Fraud Detection API
>-
Fraud Detection API¶
The Fraud Detection API provides two endpoints for assessing risk at the wallet and contract level. All endpoints operate in real time, using on-chain data only - no off-chain identity or KYC data is required or used.
Base URL: https://enterprise.api.chainaware.ai
Authentication: x-api-key header required on all requests.
Supported networks: ETH, BNB, POLYGON, TON, BASE, TRON, HAQQ
Endpoints¶
POST /fraud/check- fraud probability score for a wallet addressPOST /rug/pull-check- fraud probability score for a contract address
POST /fraud/check¶
Returns a fraud probability score for a given wallet address. Use this endpoint for real-time risk gating - for example, at wallet-connect to decide whether to allow or flag a user before they interact with your protocol.
Response latency: under 100ms.
Request¶
Headers
| Header | Type | Required | Description |
|---|---|---|---|
x-api-key |
string | Yes | Your ChainAware API key |
Content-Type |
string | Yes | application/json |
Body
| Field | Type | Required | Description |
|---|---|---|---|
network |
string | Yes | Blockchain network - ETH, BNB, POLYGON, TON, BASE, TRON, or HAQQ |
walletAddress |
string | Yes | The wallet address to screen |
calculate |
boolean | No | Pass true to force a full real-time recalculation. Default false returns the most recent cached score. |
Example request
curl -X POST https://enterprise.api.chainaware.ai/fraud/check \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network": "ETH",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
}'
Response¶
| Field | Type | Description |
|---|---|---|
message |
string | "Success" |
walletAddress |
string | The queried wallet address |
chain |
string | Blockchain identifier |
status |
string | Risk classification - "Not Fraud", "Fraud", or "New Address" |
probabilityFraud |
string | Fraud probability as a decimal string, e.g. "0.04" (4%) |
token |
string | null | Internal token reference, if applicable |
lastChecked |
string | ISO 8601 timestamp of the most recent score calculation |
forensic_details |
object | 19 forensic risk flags - see table below |
checked_times |
integer | Number of times this wallet has been analysed |
sanctionData |
array | Sanctions intelligence - see structure below |
createdAt |
string | ISO 8601 timestamp when this wallet was first profiled |
updatedAt |
string | null | ISO 8601 timestamp of the most recent profile update |
forensic_details fields - each is a string value:
| Flag | Description |
|---|---|
cybercrime |
Association with cybercrime activity |
money_laundering |
Money laundering indicators |
number_of_malicious_contracts_created |
Count of malicious contracts deployed by this wallet |
gas_abuse |
Gas price manipulation or abuse patterns |
financial_crime |
Broader financial crime signals |
darkweb_transactions |
Transactions linked to darkweb markets |
reinit |
Re-initialisation attack patterns |
phishing_activities |
Phishing-related transaction patterns |
fake_kyc |
Fake KYC document or identity signals |
blacklist_doubt |
Blacklist adjacency indicators |
fake_standard_interface |
Fake ERC standard interface implementations |
data_source |
Source of forensic data |
stealing_attack |
Stealing attack patterns |
blackmail_activities |
Blackmail or extortion transaction patterns |
sanctioned |
Appears on a sanctions list |
malicious_mining_activities |
Malicious mining activity signals |
mixer |
Mixer or tumbler interaction |
fake_token |
Association with fake token deployments |
honeypot_related_address |
Linked to honeypot token contracts |
sanctionData array - each object contains:
| Field | Type | Description |
|---|---|---|
category |
string | null | Sanctions category |
name |
string | null | Sanctioned entity name |
description |
string | null | Description of the sanctions entry |
url |
string | null | Source URL |
isSanctioned |
boolean | Whether this wallet is actively sanctioned |
createdAt |
string | ISO 8601 timestamp |
updatedAt |
string | ISO 8601 timestamp |
Example response
{
"message": "Success",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
"chain": "ETH",
"status": "Not Fraud",
"probabilityFraud": "0.03",
"token": null,
"lastChecked": "2026-03-15T10:22:00Z",
"forensic_details": {
"cybercrime": "0",
"money_laundering": "0",
"number_of_malicious_contracts_created": "0",
"gas_abuse": "0",
"financial_crime": "0",
"darkweb_transactions": "0",
"reinit": "0",
"phishing_activities": "0",
"fake_kyc": "0",
"blacklist_doubt": "0",
"fake_standard_interface": "0",
"data_source": "0",
"stealing_attack": "0",
"blackmail_activities": "0",
"sanctioned": "0",
"malicious_mining_activities": "0",
"mixer": "0",
"fake_token": "0",
"honeypot_related_address": "0"
},
"checked_times": 47,
"sanctionData": [
{ "isSanctioned": false }
],
"createdAt": "2024-11-01T08:00:00Z",
"updatedAt": "2026-03-15T10:22:00Z"
}
Error Codes¶
| Code | Meaning |
|---|---|
400 |
Bad request - missing or invalid fields |
401 |
Unauthorized - API key missing or invalid |
404 |
Wallet not found |
429 |
Rate limit exceeded |
500 |
Internal server error |
POST /rug/pull-check¶
Returns a rug pull probability score for a given contract or liquidity pool address. Evaluates the contract itself, the deployer's cross-chain behavioural history, and the behaviour of associated liquidity providers.
