Verify Crypto Wallet Before Receiving Payment
When someone pays you in cryptocurrency, two risks collide: you might receive funds you cannot later move without a compliance headache, or you might send goods and services to a payer whose wallet is fraudulent or stolen. A disciplined payment address check before you accept inbound crypto protects both sides of the transaction. This guide walks through how to verify a crypto wallet before receiving payment — whether you are a freelancer, merchant, OTC desk, or individual selling hardware online.
Why receiving is riskier than sending
Outbound transfers feel dangerous because mistakes are irreversible. Inbound transfers carry a different class of risk: inherited taint. Blockchain analytics firms label wallets connected to hacks, scams, ransomware, mixers, and sanctions lists. When tainted coins land in your wallet, the stain attaches to your UTXOs or token balances — not to the sender's reputation.
Exchanges run retrospective screening when you deposit. Banks and payment processors may freeze fiat accounts if fraud victims trace stolen crypto through your address. Law enforcement inquiries can follow high-risk inbound flows even when you acted in good faith. Verifying the payer's wallet before you confirm delivery is cheaper than explaining a flagged deposit six months later.
Receiving also creates operational risk: chain mismatches (ERC-20 USDT sent to a Tron address), address substitution in chat, and triangulation fraud where your wallet becomes an unwitting layer in a larger scam. A structured verification workflow catches these before you ship product or release escrow.
Payment address check: the core workflow
Think of verification as four layers that reinforce each other. Skipping any layer leaves a gap attackers exploit.
Layer 1 — Format and chain validation
Confirm the asset and network match what you advertised. Bitcoin native segwit addresses start with bc1; legacy with 1 or 3. Ethereum and most EVM tokens use 0x followed by 40 hexadecimal characters. Tron USDT uses addresses beginning with T. Solana uses base58 public keys without a fixed prefix.
Checksum validation catches typos before funds move. Never trust screenshots of QR codes — scan the code yourself or copy-paste text from a signed message. One wrong character sends payment to an unrecoverable address or the wrong chain entirely.
Layer 2 — Ownership proof
A payment address check proves the string is valid; ownership proof proves the counterparty controls it. Ask the payer to sign a short message with the wallet's private key: "I control 0x… for invoice #1042 dated 2026-06-09." Verify the signature locally in your wallet software or a trusted verifier.
This step defeats impersonation attacks where an attacker intercepts email or Telegram and substitutes their address. For recurring clients, store verified addresses and require re-verification when the address changes.
Layer 3 — AML and sanctions screening
Paste the payer's sending address into a screening tool before you accept funds. Review direct OFAC sanctions hits, mixer hop distance, scam and ransomware cluster labels, and address age. A wallet created hours ago with a single large inbound from a high-risk cluster is a red flag even if the payer's story sounds plausible.
Elevated risk does not always mean refuse payment — but it demands enhanced due diligence, a written source of funds narrative, and documentation you can present if your bank or exchange asks later. Direct SDN matches are a hard stop for most U.S.-linked businesses.
Layer 4 — Transaction confirmation rules
Define when payment is "received" in your contract: one confirmation for small amounts, six or more for large Bitcoin transfers, finality rules for Ethereum after the merge. Match the payer's address on-chain to the screened address — not a different wallet they "also use." Document block height, transaction ID, and screening timestamp in your records.
Scenarios and what to verify
| Scenario | Verify before accepting | Common mistake |
|---|---|---|
| Freelancer invoice | Client's sending address + ownership signature | Accepting from unverified "company wallet" |
| E-commerce merchant | Each order's payer address if crypto checkout | Reusing one static address without screening inbound |
| P2P sale (you receive crypto) | Buyer's wallet AML profile | Releasing goods before screening |
| OTC desk (you receive USDT) | Counterparty address + corporate KYC | Wiring fiat before on-chain confirmation |
| Donation / grant | Grantor wallet if large or anonymous | Assuming nonprofits are exempt from taint |
Verifying your own receiving address
Before sharing your wallet with payers, audit your receiving addresses yourself. Dormant UTXOs from years ago can carry taint you forgot about. When new payment merges with old inputs, the entire outbound transaction inherits the worst label in the set.
Hardware wallet users should run a portfolio scan — see our Ledger and Trezor AML scan guide — to enumerate derived addresses, not just the one you display on invoices. Use a fresh receive address per large payment when possible to isolate inbound flows and simplify future accounting.
Documentation that survives disputes
When a bank freezes your account or an exchange holds a deposit, chat screenshots are weak evidence. Strong documentation includes:
- Timestamped AML screening export for the payer's address
- Signed ownership message and verification result
- Invoice or contract referencing the expected amount and asset
- On-chain transaction ID linked to the screened address
- Counterparty identity verification for OTC or high-value trades
This packet supports legitimate source of funds demonstrations and speeds compliance appeals. Store it offline with your trade records.
Red flags that should delay or cancel acceptance
- Payer refuses message signing or ownership proof
- Address matches a known phishing or scam cluster
- Direct sanctions list hit on payer or recent inbound source
- Pressure to accept before screening completes
- Payment from a different address than the one verified without explanation
- Overpayment followed by a "refund to this other address" request — classic scam
- Fresh wallet with single inbound from mixer-adjacent sources
If you already received tainted funds, do not rush to deposit to a CEX hoping it goes unnoticed. Read our CEX deposit freeze prevention guide and consult qualified compliance advice before moving balances.
Free local screening for active receivers
Merchants and freelancers who receive crypto weekly cannot afford per-address API fees from cloud vendors. AegisAML on Windows screens payer wallets locally — Bitcoin, Ethereum, USDT on Tron and ERC-20 — with hop analysis and sanctions data. Paste the counterparty address, review the report, archive the result, then confirm delivery.
Verify payer wallets before you accept payment
AegisAML — free payment address checks on Windows. Screen inbound crypto sources for sanctions, scams, and mixer exposure before you ship or deliver.
Download AegisAML for Windows