Fraud Detection API

The Fraud Detection API provides two endpoints for assessing risk at the wallet and contract level. All endpoints operate in real time, using on-chain data only - no off-chain identity or KYC data is required or used.

Base URL: https://enterprise.api.chainaware.ai

Authentication: x-api-key header required on all requests.

Supported networks: ETH, BNB, POLYGON, TON, BASE, TRON, HAQQ


Endpoints


POST /fraud/check

Returns a fraud probability score for a given wallet address. Use this endpoint for real-time risk gating - for example, at wallet-connect to decide whether to allow or flag a user before they interact with your protocol.

Response latency: under 100ms.

Request

Headers

Header Type Required Description
x-api-key string Yes Your ChainAware API key
Content-Type string Yes application/json

Body

Field Type Required Description
network string Yes Blockchain network - ETH, BNB, POLYGON, TON, BASE, TRON, or HAQQ
walletAddress string Yes The wallet address to screen
calculate boolean No Pass true to force a full real-time recalculation. Default false returns the most recent cached score.

Example request

curl -X POST https://enterprise.api.chainaware.ai/fraud/check \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "network": "ETH",
    "walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045"
  }'

Response

Field Type Description
message string "Success"
walletAddress string The queried wallet address
chain string Blockchain identifier
status string Risk classification - "Not Fraud", "Fraud", or "New Address"
probabilityFraud string Fraud probability as a decimal string, e.g. "0.04" (4%)
token string | null Internal token reference, if applicable
lastChecked string ISO 8601 timestamp of the most recent score calculation
forensic_details object 19 forensic risk flags - see table below
checked_times integer Number of times this wallet has been analysed
sanctionData array Sanctions intelligence - see structure below
createdAt string ISO 8601 timestamp when this wallet was first profiled
updatedAt string | null ISO 8601 timestamp of the most recent profile update

forensic_details fields - each is a string value:

Flag Description
cybercrime Association with cybercrime activity
money_laundering Money laundering indicators
number_of_malicious_contracts_created Count of malicious contracts deployed by this wallet
gas_abuse Gas price manipulation or abuse patterns
financial_crime Broader financial crime signals
darkweb_transactions Transactions linked to darkweb markets
reinit Re-initialisation attack patterns
phishing_activities Phishing-related transaction patterns
fake_kyc Fake KYC document or identity signals
blacklist_doubt Blacklist adjacency indicators
fake_standard_interface Fake ERC standard interface implementations
data_source Source of forensic data
stealing_attack Stealing attack patterns
blackmail_activities Blackmail or extortion transaction patterns
sanctioned Appears on a sanctions list
malicious_mining_activities Malicious mining activity signals
mixer Mixer or tumbler interaction
fake_token Association with fake token deployments
honeypot_related_address Linked to honeypot token contracts

sanctionData array - each object contains:

Field Type Description
category string | null Sanctions category
name string | null Sanctioned entity name
description string | null Description of the sanctions entry
url string | null Source URL
isSanctioned boolean Whether this wallet is actively sanctioned
createdAt string ISO 8601 timestamp
updatedAt string ISO 8601 timestamp

Example response

{
  "message": "Success",
  "walletAddress": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "chain": "ETH",
  "status": "Not Fraud",
  "probabilityFraud": "0.03",
  "token": null,
  "lastChecked": "2026-03-15T10:22:00Z",
  "forensic_details": {
    "cybercrime": "0",
    "money_laundering": "0",
    "number_of_malicious_contracts_created": "0",
    "gas_abuse": "0",
    "financial_crime": "0",
    "darkweb_transactions": "0",
    "reinit": "0",
    "phishing_activities": "0",
    "fake_kyc": "0",
    "blacklist_doubt": "0",
    "fake_standard_interface": "0",
    "data_source": "0",
    "stealing_attack": "0",
    "blackmail_activities": "0",
    "sanctioned": "0",
    "malicious_mining_activities": "0",
    "mixer": "0",
    "fake_token": "0",
    "honeypot_related_address": "0"
  },
  "checked_times": 47,
  "sanctionData": [
    { "isSanctioned": false }
  ],
  "createdAt": "2024-11-01T08:00:00Z",
  "updatedAt": "2026-03-15T10:22:00Z"
}

Error Codes

Code Meaning
400 Bad request - missing or invalid fields
401 Unauthorized - API key missing or invalid
404 Wallet not found
429 Rate limit exceeded
500 Internal server error

POST /rug/pull-check

Returns a rug pull probability score for a given contract or liquidity pool address. Evaluates the contract itself, the deployer's cross-chain behavioural history, and the behaviour of associated liquidity providers.

