Changelog
Every shipped feature, improvement, and fix. We update this every time we deploy something users will notice.
IMPROVEMENTJuly 11, 2026
Interpretability — eleven more drivers get plain-language explainers, measured against production
- Instead of guessing which drivers needed explainers next, we measured: every driver key that actually fired across the last 45 days of real analyses (including the autonomous crawler's discovery corpus) was diffed against the explainer library. Eleven production-firing drivers were landing on the generic fallback.
- The entire mixer family is now explained: high_confidence_mixer_attribution (the address IS a registry-listed mixer — identity, not inference), mixer_pattern (corroborated mixer interaction — a single weak heuristic hit deliberately does not fire it), and high_mixer_interaction_ratio (recurring mixer routing as a share of total activity). For an AML audience, mixer drivers without reasoning were the worst gap on the board.
- Structural laundering shapes explained: peel chains (value hops forward while slices split off at each step) and fan-out distribution (one-to-many dispersal) — both review-sensitive rather than definitive, with the legitimate look-alikes (custodial change management, airdrops, payroll) stated plainly so analysts know exactly what would flip the read.
- Honest-observation flags explained: balance_unknown (the provider didn't answer — the engine withholds balance signals instead of fabricating them from a zero default) and high_zero_value_ratio (half the wallet's apparent activity moved no value — read raw transfer counts with that discount).
- Also covered: stale_wallet, single_counterparty_concentration (the dedicated-conduit shape shared by vesting payouts and mule wallets), circular_funding_pattern (value boomeranging through intermediaries), and the ratio variant of contract-interaction density.
- Every explainer answers the same three questions — what does the signal detect, why does CredScore weight it, what would change it — and states the trigger conditions the engine actually uses, not approximations.
IMPROVEMENTJuly 11, 2026
Tron depth — full pagination, honest truncation, TRX-native balance semantics
- Tron transfer history is now properly paginated. The previous pipeline fetched a single page (200 TRC-20 events + 200 native transactions) per analysis — for a busy USDT-TRC20 wallet, exactly the laundering profile Tron coverage exists for, that meant verdicts were built on a thin slice of recent activity while reporting the window as complete. TronGrid's strict fingerprint pagination is now implemented (constant page params, client-side trim), pulling history up to the analysis cap.
- Truncation is honest: if the fetch stopped while TronGrid still had pages — or one side of the fetch degraded — the analysis now reports transfer counts as "at least N" and withholds lifespan-based signals that a partial window could fake. The old check reported single-page fetches on deep wallets as complete histories.
- The engine is now currency-aware for native balances. Tron balances were previously mapped 1 TRX = 1 ETH internally, so a wallet holding 10 TRX (~$3) tripped the same high-balance band as 10 ETH (~$37,000), and a drained collector keeping a few TRX for energy could never register a dust balance — blocking the drained-collector escalation on Tron. Balance bands are now per-asset at equivalent economic magnitudes, and every analyst-facing balance now reads in TRX on Tron verdicts instead of mislabeling the amount as ETH.
- Failed Tron transactions (reverted transfers) are excluded from behavioral signals — a transfer that moved no value no longer distorts velocity and flow reads.
- TronGrid rate-limit penalties are respected: a 429 response carries a multi-second suspension window, and retries now wait it out instead of burning every retry inside the penalty.
- Two Tron wallets join the regression suite: an OFAC SDN-listed TRX address (must always escalate — guards the Tron sanctions path end to end) and Binance's Tron hot wallet (must never escalate — guards pagination, truncation labeling, and TRX balance bands against false positives). Full suite is now 20 wallets, all passing.
FIXJuly 11, 2026
Verdict stability — burner wallets no longer get safer as the calendar moves
- Regression testing caught a verdict-decay bug: a drainer collector that took funds from 570+ victims and drained to dust scored 34/100 (high risk, escalate) while it was under 30 days old — and had silently drifted to 89/100 (low risk, proceed) three months later, with zero new on-chain activity. The escalation logic asked "is this wallet fresh today?" when it should have asked "was it fresh when it acted?"
- New short_lived_wallet lifecycle signal: a wallet whose entire observed transaction history spans 30 days or less, and which has since gone silent, is a one-shot operational wallet — the burner signature of drainer collectors, exploit cash-outs, and laundering mules. It now satisfies every freshness-gated escalation permanently, so a dead burner reads the same next year as it did the week it drained.
- The signal is withheld whenever the transfer window is truncated — a partial view of a long-lived, busy wallet could otherwise masquerade as a short life and falsely escalate legitimate high-volume wallets.
- This matters for defensibility: a forensic verdict on a frozen on-chain record should not depend on when the analyst happened to run it. Full 18-wallet regression suite passes, including the legitimate high-fan-in wallets (exchange hot wallets, market makers) the freshness gates were originally designed to protect.
IMPROVEMENTJuly 11, 2026
Sanctions dust gate — micro-transfer contact no longer counts as sanctions exposure
- The engine's autonomous crawler surfaced its first confirmed false-positive class: a bot that sent 25 identical 0.0003 ETH transfers at the Lazarus Group's Ronin exploit wallet (message spam aimed at a famous address) was scoring 0/100 — maximum risk — because one-hop sanctions exposure counted any contact, in any direction, at any value.
- Sanctioned counterparty contact is now value-gated. If every observed transfer with a sanctions-listed address is a native-ETH micro-transfer under 0.005 ETH, the contact no longer drives sanctions-exposure scoring. This covers both directions of the same non-signal: spam bots dusting famous sanctioned wallets, and sanctioned wallets dusting bystanders.
- Dust contact is still surfaced, honestly: a new sanctioned_dust_contact flag records the contact as analyst-visible context with a full plain-language explainer, without branding the wallet a laundering counterparty.
- Real exposure is untouched. Any transfer of meaningful value, or any token transfer, keeps full sanctions-exposure severity — the Euler exploiter (100 ETH sent to the same Lazarus wallet) scores identically before and after this change. If the engine observed no transfers with the sanctioned counterparty inside its window, it assumes the worst and keeps full severity rather than guessing.
- The spam-bot wallet joins the regression corpus as a permanent false-positive guard: if it ever escalates again, the gate regressed; if Euler ever stops escalating, the gate over-reached.
FIXJuly 6, 2026
Site consistency audit — one chain claim, one nav, honest labels, correct titles
- Chain claims standardized sitewide. Seven pages (about, compare index + TRM comparison, team, subscribe confirmation, whitepaper) still said "five EVM chains" from before Tron shipped — every surface now states the engine's actual coverage: six chains — Ethereum, Tron, Base, Arbitrum, Optimism, and Polygon. A canonical chain constant (src/lib/constants/chains.ts) makes the contradiction structurally hard to reintroduce.
- Browser-tab titles no longer double the brand. The layout template appends "| CredScore" automatically, and 15+ pages were also baking the brand into their own titles, rendering things like "Autopsies — CredScore | CredScore". Every page now brands exactly once.
- Autopsy index reframed honestly: the three launch reports are labeled as the retroactive launch set, with same-day coverage promised for new exploits — the old hero claimed "published within hours" while its own cards showed multi-year-old exploits published on the same day. Loss figures also render clean ("$197M", not "$197.0M").
