SkyInsight is CertiK's on-chain intelligence and risk analytics platform designed to enhance security, compliance, and transparency across the blockchain ecosystem. It leverages a real-time API framework to deliver actionable insights by aggregating, classifying, and analyzing data from wallets, smart contracts, and transactions. SkyInsight provides entity attribution, behavioral classification, and risk scoring for addresses and transactions, enabling seamless integration with AML/CFT systems, transaction monitoring engines, and security infrastructures.
As blockchain adoption accelerates, so do the sophistication and scale of on-chain threats, including scams, exploits, money laundering, and sanctioned activities. Traditional monitoring systems lack the granularity and real-time context required for effective detection and mitigation. SkyInsight addresses this gap by providing structured entity-behavior labeling and risk analytics backed by dynamic on-chain telemetry and CertiK's threat intelligence models. This empowers developers, compliance teams, and security platforms to make faster, data-driven decisions in identifying high-risk entities, preventing fraudulent activity, and enforcing regulatory and protocol-level security standards.
kya/label - Identify your address's associated entity and behavior labels to better understand its role and activity on-chain.
kya/risk - Assess the risk level of an address based on its historical activity, patterns, and threat intelligence.
kyt/risk - Assess the risk of a blockchain transaction by analyzing its characteristics and all participating addresses for suspicious or high-risk behavior.
Entity Labels(who it is)
Behavior Labels (what it does)
Category - The top-level classification (e.g. “Infra”, “Exchange”, “Dapp”).
Subcategory - A more granular division under the primary category (e.g. under “Exchange” you might have “CEX” or “Instant Swap”).
Label - A detailed human-readable description of the label (e.g. "Binance Deposit Wallet”).
Confidence - A numerical score indicating how certain the system is about this label (e.g. “100”, “90”).
Entity ID - A unique identifier linking this label back to the specific on-chain or off-chain entity(e.g. "lockbit”).
| Category | Subcategory | Description |
|---|---|---|
| Exchange | CEX | Centralized exchange (Binance, OKX, Coinbase) |
| Instant Swap | KYC-free exchange (FixedFloat, ChangeNow) | |
| ATM | Crypto ATM Services (CoinChimp) | |
| Infra | Miner | Entity that records and packages blocks in PoW |
| Validator | Block packer/staker in PoS | |
| Builder | Block constructor in the MEV ecosystem | |
| Proposer | Role proposing blocks in PBS mode (distinct from a validator) | |
| Staker | Blockchain staker | |
| Sequencer | Sequencer in rollup chains | |
| Dapp | DEX | Decentralized exchange |
| Lending | Lending protocols | |
| Bridge | Cross-chain bridge | |
| NFT Market | Marketplace for minting, buying and selling NFTs | |
| Staking | Staking platform | |
| Derivatives | Derivatives | |
| Oracle | Services providing off-chain data to smart contracts | |
| Payment | Payment platforms enabling crypto-based transfers and settlement | |
| Game | Blockchain-based gaming applications | |
| Stablecoin | On-chain fiat assets | |
| Token | ERC20 | Standard fungible token |
| SPL | Fungible token standard on Solana | |
| ERC1155 | Multi-token standard supporting both fungible and non-fungible assets | |
| ERC721 | Standard for non-fungible tokens |
| Category | Subcategory | Description |
|---|---|---|
| Hack | Malware | Malicious software attack |
| Ransomware | Ransomware Attack | |
| Private Key Compromise | Theft of funds due to private key leak | |
| Unauthorized Access | Unauthorized access to servers/wallets | |
| Contract Exploit | Vulnerabilities (reentrancy, oracle manipulation, permission bypass, etc) | |
| Social Engineering | Social engineering attacks (e.g., fake support tricking users to reveal seed phrases) | |
| Supply Chain Attack | Compromise of dependencies or third-party components | |
| DNS Hijack | DNS hijacking redirecting to phishing sites | |
| Wallet Clipper | Clipboard malware attack (tampering with transfer address) | |
| Sanction | OFAC | OFAC SDN List |
| EU | EU Sanctions List | |
| UN | United Nations Sanctions | |
| UK | UK OFSI Sanctions List | |
| CN | Chinese MOF Sanction List | |
| NBCTF | Sanctions related to the National Bureau for Counter Terrorist Financing | |
| Scam | Rugpull | Project team absconds or suddenly removes liquidity |
| Ponzi | Scheme reliant on new funds to pay earlier investors | |
| Fake Token | Issuance of counterfeit tokens to lure investment then dump price or abscond | |
| Phishing | Scams using fake airdrops or phishing website | |
| Impersonation | Impersonation of officials or known figures to defraud | |
| Investment Fraud | Fraudulent investment platforms or projects (promising high returns) | |
| Giveaway Scam | Fake official giveaways to scam transfers or authorizations | |
| Social Media Scam | Scams through social channels like Telegram, Twitter | |
| Honeypot | Fake vulnerability promising huge asset theft but only losing gas fees | |
| Illegal Activity | Terrorism | Terrorist Financing |
| Child Abuse Content | Child Sexual Abuse Material (CSAM) Funding | |
| Darknet | Darknet Market Transaction | |
| Blackmail | Crypto Blackmail | |
| Money Laundering | Money Laundering | |
| Gambling | Gambling | |
| Bot | Trading Bot | Frequent trading bot, automatically performs market-making or arbitrage |
| Sniping Bot | Bot that snipe new token listings or NFT mints | |
| MEV Bot | Transaction-ordering optimization (MEV) bot | |
| Arbitrage Bot | Cross-DEX arbitrage bot | |
| Airdrop Hunter Bot | Bulk airdrop claiming bot | |
| Front-running Bot | Front-running bot monitoring the mempool for pending transactions | |
| Liquidation Bot | Lending platform liquidation bot (e.g., Aave liquidator) | |
| Spam Bot | Bulk spam transaction bot (e.g., NFT spam airdrops) | |
| Mixer | Contract Mixer | Non-custodial, smart contract-based mixer (e.g., Tornado Cash) |
| Custodial Mixer | Centralized or custodial mixing service (e.g., Blender.io, ChipMixer) | |
| Privacy Pool | Mixer using zero-knowledge or new models (e.g., Railgun, zk.money) |
Label categories and Entity Ids (e.g., scams, mixers, sanctioned entities)
- Historical on-chain behavior
- Internal strategy algorithms
Risk Level – a qualitative classification (None, Low, Medium, High)
Risk Score - a quantitative value from 0 to 100
Risk Reasons - contextual reasons explaining why a risk is present (e.g.,a malicious label)
| Risk Score | Risk Level | Description |
|---|---|---|
| 0 | None | No known risk. The address or transaction has no history of malicious behavior or suspicious associations. |
| 1-49 | Low | The address or transaction has a low likelihood of involvement in illicit activity. No unusual behavior has been detected. |
| 50-74 | Medium | There is a moderate risk due to indirect exposure or uncertain behavior. Some suspicious activity may be present. |
| 75-100 | High | Strong indications of involvement in potentially malicious or high-risk activity, though not fully confirmed. |
The risk_reasons field provides the justification behind the assigned risk score and level. Each reason is prefixed to indicate its type.
- label: Scam/Rugpull
- label: Sanction/OFAC
- label: Mixer/Contract Mixer
- entity: huione
- entity: blender_io