Real-time blockchain threat detection and prevention platform powered by ML/AI pattern analysis. VigiLens monitors mempool + on-chain activity for anomalies and pushes alerts; MalConAPI returns malicious-contract verdicts for any address; Address Risk + Compliance APIs surface sanctions, mixer exposure, and KYT signals. Used by exchanges, custodians, and protocols across 10+ chains.
- 01realtime mempool + onchain anomaly detection
- 02malicious smart-contract verdicts
- 03exchange/custodian KYT screening
- 04automated incident response
- 05sanctions + mixer exposure scoring
| Variable | Scope | Description |
|---|---|---|
| CYVERS_API_KEY | Server | Cyvers API key for MalConAPI / VigiLens, sent in the `X-API-Key` header. |
| CYVERS_WEBHOOK_SECRET | Server | Shared secret used to verify VigiLens alert webhooks (HMAC-SHA256 over raw body). |
Use Cyvers for realtime threat detection. MalConAPI verdict on a contract: `POST https://api.cyvers.ai/malcon/v1/contract` with `X-API-Key: ${CYVERS_API_KEY}` and `{ chainId, address }` returns `{ verdict: 'malicious'|'suspicious'|'benign'|'unknown', categories: ['drainer'|'rug'|'phishing'|'mixer'|...], confidence, firstSeenBlock }`. Address risk: `POST /v1/address/risk` with `{ chainId, address }` returns `{ riskScore: 0–100, sanctions: bool, mixerExposureUsd, counterparties }`. Configure VigiLens monitors in the dashboard (mempool watch, anomaly thresholds, address watchlists); deliveries POST a JSON event to your webhook signed with `X-Cyvers-Signature` HMAC-SHA256(raw body, `CYVERS_WEBHOOK_SECRET`). Webhook handler routes by `severity` (`info|low|medium|high|critical`) and `category`. For pre-broadcast gating in a custody/exchange flow, call MalConAPI on every `to` address and block on `verdict === 'malicious'` with a 'manual review' fallback for `suspicious`.
- ⚑Cyvers detection is ML-driven and probabilistic — `confidence` matters. Treat `< 70%` as 'review' rather than 'block', and track verdict revisions (Cyvers occasionally reclassifies contracts as benign after analyst review).
- ⚑Mempool monitoring requires either VigiLens-hosted scanners or your own RPC endpoint — public mempool feeds are partial on most L2s, so anomaly recall is uneven (Ethereum mainnet best, Polygon/BSC mid-tier, L2s weakest).
- ⚑Webhook signature verification uses HMAC over the EXACT raw body — Next.js App Router needs `runtime = 'nodejs'` and `await req.text()` before parsing, or HMAC will not match and alerts will be silently dropped.
- ⚑Sanctions / KYT coverage maps to OFAC + major global lists, but jurisdictional enforcement coverage (e.g. Korea FSC, MAS, Brazil) is limited; pair with Chainalysis or TRM for full compliance use cases.
- ⚑Alert latency is typically <1s for mempool-detectable patterns and 1+ block for confirmed-only detections — for true pre-tx prevention pair with a pre-signature scanner (Blockaid/Blowfish) at the wallet layer.
- ⚑Chain coverage is currently EVM-focused — non-EVM chains (Solana/Bitcoin/Cosmos) have partial or no support depending on product; verify the (chain, product) matrix in the dashboard before designing dependencies.