SpotBlock Labs Zurich LogoSpotBlock Labs Zurich
App
← Back to docs

Real-Time Monitoring

SpotBlock watches Ethereum wallets and smart contracts on mainnet. Alerts are generated after transactions confirm, so you get near–time-zero visibility into risky patterns.

How It Works

When you place a wallet under monitoring, SpotBlock's detection engine begins tracking every confirmed transaction involving that address. Each transaction is analyzed in real time against a proprietary set of behavioral and heuristic detection models. When activity matching known threat patterns is identified, an alert is raised and immediately surfaced on the Explorer.

You can view two streams of data for any monitored wallet: Risk alerts highlight potentially dangerous activity, while All activity provides a complete chronological feed of every transaction — useful for auditing and forensic review.

Getting Started

  1. Go to the Explorer and search for an Ethereum address.
  2. Click Start RT monitoring. SpotBlock checks on-chain code and automatically registers EOAs as wallet watches and addresses with bytecode as contract watches. No wallet signature is required for basic monitoring.
  3. The address appears in the Real-Time Monitored Addresses panel (green = wallet, violet = contract). Risk alerts appear as the backend worker detects matching patterns.
  4. Use Risk alerts for threat-tier items and All activity for the recent feed (wallets: each tx involving the address; contracts: each top-level call to the contract, plus informational severities such as unpause).
  5. Click a monitored card to load that address, or open the detail modal → Analyze tab for the same controls.

Contract monitoring (v1)

The worker ingests transactions whose top-level to is the watched contract (Ethereum mainnet, receipt-level — no trace RPC). Token movements routed only through routers/multicall without calling your contract directly may not appear. Prefer this mode for tokens, vaults, or protocol contracts users call by address.

What We Detect

Our detection engine covers a broad range of on-chain threat vectors. The exact rules, thresholds, and behavioral models are not disclosed to maintain their effectiveness. At a high level, the system monitors for:

Asset movement anomalies

Unusual patterns in native currency and token transfers that deviate from a wallet's expected behavior.

Permission abuse signals

Dangerous or excessive permissions granted to third-party contracts, and patterns associated with approval-based exploits.

Behavioral velocity

Abnormal transaction frequency and automation signatures consistent with bot-driven or scripted attack patterns.

On-chain deployment events

Significant contract interactions and deployments originating from the monitored wallet.

Alert Severities

Critical

Immediate threat requiring urgent attention. Activity strongly correlates with known exploit or drain patterns.

High

Significant suspicious activity detected. Should be reviewed promptly.

Medium

Notable event worth reviewing. May be routine but warrants awareness.

For Auditors

The "All activity" view provides a complete, timestamped log of every transaction processed for a monitored wallet. This can serve as an independent audit trail alongside Etherscan or other block explorers. Each entry includes the block number, transaction hash (linked to Etherscan), and a human-readable summary of the action.

Risk alerts include the severity classification and a description of the detected pattern. This data can be exported or referenced when compiling incident reports or conducting post-incident forensic analysis.

Current Scope

  • Ethereum mainnet — multi-chain support is planned.
  • Post-confirmation detection — activity is flagged after transactions are confirmed on-chain, not at the mempool level.
  • Wallet + contract monitoring — both are available from the Explorer; contract rules focus on admin-style events, large inflows, token outflows from the contract, and call/failure bursts (see worker README for details).
  • No signature required for basic monitoring. Future tiers may require wallet authentication for custom thresholds or multi-channel notifications.

Roadmap

  • Deeper DeFi / log-filtered ingest options for high-volume pools
  • Email and Discord alert notifications
  • Custom alert thresholds and personalized detection profiles
  • Multi-chain support
  • Wallet signature verification for premium features