# Scorechain - Crypto Risk Screening

Free for the following exchange plans:

* **Cloud Plans:**
  * Enterprise
* **On-Premise Plans:**
  * Enterprise Unlimited

## What Is It?

The **Scorechain Plugin** is a crypto AML and risk-scoring solution integrated into HollaEx exchanges. Powered by [Scorechain](https://www.scorechain.com), it automatically reviews on-hold deposits and withdrawals against Scorechain's blockchain analytics and decides whether they are safe to release or should be kept for manual review.

For deposits, the plugin queries the on-chain transaction ID against Scorechain's `/scoringAnalysis` endpoint. For withdrawals, the destination address is queried instead. Scorechain returns a risk severity (`CRITICAL`, `HIGH`, `MEDIUM`, `LOW`, `NO_RISK`) plus the entity classification (exchange, mixer, sanctioned entity, scam, etc.). Transactions whose severity meets or exceeds your configured threshold are kept on hold, and the audit team is alerted by email. Everything else is auto-released.

## Who Needs It?

This plugin is essential for any HollaEx exchange operator that:

* Needs to comply with FATF, sanctions, and AML/CFT regulations.
* Wants automatic blocking of deposits and withdrawals tied to mixers, sanctioned entities, dark markets, scams, or stolen funds.
* Prefers a discrete severity-based risk model (CRITICAL / HIGH / MEDIUM / LOW).
* Wants to reduce the manual workload of compliance reviewers by auto-releasing low-risk traffic.

### How to Use It?

You can simply install the plugin from the **Plugins** section inside the Operator Control. After installation, configure the plugin meta with your Scorechain API key and risk threshold.

#### 1. Get your Scorechain API key

1. Log in to the [Scorechain App](https://app.scorechain.com).
2. Open **Profile → API Keys**.
3. Generate a new API key and store it somewhere secure. It is sent on every request as the `X-API-KEY` header.

#### 2. Enable manual review of deposits and withdrawals

The plugin only acts on transactions that have been placed **on hold**. For pending deposits and withdrawals to land in the on-hold queue, both auto-processing flags must be turned **off** in your kit configuration:

* `kit.auto_deposit.active = false`
* `kit.auto_withdrawal.active = false`

If both are enabled, the plugin will log that there is nothing to process and exit each cycle.

> **The plugin does this for you automatically on first install.** When the plugin starts for the first time it will switch both `auto_deposit` and `auto_withdrawal` **off** in your kit configuration and send a one-time alert email to the audit recipient (or to the address configured in `alert_email`) explaining what changed and what it means for transactions. After that, the change is recorded in Redis and will not be reapplied — you remain free to re-enable either toggle at any time from **Operator Control → General → Security**, but doing so will silently disable Scorechain screening for that flow because there will be no on-hold queue for the plugin to read.

#### 3. Configure the plugin

Open the plugin in the Operator Control and set the following fields:

| Field                       | Required | Default                         | Description                                                                                                                                                  |
| --------------------------- | -------- | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| `api_url`                   | no       | `https://api.scorechain.com/v1` | Scorechain REST API base URL.                                                                                                                                |
| `api_key`                   | **yes**  | —                               | Scorechain API key (sent as `X-API-KEY` header).                                                                                                             |
| `min_usdt`                  | no       | `100`                           | Minimum USDT-equivalent value before Scorechain is queried. Anything below this is auto-released without an external check.                                  |
| `risk_threshold`            | no       | `HIGH`                          | Severity at or above which a transaction is held. Allowed: `CRITICAL`, `HIGH`, `MEDIUM`, `LOW`.                                                              |
| `transaction_analysis_type` | no       | `ASSIGNED`                      | Scorechain `analysisType` for deposit transactions. `ASSIGNED` is the fastest (entity classification only). `INCOMING`, `OUTGOING`, `FULL` trace fund flows. |
| `address_analysis_type`     | no       | `ASSIGNED`                      | Scorechain `analysisType` for withdrawal destination addresses. Same options as above.                                                                       |
| `cache_ttl_hours`           | no       | `48`                            | How long to cache risk results per address/transaction id.                                                                                                   |
| `request_timeout_ms`        | no       | `8000`                          | Per-request timeout for Scorechain calls.                                                                                                                    |
| `alert_email`               | no       | (audit email from kit secrets)  | Optional override for the recipient of risk-hold alert emails.                                                                                               |

#### 4. (Optional) Trigger a manual run

The plugin runs automatically every 60 seconds. To trigger an immediate cycle, send an authenticated request from an admin account:

```
POST https://<your exchange url>/plugins/scorechain/run
Authorization: Bearer <admin token>
```

### What gets blocked

A pending deposit or withdrawal is kept **on hold** when its Scorechain severity meets or exceeds the configured `risk_threshold`. Otherwise, it is automatically released. When a transaction is held, an alert email is sent to the configured recipient (or the kit's audit email) with severity, score, and any matched entity name/type for follow-up.

### Supported networks

Maps HollaEx network identifiers to Scorechain `BlockchainsEnum` values for: Bitcoin, Ethereum, Tron, BSC, Polygon, Solana, Avalanche, Arbitrum, Base, Optimism, Ripple, Stellar, TON, Tezos, Litecoin, Bitcoin Cash, Dogecoin, Dash, Mantle, Blast, and Ink. Transactions on networks not in the map are skipped (left untouched) by the plugin.

***

#### **Benefits for HollaEx Operators**

The Scorechain plugin gives exchange operators a fast, severity-based risk gate on every deposit and withdrawal. It blocks transactions tied to mixers, sanctions, dark markets, and scams before settlement, while auto-releasing the bulk of clean traffic so compliance staff can focus on real cases. The result is stronger AML coverage, lower regulatory risk, and faster customer experience for legitimate users.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hollaex.com/plugins/use-plugins/scorechain-crypto-risk-screening.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.