CredScore – Deterministic wallet risk scoring, no model in the path

Name: CredScore – Deterministic wallet risk scoring, no model in the path
Availability: InStock
Author: waxsway

by waxsway·Jun 16, 2026·1 point·0 comments

Visit Project View on HN

AI Analysis

●●SolidNiche GemSolve My Problem

Deterministic scoring beats black-box ML, but Chainalysis and TRM Labs own this space.

Strengths

•Explicit numeric weights per signal mean every score is auditable and reproducible.
•Hard sanctions cap enforced at three independent pipeline points prevents false negatives.
•Sub-15 second analysis with full rationale traceable to specific transaction patterns.

Weaknesses

•Crypto compliance is well-funded with entrenched players like Chainalysis and Elliptic.
•Only 5 EVM chains supported; no Bitcoin, Solana, or non-EVM coverage.

Post Description

One specific output to ground this before the architecture.

The primary wallet from the Bybit / Lazarus exploit gets scored 10/100, tier high, posture escalate, with the OFAC Lazarus Group attribution showing up directly in the briefing. Full verdict here: https://credscore.us/v/o6wr--NrABo

The engine is deterministic, no ML in the scoring path. Explicit numeric weights per signal. Structural pattern detection: fan-out distribution, source-return flow, circular funding, repeated amount-band recirculation. Hard sanctions cap at score 12 for confirmed OFAC SDN matches, enforced at three independent points in the pipeline. Same wallet always produces the same score. Every output traces back to specific on-chain activity with a written rationale.

Five EVM chains: Ethereum, Base, Arbitrum, Optimism, Polygon. 0 to 100 score (higher means lower risk), decision posture (proceed / review / escalate), structured analyst briefing. Sub-15 second analysis from address to verdict.

What it doesn't do: non-EVM chains (Bitcoin, Solana, Tron), real-time stream monitoring at scale, deep cross-chain tracing through bridges. Those are jobs Chainalysis Reactor and TRM Forensics do better. CredScore is the fast first pass, not the deep investigation.

Two public case studies on real attacker wallets if you want to verify engine output independently:

Bybit / Lazarus wallet tree: https://credscore.us/case-studies/bybit-hack-lazarus-wallet-...

Drift / DPRK wallets, flagged on behavior alone: https://credscore.us/case-studies/drift-hack-dprk-wallet-ana...

Free first analysis at https://credscore.us/desk, no card.

The hardest scoring problem I'm working on right now is distinguishing legitimate high counterparty entropy from drainer-shaped victim fan-in at the signal level. The engine currently credits high counterparty entropy as a mild positive signal (broader observable behavior is generally good). But on drainer wallets, hundreds of distinct inbound counterparties with small values are victims, not legitimate counterparty diversity. I'm exploring counterparty value distribution and inbound-to-outbound ratio as differentiators, but the signal-shape overlap with legitimate batched payouts is real. Curious how others have handled this differentiation in deterministic risk scoring systems where you can't fall back on ML clustering.