Skip to main content
To help you get started quickly, we provide a small set of example addresses you can use to test our endpoints end-to-end. These examples are designed to showcase the kinds of signals you’ll see in real usage, including risk flags, behavioral indicators, and other intelligence and exposure. They’re especially helpful for validating integration logic, UI rendering, and decisioning workflows before you run screening on live user activity.

What these examples are good for

Use these addresses below to:
  • Confirm your integration works (request/response structure, latency, pagination, error handling)
  • Validate risk outcomes (flags, severity, labels, and explainability fields)
  • Test decisioning logic (block, warn, allow, review)
  • Prototype dashboards (monitoring views, alert feeds, triage workflows)

Notes

  • These examples are provided for testing and development only.
  • Address risk is contextual and time-sensitive. Results may change as new on-chain activity occurs.
  • If you’d like a broader sample set (including “clean,” borderline, and mixed-risk examples), reach out and we can provide a curated testing bundle.

Sanctioned Addresses

These addresses are on sanctions lists and will return is_sanctioned: true from the /addresses/sanctioned/{address} endpoint.
AddressChainAttribution
0x098B716B8Aaf21512996dC57EB0615e2383E2f96ETHLazarus Group (North Korea) - Ronin Bridge heist
1295rkVyNfFpqZpXvKGhDqwhP1jZcNNDMVBTCSuex - OFAC SDN List
19D8PHBjZH29uS1uPZ4m3sVyqqfF8UFG9oBTCSanctioned Address

Hacker Addresses

These addresses are associated with known hacks and exploits. They return high-risk scores with tags like hack, stealing_attack, and blacklist_doubt.
AddressChainAttributionRisk Score
0x3b09A3c9aDD7D0262e6E9724D7e823Cd767a0c74ETHBittensor Hack100
0xd967113224c354600b3151e27aaba53e3034f372ETHWazirX Malware / Spear Phishing100
0x44f887cfbd667cb2042dd55ab1d8951c94bb0102ETHLoopring Guardian 2FA Exploit10
0x889b49ef0bf787c3ddc2950bfc7d1d439320004bETHWoo X Exploiter3.1

DPRK (North Korea) Linked

These addresses are associated with North Korean cyber operations and return the dprk tag.
AddressChainRisk ScoreTags
0x0fa09c3a328792253f8dee7116848723b72a6d2eETH100dprk, hack, stealing_attack

Address Poisoning

These addresses are involved in address poisoning attacks. The /addresses/{address}/poisoning endpoint will return poisoning_detected: true for attackers.
AddressChainTypeNotes
0x70c5698da7f86487837f59642b1ebe5682dfa3c7ETHAttackerReturns poisoning_detected: true with suspicious transactions
0xCF03Aa88AfDA357C837b9DDD38A678E3Ad7Cd5D7ETHVictimAddress was targeted by a poisoning attempt

Phishing Addresses

These addresses are associated with phishing campaigns and return the phishing_activities tag.
AddressChainAttributionRisk Score
0x1aDf5DAc035AE7FEC116e8345e005FB88d542f53ETHScamSniffer reported phishing23
0x5f90e59d0a03fd2f8c56b8cc896c5b42594eb3a0ETH$50M Address Poisoning Drain20.1

Mixers

These addresses are associated with mixing services and return tags like associated_mixer and sanctioned.
AddressChainAttributionRisk Score
0x722122dF12D4e14e13Ac3b6895a86e84145b6967ETHTornado Cash Router10.1

Pool Analysis Examples

Pool Analysis examples:
AddressChainPool
V79vihUymP25ypDCRVmED106MvTI3AfPajSqWJ1MSOL-
0x397ff1542f962076d0bfe58ea045ffa2d347aca0ETHSushiswap v2
0xb4e16d0168e52d35cacd2c6185b44281ec28c9dcETHUniswap v2

Other Examples

AddressChainType
7gGRg15D2vGbeqwp5J5bQatAFVSrG6doNx2V3i8aVYEvSOLAutomated Trader Account
23JPm15PgYWV5uTnjADEVN8uSma2rdcULq3EGciTArzSSOLUpbit Hack Related Wallet
0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045ETHVitalik Buterin (clean wallet for comparison)