BSBsec
← Portfolio
Product

The onchain risk engine

BSBsec is a security co-processor: we sit next to your exchange or wallet and return real-time, structured risk decisions. You keep policy control; we deliver the intelligence.

Aim

To give exchanges and wallets real-time, explainable risk intelligence at the moment of decision—without taking enforcement out of their hands. We aim to be the single API that answers “is this withdrawal, deposit, or trade safe?” with a structured recommendation and evidence, so platforms can reduce losses and meet compliance while keeping full control over policy and UX.

The BSBsec platform is built as a security co-processor—not a black box that blocks or allows on its own, but an intelligence layer that connects to your existing infrastructure through well-defined hooks. When a user initiates a withdrawal, a deposit is detected, or a trade is about to execute, your system sends the relevant onchain context (addresses, asset, amount, optional user risk tier) to our API. We analyze it in real time against our detection models and return a structured decision: a risk score, a recommended action (allow, warn, step up, manual review, or block), stable reason codes, and evidence pointers (e.g. transaction hashes, exposure paths). Your platform then enforces that recommendation according to your own policy, jurisdiction, and product design. That separation—we analyze and recommend, you decide and enforce—is what keeps you in control while still giving you the detection depth you need to prevent scams, address poisoning, laundering exposure, and malicious tokens.

How we do it

  • Stateless, synchronous API: your system sends a single request per decision (e.g. source/destination addresses, chain, asset, amount, optional user_risk_tier). We do not persist your transaction data for scoring; we evaluate the payload against our models and return a JSON response with risk_score (normalized scale), recommended_action (ALLOW | WARN | STEP_UP | MANUAL_REVIEW | BLOCK), reason_codes (stable enum values), and evidence (e.g. tx hashes, cluster ids, exposure path pointers).
  • Detection pipeline runs in-process per request: we resolve addresses to our graph and label stores, run rule-based and model-based classifiers (similarity, scam clusters, AML typologies, token risk), aggregate into a single risk score and recommended action, and attach reason codes and evidence. Latency target is sub-second so you can call us inline in withdrawal, deposit, or trading flows.
  • No session or user state on our side: each request is self-contained. You can send an optional user_risk_tier (e.g. new_user, high_limit) that you derive from your own systems; we use it only to adjust sensitivity or step-up suggestions. We do not build a persistent profile of your users.
  • API contract is versioned (e.g. /v1/...) and backward-compatible within major versions. Response includes decision_id and model_version so you can log and replay decisions for audit.

Outcomes

  • Real-time API that evaluates each transaction or user action and returns in milliseconds
  • Structured response: risk_score, recommended_action, reason_codes, evidence—no opaque scores
  • Minimal disruption: plug into withdrawal, deposit, and trading flows where risk decisions matter
  • You map our recommended_action to your policy (e.g. step up = 2FA or whitelist delay)

Challenge

Exchanges and wallets need to reduce losses and meet compliance expectations without handing over control to a third party or deploying a binary block/allow system that frustrates legitimate users.

Approach

We provide a graduated decision model and transparent evidence so you can explain every decision to users and compliance. You configure how each risk level is enforced; we focus on accurate, explainable detection.

APIReal-timeSecurity co-processorRisk score
← Back to portfolio