- One navigation, one footer. Watermark and autopsy pages had a stripped utility nav and no footer at all; pricing and about carried a different link set than the homepage. New shared SiteHeader/SiteFooter components, and every marketing page now exposes the same canonical nav (Product / Watermark / Autopsies / Pricing / Business / About) and the full footer link set.
- Link previews fixed: pricing, about, business, and docs previously inherited the homepage's OG tags, so sharing /pricing on X or Slack showed the homepage title. Each now ships page-specific OpenGraph + Twitter metadata.
- Homepage stat counters render real numbers in the server HTML instead of literal zeros pre-hydration — what crawlers and link-preview bots see now matches what visitors see. Count-up animation preserved, and prefers-reduced-motion users get static values.
- The first score a visitor sees now carries its scale ("0 = max risk · 100 = clean") directly beneath it, on both the homepage sample briefing and every shared verdict card — CredScore's scale runs opposite to what fast scanners assume.
- Demo cards labeled honestly: "Live engine output" pill on a frozen fixture renamed "Engine snapshot", and the contrast demo notes its snapshot date so it can't contradict the live verdict pages.
- Docs de-jargoned: "How wallet watching and the daily cron job work" is now "How daily wallet monitoring works", and internal machinery (cron jobs, table names, env vars) swept out of user-facing doc copy.
IMPROVEMENTJuly 5, 2026
Design system v0.1 — new token foundation, monochromatic palette, single cobalt accent
- Underlying token layer replaced: `src/app/globals.css` now defines the full design system (base near-black `#0A0B0F`, off-white ink `#EAEBEE`, single cobalt accent `#3B5BF5`, monochromatic surface palette, disciplined 5-stop white-alpha scale, 8-stop type scale, 8-stop spacing scale, 6-stop radius scale with 8px max, one motion ease curve `cubic-bezier(0.2, 0.8, 0.2, 1)`, three motion durations).
- Every value in the codebase is expected to resolve back to a token defined here. The purple-cyan gradient CTA that appeared ~40 times across the site is deprecated and will be burned down surface by surface as each screen is redesigned.
- The `SiteBackground` texture that rendered behind every page globally has been removed. Base is now flat.
- Keyboard focus states now render as a 1px cobalt border with a soft accent ring, replacing the ad-hoc purple outlines.
- This is Phase 3 of a multi-phase redesign engagement. The next visible change is the canary redesign of the Defensible Verdict Report page (`/report/{token}`), then screen by screen from there. The credscore-design-system.md spec at the repo root is the source of truth for every subsequent decision.
IMPROVEMENTJuly 5, 2026
Attribution corpus is now chain-inclusive — 9 curated Tron addresses lifted into the main lookup
- The engine's Tron pipeline had a curated 9-address known-address book (USDT TRC-20 contract, six major CEX hot wallets on Tron — Binance cold + hot, Bitfinex, HTX/Huobi, OKX, KuCoin — plus JustLend and SunSwap). It was silo'd inside src/lib/analyzer/providers/tronGrid.ts and invisible to the main knownAddresses.ts corpus that other engine paths + docs reference.
- Corpus went from 66 → 75 total addresses. The '66 Ethereum-only' credibility claim is retired; the '75 across ETH + Tron' claim is honest.
- Attribution recognition on Tron analyses now flows through the shared lookup path, so a wallet touching the Tron USDT contract or a major Tron CEX gets legibility labels the same way an Ethereum wallet does.
- Duplication acknowledged: the tronGrid.ts book still exists in parallel — unifying the two into a single source of truth is future refactor work, but not shipping-blocking.
IMPROVEMENTJuly 5, 2026
Attribution corpus doubled — 33 → 66 high-confidence infrastructure addresses
- The biggest single lever between where the engine is (~65-70/100) and where it needs to be (~85+) is attribution corpus size. Every 'weak attribution coverage' driver that fires today is a symptom of the engine not knowing who the wallet's counterparties are. This pass roughly doubles coverage on the addresses that show up most in real analyses.
- New DeFi protocols: Aave v3 Pool, Balancer V2 Vault, Compound v3 USDC Comet, MakerDAO CDP Manager, Curve tricrypto2 pool, Curve 3pool, ENS Public Resolver.
- New bridges: Wormhole Portal, Stargate Router, Synapse Bridge, Optimism / Arbitrum / Base standard L1 bridges, Across V2 Spoke Pool, LayerZero V1 Endpoint.
- New CEX hot wallets: OKX main + OKX 8, HTX/Huobi 10, KuCoin 4, Gate.io 1, Binance 8 (specifically whitelisted to fix the historical false-positive high_activity flag on the address that produced our only validation-failure record back in May).
- New tokens: AAVE, CRV, MKR, LDO, stETH + wstETH (Lido), rETH (Rocket Pool), crvUSD, FRAX, USDe (Ethena), PEPE, SHIB.
- Every entry was cross-checked against canonical protocol/bridge documentation or long-standing Etherscan public labels before adding. Corpus poisoning is worse than corpus scarcity — so only high-confidence additions in this pass. Larger scraped-source pipeline is future work.
- Downstream benefit: every /wallets and /report analysis run now recognizes more legitimate counterparties, softening false-positive risk drivers on wallets that heavily use recognized DeFi + CEX infra.
IMPROVEMENTJuly 5, 2026
Interpretability coverage — ten previously undocumented risk drivers now have plain-language explainers
- Every driver the engine emits should answer three questions on the /report and /wallets pages: what does the signal detect, why does CredScore weight it, what would flip it. Ten drivers that fired regularly in real analyses were landing on the generic 'no explainer yet' fallback — closing that gap now.
- Added: tx_truncated (fetch cap hit, observed totals are lower bounds), high_activity (elevated transfer volume as context, not verdict), new_high_activity (new wallet with disproportionate activity — laundering-mule signature), burst_activity (clustered transfers separated by dormancy), unexplained_high_value_accumulation (the driver that flagged all four Drift wallets on behavior alone).
- Also added: high_confidence_sanctions_attribution (curated-registry match vs. clustering-inferred label — the on-ramp for the sanctions cap), hack_proceeds_attribution (documented exploiter address label — persists through restitution, per the Euler autopsy reasoning), weak_attribution_coverage (unattributed counterparty share, compounds with adverse signals), dust_balance (near-zero balance despite volume — pass-through signature), high_contract_interaction_density (contract-heavy interaction pattern — DeFi power user or MEV bot depending on paired signals).
- Analysts now see plain-language reasoning on every driver the engine surfaces — not cryptic keys with fallback text. Real credibility-per-view improvement across every analysis report.
- This was the standing gap from the 2026-07-04 engine audit. Corpus went from 12 documented risk drivers + 14 offsetting factors to 22 documented risk drivers + 14 offsetting factors.
FEATUREJuly 4, 2026
Autopsy pipeline — rapid forensic reports on major exploits, published within hours of the news cycle
- New /autopsy public index and /autopsy/{slug} detail pages. Autopsies are a distinct surface from /case-studies — those are curated deep-dives that take days; autopsies are structured forensic snapshots that go live before the incumbents put out their post-mortem.
- Every autopsy pins the engine version at publish time so the analysis is reproducible three years later — same wallet, same chain, same engine version, same verdict. That's the defensibility promise this surface makes concrete.
