Skip to main content

Overview

The Webacy API provides risk assessment for the Hedera blockchain ecosystem. Analyze Hedera accounts, tokens, and transactions for security threats, malicious activity, and risk factors.
Hedera support includes native Hedera Token Service (HTS) analysis with admin key detection, custom fee analysis, and account status monitoring.

Supported Endpoints

Address Risk Analysis

Analyze any Hedera account for security threats and risk factors. Sanction checks are included in the response.

Transaction Risk Analysis

Analyze a specific Hedera transaction for risk indicators.

Holder Analysis

Analyze token holder distribution and detect suspicious activity for HTS tokens.

Address Formats

Hedera supports two address formats: Both formats are accepted across all Hedera endpoints.
For holder analysis, use the native HTS token ID format (0.0.X), for example 0.0.731861.

Transaction ID Formats

Hedera transaction IDs use a unique format with the payer account and timestamp: All three formats are accepted by the transactions endpoint.

Example Requests

Address Risk Analysis

Transaction Risk Analysis

Holder Analysis

Hedera-Specific Risk Tags

Token Risk Tags

These risk tags analyze HTS token admin keys, fees, and state:

Account Risk Tags

Additional Risk Tags

Standard risk tags also apply to Hedera addresses:
  • sanctioned - Address appears on sanction lists (OFAC, OpenSanctions)
  • insufficient_wallet_age - Account is very new
  • insufficient_wallet_balance - Low account balance
  • insufficient_wallet_transactions - Limited transaction history
  • Holder concentration tags (top holders owning significant percentages)

Example Responses

Transaction Risk Response

Holder Analysis Response

Holder Analysis Details

Hedera holder analysis includes features specific to the Hedera Token Service:
  • Token admin keys analysis - Checks for admin, freeze, wipe, pause, supply, KYC, and fee schedule keys
  • Custom fee schedules - Detects fixed fees, fractional fees, and royalty fees on tokens
  • Pause status - Whether the token is currently paused (PAUSED, UNPAUSED, or NOT_APPLICABLE)
  • No MEV/sniper detection - Hedera has deterministic transaction ordering, so sniper and bundling analysis is excluded

Best Practices

  1. Check token admin keys - Tokens with active freeze, wipe, or pause keys carry higher risk. Look for hedera-token-keys-renounced as a positive signal.
  2. Watch for custom fees - High or excessive custom fees (>10%) are a common honeypot pattern on Hedera.
  3. Use native format for tokens - Use the 0.0.X HTS token ID format for holder analysis rather than EVM addresses.
  4. Account status matters - Check for deleted or expired accounts before transacting.
  5. No MEV on Hedera - Unlike EVM chains, Hedera has deterministic transaction ordering, so sniper/bundler detection is not applicable.