Skip to main content

Overview

The Webacy API provides risk assessment for the Hedera blockchain ecosystem. Analyze Hedera accounts, tokens, and transactions for security threats, malicious activity, and risk factors.
Hedera support includes native Hedera Token Service (HTS) analysis with admin key detection, custom fee analysis, and account status monitoring.

Supported Endpoints

Address Risk Analysis

Analyze any Hedera account for security threats and risk factors. Sanction checks are included in the response. 
GET /addresses/{address}?chain=hedera

Transaction Risk Analysis

Analyze a specific Hedera transaction for risk indicators. 
GET /transactions/{txHash}?chain=hedera

Holder Analysis

Analyze token holder distribution and detect suspicious activity for HTS tokens. 
GET /holder-analysis/{address}?chain=hedera

Address Formats

Hedera supports two address formats:
TypeFormatExample
Native0.0.X (shard.realm.num)0.0.731861
EVM Long-Zero0x + 24 zeros + hex0x00000000000000000000000000000000000b2ad5
Both formats are accepted across all Hedera endpoints.
For holder analysis, use the native HTS token ID format (0.0.X), for example 0.0.731861.

Transaction ID Formats

Hedera transaction IDs use a unique format with the payer account and timestamp:
FormatExample
- separator0.0.3229-1769183809-123000647
@ separator[email protected]
Transaction hashBase64-encoded hash
All three formats are accepted by the transactions endpoint.

Example Requests

Address Risk Analysis

curl -X GET "https://api.webacy.com/addresses/0.0.731861?chain=hedera" \
  -H "x-api-key: YOUR_API_KEY"

Transaction Risk Analysis

curl -X GET "https://api.webacy.com/transactions/0.0.3229-1769183809-123000647?chain=hedera" \
  -H "x-api-key: YOUR_API_KEY"

Holder Analysis

curl -X GET "https://api.webacy.com/holder-analysis/0.0.731861?chain=hedera" \
  -H "x-api-key: YOUR_API_KEY"

Hedera-Specific Risk Tags

Token Risk Tags

These risk tags analyze HTS token admin keys, fees, and state:
TagSeverityDescription
hedera-token-has-freezeCriticalToken has an active freeze key. Issuer can freeze any holder’s balance.
hedera-token-has-wipeCriticalToken has an active wipe key. Issuer can wipe tokens from any account.
hedera-token-pausableCriticalToken has an active pause key. Issuer can pause all token operations.
hedera-token-currently-pausedCriticalToken is currently paused. No transfers or operations are possible.
hedera-token-excessive-feesCriticalCustom fee percentage exceeds 25%. Strong honeypot indicator.
hedera-token-high-feesHighCustom fee percentage exceeds 10%. May indicate a fee-based trap.
hedera-token-has-supply-keyMediumToken has an active supply key with no max supply cap. Issuer can mint unlimited tokens.
hedera-token-modifiable-feesMediumToken fees can be changed by the issuer via fee schedule key.
hedera-token-keys-renouncedPositiveAll admin keys have been renounced. Token is fully decentralized.

Account Risk Tags

TagSeverityDescription
hedera-account-deletedHighAccount has been deleted from the network.
hedera-account-expiredHighAccount has expired due to insufficient HBAR for rent.
hedera-account-expiring-soonLowAccount expiry timestamp is approaching.

Additional Risk Tags

Standard risk tags also apply to Hedera addresses:
  • sanctioned - Address appears on sanction lists (OFAC, OpenSanctions)
  • insufficient_wallet_age - Account is very new
  • insufficient_wallet_balance - Low account balance
  • insufficient_wallet_transactions - Limited transaction history
  • Holder concentration tags (top holders owning significant percentages)

Example Responses

Transaction Risk Response

[
  {
    "partyRisk": {
      "high": 1,
      "count": 2,
      "issues": [
        {
          "tags": [
            {
              "key": "hedera-account-expired",
              "name": "Account Expired",
              "type": "hedera_account_status_risk",
              "severity": 8,
              "description": "This Hedera account has expired due to insufficient HBAR for rent."
            }
          ],
          "score": 8,
          "riskScore": "High Risk"
        }
      ],
      "medium": 0,
      "details": {
        "address_info": {
          "balance": 370969324948,
          "sanctioned": false,
          "ofac_sanctioned": false,
          "transaction_count": 0,
          "hedera_account_expired": true
        }
      },
      "overallRisk": 63.24,
      "address": "0.0.3229"
    },
    "counterpartyRisk": {
      "high": 0,
      "count": 1,
      "overallRisk": 0,
      "address": "0.0.801"
    },
    "assetRisk": {
      "address": "HBAR"
    },
    "txData": {
      "transaction_id": "0.0.3229-1769183809-123000647",
      "consensus_timestamp": "1769183819.484953000",
      "type": "CRYPTOTRANSFER",
      "result": "SUCCESS",
      "fee_charged": 94133,
      "scheduled": false,
      "transfers": [
        { "account": "0.0.801", "amount": 90309 },
        { "account": "0.0.3229", "amount": -94134 }
      ],
      "token_transfers": [],
      "nft_transfers": []
    }
  }
]

Holder Analysis Response

{
  "token_address": "0.0.731861",
  "metadata": {
    "name": "SAUCE",
    "symbol": "SAUCE"
  },
  "first_buyers_analysis": {
    "initially_acquired_percentage": 2.29,
    "buyers_analyzed_count": 48,
    "unique_buyers": 48,
    "buyers_still_holding": 37,
    "dev_holdings_percentage": 0.7
  },
  "top_10_holders_analysis": {
    "totalHoldersCount": 33050,
    "topHolders": [
      { "ownerAddress": "0.0.1460199", "percentage": 15.24 },
      { "ownerAddress": "0.0.3951117", "percentage": 14.88 },
      { "ownerAddress": "0.0.1461945", "percentage": 12.52 }
    ],
    "top_5_concentration": 68.94,
    "top_10_concentration": 73.61,
    "top_20_concentration": 79.49
  },
  "token_keys": {
    "admin_key_present": true,
    "freeze_key_present": false,
    "wipe_key_present": false,
    "pause_key_present": false,
    "supply_key_present": true,
    "kyc_key_present": false,
    "fee_schedule_key_present": false
  },
  "custom_fees": [],
  "pause_status": "UNPAUSED",
  "is_deleted": false
}

Holder Analysis Details

Hedera holder analysis includes features specific to the Hedera Token Service:
  • Token admin keys analysis - Checks for admin, freeze, wipe, pause, supply, KYC, and fee schedule keys
  • Custom fee schedules - Detects fixed fees, fractional fees, and royalty fees on tokens
  • Pause status - Whether the token is currently paused (PAUSED, UNPAUSED, or NOT_APPLICABLE)
  • No MEV/sniper detection - Hedera has deterministic transaction ordering, so sniper and bundling analysis is excluded

Best Practices

  1. Check token admin keys - Tokens with active freeze, wipe, or pause keys carry higher risk. Look for hedera-token-keys-renounced as a positive signal.
  2. Watch for custom fees - High or excessive custom fees (>10%) are a common honeypot pattern on Hedera.
  3. Use native format for tokens - Use the 0.0.X HTS token ID format for holder analysis rather than EVM addresses.
  4. Account status matters - Check for deleted or expired accounts before transacting.
  5. No MEV on Hedera - Unlike EVM chains, Hedera has deterministic transaction ordering, so sniper/bundler detection is not applicable.