AMLBot Academy

Source of Funds in Crypto AML: How to Match Customer Information With On-Chain Evidence

AMLBot Team

20 min read
Updated: May 22, 2026
Source of Funds in Crypto AML: How to Match Customer Information With On-Chain Evidence

Global AML fines jumped roughly 417% in the first half of 2025 compared with the same period in 2024, and crypto exchanges took the single largest share — over $920 million in AML-related penalties across the year, according to industry enforcement-tracking research.

Reviewing the 2025 record, regulators kept flagging the same gap, in firm after firm: not the absence of KYC, but failures in customer due diligence for higher-risk clients — specifically, the inability to identify beneficial owners and to verify the source of funds.

That gap is the subject of this article. In practical terms, knowing who the customer is is no longer the hard part of crypto AML. The hard part is connecting that customer to the specific funds that just hit your platform — and being able to show, on demand, that the explanation, the documents, the wallet history, and the on-chain trail tell a consistent story.

This is the role source of funds in crypto AML plays in a modern compliance program: not a paperwork exercise, but the layer that connects customer information with on-chain evidence and produces a defensible, risk-based decision. The rest of this article walks through what "source of funds" actually means in crypto, when to ask for it, what to look at, how to read the on-chain evidence alongside the customer's story, and how to land a decision a regulator will accept.

What "Source of Funds" Means in Crypto AML

In its plainest form, source of funds is the origin of the specific funds a customer is using in a specific transaction or deposit. It is not "where the customer's wealth in general comes from." It is the answer to a much narrower question: where did this money — this deposit, this transfer, this trade — come from?

In a crypto context, "where did the money come from" is a layered question. It can mean:

  • Where the Funds Entered the Wallet: The immediate prior transactions that brought the crypto into the address sending you the deposit — exchange withdrawal, OTC payment, mining reward, salary in stablecoins, business income, transfer from a self-hosted wallet.
  • Which Services or Addresses the Funds Passed Through: The route, not just the endpoint. A clean-looking sender wallet can hide several hops of activity that change the picture entirely.
  • Whether the Activity Matches the Customer's Profile: A $5,000 deposit from a salaried engineer looks different than a $5,000 deposit from a corporate treasury account, even when the transactions themselves are identical.
  • Whether There Is High-Risk Exposure on the Path: Sanctioned addresses, mixers, fraud clusters, exploit-linked wallets, darknet markets — any of these on the path warrant attention even when the customer themselves looks ordinary.
  • Whether the Customer Can Plausibly Explain the Origin: In crypto AML, "I bought it on an exchange in 2021" is a real answer — *if* the on-chain evidence supports it.

Source of Funds vs. Source of Wealth

These two terms get confused constantly, but they answer different questions.

Source of Funds (SoF) explains the origin of a specific amount of money in a specific transaction. If a customer sends 200,000 USDT to your platform, source of funds is the history of those 200,000 USDT — where they were before, how they got to the sending wallet, what they touched along the way.

Source of Wealth (SoW) explains how the customer built their overall financial position — their salary history, business ownership, inheritance, investment returns, prior crypto holdings, and so on. In practical terms, SoW is the backdrop that makes the SoF story plausible. A SoF that says "salary income in stablecoins" is plausible against a SoW of a software engineer at a remote-first company; the same SoF is less plausible against a SoW of a retired schoolteacher.

💡
Both are part of risk-based Customer Due Diligence in Crypto, and both feed into the enhanced due diligence layer when risk indicators appear. For a fuller treatment of how SoF and SoW fit into the broader CDD workflow, see Customer Due Diligence in Crypto.

Why Source of Funds Checks Matter for Crypto Businesses

The honest answer is not "because the regulator says so" — though that is also true. The deeper reason is that, in 2026, the biggest crypto AML failures are no longer at the KYC stage. They are at the moment a business accepts funds that it should have looked at more carefully. The 2025 enforcement record makes the pattern unmistakable: identification was usually in place; what was missing was the verification of what the customer was actually doing on the platform with whose money.

