Discover the risk of any on-chain address.
This includes any contract, wallet, EOA, token, NFT, or otherwise.
Optional Parameters
This endpoint offers two optional query parameters.
chain- Allows specification for which chain you'd like to query. Defaults eth. We currently support 'eth', 'arb', 'base', 'bsc', 'pol', 'opt', 'sol', 'sei', 'sui', and 'ton'.
show_low_risk- Return details on low risk issues found with the address. The endpoint does not return issues categorized as 'low' risk. If the 'count' field is non-zero, but 'medium' and 'high' risk issue counts show zero, it is likely that 'low' risk issues are associated with the given address. This is common with issues related to spam/sybil.
Different From Wallet Risk Exposure
This endpoint analyzes an address' threat to others, which is different from a wallet's exposure to risk (how likely a wallet is to get drained) which is found using the Exposure Risk endpoint.
Example Testing Addresses
Try out these addresses to get started with the Threat Risks API.
- Tornado Cash Address:
0x8589427373D6D84E98730D7795D8f6f8731FDA16- Sanctioned Address:
0x16D86Bc643feD8336621092975201194C09CCa36- Fake USDC:
0x088881723e0d940b993D5B94B368FaD4298C060f- Scam coin on SUI:
0x918541c7545b89a1f1da15b88d0507db6b1c916b3250a4ccf78aa2d9567d0d8a
Some common use cases for this endpoint include:
- Filtering addresses for spam / sybil
- Blocking high risk addresses from utilizing your service (compliance, platform safety)
- Flagging high risk addresses (tokens, contracts, p2p participants)
- Much more!
Introducing Modules
Our endpoints pull on over 400+ different risk flags and tags. This can be a lot of information!
We've built modules to help simplify and consolidate our tags into specific use cases.
If you'd like additional support on how to navigate our endpoints and data returns, please do not hesitate to contact us!
Full Score Not Calculated When Using Modules
When you select one or more modules in your request, you’re choosing to retrieve only a portion of the total data available for a given address.
The DD Score (risk score) is computed by evaluating all detected flags across the full dataset. If you limit the request to specific modules, only the flags relevant to those modules are included, meaning the score will be based on a partial view of the address’s risk profile.
To receive a complete, composite risk score that includes all available flags and signals, call the endpoint without selecting any modules.