- Every involved wallet on an autopsy page cross-references its live CredScore verdict inline. Score, tier, deep-link into the full /wallets/{address} verdict. When the wallet gets re-run, the autopsy page reflects the new verdict automatically.
- Founder console at /admin/autopsy: authoring form covering title, slug, victim, event date, loss estimate, markdown summary body, markdown observations, and a dynamic wallet list with role tags (attacker / laundering / victim / bridge / mixer / funder) across all six chains. Draft or publish immediately.
- POST /api/admin/autopsy — Clerk-authenticated founder route. Validates slug format, event_date shape, dedup by slug (409 on collision), sanitizes wallet entries server-side before insert.
- Autopsies added to primary desktop nav, mobile nav, and footer alongside Watermark. Meta and OpenGraph copy positioned around the 'published within hours' promise.
- This is the content flywheel behind CredScore's brand. Every crypto hack cycle is a distribution window; every autopsy becomes a permanent case study asset and a citation anchor for outreach.
- Ships behind a new migration (db/migrations/2026-07-04-autopsy-reports.sql). Apply via the Supabase SQL editor; console and public pages refuse to render until the table exists.
FEATUREJuly 4, 2026
/watermark landing page — the Behavioral Watermark now has a public front door
- New /watermark page: hero framing ("Chainalysis knows who wallets ARE. CredScore knows how they BEHAVE"), a live search input that redirects to any wallet's fingerprint page, three canonical demo cards with real fingerprint bars (Euler Finance attacker, ZachXBT-named pig-butchering wallet, Vitalik Buterin), the full twenty-dimension list, and a compounding-value explanation of why the primitive gets stronger as the corpus grows.
- Every demo card renders the actual computed fingerprint pulled server-side from shared_analyses — not marketing mockups. Card click deep-links into the full /wallets/{address}/fingerprint page with per-dimension divergence explanations.
- Watermark added to primary desktop nav, mobile nav, and footer so someone landing on the homepage from cold outreach can find it in one click. Meta/OpenGraph copy reinforces the positioning frame for share previews.
- This is a distribution surface, not a new engine feature. The Watermark itself already shipped; what was missing was a URL you could send to a compliance analyst and have them immediately understand what CredScore's differentiator is.
FEATUREJuly 4, 2026
Autonomous scanner — CredScore's corpus now grows itself, 300 wallets/day inside Alchemy's free tier
- New /admin/scanner founder console with a kill switch, daily-cap slider, monthly-CU-budget slider, reanalyze-cooldown slider, and a "Seed queue" button. Every scan the agent runs is enforced against these live settings.
- Cost guardrails baked into the core: 300 wallets/day hard cap (Wade's line), 150M CU/month ceiling (50% of Alchemy free tier — leaves 50% margin for /try + /desk organic traffic), 14-day reanalyze cooldown so we don't churn on the same wallet. Scanner refuses to run past any of these.
- Seed sources on day one: every OFAC-sanctioned address in sanctions_registry, every sanctioned counterparty referenced in existing shared_analyses verdicts, plus a curated list of ZachXBT-flagged wallets and public hack proceeds (Lazarus/Ronin, Bybit hack, Euler attacker, pig-butchering wallet).
- Neighbor propagation: after every successful analysis, the scanner enqueues up to 3 sanctioned counterparties from the result at high priority. The corpus grows organically toward interesting neighbors — every Lazarus rotation address, every laundering-mule chain — instead of random-walking.
- Vercel cron fires every 30 minutes and processes up to 15 wallets/tick. At 300/day steady state that's ~48 ticks × 6-7 wallets analyzed per day (many will be skipped by the cooldown).
- Every processed row records estimated_cu so the monthly budget usage is visible on the dashboard. Recent-processed feed shows source, status (done / skipped / failed), CU, and timestamp for the last 20 wallets.
- Storage math at 300/day: ~45 MB/month in shared_analyses, roughly 30 months of runway on the Supabase Free tier before we'd need to upgrade to Pro ($25/mo).
- This is the corpus-growth engine that makes the Behavioral Watermark actually useful. The Watermark is the primitive; the scanner is what fills its lookup table.
- Ships behind a new migration (db/migrations/2026-07-04-scanner-queue.sql). Apply through Supabase SQL editor; scanner refuses to run until the tables exist.
FEATUREJuly 4, 2026
CredScore Watermark v1 — behavioral fingerprinting: catch wallets by how they operate, not what they're labeled
- Every wallet analyzed by CredScore now has a 20-dimensional behavioral fingerprint — a compact vector capturing wallet age, activity rate, counterparty diversity, timing burstiness, protocol / DEX / CEX / mixer / bridge mix, self-transfer ratio, largest inbound source share, and entropy metrics.
- New /wallets/{address}/fingerprint page renders the target's fingerprint bar-by-bar and ranks every other verdict in the corpus by cosine similarity. Each match card shows tier, chain, score, known entity (if any), the 3 dimensions where the two wallets are MOST alike, and the 3 dimensions where they DIVERGE most.
- New /api/v1/watermark/match endpoint — Bearer-key auth, 30/min rate limit. Query {wallet, limit, min_similarity}, get ranked matches with similarity scores, fingerprint coverage, and known-entity attribution. Compliance products, wallet apps, and DEX aggregators can hit this inline before executing on any wallet.
- The pitch this ships: bad actors rotate addresses in 2 seconds. They can't easily rotate their behavior. When Lazarus generates 200 new wallets to launder Ronin proceeds, the Behavioral Watermark catches wallet #1 on its first transaction because its operational shape matches previous Lazarus wallets — before any attribution team can label it.
- Fingerprint uses PATTERN metrics only. Score, tier, sanctions_exposure_count, and other outcome variables are excluded so the fingerprint doesn't become circular (wallets that scored similarly would trivially match under any distance metric otherwise).
- MVP runs in memory over the shared_analyses corpus. Coverage is thin (~30 verdicts today) — real product value emerges at 5000+ wallets, and the architecture works identically at any scale. Migration to pgvector for sub-linear lookup is planned for when the corpus warrants it.
- Behavioral Watermark button added to every /wallets/{address} page (purple-cyan gradient — deliberately distinct from the other view CTAs to signal this as the moonshot primitive). ⌘K palette recognizes pasted EVM addresses and offers watermark as an additional deep-link option.
FEATUREJuly 4, 2026
Interpretability drill-down on /report — every driver, offsetting factor, and snapshot metric explains itself
- Every primary risk driver on the /report page gets a "Why this driver?" button. Click, and a purple methodology panel opens explaining three things: what the signal detects, why CredScore weights it, and what would flip it. Analyst can drill from a score to the methodology behind every signal without leaving the page.
- Every offsetting factor gets the same treatment — click "Why?" to see the same three-question breakdown. Green tint distinguishes offsetting explanations from red-tinted risk explanations.
- Every metric in the wallet snapshot (transfers observed, wallet age, sanctions exposure count, mixer interactions, etc.) shows a dotted underline; hover the label to see a plain-language explanation of what the metric measures and why CredScore cares about it.
- Backed by driverExplanations.ts — a curated corpus of 18 documented drivers and 10 snapshot-metric explainers. Unknown drivers fall back to a generic explanation so the UI never breaks; the queue for expansion is documented inline.