A few concrete reasons SoF checks matter:

  • Reduce AML Exposure at the Point of Deposit: Once a deposit is credited and a customer has traded or withdrawn against it, options narrow sharply. A timely SoF question protects the business from accepting funds it would rather not have on the books.
  • Test Whether the Transaction Matches the Profile: A $50,000 stablecoin deposit from a retail-level account triggers a different conversation than the same amount from a registered corporate client. SoF is the mechanism for testing whether the activity is consistent with what was said at onboarding.
  • Justify and Document the Compliance Decision: Whether the decision is approve, hold, escalate, or reject, the value of a SoF check is the **documented reasoning** behind it. Auditors don't look only for the right outcome — they look for evidence that the question was asked at the right time and answered properly.
  • Avoid Unacceptable Sanctioned or Illicit Exposure: A wallet that looks ordinary at the surface can carry exposure to sanctioned protocols, exploit-linked addresses, or fraud clusters. SoF is the moment the business gets to look beneath the surface before accepting.
  • Demonstrate a Risk-Based AML Program in Practice: Regulators expect to see that businesses ask more questions of higher-risk situations and fewer questions of lower-risk ones. A consistent SoF workflow is the most visible evidence that a risk-based approach is actually working.

The underlying global standard here is FATF Recommendation 10 and its Interpretive Note, which set the expectation that enhanced due diligence measures — including reasonable steps to establish the source of funds — apply when the customer relationship or transaction presents higher money-laundering or terrorist-financing risk. In practical terms, this means SoF is not a checkbox at onboarding; it is a control that activates when something in the customer's behavior or transaction profile raises the risk level.

When Crypto Businesses Should Request Source of Funds Information

This is the most common point of confusion: SoF is not a question you ask every customer about every deposit. It is a risk-based step. Asking everyone for documents on every deposit creates enormous friction with no proportionate compliance gain — and crucially, it dilutes the seriousness of the question when it really matters.

The practical triggers fall into two clusters: things that show up at onboarding, and things that show up after a transaction is already in motion.

Triggers During Onboarding

Some customers are higher-risk before they have made a single transaction, based purely on what is known about them at sign-up. These cases warrant SoF (or SoW) information up front rather than waiting for activity to develop:

  • High-Risk Customer Type: PEPs, customers with adverse media, customers from sectors with elevated AML exposure (gambling, certain crypto sub-sectors, cash-intensive businesses).
  • Corporate Accounts With Complex Ownership: Multi-jurisdictional structures, nominee directors, layered holding companies, or unclear ultimate beneficial ownership.
  • Expected High Volume or Unusual Account Purpose: A new account opened with a stated intent of moving large stablecoin volumes, or an OTC client requesting wire-equivalent capacity from day one.
  • High-Risk Jurisdiction: Customers connected to jurisdictions on the FATF grey list, comprehensive sanctions jurisdictions, or other elevated-risk geographies.
  • Unclear or Implausible Business Model: Corporate clients whose stated business doesn't obviously generate the volume they expect to move, or whose explanation of activity is vague.

Triggers After a Transaction Alert

The more common path to a SoF request is reactive: something happens in the transaction monitoring layer, and the business needs to understand what it is looking at before making a decision. Typical triggers include:

  • Large or Unusual Deposits: An amount that is materially larger than the customer's historical pattern, or a sudden cluster of deposits inconsistent with prior activity.
  • High-Risk Wallet Exposure on the Incoming Funds: The sender wallet has direct or indirect exposure to sanctioned addresses, mixers, exploit-linked clusters, scam clusters, or darknet markets.
  • DeFi, DEX, or Bridge Routing Right Before Deposit: Not automatically risky on its own, but a strong reason to ask the customer to explain what they were doing on-chain in the minutes before the deposit landed.
  • Newly Created Wallets With Large Inflows: A wallet days old, no history, suddenly funded with a large amount and immediately deposited to your platform is one of the more common laundering patterns.
  • Rapid Deposit-and-Withdrawal Behavior: The account receives funds and tries to move them straight out without trading — a classic "use the platform as a pass-through" pattern.
  • Mismatch Between Stated Activity and Actual Transaction Behavior: The customer declared "occasional personal investment" at onboarding and is now moving wholesale-trading volumes.
💡
For the workflow that runs after an alert fires — what to do, who reviews, how to escalate — see High-Risk Crypto Transaction Alerts. The SoF request is one of the most common next steps in that workflow, but it is not the only one, and it is rarely the only thing the analyst needs to do.

