Check Ethereum Wallet for Tornado Cash, Scams & Sanctions

Home · Networks · Ethereum

Ethereum is where most of crypto's bad behaviour lives in 2026 — smart-contract drainers, fake airdrop campaigns, address-poisoning, and the long shadow of Tornado Cash. The same 0x address that pays your freelance invoice can also be three transactions away from a sanctioned mixer.

Why ETH addresses are messier than BTC

A Bitcoin wallet usually holds one thing: BTC. An Ethereum wallet holds hundreds of tokens, calls smart contracts, signs permits, and interacts with DeFi protocols every week. Each of those interactions creates a new line in the wallet's history. A clean wallet from yesterday can be tainted today because the owner clicked an innocent-looking airdrop link.

Ethereum's compositional nature is also its compliance nightmare. One bad approve() signature can drain a wallet and instantly link your address to a known scammer cluster — even if you were the victim.

The Tornado Cash situation, explained

In August 2022 the U.S. Treasury added Tornado Cash to its SDN list. From that moment, any address that received ETH from Tornado Cash carried a sanctions flag. The protocol itself is just code — but Coinbase, Kraken and Binance treat funds emerging from it as restricted, and the EU's MiCA framework now mirrors that position.

If you receive payment from someone who happens to have used Tornado Cash for legitimate privacy reasons, your wallet inherits the exposure. Most exchanges will hold your deposit until you can document the source.

🚨

One real case from 2024: a Polish freelancer accepted 1.2 ETH for a logo design. The client had withdrawn from Tornado Cash six months earlier. The freelancer's Kraken account was restricted for nine weeks while they gathered invoices, contracts and proof of work.

What gets checked on Ethereum

OFAC SDN matches — direct hits, plus the 1-hop and 2-hop neighbours that most exchanges treat the same.
Tornado Cash exposure — both deposits and withdrawals, weighted by recency.
Sanctioned mixers — Railgun's flagged pools, Aztec leftovers, Sinbad-era stragglers.
DeFi rug pulls — wallets tied to known exit scams (Squid Game token, AnubisDAO, dozens of smaller "stealth" launches).
Phishing drainers — Inferno Drainer, Pink Drainer, Angel Drainer and successor kits.
Sanctioned protocols — Hamas-linked addresses, North Korea's Lazarus Group, Russian/Iranian-sanctioned entities.
Address poisoning — wallets used for the zero-value-transfer attack that tricks users into copying lookalike addresses.

How to read an ETH risk score

Ethereum scoring is slightly different from Bitcoin because of how often wallets interact with DeFi:

0–25 (low): Normal wallet. DeFi usage, exchange deposits and withdrawals — nothing concerning.
26–50 (medium): One or two ambiguous hops — maybe a CoinJoin equivalent, an old MEV bot, or a token that later turned out to be a rug.
51–75 (high): Direct exposure to Tornado Cash, a drainer cluster, or a wallet that has been frozen by at least one major exchange.
76–100 (critical): Sanction match. Walk away.

EVM L2s and sidechains

The same 0x address works on Polygon, Arbitrum, Optimism, Base, BNB Chain and Avalanche. Our scan looks at all of them automatically — a wallet that is clean on mainnet can have a high-risk history on BNB Chain, and vice versa. Cross-chain bridges are particularly attractive to bad actors, so a single 0x can have very different reputations on different rollups.

ERC-20 token transfers

USDC and USDT freezes are real. Circle and Tether routinely blacklist addresses tied to ransomware or sanctions, freezing the underlying balance forever. If you accept stablecoins from a freshly created or unknown wallet, this is the first thing you should worry about.

Quick checklist before accepting ETH payments

Paste the sender's 0x address into the checker above.
Confirm the score is below 30. If it's 30–60, ask for a different address.
If your client insists on the same wallet, route the funds through a regulated OTC desk instead of a CEX.
Keep an invoice trail — exchanges may ask for it later.

Get the full ETH transaction graph in Telegram

Source of funds across all EVM chains, Tornado Cash exposure scoring, downloadable PDF — all in chat.

Open @scorechain_amlbot

Ethereum AML — quick FAQ

What if the wallet only interacted with Tornado Cash once, years ago?

Recency matters. A single Tornado Cash hop from 2021 is treated very differently from one last month. Most exchange scoring decays the weight of old interactions over 18–36 months, but the flag is never fully gone.

Are smart-contract addresses also covered?

Yes. We check whether the contract itself is sanctioned (Tornado Cash routers, OFAC-listed protocols) and whether it is a known drainer or rug-pull deployer. Paste the contract address and it works the same way.

Does Layer-2 activity show up?

Yes — Polygon, Arbitrum, Optimism, Base, BNB Chain, Avalanche, zkSync and Linea are all included. The risk score is calculated across all of them.

USDC just got frozen on an address I sent to — what now?

If Circle has blacklisted the destination, your tokens are stuck there. Contact Circle directly with proof you are the legitimate owner and a police report if the freeze was the result of theft.