Inspiration
Cryptocurrency users lose billions of dollars every year to phishing attacks, smart contract exploits, wallet drainers, and poorly secured web infrastructure. What makes this problem worse is that most users cannot easily distinguish between a secure platform and a dangerous one. Security reports are technical, blockchain analytics tools are complex, and vulnerability scanners are designed for professionals.
We wanted to build something that bridges that gap.
Our inspiration was simple: combine real historical crypto hack intelligence with automated surface security analysis and use AI to explain risk in plain language. Instead of overwhelming users with raw vulnerability data, we provide a clear score and actionable guidance.
We were particularly motivated by the number of repeat exploit patterns in DeFi — reentrancy, exposed admin panels, missing security headers, misconfigured APIs — that continue to cause massive losses. If we could detect early signals and contextualize them using past hack data, we could make security awareness far more accessible.
What it does
Crypto Hack is a defensive risk-assessment backend that evaluates the security posture of a crypto-related website, dApp, or API.
The system performs two main analyses:
First, it checks wallet addresses and domains against public crypto scam intelligence datasets. These include known phishing lists, malicious wallet clusters, and exploit-labeled addresses. This allows us to determine whether the input has been associated with previous scam activity.
Second, it performs a detection-only surface security scan using Nuclei. This scan looks for visible security misconfigurations, exposed services, missing protections, and known CVEs — without attempting any exploitation.
We then generate:
A Security Posture Score (0–10) based on detected findings
A Scam Exposure Score (0–10) based on intelligence matches
A plain-language explanation of what the findings mean
Prioritized remediation steps
The goal is not to hack or exploit anything, but to provide an understandable risk signal based on real historical patterns and observable security posture.
How we built it
Challenges we ran into
One of the biggest challenges was scope control. In a hackathon setting, it is easy to overbuild. We had to carefully limit the system to detection-only scanning and avoid implementing complex blockchain analytics.
Another challenge was balancing security accuracy with responsible reporting. We needed to ensure that we did not exaggerate findings or imply exploitation. Everything had to be labeled as “detected indicators” that require manual verification.
Integrating multiple intelligence sources was also challenging. Different datasets use different formats, naming conventions, and labeling systems. We had to normalize them into a consistent structure for matching.
Finally, model orchestration required careful prompting to ensure that AI explanations were clear, responsible, and not alarmist.
Accomplishments that we're proud of
succesfully developing the project
Log in or sign up for Devpost to join the conversation.