What Information Can Support a Crypto Source of Funds Check

SoF is not a single document. It is a bundle of evidence that, taken together, makes the customer's explanation plausible against the on-chain reality. The bundle typically includes some combination of the following — exactly which items depends on the customer, the amount, and the trigger:

  • Customer Explanation: A written or recorded statement from the customer describing where the funds came from, how they were acquired, and why they are being deposited now. The explanation is the anchor everything else is checked against.
  • Exchange Transaction History: Statements from a regulated exchange showing where the customer purchased or earned the crypto. One of the strongest pieces of evidence available because it ties on-chain activity back to a KYC'd venue.
  • Bank Statement Showing Fiat-To-Crypto Purchase: Evidence of the fiat side of the transaction — useful when the customer claims to have purchased crypto with personal savings or salary.
  • OTC Trade Confirmation: Where the customer acquired funds through an OTC desk, a confirmation from that desk linking the on-chain transfer to the underlying trade.
  • Invoice, Sale Agreement, or Service Contract: For business customers, evidence that the deposit reflects payment for goods or services actually delivered.
  • Mining, Staking, or Yield Records: For customers who explain funds as protocol rewards, validator income, or staking yield, the records that tie those rewards back to the wallet involved.
  • Salary, Business Income, or Corporate Financial Records: The underlying source — wages, distributions, business profit — that explains the customer's overall financial activity.
  • Wallet Ownership Proof, Where Appropriate: A signed message from the sending wallet's private key proving the customer controls it. Useful in some cases, redundant or impossible in others.
  • On-Chain Transaction History: The strongest single piece of evidence in crypto SoF — but only when read together with the explanation, not as a substitute for it.

Why Documents Alone Are Not Enough

A bank statement can show that a customer once held the fiat to purchase crypto. It cannot show that the specific crypto sitting in the sending wallet is that purchase, or that it didn't pass through three mixers and a sanctioned address between the bank transfer and the deposit you're now reviewing.

In practical terms, this is the central insight of source-of-funds verification in crypto AML: the document is necessary, but it is not sufficient. A customer can have impeccable paperwork and still be sending funds whose recent route is problematic. Equally, a customer can have thin paperwork and still be moving funds whose on-chain history is entirely consistent with their explanation.

The reverse is also true. Pretty on-chain history can be assembled deliberately, and customer explanations can be coached. Documents act as a check on what the chain shows; the chain acts as a check on what the documents say. Neither layer alone is enough.

How On-Chain Evidence Helps Verify Source of Funds

This is the part most traditional financial institutions don't have access to and most crypto businesses underuse. On-chain evidence is the closest thing modern AML has to ground truth. Unlike bank statements or invoices — which the customer creates or receives — on-chain history is independent, public, and (in most cases) immutable. A well-built on-chain review of a SoF case typically reveals:

  • The Transaction Path: The route the funds actually took before arriving — which addresses sent them, in what order, and at what intervals.
  • Sender and Receiver Wallet Profiles: How old the sending wallet is, how active it has been, what it typically does, and whether its behavior on the day of the deposit matches its history.
  • Connected Entities: Whether the wallet has interacted (directly or indirectly) with named exchanges, custodians, OTC desks, DeFi protocols, mixers, sanctioned entities, fraud clusters, or other categorized addresses.
  • Source and Destination of Funds Views: A breakdown of where the funds at the sending wallet *came from* and where similar funds *typically end up* — which together describe the wallet's role in the broader ecosystem.
  • Risk Score and Risk Categories: A composite indicator of risk together with the specific categories driving it — sanctions exposure, mixer exposure, scam-cluster exposure, darknet exposure, and so on.
  • Historical Wallet Behavior: Whether the wallet has been previously associated with high-risk activity, even if today's transactions look ordinary.