ChainAware's rug pull model achieves 68% accuracy on new pools, detecting preparation patterns before a documented rug event occurs.
Subscription: Business or Enterprise plan required.
Supported networks: ETH, BNB, BASE, HAQQ
Request¶
Headers
| Header | Type | Required | Description |
|---|---|---|---|
x-api-key |
string | Yes | Your ChainAware API key |
Content-Type |
string | Yes | application/json |
Body
| Field | Type | Required | Description |
|---|---|---|---|
network |
string | Yes | Blockchain network - ETH, BNB, BASE, or HAQQ |
walletAddress |
string | Yes | The contract or liquidity pool address to screen |
Example request
curl -X POST https://enterprise.api.chainaware.ai/rug/pull-check \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network": "ETH",
"walletAddress": "0x91dba2cd05c8a0227b48c3e426077145d23b21df"
}'
Response¶
Top-level fields
| Field | Type | Description |
|---|---|---|
message |
string | "Success" |
contractAddress |
string | The analyzed contract address |
pairAddress |
string | Liquidity pair address on the DEX |
contractCreatorAddress |
string | null | Deployer address, if available |
risk_score |
integer | Internal numerical risk score |
risk_status |
string | Qualitative risk label, e.g. "Low Risk" |
status |
string | Overall fraud classification - "Not Fraud" or "Fraud" |
probabilityFraud |
number | Rug pull probability as a float, e.g. 0.835 (83.5%) |
chain |
string | Blockchain network identifier |
lastChecked |
string | ISO 8601 timestamp of the most recent analysis |
contractCreationTime |
string | null | ISO 8601 contract deployment timestamp |
risk_indicators |
object | Static smart contract security flags - see table below |
forensic_details |
object | Dynamic forensic indicators - see table below |
liquidityEvent |
array | Recent liquidity add/remove events - see structure below |
checked_times |
integer | Number of times this contract has been analysed |
createdAt |
string | ISO 8601 timestamp when this contract was first profiled |
updatedAt |
string | ISO 8601 timestamp of the most recent profile update |
risk_indicators fields - each is an integer (0/1) unless noted:
| Flag | Description |
|---|---|
is_honeypot |
Contract traps buyers - sells are blocked |
honeypot_with_same_creator |
Creator deployed another honeypot |
can_take_back_ownership |
Ownership can be reclaimed after renouncing |
is_mintable |
Contract allows unlimited token minting |
hidden_owner |
Contract has a concealed owner address |
buy_tax |
Buy tax percentage |
sell_tax |
Sell tax percentage |
cannot_buy |
Buying is disabled |
cannot_sell_all |
Holders cannot sell their full balance |
is_blacklisted |
Contract can blacklist addresses |
is_whitelisted |
Contract uses a whitelist |
creator_percent |
Percentage of supply held by creator |
lp_holders_locked |
boolean - LP tokens are locked |
liquidity |
number - Current liquidity in base token |
market_cap |
number - Estimated market capitalisation |
is_in_dex |
Contract is listed on a DEX |
slippage_modifiable |
Slippage can be changed by owner |
transfer_pausable |
Token transfers can be paused |
is_anti_whale |
Anti-whale mechanism active |
anti_whale_modifiable |
Anti-whale limits can be changed |
trading_cooldown |
Cooldown period enforced between trades |
personal_slippage_modifiable |
Per-address slippage can be set |
is_open_source |
Contract source is verified |
is_proxy |
Contract is a proxy |
owner_address |
Current owner address |
owner_change_balance |
Owner can modify holder balances |
selfdestruct |
Contract contains a selfdestruct call |
external_call |
Contract makes external calls |
gas_abuse |
Gas manipulation patterns detected |
forensic_details fields:
| Field | Type | Description |
|---|---|---|
owner |
object | Owner wallet analysis |
privilege_withdraw |
integer | Privileged withdrawal function present |
withdraw_missing |
integer | Expected withdraw function is absent |
is_open_source |
integer | Contract source verified |
blacklist |
integer | Blacklist function present |
contract_name |
string | Detected contract name |
selfdestruct |
integer | Selfdestruct call present |
is_proxy |
integer | Contract is a proxy |
