ChainAnalyzer

Detection Features

ChainAnalyzer detection features and risk classification

ChainAnalyzer performs 76+ rule-based detection checks plus a 3-model ML anomaly ensemble (Isolation Forest + AutoEncoder + GraphSAGE) across 9 chains (Bitcoin, Ethereum, Polygon, BNB Smart Chain, Base, Arbitrum, Optimism, Avalanche, Solana), plus cross-chain checks via OSINT and contract-level risk feeds. Detection results are classified into 4 severity levels: CRITICAL / HIGH / MEDIUM / LOW, and calculated as a risk score out of 100.

Scoring

The score starts at 100 and is reduced based on the severity of each detection.

SeverityDeductionExample
CRITICAL-30 pts / each1 detection = 70, 2 = 40
HIGH-15 pts / each2 detections = 70
MEDIUM-5 pts / each4 detections = 80
LOW-2 pts / each5 detections = 90
ScoreRisk LevelVerdict
90 - 100LOWSafe
70 - 89MEDIUMCaution
40 - 69HIGHDanger
0 - 39CRITICALExtremely Dangerous

ML ML Anomaly Scoring

AI-powered complement to rule-based detection

An ensemble of ML models analyzes structural features from the transaction graph to detect anomalous wallet behavior patterns that rule-based checks may miss.

How It Works

  1. Extract structural features from the transaction graph (in/out degree, fund flow, counterparty count, etc.)
  2. Normalize features and feed into ML models
  3. Calculate ensemble score from multiple ML models
  4. Inject additional detections only when rule-based score is LOW/MEDIUM but ML score is high

ML Detections

IDNameSeverityDescription
ML1ML_HIGH_ANOMALYMEDIUMVery high ML ensemble score — Highly anomalous graph structure
ML2ML_ANOMALY_DETECTEDMEDIUMHigh ML ensemble score — Anomalous graph structure detected
ML scoring only applies to addresses with graph data available. When unavailable, rule-based detection operates independently.

CRITICAL Immediate Warning (-30 pts/each)

C1 Mint Authority Active

Detects that the token's Mint Authority has not been revoked. When Mint Authority is active, the authority holder can increase the token supply at any time, diluting existing holders' positions.

Detection Logic

  • Fetch token mint information from on-chain data
  • Triggered when the Mint Authority has not been revoked

Data Source

On-chain Data
This is the most common rug pull technique. Legitimate tokens typically revoke their Mint Authority.

C2 Known Scam Token

Detects tokens registered as "danger" in a community risk database. These tokens have already been identified as scams by the community or automated detection.

Detection Logic

  • Query the community risk database for the target token's risk report
  • Triggered when the risk report contains "danger" level items

Data Source

Community Risk DB
The community risk database is continuously updated. No API key is required.

C3 Honeypot Detected

Detects that the token cannot be sold (swapped) or is extremely restricted. "Honeypot" tokens that can be purchased but not sold are a common scam technique.

Detection Logic

  • Execute sell simulation via a DEX aggregator
  • Triggered when the token-to-native-currency swap quote fails
  • Extremely high slippage (>50%) is also flagged

Data Source

DEX Aggregator
If a honeypot is detected, do not purchase the token. Any funds spent will be unrecoverable.

HIGH Danger (-15 pts/each)

H1 Freeze Authority Active

Detects that the token's Freeze Authority has not been revoked. When Freeze Authority is active, the authority holder can freeze token transfers for any wallet.

Detection Logic

  • Fetch token mint information from on-chain data
  • Triggered when the Freeze Authority has not been revoked

Data Source

On-chain Data

H2 Top Holder Over 50%

Detects that the top 10 holders collectively own more than 50% of the total supply. When supply is concentrated in a few wallets, there is a risk of price crash from large sell-offs.

Detection Logic

  • Fetch holder list via holder analysis API
  • Triggered when top 10 holders own more than 50% of total supply
  • Known contract addresses such as DEX pools are excluded from the count

Data Source

Holder Analysis API
This detection requires an additional API key. You can add one in BYOK settings.

H3 LP Not Locked

Detects that liquidity pool (LP) tokens are neither locked nor burned. When LP is unlocked, the creator can withdraw liquidity (rug pull) at any time.

Detection Logic

  • Check LP status from the community risk database report
  • Triggered when LP is neither locked nor burned
  • Targets major DEX pools

Data Source

Community Risk DB On-chain Data
LP withdrawal (rug pull) is the most frequent type of fraud in the Solana ecosystem.

