When you connect a wallet to NZOChain, you’re not running a one-time audit. NZOChain continuously watches your on-chain activity and runs every new interaction through the same detection pipeline — the same set of checks that analyzed your wallet during setup. Understanding how that pipeline works helps you interpret your RiskScore, know what to act on, and trust that the platform’s alerts are meaningful rather than noisy.Documentation Index
Fetch the complete documentation index at: https://docs.nzochain.com/llms.txt
Use this file to discover all available pages before exploring further.
NZOChain is entirely read-only. It monitors publicly available on-chain data — transaction history, approval records, contract bytecode, and connection events. It never executes transactions, moves funds, or signs anything on your behalf.
The detection pipeline
When NZOChain receives a wallet address — whether from a new connection, a scan request, or a real-time trigger — the same four-stage pipeline runs automatically.Connect: ingest wallet data
NZOChain fetches the complete on-chain record for your wallet address. This includes your full transaction history, every active token approval, all smart contract interactions, and your current token balances. For multi-chain wallets, this process runs across every supported chain simultaneously.No off-chain data, private keys, or browser state is accessed. Everything NZOChain reads is publicly available on the blockchain.
Analyze: run threat detection checks
The ingested data passes through NZOChain’s detection engine, which runs four categories of analysis in parallel:Token approval analysis — Each active approval is evaluated for the approved amount (flagging unlimited/infinite approvals), the age of the approval, whether the approved contract has been flagged as malicious, and whether the approval is still necessary given your recent activity.Smart contract bytecode analysis — NZOChain disassembles the bytecode of every contract your wallet has interacted with and checks it against known patterns: honeypot logic, hidden transfer functions, self-destruct conditions, and ownership back doors. Contracts that haven’t been verified or audited are flagged for additional scrutiny.Phishing signature matching — Your wallet’s connection history and incoming transaction sources are cross-referenced against NZOChain’s continuously updated database of phishing addresses, fake dApp domains, and known drainer wallet addresses.Wallet connection pattern analysis — Unusual connection events — such as connecting to an unknown dApp at an unusual hour, or connecting to a site that spoofs a known protocol — are flagged based on behavioral pattern matching.
Score: calculate your RiskScore™
Each threat signal from the analysis stage carries a weighted severity value. NZOChain’s scoring model aggregates these signals — accounting for signal type, recency, active vs. historical exposure, and cross-chain risk — into a single RiskScore™ between 0 and 100.The model is trained on on-chain attack data and updated regularly as new threat patterns emerge. A wallet with one low-severity warning from six months ago scores very differently from one with three active infinite approvals to unverified contracts.
Act: surface findings and enable remediation
Your RiskScore and the full breakdown of findings appear in your dashboard immediately after the pipeline completes. For each flagged item, NZOChain shows you the risk type, severity, affected contract or address, and a recommended action.Where remediation is possible — revoking an approval, for example — NZOChain provides a one-click action that constructs the necessary transaction and sends it to your wallet for your confirmation. You remain in control of every on-chain action.
RiskScore™ levels
Your RiskScore maps to one of four statuses. The thresholds are calibrated so that a Warning is genuinely worth reviewing, and a Critical is a situation that warrants immediate action.| Score | Status | Description |
|---|---|---|
| 0–30 | Safe | No significant threats detected. Your approvals and contract interactions appear clean. Continue monitoring. |
| 31–60 | Warning | Some risk signals found — typically older approvals to contracts with limited audit history, or minor phishing flags. Review the findings and revoke anything you no longer use. |
| 61–85 | High Risk | Multiple active threats detected. At least one approval or contract interaction carries significant risk. Revoke the flagged permissions as soon as possible. |
| 86–100 | Critical | Severe exposure. One or more findings indicate an active or near-certain threat to your assets — such as an infinite approval to a known malicious contract. Take action immediately. |
What NZOChain analyzes
| Data type | What is checked |
|---|---|
| Token approvals | Approved amount, contract legitimacy, approval age, necessity |
| Smart contract bytecode | Honeypot patterns, hidden transfer logic, unverified contracts |
| Phishing signatures | Known phishing addresses, fake dApp domains, drainer wallets |
| Wallet connection events | Unusual sources, spoofed protocols, suspicious connection timing |
| Transaction history | Interactions with flagged addresses, historical exposure |