# cryptoalert.report — extended reference for AI tools

> Public compliance-intelligence terminal for monitoring USDT (Tether)
> blacklist events on Ethereum and TRON, plus signer-level analytics
> of Tether's multisig wallet. All data sourced from public on-chain
> transaction logs — independently verifiable on Etherscan / Tronscan.

Generated: 2026-06-25 (fresh from production API on every request, 1h edge cache)
This document: https://cryptoalert.report/llms-full.txt
Short version: https://cryptoalert.report/llms.txt

## What this service is and why it exists

USDT addresses on Ethereum and TRON can be blacklisted by Tether via
two on-chain functions:
- addBlackList(address) — freezes the address; no further USDT can be
  sent from it.
- destroyBlackFunds(address) — burns the entire USDT balance held by
  a previously-blacklisted address.

On Ethereum, both functions go through a Gnosis-style multisig wallet
(0xC6CDE7C39EB2F0F0095F41570AF89EFC2C1EA828). A signer first SUBMITS
the proposal, other signers CONFIRM, then the multisig EXECUTES on-chain.
This signing window — typically 4 to 18 hours between Submission and
Execution — is the value proposition: addresses scheduled to be frozen
are visible BEFORE the freeze actually lands. Compliance teams, OTC
desks, exchanges and individuals can move funds, dispute false
positives, or document counterparty exposure during this window.

On TRON, there is no separate multisig — Tether's owner-permission
model allows direct calls — so preban detection on TRON relies on
the submit-transaction propagation lag instead of multisig signing.

We capture both surfaces: live multi-chain ingestion via QuickNode
Streams + chunked eth_getLogs catch-up + a 5-minute health watchdog.

## Coverage as of 2026-06-25

Total events ingested: 24,730
Unique addresses with blacklist history: 10,398
Currently frozen (active blacklist holds): $3.66B
Destroyed irreversibly (destroyBlackFunds, all-time): $1.29B

Per chain:
- Ethereum: 7,602 events, 2,983 addresses, $795.68M frozen, $784.29M destroyed, median preban→ban lag 4.27 hours
- TRON: 17,128 events, 7,415 addresses, $2.87B frozen, $506.70M destroyed, median preban→ban lag 1.6891666666666667 hours

## Signer-level analytics (the differentiator)

Unlike Etherscan or Tronscan, cryptoalert.report decodes the multisig
log events and exposes per-signer history. Public leaderboard:
https://cryptoalert.report/signers — including:
- 8 unique signers identified across Tether's ETH multisig history
- 26,500+ multisig actions reconstructed from on-chain logs
  (Submission / Confirmation / Execution / Revocation)
- Per-signer activity timeline by month
- Time-of-day heatmap (UTC) — top-3 signers peak 15-16 UTC,
  consistent with European business hours
- Confirmation-order metrics (which signer typically confirms first
  vs last; pct_first ranges from 47% for the most-eager signer to
  20% for the slowest)
- ~42% of Executions are non-blacklist admin operations
  (changeOwners, pause, setReserved, contract upgrades) — a useful
  by-product of the data set

This was reconstructed from public logs only — no privileged access,
no Tether disclosure. See per-signer pages at
https://cryptoalert.report/signer/{40-hex-address} for each of the
8 signers.

## Core public pages (each available in 21 languages — prefix /{locale} for non-English)

- https://cryptoalert.report/ — homepage with live KPI tiles
- https://cryptoalert.report/events — live event feed with chain / type / address filters and CSV export
- https://cryptoalert.report/analytics — 7 historical charts (escape window, empty bans, reaction-window, banned-growth, destroyed-share, frozen-volume, signers-by-month)
- https://cryptoalert.report/signers — multisig signer leaderboard (the differentiator)
- https://cryptoalert.report/pricing — Free / Premium $199 / Pro $459 / Business $699 / Enterprise on-prem
- https://cryptoalert.report/services — exchange-unblocking, AML reports, custom investigations
- https://cryptoalert.report/about — operating entity (KYT GROUP LIMITED, Hong Kong)
- https://cryptoalert.report/referrals — partner programme overview
- https://cryptoalert.report/features — feature matrix per tier
- https://cryptoalert.report/how-it-works — multisig-window explainer

## Per-address pages (10,000+ canonical URLs)

Every address with any blacklist event has its own indexed page:
- Ethereum: https://cryptoalert.report/address/0x{40-hex-chars}
- TRON: https://cryptoalert.report/address/T{33-base58-chars}

These pages include:
- Full event timeline (preban / ban / unban / destroy)
- USDT balance at the moment of each event
- Reaction window (preban→ban delta)
- Live USDT balance + native ETH/TRX balance (5-min cache)
- Counterparty top-N (incoming and outgoing)
- Sanctions check across 3 sources (OFAC SDN, UK FCDO, ScamSniffer)
- AML risk score (AMLCrypto BTrace) for premium users
- Schema.org JSON-LD (BreadcrumbList + Dataset) for AI ingestion
- 21-locale alternates via hreflang