Direct and Indirect Exposure

The single most important nuance in reading on-chain evidence is the difference between direct and indirect exposure.

Direct Exposure means the wallet you are reviewing interacted directly with a high-risk address or entity — sent to it, received from it, or both. This is the strongest signal.

Indirect Exposure means the connection appears through one or more intermediate hops. A wallet that received funds from another wallet that received funds from a sanctioned address has indirect exposure. The signal is still meaningful, but it requires context: how many hops, what amounts, what timing, what entity type, what pattern.

In practical terms, indirect exposure of $200 from a sanctioned address eight hops back, three months ago, with no other red flags, is a very different situation than $50,000 of indirect exposure one hop back, last night. Risk-scoring tools that collapse both into a single "high risk" label are doing the analyst's job badly; tools that surface the distance, the amount, the timing, and the entity type are doing it well.

Entity Attribution and Wallet History

Modern blockchain analytics is less about looking at individual addresses and more about looking at clusters of addresses attributed to specific real-world entities. When a tool flags a wallet as connected to "Exchange X" or "Mixer Y" or "Sanctioned Entity Z," that flag is the output of an attribution process — heuristics, behavioral analysis, and (where available) verified disclosures.

💡
Attribution quality varies, which is why compliance teams rely on more than one analytics provider for high-stakes decisions, and why context-rich review (rather than score-only review) is the right approach. For more on how addresses get tied to real-world entities, see Wallet and Entity Identification in Blockchain Analytics.

Bringing direct/indirect exposure together with entity attribution is what makes on-chain evidence usable as part of illicit funds detection in crypto transaction monitoring — and ultimately, as part of a defensible source-of-funds decision.

Matching Customer Information With On-Chain Evidence

This is the conceptual heart of the article. A SoF decision is not the result of looking at one signal — the documents, or the score, or the customer's explanation. It is the result of holding the customer's story and the on-chain evidence side-by-side and asking whether they describe the same reality.

A few patterns of comparison appear constantly:

  • Claimed Personal Exchange Withdrawal: Customer says the funds came from their own account at a regulated exchange. The on-chain trail should show a withdrawal from a known exchange cluster directly (or through a small number of hops) to the sending wallet, in a timeframe consistent with the explanation.
  • Claimed Business Income in Stablecoins: Customer says deposits represent regular invoiced payments. The on-chain pattern should look like multiple distinct senders at predictable intervals, not a single concentrated deposit from a freshly created wallet.
  • Claimed Long-Term Holding ("I Bought It in 2021"): The wallet's history should show old funds, with a long gap of inactivity, rather than recently arrived funds being withdrawn through your platform.
  • Claimed New Wallet for Privacy Reasons: A reasonable explanation that doesn't change the AML question — the wallet may be new, but the funds in it came from somewhere, and that "somewhere" needs to be on the chain.
  • Claimed DeFi Yield or Trading Activity: The customer should be able to point at the protocols involved, and the on-chain trail should show meaningful interaction with those protocols rather than a quick pass-through.

When the Explanation and Blockchain Data Match

When the customer's account and the chain agree, the SoF decision is straightforward: the activity is consistent, the documents are corroborated, the on-chain trail is unremarkable, and the appropriate action is approve and document. In some cases — for example, where amounts are large but the story is well-supported — the right step is to approve with ongoing monitoring, so that any change in pattern can be picked up later.

In practical terms, this is the majority of SoF cases at most crypto businesses. Most customers are exactly who they say they are, moving exactly the funds they describe. The job of the SoF process is to confirm that as efficiently as possible, document the reasoning, and not interrogate people unnecessarily.