- This is the interpretability moat vs. Chainalysis Reactor. Reactor gives you a score with minimal signal-level explanation. CredScore surfaces the reasoning at every level, on demand, with methodology visible next to the evidence.
FEATUREJuly 4, 2026
Score trajectory chart on every wallet page + /trending surface — longitudinal analysis lands
- New score trajectory SVG chart on /wallets/{address} — renders every historical re-analysis event from wallet_score_history as a line chart. Y axis inverted (top = clean, bottom = max risk), dots colored by tier at each point, first→latest score delta and trend label rendered above.
- Deduped by day so noisy same-day re-runs don't stack on the chart. Chart only renders when the wallet has 2+ historical points — silent when there's nothing to show.
- New /trending page surfaces wallets whose score moved ≥5 points in the last 60 days. Two lanes: worsening (score dropped, wallet got riskier) and improving (score rose, wallet cleared up). Compliance analysts care about the worsening lane most — it's where escalations come from.
- Live data — Euler attacker's trajectory is 35 → 12 across two months; Vitalik has 83 data points from three months of re-analyses. Real trajectories on real wallets.
- Added /trending to the ⌘K palette. This is the first piece of the longitudinal-scoring pillar; predictive scoring is next.
FEATUREJuly 4, 2026
Cluster analysis — find related wallets that share sanctioned counterparties, entity labels, or behavioral fingerprint
- New /wallets/{address}/related page ranks every public verdict in the CredScore corpus by shared characteristics with the target wallet. Three-tier scoring: shared sanctioned counterparties (strong, worth 10 points each — co-investigation candidates), shared entity labels dedupe-normalized (medium, 1 point each — shared tooling), and behavioral fingerprint match (tier + posture + chain).
- Results split into three sections in the UI: strong signal (shared sanctioned), medium signal (overlapping entity labels ≥ 2), and behavioral fingerprint matches. Each card shows tier, chain, score, posture, and per-match tags describing WHY it matched ("3 shared sanctioned", "5 shared labels", "fingerprint match").
- Honest coverage disclaimer: this runs over the shared_analyses corpus, not chain-wide. Chainalysis-style true clustering runs over every wallet on the chain; ours grows as more verdicts get shared. Every hit is a real published verdict.
- "Related wallets" amber CTA added to /wallets/{address} alongside graph and trace. Full URL: /wallets/{address}/related.
FEATUREJuly 4, 2026
KYT rules engine — user-configurable alerts on top of engine output, analog to Chainalysis KYT and TRM Wallet Screening
- New /account/rules page for creating, enabling, and deleting alert rules on your watchlist. Five supported condition types out of the gate: score drops below threshold, score moves by delta (up or down), tier flips to target tier, sanctions exposure exceeds count, and mixer-adjacent interactions exceed count.
- Rules eval runs on the /api/cron/kyt-rules-eval endpoint — added to vercel.json cron schedule (daily at 08:30 UTC, 30 min before the watchlist emailer picks up new alerts). Fires land in wallet_alerts, the existing emailer dispatches them via Resend on the next tick.
- New /api/kyt-rules + /api/kyt-rules/{id} REST surface: GET/POST/PATCH/DELETE with per-user auth. Table missing state returns 503 with a migration prompt — /account/rules surfaces it as a clear "apply this SQL file" banner instead of a 500.
- Full audit trail: fire_count and last_fired_at on every rule so an analyst can see which rules are actually catching things vs. rules that never fire.
- Schema at db/migrations/2026-07-04-kyt-rules.sql — apply through Supabase SQL editor. Added "KYT rules" to /account quick actions and the ⌘K palette.
FEATUREJuly 4, 2026
Multi-hop money trail at /wallets/{address}/trace — the Chainalysis Reactor comparison feature
- New /wallets/{address}/trace page recursively walks a wallet's sanctioned-counterparty interactions and renders a horizontal flow: root wallet on the left, each hop moves right. Up to 3 hops deep, up to 8 children per hop. Every node is a real CredScore verdict on a wallet in the graph — not clustering heuristics.
- Each hop card shows the entity name (from the attribution corpus if known), short address, tier badge, score, and "via {sanctioned entity} · {list source}" chip explaining what edge connected it to the parent. Deep-links per card: "Verdict →" to the /wallets page, "Trace this →" to recursively trace from that node.
- Header stats show: total nodes, nodes with public CredScore verdicts, and sanctioned counterparties across the full trace path — the compact one-line signal an analyst gets before diving in.
- Honest coverage disclaimer: current data model only stores address-level counterparties for sanctioned interactions. Labeled entity interactions (Uniswap, Metamask, etc.) can't be traced through until the engine stores address-level counterparties on every analysis — flagged as next on the roadmap. Chainalysis Reactor is broader; ours is scoped to illicit-exposure but every hop is a real verdict.
- "Trace money flow" red-tinted button added to /wallets/{address} and the /report toolbar. Direct URL: /wallets/{address}/trace.
FEATUREJuly 4, 2026
Address attribution corpus — every known entity gets a name badge across the site
- New knownAddresses.ts seed corpus with ~35 hand-verified EVM addresses covering: major tokens (USDT, USDC, DAI, WETH, WBTC, LINK, UNI), DEX routers (Uniswap V2/V3/Universal, SushiSwap), aggregators (1inch, 0x), CEX hot wallets (Binance, Coinbase, Kraken, Bitfinex), Tornado Cash mixer pools (all OFAC-sanctioned), notable hack proceeds (Lazarus/Ronin, Bybit hack, Euler attacker, ZachXBT-named pig-butchering), and infrastructure (Ethereum Foundation, burn addresses, Vitalik).
- Investigation graph now enriches the root node label when the analyzed wallet is a known entity — instead of a shortened address, the center reads "Coinbase 1 (hot wallet)" or "Uniswap V3 Router" etc.
- Sanctioned counterparty nodes fill in attribution when the shared_analyses row didn't carry an entity string. So an interaction with 0x098b716b… now surfaces as "Lazarus Group (Ronin Bridge Hack)" on any wallet that touched it.
- /wallets/{address} pages get an entity badge in the header when the address is in the corpus, color-coded by category (hack/mixer red, exchange purple, DEX cyan, protocol green, individual amber).
- This is the seed of an attribution layer. Chainalysis has 350M+ addresses attributed; we have 35 hand-verified. The ingestion pipeline path (Etherscan tags, Arkham/Nansen datasets, community lists) is documented inline for future expansion.
FEATUREJuly 4, 2026
Bulk wallet screening API at /api/v1/analyze/batch — table-stakes for exchange compliance integrations
- New POST /api/v1/analyze/batch endpoint screens up to 100 wallets in a single request. Body is JSON: { wallets: string[] }. Response preserves input order and returns per-wallet result objects with the same shape as the single-wallet endpoint (score, tier, posture, engineVersion, verdictUrl, source, analyzedAt).
- Rate limit stays at 60 requests per key per minute — a batch of N wallets counts as N against the budget. Batches that would exceed the budget return 429 without consuming the partial budget.
- Under the hood: two batched Supabase queries (one against shared_analyses, one against analysis_audit_log), then per-input result assembly. A 100-wallet batch is a single-digit-millisecond DB round-trip — the same latency as one call at scale.
- Documented at /docs/api-reference alongside the single-wallet endpoint. Invalid inputs return { input, error, message } inline instead of failing the whole batch.
