Resources
Know Your Transaction, explained.
A clear, accurate guide to KYT (Know Your Transaction) — what it is, how it differs from KYC, the concepts behind on-chain risk, and the language of crypto AML. Written for compliance, risk and investigation teams, with a glossary and FAQ you can rely on.
The guide
What is KYT (Know Your Transaction)?
KYT, or Know Your Transaction, is the process of monitoring, analysing and evaluating cryptocurrency transactions in real time to detect suspicious activity, assess risk exposure and meet anti-money-laundering (AML), sanctions and counter-terrorist-financing (CTF) obligations. It is the on-chain equivalent of the transaction monitoring banks have always run on fiat — applied across many blockchains, where value moves continuously, pseudonymously and across borders.
Where traditional monitoring looks at debits and credits inside a bank's own ledger, KYT reads the public blockchain itself. It clusters addresses into the real-world services behind them, labels those services against sanctions lists and risk intelligence, and scores each transaction by the risk it carries — so a compliance team can decide whether to allow, hold, escalate or report a movement of funds before it is irreversible.
KYT vs KYC: complementary, not substitutes
The two are often confused, but they answer different questions. KYC (Know Your Customer) verifies who the customer is — a point-in-time identity check performed at onboarding: documents, beneficial ownership, screening against watchlists. KYT monitors what the funds do on-chain — continuously, for the life of the relationship. KYC tells you whom you are dealing with; KYT tells you what their money is doing.
Neither replaces the other. A customer can pass KYC at onboarding and later receive funds from a sanctioned exchange or a ransomware wallet — something only KYT will catch. A complete AML program therefore needs both: KYC plus KYT, together with sanctions screening and suspicious-activity reporting. Treating one as a substitute for the other leaves an obvious gap.
KYC — Know Your Customer
Verifies identity and beneficial ownership at onboarding. Point-in-time, identity-led, periodically refreshed. Answers: who is this customer?
KYT — Know Your Transaction
Monitors on-chain activity continuously. Behaviour-led, real-time, exposure-scored. Answers: what is this money doing, and where did it come from?
The key concepts behind KYT
KYT is not a single check but a set of techniques applied together. These are the building blocks that turn raw chain data into a decision a regulator and a court will accept.
Wallet & address risk scoring
Each address is assigned a risk score from the categories and entities it is connected to — sanctioned services, darknet markets, scams, stolen funds — so analysts can triage by severity rather than reviewing every transaction by hand.
Exposure analysis
Risk is measured by direct exposure (a counterparty you transact with), indirect exposure (risk reached through intermediary hops), and the ultimate source of funds. Good KYT traces as many hops as it takes — including across bridges — not just the last address.
Sanctioned-address screening
Wallets are screened against lists such as the US Treasury OFAC SDN list. The list is dynamic — OFAC has designated crypto addresses since 2018 and also delists them (Tornado Cash was delisted in March 2025) — so screening must re-evaluate history, not just check once.
Mixer, scam & stolen-fund detection
Mixers and tumblers pool funds from many users and redistribute them to break the link between source and destination. They remain detectable through behavioural and graph analysis — alongside detection of scams, fraud and stolen-fund flows.
Entity clustering
Related addresses are grouped into entities — using the Common-Input-Ownership Heuristic on UTXO chains like Bitcoin, and the deposit-address heuristic on account chains like Ethereum. Clustering reveals relationships between addresses; on its own it does not reveal real-world identity.
Travel Rule data exchange
Under FATF Recommendation 16, institutions exchange originator and beneficiary details for transfers. The IVMS101 standard provides a common data format so this information can be shared consistently between providers.
Real-time vs retrospective
KYT runs both ways: real-time screening blocks or holds a risky transaction before settlement, while retrospective monitoring re-scans historical activity as sanctions data and attribution change.
Typologies
KYT looks for known laundering patterns: structuring (splitting amounts to stay under thresholds), layering and integration, chain-hopping across networks, and peel chains that shave small amounts off a large balance across many hops.
