Skip to main content

How to Find Malicious Addresses with MistTrack

Updated on
Dec 11, 2023

7 min read


As cryptocurrencies continue to evolve, so does the craftiness of those who seek to exploit them. For Bitcoin, BNB Smart Chain, and Ethereum users, one of the biggest threats comes from malicious addresses that attempt to steal assets or carry out fraudulent transactions. How can you ensure that you don't fall prey to these schemes? MistTrack's QuickNode add-on can increase the security of your users in just a few clicks.

In this guide, you will learn how to analyze blockchain addresses on Ethereum, Bitcoin, BNB Smart Chain (BSC) and TRON networks using MistTrack, a QuickNode Marketplace add-on.

What You Will Need

What You Will Do

Dependencies Used in this Guide


What is MistTrack?

MistTrack, developed by SlowMist, is a dedicated anti-money laundering (AML) tracking tool designed specifically for mitigating cryptocurrency money laundering risks. Its primary goal is to democratize access to a crypto tracking and compliance platform, making these critical features available to all. You may be wondering how you can determine malicious addresses without the use of MistTrack, however, to gather, clean, test and analyze large amounts of blockchain data is no easy task. That's why MistTrack's system capabilities are impressive. It has gathered over 200 million addresses from various wallets on major global trading platforms, offering comprehensive intelligence data assistance for rigorous AML analysis and research. This data collection includes thousands of addresses associated with diverse entities, 100K Threat Intelligence addresses, and more than 90M addresses linked with malicious activities. Presently, MistTrack supports address investigation on Ethereum, BNB Smart Chain (BSC), and TRON networks. However, the list is set to expand, with additional networks in the pipeline.

The main features of MistTrack include:

AML Risk Score

The AML Risk Score feature is a tool that estimates the risk level of an address holder by scrutinizing its transaction history and comparing it with SlowMist's rogue wallet database. Addresses linked to high-risk entities or those that have transacted with them are given elevated risk scores. This empowers you to scrutinize the risk profile of each wallet address, much like an expert compliance officer would, and assess if the wallet potentially harbors unlawful funds.

Address Labels

The Address Labels feature serve as an identification tool, helping to recognize entities like Coinbase or Binance associated with an address. They can also discern various labels both on-chain and off-chain such as ENS, MEV Bots, and DeFi Whales, as well as pinpoint the wallet type such as MetaMask.

Transaction Analysis

Blockchain explorers can be a tedious process. MistTrack makes things easier by analyzing and compiling all past transactions of an address into an easily understood format.

Favorites & Monitoring

The Favorites & Monitoring feature allows users to bookmark and collect data from addresses. The information is kept private and only accessible by the user.


The system displays a comprehensive graph of all transactions associated with an address. This graph can be filtered and sorted for important information, enabling users to visualize and monitor transaction connections effectively.

For the purpose of this guide, we'll be covering the Address Labels and AML Risk Score features which are apart of the Address Risk Scores add-on by MistTrack.

Enable the MistTrack Add-on on Your QuickNode Endpoint

Now that we know more about MistTrack, let's get into the technical demonstration.

First, we'll need a QuickNode endpoint that has access to either Ethereum mainnet, Bitcoin or Binance Smart Chain (mainnet). For the purpose of this tutorial, we'll show you how by using an Ethereum mainnet endpoint, however, the same steps are applicable to other supported chains as well.

QuickNode Ethereum Endpoint

Then, we'll need to add the MistTrack add-on to our endpoint. You can do this during the endpoint creation process or after by going to the Add-ons tab on your Endpoint's page and clicking Explore on the Address Risk Scores add-on.

Once your add-on is enabled, you will see it on the Add-ons tab:

QuickNode / MistTrack Add-ons Tab

You'll notice that the add-on shows "2 / 2 Active RPC Methods" this is referring to the mt_addressRiskScore and mt_addressLabel methods which we will get into in the next section.

Also note that with the add-on enabled, you will also have access to MistTrack's dashboard. Just click on the ellipses on the right side of the add-on and click Dashboard.

MistTrack Dashboard

Analyzing Addresses with MistTrack

As mentioned above, QuickNode supports the mt_addressRiskScore and mt_addressLabel Address Risk Scores RPC methods. Let's learn more about them before writing code.

The mt_addressRiskScore method returns an Anti-Money Laundering (AML) risk score for a wallet address. It is a value that’s assigned to an address based on their interactions on the blockchain utilizing our partner’s intelligence database. It provides users with an insight into the level of suspicious activity of that wallet. It can help determine if an address is managed by crypto exchanges, sanctioned entities, darknet markets, or mixers, as well as whether the address was engaged in illicit activities.

The mt_addressLabel method helps customers fetch labels associated with a wallet address. Addresses are labeled to assist users to distinguish between different types of addresses on the blockchain. These labels help users distinguish between exchanges, MEV bots, crypto whales, smart contracts, and more.

Now, let's test the methods to see their responses. We'll demonstrate using cURL and a popular web3 library such as Ethers.js.

Navigate to your terminal window and paste one of the following commands below. You'll need to update the YOUR_QUICKNODE_HTTP_PROVIDER_URL placeholder with your actual QuickNode credentials. If you want to test on your own Ethereum address (mainnet), update it now.

--header 'Content-Type: application/json' \
--data '{
"jsonrpc": "2.0",
"id": 1,
"method": "mt_addressRiskScore",
"params": [
"chain": "ETH",
"address": "0x9225ce4129f21ae0369a21f8c056c70a7d31e831"

Make the request and you'll see a response similar to:

"jsonrpc": "2.0",
"result": {
"score": 52,
"hacking_event": "",
"detail_list": [
"Interact With Suspected Malicious Address",
"Interact With High-risk Tag Address",
"Interact With Medium-risk Tag Addresses"
"risk_level": "Moderate"
"id": 1

For more insight into risk scores or what each description within the detail_list response field, check out these resources: Risk Descriptions for detail_list and Risk Levels Explained. You can also take a look at the full QuickNode Add-on Docs.

Now that you know how to make requests with cURL and Node.js, you are equipped with skills to build something like a React dashboard for investigating addresses.

Final Thoughts

That's it! You now know how to use the Address Risk Scores add-on by MistTrack to detect malicous addresses on several blockchain networks. If you're stuck, have questions, or just want to talk shop, drop us a line on Discord or Twitter!

We ❤️ Feedback!

Let us know if you have any feedback or requests for new topics. We'd love to hear from you.

Share this guide