Skip to main content
All CollectionsHarpie Wallet 2FAGetting Started with Harpie 2FA
Our Security Analysis Engine
Our Security Analysis Engine

How Harpie scans wallet addresses and makes sure they're safe before you interact with them.

Noah Chong avatar
Written by Noah Chong
Updated over 3 months ago
A bar that shows something is a dangerous transaction

Scanning Wallets

Harpie's security analysis engine keeps you safe by rigorously testing every address that is receiving money from you.

Whenever you use Harpie Wallet 2FA, before a transaction is sent out from your wallet, our security analysis engine analyzes an address' past transaction history, their trading habits, and other criteria to determine how safe (or dangerous) a transaction is for you.

Our Security Criteria

Every transaction that goes through the Harpie RPC is tested against several criteria to determine their risk. In order, these are:

Wallet Age

Wallet Age is extremely important in determining the validity of an address. While anybody can create a wallet in seconds, the large majority of scams and phishing attempts occur with relatively young (<3 months) addresses. In many cases, honeypots and fraudulent smart contracts are spun up and cashed out in relatively short time frames.

While not every young wallet is dangerous to send money to, it is a great indicator of risk.

Past Transactions

An address' past transaction history, whom they've interacted with and sent money to, can give us important information on their identity.

If a wallet is totally clean but has sent money to or been sent money from a known scammer or hacker, they would be flagged here.

Phishing & Scamming and Money Laundering

Our extensive database of known scammers and money launderers, compiled from various sources, identify fraudsters that should not be engaged with in any way.

Bot Trading

Bot trading, or the act of using computer assisted tooling to automatically conduct trades or purchases without the assistance of a person, is another criteria that can point towards an address being untrustworthy. While not dangerous in all cases, bot accounts are generally not something that you will frequently interact with.

If you are sending money to a bot, make sure that that's your intention.

Suspicious Activity

Lastly, "suspicious activity" is a catch all term that we use to describe activity that is outside of the norm. Simply put, we can classify average wallets and smart contracts based on:

  • Transaction volume in a given timeframe

  • Time between transactions

  • Transaction methods

  • The smart contracts they regularly interact with

  • ... and more.

As a simple example, many regular wallets may use the 0x transfer method to send ETH back and forth between their wallets. Very rarely would they use the ERC20 transferFrom function to move tokens like USDC from one place to another; that's more appropriate for a DEX or smart contract.

Abnormal activity like this flags our system and gives a good indication that an address may not be what they seem.

Related Articles
What is a Security Score?
How Harpie keeps you safe
Community Dashboard
Did this answer your question?