Clustering ≠ identity
Worth repeating: attribution links a wallet to a service or entity, not to a named person. Resolving a cluster to an individual requires legal process or purpose-limited data — a distinction that matters for both accuracy and privacy.
Is KYT a legal requirement?
Not by that name. KYT is an operational term, not a statute — no regulator mandates "KYT" specifically. It is the practical means by which obliged entities meet their transaction-monitoring, suspicious-activity-reporting, sanctions-screening and Travel Rule obligations under frameworks such as the FATF Recommendations, the US Bank Secrecy Act, EU MiCA and the AML rulebook, and equivalent regimes worldwide.
Glossary
The crypto AML & KYT glossary.
Accurate, neutral definitions of the terms that come up across KYT, sanctions, the Travel Rule and AML reporting. Grouped roughly alphabetically.
KYT — Know Your Transaction
The process of monitoring and analysing on-chain transactions in real time to detect suspicious activity, assess risk exposure and meet AML, sanctions and CTF obligations. The crypto-native form of transaction monitoring.
KYC — Know Your Customer
The identity-verification process performed at onboarding to confirm who a customer is, including beneficial ownership and watchlist screening. A point-in-time check, complementary to KYT.
KYB — Know Your Business
The equivalent of KYC for corporate customers: verifying a business entity, its registration, ownership structure and the individuals who ultimately control it.
AML — Anti-Money Laundering
The body of laws, regulations and controls designed to prevent criminals from disguising illicitly obtained funds as legitimate income. KYT and KYC are operational components of an AML program.
CFT / CTF — Counter-Financing of Terrorism
Measures to detect and prevent the funding of terrorism. Usually paired with AML as "AML/CFT". The two abbreviations refer to the same objective.
VASP — Virtual Asset Service Provider
The FATF term for a business that conducts virtual-asset activities such as exchange, transfer or custody on behalf of others — for example crypto exchanges and custodians. Subject to AML/CFT and Travel Rule obligations.
CASP — Crypto-Asset Service Provider
The European Union's term, under MiCA, for providers of crypto-asset services. Broadly analogous to the FATF's VASP, with its own authorisation and conduct requirements.
MSB — Money Services Business
A US regulatory category (under the Bank Secrecy Act) for businesses such as money transmitters and currency exchangers. Many crypto firms register as MSBs with FinCEN.
FATF — Financial Action Task Force
The intergovernmental body that sets global AML/CFT standards through its Recommendations. Its guidance, including the Travel Rule, is implemented in national law by member jurisdictions.
Travel Rule (FATF Recommendation 16)
The requirement that originating and beneficiary institutions collect and exchange identifying information about the parties to a transfer. Applied to virtual assets, it obliges VASPs to share originator and beneficiary data.
IVMS101
The InterVASP Messaging Standard — a common data format for the originator and beneficiary information exchanged under the Travel Rule, allowing different providers to share data consistently.
SAR — Suspicious Activity Report
A report filed with a financial intelligence unit (in the US, FinCEN) when an institution detects activity it suspects relates to money laundering or other crime. Known by different names in different jurisdictions.
STR — Suspicious Transaction Report
The term used in many jurisdictions for a report of a specific suspicious transaction. Functionally close to a SAR; the precise trigger and form vary by country.
SMR — Suspicious Matter Report
Australia's term (under AUSTRAC) for a report lodged when a reporting entity forms a suspicion about a customer or transaction on AML/CTF grounds.
TTR — Threshold Transaction Report
Australia's report for cash or equivalent transactions at or above a set threshold (A$10,000), filed regardless of suspicion. A value-based, not suspicion-based, report.
CTR — Currency Transaction Report
The US threshold report filed with FinCEN for cash transactions above US$10,000 in a business day. Like a TTR, it is triggered by value rather than suspicion.
LCTR / LVCTR — Large (Value) Cash Transaction Report
Canada's FINTRAC reports for large cash and, in the virtual-asset context, large virtual-currency transactions at or above the reporting threshold.
OFAC — Office of Foreign Assets Control
The US Treasury body that administers and enforces economic and trade sanctions. It maintains the lists that crypto and financial firms must screen against, and updates them frequently.
