → General → Security, but doing so will silently disable AMLBot screening for that flow because there will be no on-hold queue for the plugin to read.
3. Configure the plugin
Open the plugin in the Operator Control and set the following fields:
api_url
no
https://extramlbot.com
AMLBot KYT check endpoint URL. The plugin posts directly to this URL and falls back to /check/ only if the endpoint is unavailable.
access_id
yes
—
AMLBot accessId.
access_key
yes
—
AMLBot accessKey. Used together with access_id to compute the MD5 token for each request.
min_usdt
no
100
Minimum USDT-equivalent value before AMLBot is queried. Anything below this is auto-released without an external check.
risk_threshold_percent
no
50
Overall risk score percentage (0–100) at or above which a transaction is held.
high_risk_signal_threshold_percent
no
1.5
Combined percent of high-risk signal categories (sanctions, dark_market, scam, stolen_coins, terrorism_financing, etc.) at or above which a transaction is held, regardless of overall score. AMLBot signal fractions are converted to percent before comparison.
risk_threshold
no
HIGH
Discrete severity bucket at or above which a transaction is held. Allowed: CRITICAL, HIGH, MEDIUM, LOW.
block_on_blacklist
no
true
Hold any transaction with an AMLBot blacklist flag, regardless of risk percentage.
check_withdrawals
no
true
Set to false for deposits-only mode.
flow
no
fast
AMLBot analysis flow. fast returns quicker; advanced returns the full report.
cache_ttl_hours
no
48
How long to cache risk results per address/transaction.
request_timeout_ms
no
15000
Per-request timeout for AMLBot calls.
alert_email
no
(audit email from kit secrets)
Optional override for the recipient of risk-hold alert emails.
4. (Optional) Trigger a manual run
The plugin runs automatically every 60 seconds. To trigger an immediate cycle, send an authenticated request from an admin account:
What gets blocked
A pending deposit or withdrawal is kept on hold when any of the following is true:
block_on_blacklistis on AND the address has an AMLBot blacklist flag, ORThe overall risk score percentage is greater than or equal to
risk_threshold_percent, ORThe sum of high-risk signal percentages is greater than or equal to
high_risk_signal_threshold_percent, ORThe discrete severity bucket meets or exceeds
risk_threshold.
Pending, failed, or otherwise incomplete AMLBot API statuses are kept on hold and retried in a later cycle; they do not trigger a risk alert because the risk calculation is not ready. Otherwise, the transaction is automatically released. When a transaction is held due to risk, an alert email is sent to the configured recipient (or the kit's audit email) with the severity, percentages, blacklist flag, and the AMLBot UID for follow-up.
Benefits for HollaEx Operators
The AMLBot plugin gives exchange operators continuous, automated AML coverage without growing the compliance team. It blocks high-risk deposits and withdrawals before settlement, auto-releases the long tail of clean traffic, and gives you fine-grained control over how strict the engine should be — by overall score, by signal category, or by simple severity buckets. The result is stronger AML posture, fewer manual reviews, and faster customer experience for legitimate users.
Last updated