One scanner for tokens, wallets, URLs, and approvals
What it is: Web3Defender combines four scanners in one tool: token risk (honeypot and exit checks), wallet risk (16 risk factors including OFAC and mixer exposure), URL phishing detection, and approval tracking with one-click revocation — across seven EVM and non-EVM chains, with a 0-100 verdict for each check.
What each scanner covers
Why four scanners in one tool?
Token fake-outs, risky counterparty wallets, phishing sites, and standing approvals are four separate attack vectors — each capable of draining a wallet independently. Covering all four eliminates the gaps that single-purpose tools leave.
What makes the verdict actionable?
Each scan returns a 0-100 risk score with the specific flags that triggered it. The score tells you whether to act; the flags tell you why. No blockchain analysis background needed to understand the output.
What does the approvals tab show?
Every contract that holds a spending approval on your wallet, with the approval amount, the contract verification status, and a one-click revoke. Covers ERC-20, ERC-721, and ERC-1155.
What chains are covered?
Ethereum, BSC, Polygon, Arbitrum, Base, Solana, and TON. EVM chains share approval and token mechanics; Solana and TON have chain-specific checks.
Chains covered
Ethereum, BSC, Polygon, Arbitrum, Base, Solana, TON
Pricing tiers
- Free
- All four scanner types, daily scan limit, no account required.
- Paid
- Higher scan limits, wallet alerts, scan history.
- API / Team
- Batch processing, JSON output, designed for compliance and operations teams.
Frequently asked questions
Can it screen multiple wallets in bulk?
Batch screening is available via the API tier. Individual wallet checks are free with no account.
Does it need to connect to my wallet?
No connection is needed for scanning. Wallet connection is optional — only used for the one-click revocation flow in the approvals tab.
What is the source of phishing detection data?
Known phishing domains from public threat intelligence feeds, combined with real-time pattern detection for lookalike domains targeting major dApps.
How is the 0-100 risk score calculated?
The score is a weighted composite of the specific risk flags found: their type, severity, and recency. A score above 70 typically means the check returned serious red flags worth acting on.