Fraud Detection API
>-
Fraud Detection API¶
The Fraud Detection API provides three endpoints for assessing risk at the wallet and contract level. All endpoints operate in real time, using on-chain data only — no off-chain identity or KYC data is required or used.
Base URL: https://enterprise.api.chainaware.ai
Authentication: x-api-key header required on all requests.
Supported networks: ethereum, bsc, polygon, base, solana, ton, tron
Endpoints¶
POST /fraud/check— fraud probability score for a wallet addressPOST /fraud/audit— full behavioural audit of a wallet addressPOST /rug/pull-check— fraud probability score for a contract address
POST /fraud/check¶
Returns a fraud probability score for a given wallet address. Use this endpoint for real-time risk gating — for example, at wallet-connect to decide whether to allow or flag a user before they interact with your protocol.
Response latency: under 100ms.
Request¶
Headers
| Header | Type | Required | Description |
|---|---|---|---|
x-api-key |
string | Yes | Your ChainAware API key |
Content-Type |
string | Yes | application/json |
Body
| Field | Type | Required | Description |
|---|---|---|---|
network |
string | Yes | Blockchain network — ethereum, bsc, polygon, base, solana, ton, or tron |
walletAddress |
string | Yes | The wallet address to screen |
onlyFraud |
boolean | No | Pass true to return only the fraud probability score, omitting all other fields. Useful for high-frequency gating where minimal payload is preferred. |
Example request
curl -X POST https://enterprise.api.chainaware.ai/fraud/check \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network": "ethereum",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
}'
Response¶
| Field | Type | Description |
|---|---|---|
message |
string | Result status message |
walletAddress |
string | The queried wallet address |
status |
string | Risk status — e.g. "safe", "suspicious", "high_risk" |
probabilityFraud |
string | Fraud probability as a decimal string, e.g. "0.04" (4%) |
token |
string | null | Internal token reference, if applicable |
lastChecked |
string | ISO 8601 timestamp of the most recent score calculation |
forensic_details |
object | Supporting forensic signals that contributed to the score |
createdAt |
string | ISO 8601 timestamp when this wallet was first profiled |
updatedAt |
string | null | ISO 8601 timestamp of the most recent profile update |
Example response
{
"message": "Fraud check completed",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
"status": "safe",
"probabilityFraud": "0.03",
"token": null,
"lastChecked": "2026-03-15T10:22:00Z",
"forensic_details": {
"mixerInteractions": 0,
"sanctionedCounterparties": 0,
"flashLoanHistory": false
},
"createdAt": "2024-11-01T08:00:00Z",
"updatedAt": "2026-03-15T10:22:00Z"
}
POST /fraud/audit¶
Returns a comprehensive behavioural audit of a wallet address. In addition to the fraud probability score from /fraud/check, the audit includes wallet categorisation, risk profiling, segment classification, experience level, onboarding recommendations, and inferred behavioural intent.
Use this endpoint when you need the full picture — for example, to personalise a user's onboarding journey, decide credit terms, or conduct a detailed compliance review.
Request¶
Headers
| Header | Type | Required | Description |
|---|---|---|---|
x-api-key |
string | Yes | Your ChainAware API key |
Content-Type |
string | Yes | application/json |
Body
| Field | Type | Required | Description |
|---|---|---|---|
network |
string | Yes | Blockchain network — ethereum, bsc, polygon, base, solana, ton, or tron |
walletAddress |
string | Yes | The wallet address to audit |
Example request
curl -X POST https://enterprise.api.chainaware.ai/fraud/audit \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network": "ethereum",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
}'
Response¶
The audit response includes all fields from /fraud/check, plus the following additional fields:
| Field | Type | Description |
|---|---|---|
message |
string | Result status message |
walletAddress |
string | The queried wallet address |
status |
string | Risk status — e.g. "safe", "suspicious", "high_risk" |
probabilityFraud |
string | Fraud probability as a decimal string |
token |
string | null | Internal token reference, if applicable |
lastChecked |
string | ISO 8601 timestamp of the most recent score calculation |
forensic_details |
object | Forensic signals that contributed to the fraud score |
categories |
object | Wallet activity categories — e.g. DeFi trader, yield farmer, NFT collector |
riskProfile |
object | Breakdown of specific risk dimensions — e.g. wash trading, Sybil indicators, mixer usage |
segmentInfo |
object | Wallet quality segment — A, B, or C classification (see User Segmentation API) |
experience |
object | Estimated on-chain experience level — e.g. beginner, intermediate, advanced |
recommendation |
object | Suggested onboarding path or product configuration for this wallet profile |
intention |
object | Inferred behavioural intention signals — e.g. likely to trade, likely to provide liquidity, high churn risk |
createdAt |
string | ISO 8601 timestamp when this wallet was first profiled |
updatedAt |
string | null | ISO 8601 timestamp of the most recent profile update |
Example response
{
"message": "Wallet audit completed",
"walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
"status": "safe",
"probabilityFraud": "0.03",
"token": null,
"lastChecked": "2026-03-15T10:22:00Z",
"forensic_details": {
"mixerInteractions": 0,
"sanctionedCounterparties": 0,
"flashLoanHistory": false
},
"categories": {
"defiTrader": true,
"yieldFarmer": false,
"nftCollector": false
},
"riskProfile": {
"washTrading": "low",
"sybilIndicators": "none",
"mixerUsage": "none"
},
"segmentInfo": {
"segment": "A",
"walletQuality": 87
},
"experience": {
"level": "advanced",
"activeMonths": 28
},
"recommendation": {
"onboardingPath": "advanced",
"suggestedFeatures": ["leveraged_positions", "liquidity_pools"]
},
"intention": {
"likelyToTrade": true,
"likelyToProvideLiquidity": true,
"highChurnRisk": false
},
"createdAt": "2024-11-01T08:00:00Z",
"updatedAt": "2026-03-15T10:22:00Z"
}
POST /rug/pull-check¶
Returns a fraud probability score for a given contract address. Use this endpoint to screen liquidity pools, token contracts, or DeFi protocol contracts before your users interact with them — or to power a rug pull alert feature in your product.