FEATUREJuly 4, 2026
Investigation graph — radial network visualization of any wallet's counterparties, sanctions exposure, and protocol touches
- New /wallets/{address}/graph route renders a full interactive SVG graph of every counterparty the engine recorded on a wallet. Sanctioned addresses (with resolved entity names) sit closest to the root; role-aggregate cluster nodes for mixer / bridge / DEX / CEX interactions sit mid-ring; labeled entity contexts (Uniswap, Metamask Swaps, Wrapped ETH, Ethereum Foundation, etc.) sit on the outer ring. Every node is a real signal from the shared_analyses row — nothing synthesized.
- Interactivity: hover any node to see kind + description in a side panel; click to select; drag the canvas to pan; scroll to zoom (0.4× to 3×); Reset button to recenter. Sanctioned counterparty nodes deep-link to their own /wallets/{address} page when we also have a public verdict for the counterparty — second-hop investigation without leaving the graph.
- Legend column tallies node kinds with color chips (sanctioned, mixer, bridge, DEX, CEX, hack proceeds, burn, protocol). Verdict summary panel shows the wallet's own score / tier / posture / engine version so context isn't lost while exploring.
- "View investigation graph" button added to both the public /wallets/{address} page (primary purple CTA) and the /report toolbar (opens graph in a new tab so the analyst keeps their case-file page). ⌘K palette recognizes pasted EVM addresses and now offers three deep-links: public page, investigation graph, and the desk.
- Zero third-party graphing libraries. Pure SVG + hand-rolled radial layout + custom pan/zoom. Loads fast even on wallets with 400+ counterparties because ring positions are deterministic — no force-layout solve per render.
FEATUREJuly 4, 2026
Case-study draft generator on /report — every verdict becomes a publishable case study in one click
- New "Draft case study" button on every /report page. Click, get a full markdown case study rendered directly from the verdict payload: hook, wallet snapshot, drivers with cited evidence, sanctions exposure, offsetting factors, sensitivity notes, entity context, methodology callout, CTAs to /try and /report.
- Same deterministic-template architecture as the SAR narrative — pure TypeScript, no LLM, no external API, no per-call cost. Regenerating the same wallet produces identical output.
- Output includes frontmatter with wallet, chain, score, tier, engine version, and a suggested slug. Copy the markdown, paste into a new src/app/case-studies/{slug}/page.tsx, add screenshots, tighten framing, publish.
- Kills the 80% of case-study writing work that's just projecting structured engine output into English prose. Content-flywheel amplifier for the /wallets SEO surface.
FEATUREJuly 4, 2026
Public per-wallet SEO pages at /wallets/{address} — every verdict becomes a Google-indexable surface
- New /wallets/{address} route renders a marketing-forward view of every public verdict CredScore has shipped. Score, tier, decision posture, confidence, drivers with cited evidence, sanctions exposure, offsetting factors, snapshot metrics, and a related-verdicts panel for other wallets in the same tier + chain.
- Every page carries schema.org Article markup, canonical URL, and is opted-in to Google indexing (robots: index, follow). Wallets that haven't been analyzed return a "not yet analyzed" state with a CTA to /try — no infinite empty pages Google would deprioritize.
- Dynamic OG image per wallet at /wallets/{address}/opengraph-image renders a distinct 1200x630 preview card with the score dial, tier label, chain badge, and decision posture — so sharing any wallet URL to X, LinkedIn, Slack, or iMessage produces a unique thumbnail per verdict.
- New /wallets index page browses the 100 most-recent unique public verdicts as a grid. Deduped by address, sorted newest first, click-through to individual wallet pages.
- sitemap.xml expanded to include /wallets/{address} for every public verdict in shared_analyses — up to 5000 entries — with per-row lastmod dates so Google recrawls updated verdicts. Also added /wallets, /live, /leaderboard, /api-playground, /docs/api-reference to the sitemap.
- ⌘K palette gains /wallets navigation + when a visitor pastes an EVM address, the palette now offers three deep-links: open the public /wallets/{address} page, open the desk, or query the cached embed-score.
- This is the flywheel: every /try, /desk, or API-driven verdict published via /api/share becomes an indexable page. As the corpus grows, CredScore becomes the address-lookup layer for compliance searches on Google.
FEATUREJuly 3, 2026
Interactive API playground at /api-playground — paste a wallet, see the response, copy the curl / Node / Python snippet
- New /api-playground page lets any visitor try the CredScore API in-browser without signing up. Paste a wallet or pick from three curated examples (Vitalik, pig-butchering laundering, Bitfinex19), click Run, watch the response JSON materialize in a monospace viewer alongside a request duration in ms.
- The playground uses the public /api/embed/score endpoint under the hood so anyone can try it, and shows the authenticated v1 curl / Node.js / Python snippets side-by-side with a copy button. Placeholder key swaps out for one you mint at /account/api-keys.
- Response viewer explains what each field means (score, tier, posture, engineVersion, verdictUrl, analyzedAt) and calls out the 60/minute rate limit.
- Added to the ⌘K command palette.
IMPROVEMENTJuly 3, 2026
Homepage hero analyzer runs inline — no redirect to /try
- The wallet input at the top of the homepage now runs the free analysis in place instead of redirecting to /try. Visitor pastes an address, sees an engine-status ticker walk through seven stages (fetching history, building counterparty graph, sanctions screening, entity attribution, scoring drivers, weighting offsetting, rendering verdict) for ~10-15 seconds, then a verdict panel materializes below the input with score, tier, posture, confidence, and a click-through to the full Defensible Verdict Report.
- Rate-limit (429) and wallet-too-active (400 WALLET_TOO_ACTIVE) responses replace the panel with a signup CTA instead of a raw error.
- Cold visitor conversion path is now: land on homepage → paste → watch engine work → see verdict → open full report → sign up. Zero page redirects between land and verdict.
IMPROVEMENTJuly 3, 2026
Homepage animated live stats bar — real numbers, count-up on scroll
- Between the hero and the Bybit case-study spotlight, a new stats bar shows total analyses run, total public verdicts shipped, sanctioned addresses tracked, chains covered, and case studies published.
- Every counter animates from 0 to the real value with an easeOutCubic 1.2-second curve, triggered exactly once when the bar scrolls into view via IntersectionObserver.
- All five numbers are pulled from live Supabase queries at request time — the homepage's stats can never fall out of sync with reality.
FEATUREJuly 3, 2026
Command palette (⌘K / Ctrl+K) — jump to any page, run any action, or paste a wallet from anywhere on the site
- New global command palette mounts once from the root layout. Toggle with ⌘K on Mac, Ctrl+K on Windows/Linux. Escape closes.
- Fuzzy search across every meaningful page (Home, Desk, Try, Live, Leaderboard, Watchlist, Cases, Team, Account, API keys, Docs, Methodology, Pricing, Case studies, Business, Status, Security) plus common actions (analyze a new wallet, invite a team member, mint an API key, contact sales, export CSV).
- Paste an EVM address into the palette to deep-link to the desk pre-populated on that wallet, or check the cached embed-score for it. Paste an 11-character report token to jump directly to /report/{token}.
- Kind labels (Page, Action, Wallet, External) and color-coded icons make results scannable in a single glance. Arrow keys navigate, Enter selects.
