Forem: Oleksandr

I scanned 10 of the most famous Ethereum wallets. Here's what I found.

Oleksandr — Tue, 12 May 2026 08:40:54 +0000

Most people assume famous wallets are either perfectly clean or secretly compromised. The reality is more nuanced, and more interesting though.
I've been building Chlora, a wallet risk scanner that analyzes on-chain history and returns a risk score based on token approvals, unverified contract interactions, and suspicious patterns. I thought to myself why not try to scan some of the most well-known Ethereum addresses to see what the data actually shows.

Here's what I found.

Vitalik.eth — 1/10
10,000 transactions. 3 approvals. 13 unverified contracts. No HIGH flags.
The cleanest active wallet I've seen. The best part isn't the low score, it's the discipline behind it. 10,000 transactions across years of DeFi activity and only 3 token approvals. Most active DeFi users accumulate 50 to 100+ approvals over that kind of history. Vitalik apparently revokes or limits approvals consistently.

Ethereum Foundation — 1/10
3,226 transactions. 0 approvals. 1 unverified contract. Perfectly clean institutional wallet, expected honestly.

Coinbase wallet — 1/10
10,000 transactions. 0 approvals. 0 unverified contracts. The cleanest wallet in the entire sample, not even a single approval granted across 10,000 transactions. This is what a pure custody wallet must be.

Binance hot wallet — 3/10
10,000 transactions. 0 approvals. 122 unverified contracts. No approval risk at all, but 122 interactions with contracts outside our 209,000 contract database. Exchange wallets touch everything including niche contracts nobody has catalogued yet.

Binance cold wallet — 6/10
10,000 transactions. 0 approvals. 299 unverified contracts. Higher score than the hot wallet despite being a cold storage address, purely because of the volume of unverified contract interactions. Exchanges interact with the long tail of DeFi at a scale most individual wallets never approach.

Active DeFi user — 8/10
502 transactions. 1 unlimited approval to an unknown spender. 12 unverified contracts. This is the most important data point in the entire sample. The highest risk wallet had the fewest transactions. One unlimited approval to an unrecognized contract address is all it takes to score 8/10. That approval means an unknown contract has permission to drain the entire token balance at any time.

Early ETH adopter — 2/10
599 transactions. 0 approvals. 0 unverified contracts. Clean on approvals but a 34% transaction failure rate, must be someone who experimented heavily in early Ethereum when failed transactions were common.

Curve liquidity pool — 1/10
10,000 transactions. 0 approvals. 0 unverified contracts. Protocol-operated wallets are consistently clean, they're designed to interact with specific known contracts only.

Three things this data taught me
1. Risk isn't about how much you use crypto.
The highest risk wallet in this sample had 502 transactions. The lowest risk wallets had 10,000+. Volume doesn't determine risk. What you approved does. This matters because most people assume experienced DeFi users are safer. The data doesn't support that. An experienced user who gave one unlimited approval to a sketchy contract years ago and forgot about it is more exposed than a careful newcomer who never approved anything they didn't understand.

2. One approval is enough.
The active DeFi wallet scored 8/10 with a single unlimited approval to an unknown spender. That's it. One transaction, years ago, that granted unlimited access to a token balance. The wallet owner probably doesn't remember signing it. This is how most wallet drains happen. Not through hacking. Not through private key theft. Through approvals people forgot about.

3. Exchange wallets reveal a hidden pattern.
Binance's cold wallet scored 6/10 — not from approvals but from unverified contract interactions. Exchanges interact with the entire long tail of DeFi including contracts too obscure to be in any database. That's a different kind of risk profile than individual wallets but worth understanding.

What does your wallet look like?
Vitalik's wallet has 3 approvals after a decade of DeFi activity. Most regular users have far more than that, and most don't know what those approvals are connected to. The interesting thing about wallet risk is that it's almost entirely self-inflicted. Every approval was a transaction you signed. Every unknown contract interaction was a protocol you chose to use. The history is yours.

Which makes it worth knowing.
Free scan at scan.chlora.xyz, no wallet connection required.

How I built a wallet risk scanner on a Raspberry Pi, and what it taught me about Web3 trust.

Oleksandr — Thu, 30 Apr 2026 07:33:25 +0000

A few weeks ago I got frustrated with how Web3 security tools felt. Dark, aggressive, technical, intimidating. Every wallet scanner looked like it was designed to scare you rather than inform you.

So I built my own. It runs on a Raspberry Pi 4 sitting in my room. It's live at scan.chlora.xyz and it's free.

Here's what I built, how I built it, and what reading DeFi hack post-mortems at night taught me about why the trust problem in Web3 is much bigger than anyone's scanner can fully solve.

At first, it all started on a sunday with just a C++ backend with CMake and an empty Raspberry Pi, I used Etherscan for the scanning part, and then with some algorithms I analyzed the protocols of the wallet. It flagged each protocol in different risk levels based on the control they had over the wallet, and made a clean smooth resulting output. From there I built a simple front end that ran on my local host just to see how appealing it is with the backend, and then it hit me, it seemed I was following some sort of script like I had to make the website dark and matrix-like and I wasn't satisfied. And then I realized how nature and something techy like the blockchain are both related, it seemed to me that the blockchain was just a field.

From there, I redesigned the front-end giving that feel of breathing in a spring's field, I had to find a name and ended up with Chlora, and then bought a domain, chlora.xyz, then I hosted the website in my raspberry pi where i routed it through claudefare to make it public with a new landing page. So I realized at that moment that my program had faults, it didn't take in mind protocols like Uniswap or Aave that are safe, nor other known protocols. So from there I built a whitelist system, where now I ended up with a 209.000+ contracts vault that were optimized to a binary form and improved the analyzing algorithm.

Seeing the potential of Chlora, I made an API for free and distribuited it on RapidAPI not before making a docs page of course. After all, I was satisfied with what I had, but I saw that I didn't have enough comprehension of what I was solving. I decided to see the biggest hacks and the most recent ones in rekt, a news platform, where I realized how big and unsafe is trusting in web3. Not only that, but many of the hacks happened and they only realized afterwards, no flags, no active checking, just an invisible delayed knock out punch.

From all of this, I realized how much there's left to do with Chlora. This was just the beginning. Every major DeFi hack in 2026 had the same root cause — something trusted something it shouldn't have. Not a code problem. Not a cryptography problem. A trust problem.

$18.4 million gone before most users finished their morning coffee. $196 million from a bridge nobody controlled. Billions lost to misplaced trust.
Chlora won't solve all of that. Not yet. But the direction is clear — from a scanner to continuous monitoring, from a tool to infrastructure, from a weekend project on a Raspberry Pi to the trust layer that Web3 is missing.
If you're building something in DeFi and want to add a trust layer — the API is free and live at docs.chlora.xyz.

And if you just want to see what your wallet looks like — scan.chlora.xyz. No wallet connection needed.

Update — May 2026
Since publishing this I've added two new endpoints:
GET /v1/contract — check if a contract is safe to interact with before trusting it. Returns trust level, deployment age, and a plain-English recommendation. Free tier.

POST /v1/monitor — register a wallet for continuous hourly monitoring. Get a webhook alert when the risk score changes significantly. Pro tier.
The contract endpoint is what would have prevented the Rhea Finance hack — $18.4M lost because a protocol trusted a contract it had never seen before. One API call would have flagged it as "Very new contract — do not trust without audit."

The scanner at scan.chlora.xyz now shows contract risk inline for every HIGH flag — click any flag to see the contract's age, trust level and recommendation without leaving the page.

Security that breathes.