When the Explanation and Blockchain Data Do Not Match

The harder cases are where the story and the chain don't line up. Examples:

  • Stated Personal Funds, Observed High-Risk Cluster Exposure: Customer describes simple personal savings; the sending wallet has direct or close exposure to a known fraud cluster. The mismatch is not proof of wrongdoing, but it changes the conversation.
  • Stated Long-Term Holding, Observed Fresh Wallet With Recent Inflows: Customer claims a 2021 purchase; the sending wallet was created last week and funded last night. The story and the chain are not the same story.
  • Stated Exchange Withdrawal, Observed Mixer Route: Customer says the funds came from a regulated exchange; the on-chain trail runs through a mixer between the exchange and the deposit. Either the explanation is incomplete or the activity is more complicated than presented.
  • Stated Single-Source Origin, Observed Multi-Source Aggregation: Customer describes one origin; on-chain shows the sending wallet collected funds from dozens of unrelated sources just before the deposit. This is a common pattern for "smurfing" — and worth careful enhanced review.

A mismatch is not the same as a criminal verdict. It is a signal that the case needs additional review — enhanced due diligence, more questions to the customer, a request for additional documentation, escalation to a senior reviewer, and (where the situation warrants and the jurisdiction requires) the filing of a suspicious activity report. The decision should be proportionate to the gap.

For the full set of documentation that should accompany this kind of decision — and the records a regulator will eventually want to see — see the crypto AML audit checklist.

Source-of-Funds Checks for DeFi, Bridges, and Self-Hosted Wallets

The SoF process gets harder, but not impossible, when funds arrive from DeFi protocols, cross-chain bridges, or self-hosted wallets. The complications stack on top of each other:

  • Self-Hosted Wallets Have No Customer Records: A withdrawal from a centralized exchange comes with a counterparty file. A transfer from a self-hosted wallet comes with nothing but the chain — which is why on-chain evidence carries proportionally more weight in these cases.
  • DEX Swaps Change the Asset Type Mid-Flow: A wallet that received ETH and exited a DEX holding USDC has, in some sense, "different" funds at the deposit — even though the value is continuous. SoF analysis has to follow value across asset changes, not just token addresses.
  • Bridges Move Value Across Chains: The destination chain shows a fresh deposit with no obvious history. Reconstructing the path requires linking events across separate ledgers.
  • Liquidity Pools Commingle Funds: The tokens a wallet withdraws from a pool are mathematically the pool's, not the same coins the customer originally deposited. Provenance gets harder to argue clean.
  • Smart Contracts Are Often Neutral Infrastructure: A protocol used by a sanctioned actor is also used by thousands of legitimate users. Exposure through a contract isn't a verdict — it's a flag that needs context.

None of these makes a DeFi-sourced deposit automatically high-risk. Most DeFi activity is ordinary trading, yield-seeking, or hedging. The practical implication is that the SoF question has to be asked more carefully, and the customer's explanation has to specifically address the DeFi side of the trail.

💡
For a deeper treatment of the regulatory and operational picture, see AML risks in DeFi. Where the funds also crossed blockchains, modern compliance practice depends on cross-chain analysis in crypto compliance. Single-chain monitoring is no longer sufficient — a wallet that looks clean on the chain you operate on can still be one hop away from a sanctioned address on another.

How to Make a Risk-Based Source of Funds Decision

A SoF decision in 2026 should never be a simple yes/no, "approve or block" button. The possible outcomes span a spectrum, and the right one depends on the amount, the customer profile, the risk category, the proximity of any high-risk exposure, the strength of the documentation, and the plausibility of the explanation.

Typical outcomes:

  • Approve and Document: Customer story, documents, and on-chain evidence are consistent. Deposit proceeds; rationale is recorded.
  • Approve With Ongoing Monitoring: Deposit proceeds, but the account or counterparty is flagged for closer review of subsequent activity.
  • Request Additional Information: The picture is incomplete — additional documents, a fuller explanation, or wallet-ownership proof is required before a final decision.
  • Escalate to Enhanced Due Diligence: The risk indicators are material enough to require senior review, broader checks, and a documented EDD process.
  • Pause or Reject the Transaction: Where the explanation cannot be reconciled with the on-chain evidence, or where the exposure is itself disqualifying under the business's risk appetite.
  • Restrict Account Activity: Where a pattern across multiple deposits suggests ongoing risk, restrict withdrawals, trading, or further deposits pending review.
  • File a Suspicious Activity Report Where Required: Where the jurisdiction's reporting threshold is met, file the SAR/STR and follow the local procedural rules.
  • Document the Decision in All Cases: Regardless of outcome, the reasoning and supporting evidence are recorded for audit.