ChainAware's rug pull model achieves 68% accuracy on new pools, detecting preparation patterns before a documented rug event occurs.

Subscription: Business or Enterprise plan required.

Supported networks: ETH, BNB, BASE, HAQQ

Request

Headers

Header Type Required Description
x-api-key string Yes Your ChainAware API key
Content-Type string Yes application/json

Body

Field Type Required Description
network string Yes Blockchain network - ETH, BNB, BASE, or HAQQ
walletAddress string Yes The contract or liquidity pool address to screen

Example request

curl -X POST https://enterprise.api.chainaware.ai/rug/pull-check \
  -H "x-api-key: YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "network": "ETH",
    "walletAddress": "0x91dba2cd05c8a0227b48c3e426077145d23b21df"
  }'

Response

Top-level fields

Field Type Description
message string "Success"
contractAddress string The analyzed contract address
pairAddress string Liquidity pair address on the DEX
contractCreatorAddress string | null Deployer address, if available
risk_score integer Internal numerical risk score
risk_status string Qualitative risk label, e.g. "Low Risk"
status string Overall fraud classification - "Not Fraud" or "Fraud"
probabilityFraud number Rug pull probability as a float, e.g. 0.835 (83.5%)
chain string Blockchain network identifier
lastChecked string ISO 8601 timestamp of the most recent analysis
contractCreationTime string | null ISO 8601 contract deployment timestamp
risk_indicators object Static smart contract security flags - see table below
forensic_details object Dynamic forensic indicators - see table below
liquidityEvent array Recent liquidity add/remove events - see structure below
checked_times integer Number of times this contract has been analysed
createdAt string ISO 8601 timestamp when this contract was first profiled
updatedAt string ISO 8601 timestamp of the most recent profile update

risk_indicators fields - each is an integer (0/1) unless noted:

Flag Description
is_honeypot Contract traps buyers - sells are blocked
honeypot_with_same_creator Creator deployed another honeypot
can_take_back_ownership Ownership can be reclaimed after renouncing
is_mintable Contract allows unlimited token minting
hidden_owner Contract has a concealed owner address
buy_tax Buy tax percentage
sell_tax Sell tax percentage
cannot_buy Buying is disabled
cannot_sell_all Holders cannot sell their full balance
is_blacklisted Contract can blacklist addresses
is_whitelisted Contract uses a whitelist
creator_percent Percentage of supply held by creator
lp_holders_locked boolean - LP tokens are locked
liquidity number - Current liquidity in base token
market_cap number - Estimated market capitalisation
is_in_dex Contract is listed on a DEX
slippage_modifiable Slippage can be changed by owner
transfer_pausable Token transfers can be paused
is_anti_whale Anti-whale mechanism active
anti_whale_modifiable Anti-whale limits can be changed
trading_cooldown Cooldown period enforced between trades
personal_slippage_modifiable Per-address slippage can be set
is_open_source Contract source is verified
is_proxy Contract is a proxy
owner_address Current owner address
owner_change_balance Owner can modify holder balances
selfdestruct Contract contains a selfdestruct call
external_call Contract makes external calls
gas_abuse Gas manipulation patterns detected

forensic_details fields:

Field Type Description
owner object Owner wallet analysis
privilege_withdraw integer Privileged withdrawal function present
withdraw_missing integer Expected withdraw function is absent
is_open_source integer Contract source verified
blacklist integer Blacklist function present
contract_name string Detected contract name
selfdestruct integer Selfdestruct call present
is_proxy integer Contract is a proxy
approval_abuse integer Approval abuse patterns detected

liquidityEvent array - each object contains:

