TRM Labs - Wallet & Transaction Risk Screening
Available To
Free for the following exchange plans:
Cloud Plans:
Enterprise
On-Premise Plans:
Enterprise Unlimited
What Is It?
The TRM Labs Plugin is a blockchain risk and AML screening solution integrated into HollaEx exchanges. Powered by TRM Labs, it automatically reviews on-hold deposits and withdrawals against the TRM Wallet Screening API to surface sanctions exposure, illicit-activity ties, and counterparty risk before funds move on or off the exchange.
For each pending transaction, the plugin queries TRM Labs' risk intelligence — covering 190+ blockchains and over 1.9B+ digital assets — and returns a numerical risk score (1–15), risk indicators (sanctions, scams, dark markets, ransom, stolen coins, etc.), associated entities, and direct links to the TRM Labs investigation app. Low-risk transactions are auto-released; high-risk ones stay on hold, and a configurable audit recipient is alerted by email.
If the API key is provisioned only for the free TRM Sanctions API, the plugin transparently falls back to that endpoint, so you still get sanctions screening at a minimum.
Who Needs It?
This plugin is essential for any HollaEx exchange operator that:
Needs to comply with FATF Travel Rule, OFAC, and other sanctions regimes.
Wants to automatically block deposits/withdrawals from sanctioned, scam, ransomware, dark-market, or stolen-funds addresses.
Operates in regions where transaction monitoring and pre-screening are mandatory.
Wants to reduce the manual workload of compliance reviewers by auto-releasing low-risk pending transactions.
How to Use It?
You can simply install the plugin from the Plugins section inside the Operator Control. After installation, configure the plugin meta with your TRM Labs credentials and risk thresholds.
1. Get your TRM Labs API key
Log in to your TRM Labs dashboard.
Open your profile in the upper right and click Configure Environment.
Click API Tokens in the side navigation.
Click Create new Client API token, copy the API key, and store it somewhere secure.
2. Enable manual review of deposits and withdrawals
The plugin only acts on transactions that have been placed on hold. For pending deposits and withdrawals to land in the on-hold queue, both auto-processing flags must be turned off in your kit configuration:
kit.auto_deposit.active = falsekit.auto_withdrawal.active = false
If both are enabled, the plugin will log that there is nothing to process and exit each cycle.
The plugin does this for you automatically on first install. When the plugin starts for the first time it will switch both
auto_depositandauto_withdrawaloff in your kit configuration and send a one-time alert email to the audit recipient (or to the address configured inalert_email) explaining what changed and what it means for transactions. After that, the change is recorded in Redis and will not be reapplied — you remain free to re-enable either toggle at any time from Operator Control → General → Security, but doing so will silently disable TRM Labs screening for that flow because there will be no on-hold queue for the plugin to read.
3. Configure the plugin
Open the plugin in the Operator Control and set the following fields:
api_url
no
https://api.trmlabs.com
TRM Labs API base URL.
api_key
yes
—
The Client API token created above. Sent as HTTP Basic auth (key as both username and password).
min_usdt
no
100
Minimum USDT-equivalent value before TRM Labs is queried. Anything below this is auto-released without an external check.
min_risk_score_level
no
10
TRM uses a 1–15 risk score level (1–4 Low, 5–9 Medium, 10–14 High, 15 Severe). Held when the highest indicator level meets or exceeds this number.
risk_volume_percent_threshold
no
25
Percentage of the wallet's volume that came from risky counterparties at or above which a transaction is held.
risk_threshold
no
HIGH
Discrete severity bucket at or above which a transaction is held. Allowed: SEVERE/CRITICAL, HIGH, MEDIUM, LOW.
block_on_sanctions
no
true
When true, any address with a sanctions hit is held regardless of risk score.
check_withdrawals
no
true
Set to false for deposits-only mode.
cache_ttl_hours
no
48
How long to cache risk results per address.
request_timeout_ms
no
10000
Per-request timeout for TRM Labs calls.
alert_email
no
(audit email from kit secrets)
Optional override for the recipient of risk-hold alert emails.
4. (Optional) Trigger a manual run
The plugin runs automatically every 60 seconds. To trigger an immediate cycle, send an authenticated request from an admin account:
What gets blocked
A pending deposit or withdrawal is kept on hold when any of the following is true:
block_on_sanctionsis on AND TRM flags a sanctions risk indicator or a sanctioned-entity hit, ORThe highest TRM risk score level is greater than or equal to
min_risk_score_level, ORThe address risk volume percent is greater than or equal to
risk_volume_percent_threshold, ORThe discrete severity bucket meets or exceeds
risk_threshold.
Otherwise, the transaction is automatically released. When a transaction is held, an alert email is sent to the configured recipient (or the kit's audit email) with the severity, score, category, sanctions flag, top entity, risk volume %, total volume, and a direct link to the TRM Labs investigation app.
Supported networks
The plugin maps HollaEx network identifiers to TRM Labs chain identifiers for the most common networks: Bitcoin, Ethereum (and Classic), Tron, BSC, Polygon, Solana, Avalanche, Arbitrum, Base, Optimism, Ripple, Stellar, TON, Tezos, Litecoin, Bitcoin Cash, Dogecoin, Dash, Cardano, Polkadot, Near, Algorand, Aptos, Sui, Celo, Fantom, Hedera, Klaytn, Linea, Mantle, ZKsync, Gnosis, Sei, and Zcash. Transactions on networks not in the map are skipped (left untouched) by the plugin.
Benefits for HollaEx Operators
The TRM Labs plugin gives exchange operators institutional-grade blockchain intelligence without building it in-house. It blocks sanctioned, scam, ransomware, and dark-market addresses before funds settle, auto-releases the long tail of low-risk traffic so compliance staff aren't drowning in queues, and keeps every decision auditable through the TRM Labs investigation links delivered with each alert. The result is a stronger AML posture, lower regulatory exposure, and faster customer experience for clean transactions.
Last updated