Crystal Intelligence

Resold by Frayme. No client API key required. Credentials and billing are managed end-to-end.

Crystal Intelligence is the blockchain-analytics engine behind every on-chain decision Frayme makes — wallet screening at onboarding, withdrawal precheck, counterparty exposure analysis, and continuous monitoring with cadence matched to risk. Two engines bundled in one provider:

Risk Check

Synchronous. POSTs an address (and optionally a tx hash) and returns risk score + entity + signals inline. Used for blocking decisions.

Monitor

Asynchronous. Adds the address to ongoing surveillance with a configurable cadence (1d / 7d / 14d). Webhook callbacks fire on grade changes.

Supported chains

40+ networks including BTC, ETH, TRON, BSC, Polygon, Solana, Arbitrum, Optimism, Avalanche, Litecoin, Bitcoin Cash, Ethereum Classic, and major L2s + stablecoins on each.

25+ signal types

Crystal classifies addresses into entities and assigns exposure to: sanctions, mixer, dark_market, dark_service, ransom, stolen_coins, terrorism_financing, child_exploitation, scam, exchange_unlicensed, gambling, phishing, fraud_shop, seized_funds, extortion, child_abuse_material, human_trafficking, weapons, drug_market, bridge, mining_pool, defi, cex, p2p_exchange, payment_processor, merchant_services, nft_marketplace.

Node configuration

A Crystal dataSource node carries a structured crystalConfig payload with three top-level surfaces:

Risk Check
Monitor
Webhook

"riskCheck": {
  "type": "withdrawal" | "deposit" | "address",
  "blockchain": "btc" | "eth" | "trx" | ...,
  "tokenId": "0",
  "addressVariable": "{{input.wallet_address}}",
  "txVariable": "{{input.tx_hash}}",
  "riskScoreProfileId": 0,
  "blockOnBlocklistHit": true,
  "blockOnRiskScoreAbove": 75,
  "alertOnSanctionsHit": true,
  "alertOnMixerExposureAbove": 10,
  "alertOnDarknetExposureAbove": 5
}

Field	Purpose
`type`	Direction context. `withdrawal` is the most common for precheck.
`riskScoreProfileId`	Crystal supports custom risk-score profiles. `0` = default equal-influence profile.
`blockOnBlocklistHit`	Crystal’s own opinion — Frayme reads it for the band classification.
`blockOnRiskScoreAbove`	Crystal threshold (0–100).
`alertOnSanctionsHit`	Always raise an alert when sanctions exposure is detected, even if score is low.
`alertOnMixerExposureAbove`	Mixer exposure threshold in %.
`alertOnDarknetExposureAbove`	Darknet exposure threshold in %.

"monitor": {
  "direction": "deposit" | "withdrawal",
  "blockchain": "btc",
  "tokenId": "0",
  "addressVariable": "{{input.wallet_address}}",
  "txVariable": "{{input.tx_hash}}",
  "customerNameVariable": "{{input.customer_id}}",
  "amountVariable": "{{input.amount}}",
  "riskScoreProfileId": 0,
  "addToWatchlist": false,
  "alertRules": { ... },
  "signalThresholds": { ... },
  "webhook": { "enabled": true, "callbackUrl": "...", "notifyOn": "high_severe" },
  "mode": "async",
  "recheckDays": 7
}

alertRules — which monitor triggers fire:

counterpartyRiskScore (threshold)
blocklistInteraction
riskyVolume (fiat threshold)
transactionalPattern
iScript — Crystal’s behavioural script triggers
addressPrecheck

signalThresholds — per-signal sensitivity (0–1). Production defaults:

sanctions: 0, ransom: 0, stolen_coins: 0, terrorism_financing: 0, child_exploitation: 0 — zero tolerance
dark_market: 0.05, dark_service: 0.05 — very tight
mixer: 0.1 — tight
scam: 0.2
exchange_unlicensed: 0.5, gambling: 0.5 — looser

Configured per node. Crystal calls back when a monitored address changes risk band.

"webhook": {
  "enabled": true,
  "callbackUrl": "https://frayme.io/api/webhooks/crystal",
  "notifyOn": "high_severe"  // "any" | "medium_high_severe" | "high_severe"
}

The webhook is signed; Frayme verifies the signature and routes the event into the appropriate workflow.

Banded routing

The standard pattern for consuming the Risk Check output:

Crystal score	Band	Default routing
≥ 0.90 OR sanctions/blocklist hit	severe	Manual review with deterministic-fail recommendation.
0.75–0.89	high	1-day cadence Monitor + senior compliance review.
0.40–0.74	medium	7-day cadence Monitor + AI synthesis + junior review.
< 0.40	low	14-day cadence Monitor + auto-approve.

Cache behaviour

Risk Check responses are cached for 30 days by default (configurable per workflow). Frayme uses the cached score when:

The same wallet is screened twice within the TTL.
The Monitor engine hasn’t fired a grade-change webhook since the cache hit.

This protects budget against the “withdraw-to-same-address-50-times” pattern.

Observability

Top signals are surfaced inline in the Decision Console.
Counterparty entity name + URL deep-link straight into Crystal Expert (expert.crystalintelligence.com).
Per-case trace of the address’s risk-grade history.

Risk Check

Monitor

​Supported chains

​25+ signal types

​Node configuration

​Banded routing

​Cache behaviour

​Observability

Supported chains

25+ signal types

Node configuration

Banded routing

Cache behaviour

Observability