Malicious Wallets & Pools
Conyr’s known-bad ledger — wallets banned for malicious behavior and pools quarantined as scams, accumulated continuously from the detection pipeline. Check an address or pool before you trust it.
Two read endpoints, both Layer 3:
L3 GET /v1/wallet/{address}/ban-status — is this wallet on the ledger, and why.
L3 GET /v1/token/{mint}/malicious-pools — pools flagged for a token.
ban-status returns banned: false (a 200, not a 404) for a clean wallet, so you can use it as a simple gate. These ledgers also feed the live wallet security stream.
Malicious wallet record
| Field | Type | Description |
|---|---|---|
address | string | The banned wallet |
first_seen / last_seen | number | First and most recent detection (unix seconds) |
total_pnl_usd | number | Profit attributed to malicious activity (e.g. rug profiteering) |
suspicious_tokens | string[] | Tokens the wallet was flagged on |
detection_reason | string | Why it was banned |
Malicious pool record
| Field | Type | Description |
|---|---|---|
pool_address | string | The quarantined pool |
token_mint | string | Token the pool trades |
dex_type | string | DEX the pool belongs to |
deployer | string | Pool deployer wallet |
reason | string | Why it was blacklisted |
detected_at | string | When it was flagged |
A wallet lands here from two paths — direct malicious-behavior detection and rug-profiteering (booking outsized profit on tokens that rug). suspicious_tokens and detection_reason tell you which, so you can decide how to weight the flag.