SDN List — Specially Designated Nationals
OFAC's primary sanctions list of individuals, entities and — since 2018 — specific crypto addresses with which US persons are generally prohibited from dealing. It is dynamic: entries are added and also removed.
PEP — Politically Exposed Person
An individual entrusted with a prominent public function, who may present higher corruption or bribery risk and so warrants enhanced scrutiny.
CDD — Customer Due Diligence
The baseline process of identifying and verifying a customer and assessing their risk profile at onboarding and on an ongoing basis.
EDD — Enhanced Due Diligence
Heightened due diligence applied to higher-risk customers or transactions — for example PEPs, high-risk jurisdictions or unusual patterns — going beyond standard CDD.
Sanctions screening
Checking customers, counterparties, wallets and transactions against sanctions lists such as the OFAC SDN list to ensure no prohibited party is involved.
Wallet / address screening
Screening a specific blockchain address against sanctions lists and risk intelligence to determine its exposure before transacting with it.
Risk scoring
Assigning a quantitative risk value to an address or transaction based on the categories and entities it is connected to, and the proximity and proportion of any tainted funds.
Direct vs indirect exposure
Direct exposure is a transaction with a risky counterparty itself; indirect exposure is risk reached through one or more intermediary hops. Distinguishing the two is central to reducing false positives.
Clustering
Grouping multiple addresses that are controlled by the same entity, using heuristics. Clustering reveals relationships between addresses but does not by itself identify the real-world person behind them.
Deposit address
A unique address a service (such as an exchange) issues to a user for receiving funds. The deposit-address heuristic uses these to cluster addresses on account-based chains like Ethereum.
Mixer / Tumbler
A service that pools funds from many users and redistributes them to obscure the link between source and destination. Used to launder funds, but still detectable through behavioural and graph analysis.
Peel chain
A laundering pattern in which small amounts are repeatedly "peeled" off a large balance across a long sequence of transactions, while the bulk moves on — designed to dilute and obscure the trail.
Chain-hopping
Moving value across different blockchains — via bridges, swaps or cross-chain services — to break tracing. Defeating it requires multi-chain coverage.
Stablecoin
A crypto-asset designed to hold a stable value, usually pegged to a fiat currency such as the US dollar (for example USDT and USDC). Stablecoins now carry the majority of illicit on-chain volume.
FIU — Financial Intelligence Unit
The national agency that receives, analyses and disseminates suspicious-activity and threshold reports — for example FinCEN (US) or AUSTRAC (Australia).
MiCA — Markets in Crypto-Assets Regulation
The European Union's comprehensive regulatory framework for crypto-assets and their service providers (CASPs), establishing authorisation, conduct and disclosure requirements across the bloc.
AMLR / AMLA
The EU's single AML Rulebook (AMLR) and the new Anti-Money Laundering Authority (AMLA), which together harmonise and centrally supervise AML/CFT across the European Union.
BSA — Bank Secrecy Act
The foundational US AML statute requiring financial institutions to keep records and file reports (such as SARs and CTRs) that assist in detecting and preventing money laundering.
GENIUS Act
A US federal law establishing a regulatory framework for payment stablecoins, signed in 2025 and phasing in over a transition period. It sets reserve, disclosure and supervisory requirements for stablecoin issuers.
Travel Rule "sunrise problem"
The compliance gap that arises when jurisdictions adopt the Travel Rule at different times: a VASP in a jurisdiction that has implemented the rule may need to transact with a counterparty in one that has not, leaving the data exchange one-sided.
FAQ
Frequently asked questions.
The questions compliance, risk and investigation teams ask most about KYT — answered accurately and without spin.
What is KYT?
How is KYT different from KYC?
Is KYT legally required?
What is the FATF Travel Rule and what are the thresholds?
What blockchains and assets need KYT coverage?
Why does multi-chain coverage matter?
How are false positives reduced?
Does KYT reveal customer identities?
Is blockchain analytics admissible in court?
How does Reserve Trace handle my customers' personal data?
Get started
Put it to work.
You understand the concepts — now see them in production. Screen a wallet, monitor transactions and trace funds across chains through one API.