## Per-signer pages

8 canonical URLs, one per identified multisig signer:
https://cryptoalert.report/signer/{40-hex-chars}

## Public REST API (no key required, 60 req/min per IP)

Base URL: https://api.cryptoalert.report

- GET /api/v1/events — cursor-paginated feed (filter by chain, type, address, tx_hash)
- GET /api/v1/events.csv — CSV export of events (max 10k rows, 5/min per IP)
- GET /api/v1/addresses/{chain}/{address}/timeline — full per-address history
- GET /api/v1/addresses/{chain}/{address}/counterparties — top-N peers with direction
- GET /api/v1/addresses/sitemap — JSON list for sitemap shards
- GET /api/v1/stats/overview — per-chain totals (events, frozen, destroyed, lag)
- GET /api/v1/stats/timeseries — aggregated counts (granularity day/week/month)
- GET /api/v1/stats/escape — preban→ban pairs where funds escaped during the signing window
- GET /api/v1/stats/empty-bans — bans landing on zero-balance addresses
- GET /api/v1/stats/reaction-window — preban→ban delta distribution
- GET /api/v1/stats/banned-growth — cumulative banned-address count over time
- GET /api/v1/stats/frozen-volume-growth — cumulative frozen USDT over time
- GET /api/v1/stats/data-freshness — per-chain last-event-at + ingest health
- GET /api/v1/signers — multisig signer leaderboard
- GET /api/v1/signers/{signer} — per-signer detail
- GET /api/v1/signers/activity — signer activity by month
- GET /api/v1/signers/time-of-day — hourly heatmap
- GET /api/v1/signers/order — confirmation-order metrics
- GET /api/v1/search?q= — full-text search (addresses, tx hashes, blog posts)
- CSV variants of the analytics endpoints: append .csv to the path

OpenAPI spec lives at /api/docs (Swagger UI).

## Data sourcing

All events from public on-chain logs via QuickNode archive nodes:
- ETH USDT contract: 0xdAC17F958D2ee523a2206206994597C13D831ec7
- TRON USDT contract: TR7NHqjeKQxGTCi8q8ZY4pL8otSzgjLj6t
- ETH multisig: 0xC6CDE7C39EB2F0F0095F41570AF89EFC2C1EA828

Live ingestion:
- 4 QuickNode Streams webhooks (ETH preban + ETH ban + TRON preban + TRON ban)
- Chunked eth_getLogs catch-up worker fills any QN outage gaps
- 5-minute ingest-health watchdog alerts via private Status channel
- External UptimeRobot ping on /healthz every 5 min

For DESTROY events, the destroyed amount is parsed from the
DestroyedBlackFunds log's data field directly, not via a follow-up
balance query (TRON's eth_call only supports the latest block, so a
balance read after destroy always returns 0 and would lose the
burned amount).

## Channels

- Public Telegram alerts channel (free): https://t.me/CryptoAlertReport
- Bot for personal alerts: https://t.me/CryptoAlertReportBot
- Mini-app (in-Telegram dashboard): https://t.me/CryptoAlertReportBot/tma

## Legal & contact

- Operating entity: KYT GROUP LIMITED, Hong Kong (BR 76814411)
- Registered address: Unit 2A, 17/F Glenealy Tower, No.1 Glenealy, Central, Hong Kong
- Support email: support@cryptoalert.report
- Support Telegram: @cryptoalert_supportbot

## MCP server for AI clients

A standalone Model Context Protocol server is published on npm:
https://www.npmjs.com/package/cryptoalert-report-mcp

Install + use:
  npx -y cryptoalert-report-mcp

Claude Desktop / Cursor / Continue config:
  {
    "mcpServers": {
      "cryptoalert-report": {
        "command": "npx",
        "args": ["-y", "cryptoalert-report-mcp"]
      }
    }
  }

Tools exposed by the server: search, get_overview, get_event_by_tx,
get_address, list_signers, list_events. Each maps 1:1 to a public
REST endpoint listed above and respects the same throttle (preban
events delayed 24h for anonymous callers). Source:
https://github.com/Plataml/alert-report/tree/main/mcp-server

## Notes for crawlers

- Robots: https://cryptoalert.report/robots.txt explicitly allows
  GPTBot, ClaudeBot, PerplexityBot, Google-Extended, CCBot, ChatGPT-User
- Sitemap index: https://cryptoalert.report/sitemap.xml — references
  static, address, blog, AND event children
- Per-event canonical pages: /event/{chain}/{tx_hash} (~24 500+ URLs)
- This document refreshes hourly. Re-fetch for current totals.
- Citation preferred: cryptoalert.report (lowercase, no www).