FEATUREJuly 3, 2026
Leaderboard at /leaderboard — most-analyzed wallets, most-recent flagged verdicts, chain and tier distribution
- New /leaderboard page shows the top 10 wallets by analysis run count (aggregated from analysis_audit_log) with their latest score and tier.
- Recent flagged verdicts panel lists up to 12 medium- and high-risk public verdicts, sorted newest first, click-through to the Defensible Verdict Report.
- Distribution row: chain distribution bar chart, tier distribution bar chart, and a five-bucket score histogram (0-20, 21-40, 41-60, 61-80, 81-100) rendered from live data.
- Every number on the page is computed from a Supabase query at request time — no cached hardcoded stats.
FEATUREJuly 3, 2026
Live activity feed at /live — every public verdict streaming through the CredScore engine, updated every 20 seconds
- New /live page shows the 30 most recent public verdicts from the shared_analyses table in a stream that auto-updates every 20 seconds. Filter chips let a viewer narrow by chain (6 options) or by tier (High / Medium / Low / Unclassified). Every row click-throughs to the underlying Defensible Verdict Report.
- All-time stats strip at the top: total analyses run, total public verdicts shipped, chains covered, and sanctioned addresses tracked. Every number is a live count against Supabase; nothing is hardcoded.
- Ambient background (grid overlay + radial glow) and a pulsing live indicator to make the page feel like a live dashboard instead of a static marketing page. New verdicts land with a soft slide-in animation.
- New /api/live endpoint powers the client-side polling loop with a 15-second edge cache so a burst of viewers doesn't hammer Supabase.
IMPROVEMENTJuly 3, 2026
SAR narrative draft is now deterministic — no LLM, no external API, no per-call cost
- Rewrote the /report SAR narrative endpoint to render the three-paragraph narrative directly from the verdict payload using a pure TypeScript template. Removed the Anthropic API dependency entirely.
- Every sentence of the narrative now maps to a specific field on the underlying shared_analyses row — address, chain, engine version, score, tier, decision posture, drivers, evidence, sanctions exposure, snapshot metrics, offsetting factors, and sensitivity notes. Regenerating the same wallet produces the same text.
- Matches CredScore's core positioning: deterministic engine output, no ML black box, every driver cited. An LLM-drafted narrative would carry hallucination risk that a regulatory filing should not.
- The button now works on every deployment out of the box — no ANTHROPIC_API_KEY required, no prepaid credits, no dormant state. The 503 fallback and the LLM disclaimer language have been removed from the modal.
FEATUREJuly 3, 2026
Watchlist UI, SAR narrative drafts, Chrome extension, and the public v1 API
- Watchlist page at /watchlist. Lists every wallet you're monitoring, shows the last score and last alert, and pins recent wallet_alerts firings in a companion column. Add a wallet by pasting its address; unwatch or remove it inline. Alerts flow through the existing monitor-wallets + watchlist-alerts cron; email delivery flags itself dormant on the page banner if RESEND_API_KEY or CRON_SECRET aren't set in the environment.
- SAR narrative draft on /report. New "Draft SAR narrative" button calls Claude Sonnet 4 with the verdict payload (drivers, evidence, sanctions exposure, snapshot metrics) and returns a three-paragraph FinCEN-shape narrative the analyst can copy into their case file after review. Endpoint no-ops with a 503 explainer if ANTHROPIC_API_KEY isn't set — the button surfaces that state instead of hanging.
- Chrome extension at chrome-extension/. Manifest V3 extension that injects a CredScore verdict badge next to the wallet address on Etherscan, Basescan, Arbiscan, Optimistic Etherscan, and Polygonscan. Popup lookup for any wallet from the extension icon. Calls the public /api/embed/score endpoint (cached read only, no engine budget cost). Ready to load unpacked from Chrome dev tools; icon assets are the last-mile before publishing to the Web Store.
- Public v1 API at /api/v1/analyze. Auth is a Bearer key minted at /account/api-keys and stored as SHA-256 hashes in a new api_keys table (migration file at db/migrations/2026-07-03-api-keys.sql — apply through the Supabase SQL editor). Rate limit is 60 requests per key per minute. Full endpoint reference documented at /docs/api-reference. The account UI surfaces a clear "table not yet applied" state when the migration hasn't run in a given environment, so nothing hangs on missing schema.
IMPROVEMENTJuly 3, 2026
Pricing gets an inline enterprise inquiry form · homepage adds a Defensible Verdict Report thumbnail
- Inline enterprise inquiry form on the pricing page. Team lead fills name, work email, company, seat count, expected volume, and optional context; submit fires the founder inbox with the whole payload so a real reply is possible within a business day. No more "click a button that opens a mail app" friction.
- Homepage Defensible Verdict Report section. A large thumbnail of the actual /report page (using the pig-butchering laundering wallet screenshot from the case-study set) sits above the fold-adjacent case-study spotlight, click-through goes straight to the live sample report. Makes the SAR-ready forensic-snapshot claim concrete instead of abstract.
FEATUREJuly 3, 2026
Desk gets bulk-CSV mode + case linkage + watch + report mint · /try gains chain picker · report page toolbar upgrades
- Bulk mode on the Analyst Desk. Paste any number of wallets (one per line, optional comma-separated label) and the desk runs them sequentially against the engine, streaming a status table as each one completes. Handles Google Sheets / Excel tab-separated pastes as a first-class case; auto-strips a header row if one's present.
- Empty state on the desk. Before an analysis runs, the desk shows three curated example wallets (pig-butchering laundering demo, Vitalik legibility anchor, Bitfinex19 cold wallet) that populate the input on click. Turns a blank workspace into a real starting point for anyone new.
- Wallet-to-case linkage on the desk. After an analysis runs, an "Add to case" button opens a modal that lists your open cases and lets you attach the wallet in one click, or spin up a new case titled from that same modal. Uses the existing cases + case_wallets schema; no new tables.
- Watch wallet from the desk result card. One click adds the analyzed wallet to your saved-wallets set with is_watched=true, so the monitoring cron picks it up on the next tick and alerts fire when the risk score changes.
- Generate Defensible Verdict Report button on the desk. Mints the shareable /report/{token} snapshot directly from the desk result — no manual round-trip through the Share flow.
- Chain picker on the public /try funnel. When a valid EVM address is typed, five chain chips appear (Ethereum, Base, Arbitrum, Optimism, Polygon) so the caller can pick which chain to analyze against instead of silently defaulting to Ethereum. Tron addresses auto-lock to the Tron chain with a callout badge.
- Live validation feedback on /try. As the caller types, the form calls out whether the format is a valid EVM address, a valid Tron address, or not yet recognized, so nobody gets to the Analyze button with something the API will 400 on.
- briefing_feedback API now accepts Tron Base58 addresses in addition to EVM, so the false-positive button on /report works for Tron wallets too.
IMPROVEMENTJuly 3, 2026
Defensible Verdict Report gets a toolbar: share, copy token, watch wallet, false-positive feedback, plus a score / confidence / insufficient-signal explainer pass
- Share this report button on /report — uses the native share sheet on browsers that support it, falls back to copying the report URL to the clipboard. Every existing viewer becomes a potential distributor.
- Copy verdict-report token button — one click to grab the token string (the value the SAR narrative or case-management link references) without hand-selecting from the address bar.
