How we built it

Step 1: Transaction Ingestion

Blockchain transactions are streamed in real time from a blockchain node or indexing service (e.g., TronGrid or simulated mempool data). Each transaction is published as an immutable event into a Kafka topic within Confluent Cloud.

This approach ensures high-throughput ingestion while maintaining ordering and replayability.

Step 2: Real-Time Feature Engineering (Confluent Highlight)

Using ksqlDB, the system continuously computes behavioral features over sliding time windows, enabling detection of suspicious patterns as they form rather than after the fact.

Key features include:

• Transaction velocity per wallet

• Average transaction size deviations

• Wallet age and interaction diversity

• Burst detection (N transactions within M seconds)

Example engineered features:

• tx_count_60s

• unique_receivers_5m

• avg_amount_1h

• wallet_entropy_score

These enriched events are published back into Kafka for downstream consumption.

Step 3: AI Fraud Scoring (Google Cloud)

Enriched transaction events are sent to a fraud scoring API hosted on Google Cloud Run. This service forwards the feature vectors to Vertex AI, where a machine learning model (AutoML or gradient-boosted trees) computes a probabilistic fraud risk score.

For clarity and reliability, the system supports a hybrid approach that combines:

• Machine learning–based scoring

• Deterministic rules for known high-risk behaviors

Step 4: Actions & Alerts

Fraud decisions are published to a dedicated fraud-alerts Kafka topic. Downstream consumers include:

• A real-time web dashboard for analysts

• Webhooks and APIs for wallets, exchanges, or dApps to take action

Based on configurable thresholds, transactions can be:

• Allowed

• Flagged for review

• Escalated for off-chain intervention