Your DeFi Agent Can Read the Blockchain. It Can't Read a Sanctions List.

#web3 #defi #agents #compliance

Your DeFi agent reads on-chain data all day. Balances, transactions, contract code, TVL, gas prices — everything the blockchain makes public. It can tell you that wallet 0xd8dA...96045 holds 3,400 ETH, made 1,247 transactions, and first transacted in 2015.

What it can't tell you: whether the entity behind that wallet is sanctioned. Whether they're a politically exposed person. Whether there's fraud coverage in the press. Whether the exchange they're using is actually licensed under EU MiCA.

None of that lives on the blockchain. And as of 2025, regulators expect you to check.

The gap is real

Here's what on-chain data gives you:

Wallet balances and token holdings
Transaction history
Smart contract source code
TVL, liquidity pools, gas prices
Token prices, DEX volumes

And here's what you need for compliance that the blockchain doesn't have:

Sanctions screening — is this entity on OFAC, EU, or UN lists?
Entity identity — who is the person or company behind this wallet?
VASP licensing — is this exchange authorized under MiCA?
PEP screening — is the counterparty politically exposed?
Adverse media — any fraud reports, lawsuits, or investigations?
Domain trust — is the project website legitimate or a phishing clone?

If your agent is making financial decisions — swapping tokens, depositing into protocols, evaluating counterparties — it's operating blind on half the risk picture.

Bridging the gap: wallet to compliance in one call

We built 17 capabilities specifically for this problem. They're all available via x402 (pay per call with USDC on Base) or via standard API key.

Here's the pipeline that chains on-chain identity with off-chain compliance:

# Step 1: Who is behind this wallet?
curl -X POST https://api.strale.io/v1/do \
  -H "Content-Type: application/json" \
  -d '{
    "capability_slug": "ens-reverse-lookup",
    "inputs": {"address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"}
  }'

Response:

{
  "address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "has_ens": true,
  "ens_name": "vitalik.eth",
  "verified": true
}

Now you have a name. Chain it:

# Step 2: Is this entity sanctioned?
curl -X POST https://api.strale.io/v1/do \
  -H "Content-Type: application/json" \
  -d '{
    "capability_slug": "sanctions-check",
    "inputs": {"name": "Vitalik Buterin"}
  }'

# Step 3: Is this wallet flagged for fraud?
curl -X POST https://api.strale.io/v1/do \
  -H "Content-Type: application/json" \
  -d '{
    "capability_slug": "wallet-risk-score",
    "inputs": {"address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"}
  }'

Response:

{
  "address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "risk_level": "low",
  "is_malicious": false,
  "risk_labels": []
}

Or skip the individual calls and run the whole pipeline as a single solution:

# Full counterparty due diligence — one call
curl -X POST https://api.strale.io/v1/do \
  -H "Content-Type: application/json" \
  -d '{
    "capability_slug": "web3-counterparty-dd",
    "inputs": {
      "wallet_address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
      "entity_name": "Vitalik Buterin"
    }
  }'

That single call runs: wallet risk score → wallet age check → ENS reverse lookup → sanctions screening → PEP check → adverse media scan. Six capabilities, one response, $0.12.

The 17 capabilities

All quality-scored. All continuously tested.

Wallet security:

wallet-risk-score — fraud labels, phishing, money laundering flags (GoPlus, 30+ chains)
approval-security-check — risky unlimited token approvals
wallet-age-check — first transaction date, age in days
wallet-balance-lookup — native + ERC-20 balances
wallet-transactions-lookup — recent transaction history

Token and contract safety:

token-security-check — honeypot, sell tax, hidden ownership, mint functions (GoPlus)
contract-verify-check — source code verified on Etherscan?
phishing-site-check — known phishing URLs and cloned dApp frontends

DeFi intelligence:

protocol-tvl-lookup — TVL, chains, audits, category (DeFi Llama)
protocol-fees-lookup — 24h/7d/30d fees and revenue
stablecoin-flow-check — stablecoin supply per chain
fear-greed-index — market sentiment 0-100
gas-price-check — safe/proposed/fast gas in Gwei

Identity and compliance:

ens-resolve — ENS name → wallet address
ens-reverse-lookup — wallet address → ENS name (verified)
vasp-verify — check ESMA's MiCA register of authorized CASPs
vasp-non-compliant-check — check ESMA's non-compliant entity list

Pre-built solutions

If you don't want to chain individual capabilities, there are 9 pre-built solutions that bundle them into single calls:

Solution	What it does	Price
`web3-counterparty-dd`	Wallet risk + age + ENS + sanctions + PEP + adverse media	$0.12
`web3-pre-tx-gate`	Go/no-go middleware for DeFi agents	$0.12
`web3-vasp-check`	Is this exchange MiCA-licensed?	$0.08
`web3-pre-trade`	Price + security + TVL + sentiment + gas	$0.08
`web3-wallet-identity`	ENS + risk + age + balance	$0.08
`web3-token-safety`	Honeypot + deployer risk + domain reputation	$0.05
`web3-dapp-trust`	Phishing detection + domain intelligence	$0.05
`web3-protocol-health`	TVL + fees + stablecoins + domain trust	$0.05
`web3-wallet-snapshot`	Balance + transactions + age + ENS + price	$0.05

Why this matters under MiCA

The EU's Markets in Crypto-Assets regulation requires all crypto-asset service providers to be licensed by July 2026. That means compliance checks on counterparties aren't optional for any agent operating in the EU market.

The vasp-verify capability is interesting here — it checks ESMA's official register of authorized CASPs. Nobody else offers this data via API, let alone via x402 micropayments. An agent can verify in one call whether a crypto exchange or custody provider is actually authorized.

Using via x402

All capabilities are available via x402. No signup, no API key — just USDC on Base:

# This returns HTTP 402 with payment requirements
curl https://api.strale.io/x402/wallet-risk-score?address=0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045

# Agent pays via X-Payment header, gets results

344 x402-enabled endpoints. Discovery at api.strale.io/x402/catalog.

For standard API access, sign up at strale.dev — new accounts get €2 in free credits.

What this isn't

This isn't on-chain analytics. Chainalysis, Nansen, and Glassnode do that well, at enterprise prices ($100K+/yr). This is the off-chain data layer that on-chain agents depend on — the compliance, entity, and trust data that the blockchain can't provide.

Every response comes with a provenance trail and a quality score (SQS), computed from automated testing across correctness, schema compliance, error handling, and edge cases. You're not calling an untested endpoint.

273 capabilities total. 97 solutions. Built in Sweden.