SpotBlock Labs Zurich LogoSpotBlock Labs Zurich
App
← Back to docs

Real-Time Wallet Monitoring

SpotBlock continuously watches Ethereum wallets for suspicious on-chain activity. Alerts are generated as soon as transactions are confirmed, giving you time-zero visibility into potential threats.

How It Works

When you place a wallet under monitoring, SpotBlock's detection engine begins tracking every confirmed transaction involving that address. Each transaction is analyzed in real time against a proprietary set of behavioral and heuristic detection models. When activity matching known threat patterns is identified, an alert is raised and immediately surfaced on the Explorer.

You can view two streams of data for any monitored wallet: Risk alerts highlight potentially dangerous activity, while All activity provides a complete chronological feed of every transaction — useful for auditing and forensic review.

Getting Started

  1. Go to the Explorer and search for any Ethereum wallet address.
  2. Click the Monitor Wallet button. No wallet signature is required for basic monitoring.
  3. The address appears in the Real-Time Monitored Wallets panel at the top of the Explorer with a pulsing green indicator. Risk alerts appear automatically as threats are detected.
  4. Use the Risk alerts / All activity toggle to switch between threat-focused alerts and the full transaction feed.
  5. Click any monitored wallet card to view its alert history, or open the detail modal and switch to the Analyze tab for monitoring controls.

What We Detect

Our detection engine covers a broad range of on-chain threat vectors. The exact rules, thresholds, and behavioral models are not disclosed to maintain their effectiveness. At a high level, the system monitors for:

Asset movement anomalies

Unusual patterns in native currency and token transfers that deviate from a wallet's expected behavior.

Permission abuse signals

Dangerous or excessive permissions granted to third-party contracts, and patterns associated with approval-based exploits.

Behavioral velocity

Abnormal transaction frequency and automation signatures consistent with bot-driven or scripted attack patterns.

On-chain deployment events

Significant contract interactions and deployments originating from the monitored wallet.

Alert Severities

Critical

Immediate threat requiring urgent attention. Activity strongly correlates with known exploit or drain patterns.

High

Significant suspicious activity detected. Should be reviewed promptly.

Medium

Notable event worth reviewing. May be routine but warrants awareness.

For Auditors

The "All activity" view provides a complete, timestamped log of every transaction processed for a monitored wallet. This can serve as an independent audit trail alongside Etherscan or other block explorers. Each entry includes the block number, transaction hash (linked to Etherscan), and a human-readable summary of the action.

Risk alerts include the severity classification and a description of the detected pattern. This data can be exported or referenced when compiling incident reports or conducting post-incident forensic analysis.

Current Scope

  • Ethereum mainnet — multi-chain support is planned.
  • Post-confirmation detection — activity is flagged after transactions are confirmed on-chain, not at the mempool level.
  • Wallet (EOA) monitoring — smart contract monitoring with its own detection models is in development.
  • No signature required for basic monitoring. Future tiers may require wallet authentication for custom thresholds or multi-channel notifications.

Roadmap

  • Smart contract real-time monitoring
  • Email and Discord alert notifications
  • Custom alert thresholds and personalized detection profiles
  • Multi-chain support
  • Wallet signature verification for premium features