Scorechain - Crypto Risk Screening

Free for the following exchange plans:

Cloud Plans:
- Enterprise
On-Premise Plans:
- Enterprise Unlimited

What Is It?

The Scorechain Plugin is a crypto AML and risk-scoring solution integrated into HollaEx exchanges. Powered by Scorechain, it automatically reviews on-hold deposits and withdrawals against Scorechain's blockchain analytics and decides whether they are safe to release or should be kept for manual review.

For deposits, the plugin queries the on-chain transaction ID against Scorechain's /scoringAnalysis endpoint. For withdrawals, the destination address is queried instead. Scorechain returns a risk severity (CRITICAL, HIGH, MEDIUM, LOW, NO_RISK) plus the entity classification (exchange, mixer, sanctioned entity, scam, etc.). Transactions whose severity meets or exceeds your configured threshold are kept on hold, and the audit team is alerted by email. Everything else is auto-released.

Who Needs It?

This plugin is essential for any HollaEx exchange operator that:

Needs to comply with FATF, sanctions, and AML/CFT regulations.
Wants automatic blocking of deposits and withdrawals tied to mixers, sanctioned entities, dark markets, scams, or stolen funds.
Prefers a discrete severity-based risk model (CRITICAL / HIGH / MEDIUM / LOW).
Wants to reduce the manual workload of compliance reviewers by auto-releasing low-risk traffic.

How to Use It?

You can simply install the plugin from the Plugins section inside the Operator Control. After installation, configure the plugin meta with your Scorechain API key and risk threshold.

1. Get your Scorechain API key

Log in to the Scorechain App.
Open Profile → API Keys.
Generate a new API key and store it somewhere secure. It is sent on every request as the X-API-KEY header.

2. Enable manual review of deposits and withdrawals

The plugin only acts on transactions that have been placed on hold. For pending deposits and withdrawals to land in the on-hold queue, both auto-processing flags must be turned off in your kit configuration:

kit.auto_deposit.active = false
kit.auto_withdrawal.active = false

If both are enabled, the plugin will log that there is nothing to process and exit each cycle.

The plugin does this for you automatically on first install. When the plugin starts for the first time it will switch both auto_deposit and auto_withdrawal off in your kit configuration and send a one-time alert email to the audit recipient (or to the address configured in alert_email) explaining what changed and what it means for transactions. After that, the change is recorded in Redis and will not be reapplied — you remain free to re-enable either toggle at any time from Operator Control → General → Security, but doing so will silently disable Scorechain screening for that flow because there will be no on-hold queue for the plugin to read.

3. Configure the plugin

Open the plugin in the Operator Control and set the following fields:

Field

Required

Default

Description

api_url

https://api.scorechain.com/v1

Scorechain REST API base URL.

api_key

yes

—

Scorechain API key (sent as X-API-KEY header).

min_usdt

100

Minimum USDT-equivalent value before Scorechain is queried. Anything below this is auto-released without an external check.

risk_threshold

HIGH

Severity at or above which a transaction is held. Allowed: CRITICAL, HIGH, MEDIUM, LOW.

transaction_analysis_type

ASSIGNED

Scorechain analysisType for deposit transactions. ASSIGNED is the fastest (entity classification only). INCOMING, OUTGOING, FULL trace fund flows.

address_analysis_type

ASSIGNED

Scorechain analysisType for withdrawal destination addresses. Same options as above.

cache_ttl_hours

48

How long to cache risk results per address/transaction id.

request_timeout_ms

8000

Per-request timeout for Scorechain calls.

alert_email

(audit email from kit secrets)

Optional override for the recipient of risk-hold alert emails.

4. (Optional) Trigger a manual run

The plugin runs automatically every 60 seconds. To trigger an immediate cycle, send an authenticated request from an admin account:

POST https://<your exchange url>/plugins/scorechain/run
Authorization: Bearer <admin token>

What gets blocked

A pending deposit or withdrawal is kept on hold when its Scorechain severity meets or exceeds the configured risk_threshold. Otherwise, it is automatically released. When a transaction is held, an alert email is sent to the configured recipient (or the kit's audit email) with severity, score, and any matched entity name/type for follow-up.

Supported networks

Maps HollaEx network identifiers to Scorechain BlockchainsEnum values for: Bitcoin, Ethereum, Tron, BSC, Polygon, Solana, Avalanche, Arbitrum, Base, Optimism, Ripple, Stellar, TON, Tezos, Litecoin, Bitcoin Cash, Dogecoin, Dash, Mantle, Blast, and Ink. Transactions on networks not in the map are skipped (left untouched) by the plugin.

Benefits for HollaEx Operators

The Scorechain plugin gives exchange operators a fast, severity-based risk gate on every deposit and withdrawal. It blocks transactions tied to mixers, sanctions, dark markets, and scams before settlement, while auto-releasing the bulk of clean traffic so compliance staff can focus on real cases. The result is stronger AML coverage, lower regulatory risk, and faster customer experience for legitimate users.

PreviousShufti Pro - KYC & AML Verification NextAMLBot - Crypto Risk Screening

Last updated 19 days ago

hashtagWhat Is It?

hashtagWho Needs It?

hashtagHow to Use It?

hashtag1. Get your Scorechain API key

hashtag2. Enable manual review of deposits and withdrawals

hashtag3. Configure the plugin

hashtag4. (Optional) Trigger a manual run

hashtagWhat gets blocked

hashtagSupported networks

hashtagBenefits for HollaEx Operators