ChainAware's rug pull model achieves 68% accuracy on new pools, detecting preparation patterns before a documented rug event occurs.
Request¶
Headers
| Header | Type | Required | Description |
|---|---|---|---|
x-api-key |
string | Yes | Your ChainAware API key |
Content-Type |
string | Yes | application/json |
Body
| Field | Type | Required | Description |
|---|---|---|---|
network |
string | Yes | Blockchain network — ethereum, bsc, polygon, base, solana, ton, or tron |
contractAddress |
string | Yes | The contract address to screen |
Example request
curl -X POST https://enterprise.api.chainaware.ai/rug/pull-check \
-H "x-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"network": "ethereum",
"contractAddress": "0xContractAddressHere"
}'
Response¶
| Field | Type | Description |
|---|---|---|
message |
string | Result status message |
contractAddress |
string | The queried contract address |
status |
string | Risk status — e.g. "safe", "suspicious", "high_risk" |
probabilityFraud |
string | Rug pull probability as a decimal string, e.g. "0.71" (71%) |
lastChecked |
string | ISO 8601 timestamp of the most recent score calculation |
forensic_details |
object | Signals that contributed to the rug pull score |
createdAt |
string | ISO 8601 timestamp when this contract was first profiled |
updatedAt |
string | null | ISO 8601 timestamp of the most recent profile update |
Example response
{
"message": "Rug pull check completed",
"contractAddress": "0xContractAddressHere",
"status": "suspicious",
"probabilityFraud": "0.71",
"lastChecked": "2026-03-15T10:30:00Z",
"forensic_details": {
"ownershipConcentration": "high",
"liquidityLockStatus": "unlocked",
"deployerHistory": "flagged"
},
"createdAt": "2026-03-10T14:00:00Z",
"updatedAt": "2026-03-15T10:30:00Z"
}
Interpreting probabilityFraud¶
The probabilityFraud field is returned as a decimal string representing a probability between 0.00 (no risk) and 1.00 (maximum risk).
| Range | Suggested interpretation |
|---|---|
0.00 – 0.15 |
Low risk — safe to proceed |
0.16 – 0.50 |
Elevated risk — consider additional review |
0.51 – 0.75 |
High risk — flag for manual review or block |
0.76 – 1.00 |
Very high risk — block or reject |
Thresholds should be calibrated to your protocol's risk tolerance. ChainAware achieves 98% accuracy at a standard threshold for wallet-level fraud detection.
Common Use Cases¶
- Wallet-connect gating — call
/fraud/checkat the point of wallet connection; block or flag wallets above your risk threshold before they interact with your protocol - Onboarding personalisation — call
/fraud/auditafter connection to retrieve experience level and recommendations; route users to appropriate onboarding flows - Airdrop and incentive protection — screen all claiming wallets via
/fraud/checkbefore distributing rewards to prevent Sybil drain - Rug pull alerts — integrate
/rug/pull-checkinto your product to warn users before they interact with high-risk contracts - AML compliance — use
forensic_detailsfrom/fraud/auditto support KYT (Know Your Transaction) workflows
Further Reading¶
- Fraud Detector Guide — how to use
predictive_fraud: inputs, outputs, thresholds, and use cases - Rug Pull Detector Guide — how to use
predictive_rug_pull: contract scoring, deployer risk, and LP analysis - Transaction Monitoring Guide — real-time transaction risk monitoring patterns
- AI-Powered Blockchain Analysis: Machine Learning for Crypto Security — ML approaches to on-chain security and fraud detection
See also: User Segmentation API | Credit Scoring API | Enterprise API Overview