- Watch wallet button — one click from a verdict to enrolling the wallet in the CredScore monitoring pipeline. Alerts fire when the risk score or tier changes on subsequent re-analyses.
- Report false positive button — flags the verdict as wrong-direction and captures an optional analyst note. Goes to the engine team as calibration input on the next release.
- Insufficient Signal state now carries a real explainer paragraph ("why no score?") instead of a tiny caption. The absence of a score is not the same as a clean read; the report says so plainly.
- Score cell now shows the 0–100 scale in a caption underneath, and hovering the cell surfaces a tooltip. Confidence cell shows a plain-English band label (high / moderate / low) so scanners don't have to convert the percentage in their head.
- Fixed a report-page autosave bug that fired an empty PUT to the notes API on every mount for signed-in viewers. Autosave now waits for the analyst to actually type before round-tripping.
FEATUREJune 20, 2026
Tron USDT chain support, DEX-routed laundering detection, fifth case study, engine quality push to 75/100
- Tron USDT chain support shipped end-to-end. Paste any Tron Base58 address (T...) on /try or the desk and the engine analyzes TRC-20 USDT and TRX activity through the same chain-agnostic pipeline the EVM chains use. TronGrid provider with single-page fetch (sidesteps the TronGrid fingerprint pagination contract), sun-to-wei value scaling for engine compatibility, and Tron-aware address validation throughout the desk, /try, and /api/analyze. Verified end-to-end on the Tether Treasury Tron address.
- 48 OFAC SDN-listed Tron addresses ingested into the sanctions registry from the 0xB10C public OFAC-sanctioned-digital-currency-addresses repository. Sanctions registry made chain-aware (normSanctionsAddress preserves Tron Base58 case across all three call sites). Sanctions exposure check wired into the Tron analysis pipeline, so a Tron wallet that interacts with an OFAC-listed Tron address now surfaces the same self_sanctioned_address and sanctions_exposure_pattern flags an Ethereum wallet would.
- New dex_routed_pass_through_pattern engine flag catches the pig-butchering / social-engineering laundering shape that defeated earlier detection. Fires on a tight five-gate compound: single inbound source supplied >=55% of inbound value, DEX + aggregator share >=30% of activity, value-balance score <=0.30 (one-sided flow) or wallet drained to dust, >=15 non-zero transfers, and the wallet is not a known-good public entity. Demonstrated on a ZachXBT-attributed laundering wallet that scored 100/Low/Proceed before the update and 55/Medium/Review after. Vitalik and Bitfinex19 unchanged across the update (zero false positives on the regression slice).
- Trust-credit audit (engine roadmap #1) advanced. The hasSensitiveExposure gate, which controls whether a wallet earns DEX/aggregator/protocol stability credit and protocol-heavy risk dampening, was extended to recognize adverse behavioral patterns as themselves sensitive exposure. A laundering-shape wallet no longer gets legibility credit from its protocol counterparties, because the shape of how those protocols are used is the threat itself. Combined with a tightened score cap on the new flag (62 to 55), this closes the contradiction where the engine was crediting a laundering wallet for the exact counterparties that made up the laundering signature.
- Fifth case study published at /case-studies/pig-butchering-laundering-wallet-analysis, documenting the ZachXBT-named wallet, the verdict, and the engine output side by side. First non-DPRK, non-bridge-exploit case study in the series. Pairs with a companion long-form blog post at /blog/how-to-detect-pig-butchering-laundering-2026 covering the methodology that produces the verdict.
- Engine quality baseline moved from ~65 to ~75 over the day. Three compounding engine improvements (the flag, the trust-credit fix, the score cap), each verified non-regressing on the public regression slice (vitalik.eth, Bitfinex19 cold wallet, the ZachXBT laundering wallet). Same wallet, same data, same architecture, three calibration changes that move the verdict from a catastrophic false-clear to a defensible Medium/Review.
FEATUREJune 20, 2026
Public free analysis funnel, Euler Finance case study, design philosophy threaded through the site
- Public no-auth single-wallet analysis at /try. Paste any EVM address and get a real verdict on the existing /v share page in fifteen seconds. Cookie and IP rate-limited via a new anonymous_try_attempts Supabase table (one analysis per visitor per 24 hours, three per IP). Twelve-second engine timeout with a wallet-too-active fallback so ultra-high-volume addresses (exchange omnibus, USDT contract, MEV bots) cannot pin a serverless function.
- Fourth case study published: the Euler Finance attacker wallet, fifteen months dormant after the attacker returned $177M of the stolen $197M, still scores 12/100 High Risk Escalate at 72 percent confidence. The engine also surfaces one historical interaction with a Lazarus Group-attributed sanctioned address. First non-DPRK case study in the series, with five inline desk-output screenshots.
- Methodology page rewritten to open with the central design choice ("behavior over labels") that the engine is built around. Frames the trade-off between present-state risk scoring and on-chain-record risk scoring, with Euler and Humanity Protocol as live proof points in opposite directions.
- Compare pages for Chainalysis, TRM Labs, and Elliptic each carry a competitor-specific behavior-over-labels callout plus a three-card case study grid linking to Euler, Humanity, and Bybit. Each callout angles the design choice against the specific competitor's strength.
- Homepage hero sharpened: "Wallet risk scoring that reads behavior, not labels." Hero primary CTA routes to /try for unauthenticated visitors, /desk for paid users. Sample case study upgraded from Bybit to Euler.
- Business page adds a design choice section with the same three-card case study grid above the existing workflow categories. Case studies index page opens with the thesis frame and ends with a real conversion ask (try free, read the methodology, suggest a wallet by email).
- Pricing page now closes with a "the design choice you are paying for" callout that answers the implicit question of why $99 a month buys something different from a free open-source alternative.
- Desk analysis-complete chime swapped from the previous sub-bass thump to a short, high-pitched text-tone blip, after a private audition lab compared four candidates side by side.
