How do I investigate a suspicious Solana transfer?
Start by looking up both the sending and receiving Solana addresses on a risk scanner — OnChainRisk gives each address a 0-100 risk score, flags any direct sanctions match, and surfaces patterns like high-frequency interactions with mixers, drainers, or known scam contracts. Then map the transfer's counterparties one or two hops outward to see whether funds flowed to a known centralized exchange, a sanctioned wallet, or another flagged entity. If either address scores high or the next-hop trail touches a flagged counterparty, treat the case as suspicious and follow your team's incident, KYT, or compliance escalation workflow.
How to do it
- Paste both the sending and receiving Solana addresses into the wallet checker at /check-wallet/solana/.
- Note the 0-100 risk score and any explicit sanctions or scam-pattern flags on each address.
- Review the most recent outbound counterparties one to two hops out — does either side touch a known exchange, mixer, or labeled-entity service?
- Cross-reference the transfer's timing and amount against any active incident your team is tracking.
- If the signal warrants escalation, export a PDF report for the case file and notify your compliance or investigation lead.
What OnChainRisk can help with
- Solana address risk scoring (0-100 scale)
- Counterparty visibility one or two hops out
- Direct sanctions and watchlist screening
- Scam-pattern signals (mixer, drainer, known scam contracts)
- Exportable PDF reports for case files
What it does not claim
- Full forensic depth on every Solana program or token (depth varies by chain and feature)
- Off-chain identity attribution
- Guaranteed mapping from a wallet to a real-world person or entity
- Real-time alerting or blocking infrastructure