Risk-Based Review Instead of Automatic Blocking

The temptation, especially under enforcement pressure, is to default to blocking anything that looks risky. That instinct produces three predictable problems: it drives away legitimate customers, it generates noise that drowns out the genuinely concerning cases, and it leaves a documentation trail that looks mechanical rather than reasoned — which is exactly what regulators don't want.

In practical terms, a defensible SoF program looks at amount, risk category, exposure distance, customer profile, the strength of the explanation, and the supporting documentation together. A $200 deposit with eight-hop indirect exposure to a fraud cluster three months ago does not deserve the same response as a $200,000 deposit with one-hop direct exposure to a sanctioned mixer last night. Both might be approved, both might be rejected, both might land in EDD — but the reasoning behind each should be specific to the case, not driven by a single rule.

Documentation and Audit Trail

The most underrated part of any SoF program is the paper trail — what was checked, what risk signals appeared, what the customer explained, what documents were reviewed, who reviewed them, who approved or rejected, and why the decision was proportionate to the facts.

In practical terms, the documentation needs to be specific enough that someone reviewing it later (an internal auditor, an external auditor, or a regulator) can reconstruct the decision without speaking to the original analyst. None of it needs to be elaborate. It just needs to exist, be timestamped, and be linked to the customer and the transaction it concerns.

How AMLBot Supports Crypto Source of Funds Checks

A practical SoF workflow combines several pieces — and most of them rely on having on-chain visibility that ties to customer information. The tooling layer typically supports:

  • Wallet Screening at the Deposit Stage: Pre-deposit risk check against the sending wallet, with a result the compliance team can review before the funds are credited.
  • Transaction Monitoring on an Ongoing Basis: Re-screening of active counterparties, alerting when new risk indicators appear after the initial decision.
  • Risk Scoring With Category Breakdown: A score that distinguishes sanctions, mixer, darknet, scam, and exploit exposure — not a single opaque number.
  • Source and Destination of Funds Visibility: A breakdown of where the sender's funds came from and where similar funds tend to go, so the analyst can describe the wallet's role in the broader ecosystem.
  • Named Entity Connections: Attribution that ties on-chain activity to known real-world entities — exchanges, OTC desks, DeFi protocols, sanctioned addresses — so the analyst is not reading raw hexadecimal.
  • Direct and Indirect Exposure With Context: Distance, amount, timing, and entity-type detail rather than a single yes/no exposure flag.
  • Configurable Alerts and Thresholds: Thresholds tuned to the specific business model, with routing to the right reviewer at the right time.
  • API Integration With KYC/KYB Data: So that the on-chain layer can be linked back to the customer record, not held in a separate silo.
  • Case Documentation and Audit-Ready Records: Every check, every result, every decision recorded in a form that can be reproduced for an audit.

For businesses building this out as a permanent control rather than an ad-hoc workflow, Crypto Transaction Monitoring brings the screening, monitoring, scoring, and documentation layers into a single pipeline. For the specific feature that surfaces what entities and routes a sender's funds touched before arriving, see the Source of Funds view in AML Checks.

Conclusion

In 2026, crypto source-of-funds checks are no longer a paperwork exercise tacked onto KYC. They are the layer where customer information and on-chain evidence meet — and where most of the consequential compliance decisions actually get made.

KYC tells the business who the customer is. KYT and wallet screening show how the funds moved. Documents support the customer's stated explanation. The job of the SoF process is to hold all three side-by-side and decide whether they describe the same reality. When they do, the decision is straightforward. When they don't, the decision is proportionate — more questions, more documentation, escalation, or reporting where the situation requires it. In every case, the reasoning is written down.