Field Type Description
eventType string "add" or "remove"
amount number Liquidity amount in base token
token string Base token symbol
tx_hash string Transaction hash
from_address string Address that triggered the event
from_fraud_probability number Fraud probability (0-1) of the LP event sender
from_fraud_status string "Not Fraud" or "Fraud"
createdAt string ISO 8601 event timestamp

Example response

{
  "message": "Success",
  "contractAddress": "0x91dba2cd05c8a0227b48c3e426077145d23b21df",
  "pairAddress": "0x290dd1e2e1856841b4ee4be8fd1aba51011c12e9",
  "contractCreatorAddress": null,
  "risk_score": 8,
  "risk_status": "High Risk",
  "status": "Fraud",
  "probabilityFraud": 0.8350795507,
  "chain": "BNB",
  "lastChecked": "2026-02-14T13:57:01.000Z",
  "contractCreationTime": null,
  "risk_indicators": {
    "is_honeypot": 1,
    "honeypot_with_same_creator": 1,
    "can_take_back_ownership": 0,
    "is_mintable": 0,
    "hidden_owner": 0,
    "buy_tax": 0,
    "sell_tax": 0,
    "cannot_buy": 0,
    "cannot_sell_all": 1,
    "is_blacklisted": 0,
    "is_whitelisted": 0,
    "creator_percent": 0,
    "lp_holders_locked": false,
    "liquidity": 14.38,
    "market_cap": 2062,
    "is_in_dex": 1,
    "slippage_modifiable": 0,
    "transfer_pausable": 0,
    "is_anti_whale": 0,
    "anti_whale_modifiable": 0,
    "trading_cooldown": 0,
    "personal_slippage_modifiable": 0,
    "is_open_source": 1,
    "is_proxy": 0,
    "owner_address": "",
    "owner_change_balance": 0,
    "selfdestruct": 0,
    "external_call": 0,
    "gas_abuse": 0
  },
  "liquidityEvent": [
    {
      "eventType": "remove",
      "amount": 1.60228,
      "token": "wbnb",
      "tx_hash": "0xed0a492f9e8021fd74a950237703ea0047223b4bd4c032810e02734c407e624a",
      "from_address": "0x983fd7447391bae599ac38ea06cd9d60c89fbb66",
      "from_fraud_probability": 1,
      "from_fraud_status": "Fraud",
      "createdAt": "2026-01-02T11:31:22.000Z"
    }
  ],
  "forensic_details": {
    "owner": {},
    "privilege_withdraw": 0,
    "withdraw_missing": 0,
    "is_open_source": 1,
    "blacklist": 0,
    "contract_name": "PAPUToken",
    "selfdestruct": 0,
    "is_proxy": 0,
    "approval_abuse": 0
  },
  "checked_times": 1,
  "createdAt": "2024-05-31T00:42:51.000Z",
  "updatedAt": "2026-03-03T10:44:35.000Z"
}

Error Codes

Code Meaning
400 Bad request - missing or invalid fields
401 Unauthorized - API key missing or invalid
404 Contract not found
429 Rate limit exceeded
500 Internal server error

Interpreting probabilityFraud

The probabilityFraud field is returned as a decimal string representing a probability between 0.00 (no risk) and 1.00 (maximum risk).

Range Suggested interpretation
0.00 - 0.15 Low risk - safe to proceed
0.16 - 0.50 Elevated risk - consider additional review
0.51 - 0.75 High risk - flag for manual review or block
0.76 - 1.00 Very high risk - block or reject

Thresholds should be calibrated to your protocol's risk tolerance. ChainAware achieves 98% accuracy at a standard threshold for wallet-level fraud detection.


Common Use Cases

  • Wallet-connect gating - call /fraud/check at the point of wallet connection; block or flag wallets above your risk threshold before they interact with your protocol
  • Airdrop and incentive protection - screen all claiming wallets via /fraud/check before distributing rewards to prevent Sybil drain
  • Rug pull alerts - integrate /rug/pull-check into your product to warn users before they interact with high-risk contracts
  • AML compliance - use forensic_details from /fraud/check to support KYT (Know Your Transaction) workflows; for full behavioural audit see the User Segmentation API

Further Reading


See also: User Segmentation API | Credit Scoring API | Enterprise API Overview