The primary wallet from the Bybit / Lazarus exploit gets scored 10/100, tier high, posture escalate, with the OFAC Lazarus Group attribution showing up directly in the briefing. Full verdict here: https://credscore.us/v/o6wr--NrABo
The engine is deterministic, no ML in the scoring path. Explicit numeric weights per signal. Structural pattern detection: fan-out distribution, source-return flow, circular funding, repeated amount-band recirculation. Hard sanctions cap at score 12 for confirmed OFAC SDN matches, enforced at three independent points in the pipeline. Same wallet always produces the same score. Every output traces back to specific on-chain activity with a written rationale.
Five EVM chains: Ethereum, Base, Arbitrum, Optimism, Polygon. 0 to 100 score (higher means lower risk), decision posture (proceed / review / escalate), structured analyst briefing. Sub-15 second analysis from address to verdict.
What it doesn't do: non-EVM chains (Bitcoin, Solana, Tron), real-time stream monitoring at scale, deep cross-chain tracing through bridges. Those are jobs Chainalysis Reactor and TRM Forensics do better. CredScore is the fast first pass, not the deep investigation.
Two public case studies on real attacker wallets if you want to verify engine output independently:
Bybit / Lazarus wallet tree: https://credscore.us/case-studies/bybit-hack-lazarus-wallet-...
Drift / DPRK wallets, flagged on behavior alone: https://credscore.us/case-studies/drift-hack-dprk-wallet-ana...
Free first analysis at https://credscore.us/desk, no card.
The hardest scoring problem I'm working on right now is distinguishing legitimate high counterparty entropy from drainer-shaped victim fan-in at the signal level. The engine currently credits high counterparty entropy as a mild positive signal (broader observable behavior is generally good). But on drainer wallets, hundreds of distinct inbound counterparties with small values are victims, not legitimate counterparty diversity. I'm exploring counterparty value distribution and inbound-to-outbound ratio as differentiators, but the signal-shape overlap with legitimate batched payouts is real. Curious how others have handled this differentiation in deterministic risk scoring systems where you can't fall back on ML clustering.