A workable program does not promise to prove that any specific deposit is "clean." It promises something more useful and more honest: that the business looked at what was in front of it, weighed the customer's story against the on-chain evidence, and produced a documented, risk-based AML decision it can defend.

For crypto businesses that need to verify wallet risk, monitor transactions, and document source-of-funds decisions, AMLBot provides screening, transaction monitoring, and compliance tools built for crypto transaction flows.

What Is Source of Funds in Crypto AML?

Source of funds in crypto AML is the origin of the specific crypto assets a customer is using in a particular transaction or deposit. It combines customer information, written explanation, supporting documents, and on-chain evidence to show how those funds reached the platform — and forms the basis for a risk-based compliance decision.

How Is Source of Funds Different From Source of Wealth?

Source of funds explains the origin of a specific transaction or amount — for example, the history of the 200,000 USDT a customer is depositing today. Source of wealth explains the customer's overall financial position — salary, business income, prior investments, or inheritance that built up their capital over time. In practical terms, source of wealth is the backdrop that makes a source-of-funds explanation plausible.

Why Do Crypto Businesses Need Source-of-Funds Checks?

Crypto businesses need source-of-funds checks to verify that incoming funds match the customer profile, to avoid accepting funds with unacceptable AML exposure, to handle high-risk transaction alerts proportionately, and to produce the documented reasoning that regulators expect to see behind compliance decisions. The 2025 enforcement record made clear that source-of-funds gaps for higher-risk clients were one of the most common drivers of major AML fines.

When Should a Crypto Business Request Source-of-Funds Information?

A crypto business should request source-of-funds information when risk-based triggers appear — including large or unusual deposits, high-risk wallet exposure, mixer or bridge activity, unclear business rationale, inconsistent customer behavior, or alerts from transaction monitoring. SoF is a risk-based step, not a universal request — asking everyone for documents on every deposit dilutes the seriousness of the question when it really matters.

What Documents Can Support a Crypto Source-of-Funds Check?

Supporting documents for a crypto source-of-funds check can include exchange transaction history, fiat-to-crypto purchase records, bank statements, OTC trade confirmations, invoices or sale agreements, mining or staking records, business income documents, payroll records, and previous crypto purchase history. The right combination depends on the customer profile, the amount, and the specific trigger.

Are Documents Enough to Verify Source of Funds in Crypto?

Documents alone are usually not enough. Crypto businesses also need to compare the customer's explanation with wallet history, transaction routes, entity exposure, and on-chain risk signals — because documents describe the customer's stated reality, while the chain shows what actually happened. The strongest SoF decisions hold both layers side-by-side.

How Does On-Chain Evidence Help Verify Source of Funds?

On-chain evidence reveals transaction paths, sender and receiver wallets, direct and indirect exposure, links to exchanges, DeFi protocols, mixers, sanctioned entities, or fraud clusters, and historical wallet behavior. Unlike documents — which the customer provides — on-chain evidence is independent and verifiable, which is what makes it the closest thing crypto AML has to ground truth.

What Is Direct and Indirect Exposure in Source-of-Funds Checks?

Direct exposure means the wallet under review interacted directly with a high-risk address or entity. Indirect exposure means the connection appears through one or more intermediate wallets or hops. Indirect exposure still matters but requires context — distance, timing, amount, entity type, and pattern — rather than being treated as equivalent to direct exposure.

Can a Source-of-Funds Check Prove That Crypto Is Legal?

No. A source-of-funds check does not prove legality on its own. It is a risk-assessment tool, not a legal verdict — its purpose is to help compliance teams compare customer information with on-chain evidence and decide whether to approve, monitor, escalate, reject, or report the activity. Any provider promising that a SoF check guarantees legality is overstating what the process can do.

How Does AMLBot Help With Crypto Source-of-Funds Checks?

AMLBot helps crypto businesses screen wallets, monitor transactions, identify named entity connections, review source and destination of funds, detect direct and indirect high-risk exposure, and document source-of-funds decisions in an audit-ready way. The tools support the workflow — the compliance decision still rests with the team.

Sign up for more like this.

Enter your email
Subscribe