approval_abuse |
integer | Approval abuse patterns detected |
liquidityEvent array - each object contains:
| Field | Type | Description |
|---|---|---|
eventType |
string | "add" or "remove" |
amount |
number | Liquidity amount in base token |
token |
string | Base token symbol |
tx_hash |
string | Transaction hash |
from_address |
string | Address that triggered the event |
from_fraud_probability |
number | Fraud probability (0-1) of the LP event sender |
from_fraud_status |
string | "Not Fraud" or "Fraud" |
createdAt |
string | ISO 8601 event timestamp |
Example response
{
"message": "Success",
"contractAddress": "0x91dba2cd05c8a0227b48c3e426077145d23b21df",
"pairAddress": "0x290dd1e2e1856841b4ee4be8fd1aba51011c12e9",
"contractCreatorAddress": null,
"risk_score": 8,
"risk_status": "High Risk",
"status": "Fraud",
"probabilityFraud": 0.8350795507,
"chain": "BNB",
"lastChecked": "2026-02-14T13:57:01.000Z",
"contractCreationTime": null,
"risk_indicators": {
"is_honeypot": 1,
"honeypot_with_same_creator": 1,
"can_take_back_ownership": 0,
"is_mintable": 0,
"hidden_owner": 0,
"buy_tax": 0,
"sell_tax": 0,
"cannot_buy": 0,
"cannot_sell_all": 1,
"is_blacklisted": 0,
"is_whitelisted": 0,
"creator_percent": 0,
"lp_holders_locked": false,
"liquidity": 14.38,
"market_cap": 2062,
"is_in_dex": 1,
"slippage_modifiable": 0,
"transfer_pausable": 0,
"is_anti_whale": 0,
"anti_whale_modifiable": 0,
"trading_cooldown": 0,
"personal_slippage_modifiable": 0,
"is_open_source": 1,
"is_proxy": 0,
"owner_address": "",
"owner_change_balance": 0,
"selfdestruct": 0,
"external_call": 0,
"gas_abuse": 0
},
"liquidityEvent": [
{
"eventType": "remove",
"amount": 1.60228,
"token": "wbnb",
"tx_hash": "0xed0a492f9e8021fd74a950237703ea0047223b4bd4c032810e02734c407e624a",
"from_address": "0x983fd7447391bae599ac38ea06cd9d60c89fbb66",
"from_fraud_probability": 1,
"from_fraud_status": "Fraud",
"createdAt": "2026-01-02T11:31:22.000Z"
}
],
"forensic_details": {
"owner": {},
"privilege_withdraw": 0,
"withdraw_missing": 0,
"is_open_source": 1,
"blacklist": 0,
"contract_name": "PAPUToken",
"selfdestruct": 0,
"is_proxy": 0,
"approval_abuse": 0
},
"checked_times": 1,
"createdAt": "2024-05-31T00:42:51.000Z",
"updatedAt": "2026-03-03T10:44:35.000Z"
}
Error Codes¶
| Code | Meaning |
|---|---|
400 |
Bad request - missing or invalid fields |
401 |
Unauthorized - API key missing or invalid |
404 |
Contract not found |
429 |
Rate limit exceeded |
500 |
Internal server error |
Interpreting probabilityFraud¶
The probabilityFraud field is returned as a decimal string representing a probability between 0.00 (no risk) and 1.00 (maximum risk).
| Range | Suggested interpretation |
|---|---|
0.00 - 0.15 |
Low risk - safe to proceed |
0.16 - 0.50 |
Elevated risk - consider additional review |
0.51 - 0.75 |
High risk - flag for manual review or block |
0.76 - 1.00 |
Very high risk - block or reject |
Thresholds should be calibrated to your protocol's risk tolerance. ChainAware achieves 98% accuracy at a standard threshold for wallet-level fraud detection.
Common Use Cases¶
- Wallet-connect gating - call
/fraud/checkat the point of wallet connection; block or flag wallets above your risk threshold before they interact with your protocol - Airdrop and incentive protection - screen all claiming wallets via
/fraud/checkbefore distributing rewards to prevent Sybil drain - Rug pull alerts - integrate
/rug/pull-checkinto your product to warn users before they interact with high-risk contracts - AML compliance - use
forensic_detailsfrom/fraud/checkto support KYT (Know Your Transaction) workflows; for full behavioural audit see the User Segmentation API
Further Reading¶
- Fraud Detector Guide - how to use
predictive_fraud: inputs, outputs, thresholds, and use cases - Rug Pull Detector Guide - how to use
predictive_rug_pull: contract scoring, deployer risk, and LP analysis - Transaction Monitoring Guide - real-time transaction risk monitoring patterns
- AI-Powered Blockchain Analysis: Machine Learning for Crypto Security - ML approaches to on-chain security and fraud detection
See also: User Segmentation API | Credit Scoring API | Enterprise API Overview