Check if a blockchain address is flagged for malicious activity via x402 micropayment.
What it does
The `/defi/malicious` endpoint on the DeFi Intelligence API at defi.hugen.tokyo checks whether a given wallet or contract address has been flagged for malicious activity. It returns a verdict including whether the address is malicious, the types of malicious behavior detected (if any), and a safety tag. The endpoint is part of a broader suite of 26 DeFi security and data endpoints covering token audits, rugpull detection, phishing checks, bridge routing, protocol analytics, and more.
This specific endpoint accepts a single required query parameter `address` (the wallet or contract address to check) and returns JSON with fields such as `is_malicious_address`, `malicious_behavior`, and `tag`. Payment is handled via the x402 protocol at $0.01 USDC per call on Base. No API key or account setup is required — callers pay per request using x402-compatible wallets or the provider's broker/SDK alternatives. The API also offers an MCP transport at mcp.hugen.tokyo and a Python SDK (`x402-pay`) for simplified integration.
The endpoint is live and returned a 402 challenge with a sample response during probing. The OpenAPI spec (v3.1) is published at `/openapi.json` and interactive docs are available at `/docs`. Response schemas for this endpoint are not fully specified in the OpenAPI document (the 200 response schema is empty), so the exact response shape is inferred from the sample embedded in the 402 challenge.
Capabilities
Use cases
- —Screen a wallet address before sending funds to verify it is not flagged as malicious
- —Integrate automated address checks into a DeFi trading bot to avoid interacting with known bad actors
- —Build compliance tooling that flags suspicious counterparty addresses before executing transactions
- —Add a safety layer to a dApp frontend that warns users about risky addresses
Fit
Best for
- —AI agents that need on-demand address risk checks without API key setup
- —DeFi applications requiring per-call malicious address screening
- —Security researchers investigating flagged blockchain addresses
Not for
- —Bulk screening of millions of addresses (per-call payment model may be costly at scale)
- —Regulatory-grade AML/KYC compliance requiring certified data providers
- —Checking addresses on chains not supported by the underlying data sources
Quick start
curl -X GET "https://defi.hugen.tokyo/defi/malicious?address=0x1234567890abcdef1234567890abcdef12345678"Example
Response
{
"tag": "safe",
"malicious_behavior": [
"none"
],
"is_malicious_address": false
}Endpoint
Quality
The endpoint is live (402 challenge captured with sample response), has a published OpenAPI 3.1 spec, and interactive docs. However, the 200 response schema is empty in the spec, so the response shape is inferred from the sample in the 402 challenge. No dedicated documentation page, pricing page, or detailed field descriptions exist beyond the OpenAPI summary.
Warnings
- —Response schema for 200 is not defined in the OpenAPI spec; response structure inferred from 402 challenge sample only
- —No detailed documentation on which chains or data sources back the malicious check
- —Root URL returns 404; no landing page or standalone docs site
Citations
- —The API describes itself as '26 DeFi security and data endpoints — token audits, bridge routing, protocol analytics. No API keys, no rate limits, no setup for 3+ upstream services. One x402 payment per call.'https://defi.hugen.tokyo/docs
- —The /defi/malicious endpoint accepts a required 'address' query parameter described as 'Address to check for malicious activity'https://defi.hugen.tokyo/openapi.json
- —Payment is $0.01 USDC on Base per call as stated in the 402 challengehttps://defi.hugen.tokyo/defi/malicious
- —Alternative access methods include a broker, MCP transport at mcp.hugen.tokyo, and Python SDK x402-payhttps://defi.hugen.tokyo/defi/malicious