# TRM Labs - Wallet & Transaction Risk Screening ### Available To Free for the following exchange plans: * **Cloud Plans:** * Enterprise * **On-Premise Plans:** * Enterprise Unlimited ### What Is It? The **TRM Labs Plugin** is a blockchain risk and AML screening solution integrated into HollaEx exchanges. Powered by [TRM Labs](https://www.trmlabs.com), it automatically reviews on-hold deposits and withdrawals against the **TRM Wallet Screening API** to surface sanctions exposure, illicit-activity ties, and counterparty risk before funds move on or off the exchange. For each pending transaction, the plugin queries TRM Labs' risk intelligence — covering 190+ blockchains and over 1.9B+ digital assets — and returns a numerical risk score (1–15), risk indicators (sanctions, scams, dark markets, ransom, stolen coins, etc.), associated entities, and direct links to the TRM Labs investigation app. Low-risk transactions are auto-released; high-risk ones stay on hold, and a configurable audit recipient is alerted by email. If the API key is provisioned only for the free **TRM Sanctions API**, the plugin transparently falls back to that endpoint, so you still get sanctions screening at a minimum. ### Who Needs It? This plugin is essential for any HollaEx exchange operator that: * Needs to comply with FATF Travel Rule, OFAC, and other sanctions regimes. * Wants to automatically block deposits/withdrawals from sanctioned, scam, ransomware, dark-market, or stolen-funds addresses. * Operates in regions where transaction monitoring and pre-screening are mandatory. * Wants to reduce the manual workload of compliance reviewers by auto-releasing low-risk pending transactions. ### How to Use It? You can simply install the plugin from the **Plugins** section inside the Operator Control. After installation, configure the plugin meta with your TRM Labs credentials and risk thresholds. #### 1. Get your TRM Labs API key 1. Log in to your [TRM Labs dashboard](https://www.trmlabs.com). 2. Open your profile in the upper right and click **Configure Environment**. 3. Click **API Tokens** in the side navigation. 4. Click **Create new Client API token**, copy the API key, and store it somewhere secure. #### 2. Enable manual review of deposits and withdrawals The plugin only acts on transactions that have been placed **on hold**. For pending deposits and withdrawals to land in the on-hold queue, both auto-processing flags must be turned **off** in your kit configuration: * `kit.auto_deposit.active = false` * `kit.auto_withdrawal.active = false` If both are enabled, the plugin will log that there is nothing to process and exit each cycle. > **The plugin does this for you automatically on first install.** When the plugin starts for the first time it will switch both `auto_deposit` and `auto_withdrawal` **off** in your kit configuration and send a one-time alert email to the audit recipient (or to the address configured in `alert_email`) explaining what changed and what it means for transactions. After that, the change is recorded in Redis and will not be reapplied — you remain free to re-enable either toggle at any time from **Operator Control → General → Security**, but doing so will silently disable TRM Labs screening for that flow because there will be no on-hold queue for the plugin to read. #### 3. Configure the plugin Open the plugin in the Operator Control and set the following fields: | Field | Required | Default | Description | | ------------------------------- | -------- | ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------- | | `api_url` | no | `https://api.trmlabs.com` | TRM Labs API base URL. | | `api_key` | **yes** | — | The Client API token created above. Sent as HTTP Basic auth (key as both username and password). | | `min_usdt` | no | `100` | Minimum USDT-equivalent value before TRM Labs is queried. Anything below this is auto-released without an external check. | | `min_risk_score_level` | no | `10` | TRM uses a 1–15 risk score level (1–4 Low, 5–9 Medium, 10–14 High, 15 Severe). Held when the highest indicator level meets or exceeds this number. | | `risk_volume_percent_threshold` | no | `25` | Percentage of the wallet's volume that came from risky counterparties at or above which a transaction is held. | | `risk_threshold` | no | `HIGH` | Discrete severity bucket at or above which a transaction is held. Allowed: `SEVERE`/`CRITICAL`, `HIGH`, `MEDIUM`, `LOW`. | | `block_on_sanctions` | no | `true` | When true, any address with a sanctions hit is held regardless of risk score. | | `check_withdrawals` | no | `true` | Set to `false` for deposits-only mode. | | `cache_ttl_hours` | no | `48` | How long to cache risk results per address. | | `request_timeout_ms` | no | `10000` | Per-request timeout for TRM Labs calls. | | `alert_email` | no | (audit email from kit secrets) | Optional override for the recipient of risk-hold alert emails. | #### 4. (Optional) Trigger a manual run The plugin runs automatically every 60 seconds. To trigger an immediate cycle, send an authenticated request from an admin account: ``` POST https:///plugins/trmlabs/run Authorization: Bearer ``` #### What gets blocked A pending deposit or withdrawal is kept **on hold** when **any** of the following is true: * `block_on_sanctions` is on AND TRM flags a sanctions risk indicator or a sanctioned-entity hit, OR * The highest TRM risk score level is greater than or equal to `min_risk_score_level`, OR * The address risk volume percent is greater than or equal to `risk_volume_percent_threshold`, OR * The discrete severity bucket meets or exceeds `risk_threshold`. Otherwise, the transaction is automatically released. When a transaction is held, an alert email is sent to the configured recipient (or the kit's audit email) with the severity, score, category, sanctions flag, top entity, risk volume %, total volume, and a direct link to the TRM Labs investigation app. #### Supported networks The plugin maps HollaEx network identifiers to TRM Labs chain identifiers for the most common networks: Bitcoin, Ethereum (and Classic), Tron, BSC, Polygon, Solana, Avalanche, Arbitrum, Base, Optimism, Ripple, Stellar, TON, Tezos, Litecoin, Bitcoin Cash, Dogecoin, Dash, Cardano, Polkadot, Near, Algorand, Aptos, Sui, Celo, Fantom, Hedera, Klaytn, Linea, Mantle, ZKsync, Gnosis, Sei, and Zcash. Transactions on networks not in the map are skipped (left untouched) by the plugin. *** **Benefits for HollaEx Operators** The TRM Labs plugin gives exchange operators institutional-grade blockchain intelligence without building it in-house. It blocks sanctioned, scam, ransomware, and dark-market addresses before funds settle, auto-releases the long tail of low-risk traffic so compliance staff aren't drowning in queues, and keeps every decision auditable through the TRM Labs investigation links delivered with each alert. The result is a stronger AML posture, lower regulatory exposure, and faster customer experience for clean transactions. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.hollaex.com/plugins/use-plugins/trm-labs-wallet-and-transaction-risk-screening.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.