Wallet and transaction risk-scoring platform exposing the EmbeddedSafety API suite: Safety Score (composite wallet risk), Transaction Risk, Smart Contract Analysis, Approval Risk, and Stablecoin Depeg Monitor. Backed by 27+ data sources covering bad-actor lists, on-chain behavior, asset risk, and counterparty exposure across EVM majors and a growing set of L2s.
- 01wallet safety scoring at connect time
- 02transaction-level risk APIs
- 03smart-contract pre-engagement analysis
- 04stablecoin depeg monitoring
- 05exchange/custody KYT augmentation
| Variable | Scope | Description |
|---|---|---|
| WEBACY_API_KEY | Server | Webacy API key from https://developers.webacy.co, sent in the `x-api-key` header. |
Use Webacy for wallet + transaction risk scoring. Wallet Safety Score: `GET https://api.webacy.com/addresses/{address}?chain={evm-chain}` with `x-api-key: ${WEBACY_API_KEY}` returns `{ overallRisk: 'low'|'medium'|'high', riskScore: 0–100, count, issues: [{ type, severity, tags }], flags }`. Transaction risk: `POST /transactions` with `{ from, to, value, data, chain }` returns `{ risk, simulation, counterpartyRisk, contractRisk }`. Smart-contract analysis: `GET /contracts/{address}?chain=` returns risky-feature flags (mint, blacklist, ownership, proxy admin) for unaudited or brand-new contracts. Wire Wallet Safety Score into the connect-flow: warn on `overallRisk === 'medium'`, block + escalate on `'high'`. For sensitive flows (treasury, OTC desks) call the transaction endpoint pre-broadcast and gate on `risk` + show `counterpartyRisk` + `contractRisk` to the operator.
- ⚑Webacy aggregates 27+ third-party sources — issue dedup is best-effort, so the same risk can surface twice with different `tags`. Group `issues[]` by `type` before rendering or you will scare users with duplicate flags.
- ⚑False positives on benign new contracts and proxy implementations are real (cold-start) — provide a 'proceed anyway' path with explicit warning copy and feedback link, especially during launch flows for legitimate dApps.
- ⚑API latency is typically 200–600ms but the Smart Contract Analysis endpoint can take several seconds for unscanned contracts (cold scan); show a spinner with a 5–10s timeout and degrade to wallet-only score if the contract scan times out.
- ⚑Chain coverage is strongest on Ethereum + EVM L2s (Arbitrum, Optimism, Base, Polygon, BSC); Solana and non-EVM chains are partial — verify the (chain, endpoint) pair before assuming parity.
- ⚑Composite `riskScore` weights are opaque and may shift as Webacy retunes models — pin to the categorical `overallRisk` for product decisions and treat the numeric score as a UI-only tiebreaker.
- ⚑API key auth (`x-api-key`) is server-side only — proxy through your backend and cache `(address, chain)` lookups for 5–15 minutes to control usage and avoid rate-limit surprises.