H4 Single Whale Over 20%

Detects that a single address holds 20% or more of the total supply. When excessively concentrated in one wallet, a sell-off from that wallet can cause a significant price drop.

Detection Logic

  • Calculate holding percentage for all holders via holder analysis API
  • Triggered when any address holds 20% or more
  • Token creator, burn address, and DEX pool addresses are excluded

Data Source

Holder Analysis API

H5 Low Liquidity

Detects extremely low liquidity relative to Market Cap. When the MC/LP ratio is high, large sell orders can cause significant price drops.

Detection Logic

  • Fetch market cap and liquidity from market data API
  • Triggered when the ratio of market cap to liquidity is extremely high

Data Source

Market Data API

MEDIUM Caution (-5 pts/each)

M1 New Token

Detects that a token was created less than 7 days ago. New tokens have no track record and are statistically more likely to be scams.

Detection Logic

  • Check the token creation transaction from on-chain data
  • Triggered when less than 7 days have passed since creation

Data Source

On-chain Data

M2 Low Holder Count

Detects that the token has fewer than 50 holders. Extremely low holder counts increase liquidity and price manipulation risks.

Detection Logic

  • Count token accounts via holder analysis API
  • Triggered when holder count is below 50

Data Source

Holder Analysis API

M3 Suspicious Distribution

Detects patterns suggesting top holders may be the same entity (person or organization). Cluster analysis identifies holding structures that appear distributed but are effectively concentrated.

Detection Logic

  • Analyze transaction history between top holders
  • Identify wallets sharing the same funding source
  • Detect patterns of acquiring the same amount of tokens at the same time

Data Source

Transaction Analysis

M4 Metadata Mismatch

Detects inconsistencies or missing fields in token metadata. Legitimate projects typically set proper name, symbol, and image in their token metadata.

Detection Logic

  • Check token metadata for name, symbol, and image URL
  • Detect missing required fields (empty name/symbol or default values)
  • Triggered when image URL is invalid (404) or metadata JSON is unreachable

Data Source

Token Metadata

M5 Single LP Provider

Detects that there is only one liquidity provider for the pool. When dependent on a single provider, there is a risk of that provider withdrawing all liquidity.

Detection Logic

  • Fetch LP provider info from the community risk database report
  • Triggered when there is only one LP provider address

Data Source

Community Risk DB

LOW Info (-2 pts/each)

L1 Social Missing

Detects that no Twitter account or website link is set in the token metadata. Missing social links suggest low project transparency.

Data Source

Token Metadata

L2 Moderate Concentration

Detects that the top 10 holders collectively own more than 30% (but less than 50%) of the supply. Not immediately dangerous, but concentration is somewhat high.

Detection Logic

  • Calculate top 10 holder percentage via holder analysis API
  • Triggered when total is above 30% but below 50% (above 50% is detected as H2)

Data Source

Holder Analysis API

L3 Low Volume

Detects that 24-hour trading volume is below $100. Tokens with extremely low trading activity may not have sufficient liquidity when selling.

Detection Logic

  • Fetch 24h trading volume from market data API
  • Triggered when 24h Volume is below $100

Data Source

Market Data API

L4 Not Verified

Detects that the token is not included in a major DEX verified token list. Listing on verified lists requires passing a review process, making it a reference indicator of credibility.

Detection Logic

  • Check token verification status from the community risk database
  • Triggered when the target token is not on the verified list

Data Source

Community Risk DB
Not being on a verified list does not necessarily mean the token is a scam. New tokens and smaller projects may not be listed yet.

API Key Requirements

Basic detections work without an API key (Free tier). Some detections gain improved accuracy with additional API keys.

No API KeyEnhanced with API KeyMarket Data API Key
C1 Mint Authority
C2 Known Scam
C3 Honeypot
H1 Freeze Authority
H3 LP Not Locked
M1 New Token
M4 Metadata Mismatch
M5 Single LP Provider
L1 Social Missing
L4 Not Verified
H2 Top Holder >50%
H4 Single Whale >20%
M2 Low Holder Count
M3 Suspicious Distribution
L2 Moderate Concentration
H5 Low Liquidity
L3 Low Volume

API keys can be added in Settings > BYOK (Bring Your Own Key).

Quick Start API Reference

© 2026 ChainAnalyzer. All rights reserved.