How Dirty Crypto Passes Through Clean Wallets

Q: How many hops does exposure travel in practice?

Most AML systems trace up to 4 hops because exposure beyond that becomes statistically indistinguishable from normal network noise. The practical impact drops sharply: a direct counterparty exposure adds 40 to 60 points to a score, while a 4-hop exposure from the same source adds 5 to 15 points.

Q: Why did my exchange freeze my account even though I did nothing wrong?

Exchanges use automated AML systems that flag incoming transactions above a certain risk score. If the wallet that sent you funds has high-risk exposure, your incoming transaction triggers review regardless of your own history. The review process typically asks you to explain the source of the funds. Providing documentation of the legitimate transaction usually resolves the freeze within 5 to 20 business days.

A Bitcoin wallet can go from a risk score of 12 to 68 in a single incoming transaction. No action on your part. One payment from the wrong source. This is how crypto money laundering actually works at the network level, and why checking the source of funds before you accept them is the only reliable protection.

The three-stage money laundering cycle in crypto

Traditional AML teaching uses three stages: placement, layering, and integration. Crypto does not change the stages. It changes how fast they happen and how hard they are to trace manually.

Placement. The criminal has cash or crypto from illegal activity. The first move is getting it into the financial system. In crypto, this might mean converting cash to Bitcoin through an unregulated exchanger, or simply using proceeds from a darknet sale directly as Bitcoin.

Layering. This is where the blockchain trace gets complex. The funds move through multiple wallets, mixers, cross-chain bridges, and DEXs. Each hop adds distance between the original dirty source and the eventual recipient. Volume is often split across dozens of addresses. Timing is randomized. Denominations are changed.

Integration. The funds emerge looking clean. They might appear as proceeds from an OTC sale, a freelance payment, a peer-to-peer trade. At this point, a simple address lookup might show nothing suspicious. The history is buried under 10 to 20 hops of transactions.

Why your clean wallet can still carry exposure

You did not participate in any of the above. You just accepted a payment. But the person who paid you received their funds from someone who was two hops removed from a Hydra marketplace wallet. That makes you three hops from the original dirty source.

Blockchain forensics does not care about intent. It traces the on-chain path. And on-chain, your wallet now shows a path that leads back to sanctioned infrastructure within three steps.

Example transaction chain:

[Hydra wallet — score 97]
    ↓ hop 1
[Layering wallet A — score 78]
    ↓ hop 2
[Layering wallet B — score 55]
    ↓ hop 3
[Your counterparty — score 41]
    ↓ hop 4
[Your wallet — score 23]

In this example, your wallet score is 23 because you are four hops from the original dirty source. The exposure is small but measurable. If your counterparty had been just one hop closer, or if the original exposure had been larger in volume, your score could be 40 or 50.

What "4-hop tracing" means in practice

AML systems commonly trace up to four hops because beyond four, exposure becomes statistically meaningless. The Bitcoin network processes hundreds of thousands of transactions daily. Every address on the network has some path to every other address within a small number of steps. Tracing infinitely far would make every wallet look contaminated.

The weight of exposure decreases sharply with distance. Here is the approximate impact on score from the same sanctioned source at different hop distances:

Direct (0 hops): score 90 to 100
1 hop away: score contribution 40 to 60 points
2 hops away: score contribution 20 to 35 points
3 hops away: score contribution 10 to 20 points
4 hops away: score contribution 5 to 15 points

Transaction volume also matters. If only 5% of your counterparty's incoming funds came from a risky source, your exposure is proportionally smaller than if 100% did.

How exchanges detect this and why they freeze accounts

Binance, Coinbase, Kraken, OKX, and every other regulated exchange runs automated transaction monitoring. When you deposit, the system checks the incoming wallet address against AML databases. If the score is above an internal threshold (typically around 60), the deposit is held for manual review.

The review team then asks you to explain the source. You are given a form to provide: where the funds came from, proof of the relationship with the sender, and any relevant transaction receipts. If you can provide this, the freeze is usually lifted within 5 to 20 business days.

If you cannot, or if the source turns out to be genuinely problematic, the exchange may permanently close your account and confiscate the deposited funds while reporting the transaction to financial intelligence units.

The Hydra case: what exposure actually looked like

Hydra was the world's largest darknet market by revenue until German authorities seized its servers in April 2022. At the time of seizure, Hydra had processed more than $5.2 billion in transactions since 2015. Its wallet infrastructure included thousands of deposit addresses across Bitcoin and TRON.

After the seizure, all known Hydra deposit addresses were published and entered into AML databases. Exchanges then ran retroactive checks. Users who had unknowingly received funds that passed through Hydra wallets, even two or three hops removed, found their accounts flagged months after the original transaction.

This is the long-tail risk of not checking. The source may look clean at the time of payment. It may not be clean retroactively.

How to protect yourself

The only reliable method is checking before the transaction, not after. Once you accept a payment, the history is on-chain and immutable. You cannot undo it. What you can do is document that you ran an AML check before accepting, which provides evidence of due diligence if your exchange later asks.

For any incoming payment above $200 from an unknown source, run the sending wallet address through @scorechain_amlbot before confirming receipt. If the score is above 60, ask the sender to re-source from a clean address or decline the payment.

Frequently asked questions

What is taint analysis in crypto?

Taint analysis tracks how risk exposure flows through a transaction graph. If a sanctioned address sends funds to wallet A, and A sends to wallet B, wallet B is considered tainted. The degree of taint decreases with distance and the proportion of total funds from the risky source.

How many hops does exposure travel in practice?

Most AML systems trace up to 4 hops. Exposure drops sharply: a direct counterparty adds 40-60 points to a score, while a 4-hop exposure from the same source adds 5-15 points.

Can I clean my wallet by sending funds to a new address?

No. Moving funds to a new address does not remove the history of how those funds were sourced. Blockchain forensics follows the transaction graph. The new address shows incoming funds from the original address, and that history is permanently on-chain.

Why did my exchange freeze my account even though I did nothing wrong?

Exchanges use automated systems that flag incoming transactions above a risk threshold. If the sending wallet has high-risk exposure, your deposit triggers review regardless of your own history. Providing documentation of the legitimate transaction usually resolves the freeze within 5 to 20 business days.

Check before you accept. Not after.

@scorechain_amlbot checks the sending wallet in 8 seconds. Bitcoin, Ethereum, TRON, Solana, and 11 other chains.

Open @scorechain_amlbot

Alex Morgan

Blockchain compliance analyst, co-founder of CryptoAML.ai. 7+ years in financial crime investigations. View all articles