IMPROVEMENTJune 13, 2026
Site design system pass and credibility audit
- Unified the site on the Geist Sans typeface, replacing the system-font fallback that was rendering on most pages
- Replaced purple-cyan gradient CTAs across the site with a solid white-on-dark primary button system for a more institutional B2B register
- Stripped the three-layer purple-and-cyan radial-glow body background from /business, /contact-us, /login, /privacy, /subscribe, and /terms
- Rewrote /team and tightened /about to remove first-person narrator passages and reposition both as product-focused vendor pages
- Replaced the previous null 404 page with a branded recovery page that links back to the desk and the homepage
- Wrapped /sign-in and /sign-up in proper page chrome and unified the post-auth redirect across /login, /sign-in, and /sign-up
- Killed leftover internal phrasing on /status (engine version codename, billing pipeline phase label) and on /subscribe success (webhook and entitlement jargon)
- Pulled the dead Pro tier reference out of the /subscribe page and unified the paid plan label everywhere to Solo
FEATUREJune 9, 2026
Spotting mixer-funded wallets, a long-form post
- Published a long-form post at /blog/how-to-spot-mixer-funded-wallets-2026 covering the three-layer methodology CredScore uses to detect mixer-funded activity
- Walks through self-attribution, counterparty attribution, and behavioral pattern detection with concrete examples
- Includes the engine's actual treatment of Tornado Cash exposure, depth-based mixer scoring, and confidence weighting
FEATUREJune 6, 2026
Public verdict share links and blog scaffold
- Every analysis now has a Share button on the desk that creates a public, read-only verdict page at /v/{token}
- Public pages render the same risk score, decision posture, primary drivers, and structured briefing the analyst sees, plus a CTA back to credscore.us so every shared verdict is a distribution surface
- Dynamic OpenGraph card preview at /v/{token}/opengraph-image so Reddit, X, LinkedIn, Slack, Discord, and iMessage render a real thumbnail when the link is pasted
- New /blog index and per-post pages with full Article schema and Twitter card metadata
IMPROVEMENTJune 4, 2026
Site credibility pass
- Replaced the prior animated particle background with a static SiteBackground component for a calmer reading surface across every page
- Rebuilt the public verdict pages so the analyst briefing renders as proper section headers and sub-items instead of a raw text dump
- Corrected early-access contradictions on /about, /team, and the homepage banner that were inconsistent with the now-live $99 per month Solo pricing
- Updated the Team page to reflect the actual current state of the company
FEATUREMay 26, 2026
Solo pricing is live
- Solo Analyst pricing restored at $99 per month with month-to-month billing and no annual contract
- Free first wallet analysis with no credit card to start, so analysts can run real wallets before deciding whether the engine is the right fit
- Business plan available with custom scope for teams that need higher-volume analysis or organization features
- Stripe checkout wired end-to-end with subscription state mirrored to Clerk user metadata for paywall enforcement
FIXMay 22, 2026
Engine hardening and regression corpus
- Closed seven separate scoring bugs surfaced by running the engine across a wide sample of attacker, victim, and clean wallets
- Hardened the sanctions enforcement path so confirmed OFAC SDN-matching wallets are hard-capped at score 12 across three independent enforcement points
- Added a structural-pattern review-sensitive flag system so structural findings (fan-out distribution, circular funding, source-return flow) escalate appropriately when combined with other adverse signals
- Locked in a regression corpus of 100-plus wallets covering low-risk, medium-risk, high-risk, sanctioned, drainer-shaped, and bridge-exploit profiles so engine changes can be evaluated against ground-truth examples before shipping
IMPROVEMENTApril 23, 2026
Site-wide copy and consistency pass
- Reconciled pricing across all pages so the number in the checkout flow matches what is advertised on comparison pages
- Updated chain coverage FAQ to reflect that Ethereum, Base, Arbitrum, Optimism, and Polygon are all fully supported
- Corrected founder name spelling and brand casing in the legal terms section
- Refreshed effective dates on the terms and privacy pages
- Removed stale roadmap claims from the analyst academy content
- Cleaned up writing style across the public docs and academy modules for tighter, less generic prose
FIXApril 22, 2026
Wallet relationship graph readability and correctness pass
- Filtered out heuristic pattern-match labels that were appearing as trusted entity nodes alongside curated OFAC labels
- Counterparty nodes now show transaction count with a unit (e.g., '347 tx') instead of a bare number
- Inline labels now show on most counterparties instead of requiring a click to identify them
- Edge labels upgraded to a larger, higher-contrast treatment so they stay readable at normal zoom
- Low-confidence inferred labels now render with a dashed border, muted color, and 'inferred' subtitle so analysts can distinguish them from curated labels at a glance
- Viewport safety margin expanded so outer nodes and their subtitle labels no longer clip at the edge of the graph container
- Added a short legend explaining the graph conventions
FEATUREApril 21, 2026
Analyst calibration feedback loop
- New 'Flag for calibration review' button on the briefing tab for any analysis
- Structured reason-code dropdown captures the specific disagreement (score too high, score too low, wrong entity label, missed structural pattern, wrong decision posture, other)
- Optional 2000-character notes field for deeper context
- Full analysis payload is stored alongside each report so engine updates can reproduce what the analyst saw at the time of submission
- Best-effort email notification routes reports to the engineering team for review
FIXApril 20, 2026
Security hardening pass
- Cron routes now fail closed when the secret environment variable is not configured, instead of defaulting open
- Authorization check added to the case wallet delete endpoint so only the case owner can remove wallets from it
- Two latent RLS policies removed from saved_wallets and case_folders that were granting public-role access to what should have been service-role-only data
- Full security and data integrity audit completed across 20 code paths and 18 tables
FEATUREApril 19, 2026
Bybit hack case study and engine label fix
- Published the first public case study at /case-studies/bybit-hack-lazarus-wallet-analysis, a full forensic analysis of the $1.5B Bybit hack with the CredScore engine output on the Lazarus attacker wallet
- Rebuilt the case studies index at /case-studies with article, breadcrumb, and FAQ schema markup for search engine discoverability
- Added related-study cards to every comparison page and a footer link from the homepage
- Corrected a latent engine label issue that was preventing the primary Bybit exploiter wallet from triggering the sanctions cap during analysis
- Suppressed the cosmic particle background on all case study pages for cleaner long-form reading
FEATUREApril 9, 2026
Documentation, changelog, and trust center launched
- Full documentation site at /docs covering scoring, signals, cases, team workspaces, and more
- Public changelog at /changelog showing every release
- Security and trust center at /security
- Status page at /status with real-time service health
- First-time onboarding flow on the analyst desk
FIXApril 8, 2026
Engine accuracy pass — sanctions and known-good entities
- Self-sanctioned wallets (e.g., OFAC Lazarus addresses) now correctly hard-cap at score 12 across all scoring stages
- Three-layer enforcement prevents any intermediate scoring adjustment from overriding the sanctions cap
- Known-good entities (Vitalik, Ethereum Foundation) get a +10 score boost and gentler confidence dampening
- Fan-out distribution patterns no longer force 'Review' on known public figures
IMPROVEMENTApril 8, 2026
Site-wide UI polish pass
- Unified all marketing page footers with consistent link order
- Added smooth transitions on links, buttons, and inputs
- Accessible keyboard focus rings on all interactive elements
- Consistent card padding and hover lift effects
- Removed duplicate Business link from footer
FEATUREApril 7, 2026
Six analyst features shipped
- Audit trail logs every analysis run per user
- Score history with sparkline chart on the overview tab
- Expandable signal flags with evidence bullets
- Counterparty drill-down — analyze any entity directly from the result
- Batch analysis (up to 10 wallets) with streaming results
- Wallet monitoring with daily cron job and alerts
IMPROVEMENTApril 7, 2026
Sidebar upgrades and platform intelligence
- Drag and drop to reorder saved wallets
- Hover to see full wallet address
- Star icon to toggle watchlist status
- Folder delete confirmation
- Platform intelligence card showing how many times CredScore has analyzed a wallet
- Score auto-updates in sidebar after re-analysis
FEATUREApril 6, 2026
Case management
- Create investigation cases with title, severity, and status
- Attach wallets directly from analysis results
- Timeline of case events (status changes, notes, wallet attachments)
- Case detail view with full investigation history
- Case lifecycle: open, pending, escalated, closed
FEATUREApril 6, 2026
Team workspaces
- Create organizations with multi-analyst membership
- Role system: Owner, Admin, Analyst
- Email invite flow with shareable token links
- Cases scoped to org or personal visibility
FEATUREApril 5, 2026
Analyst Academy launched
- 12 modules covering crypto fundamentals, AML, scoring, red flags, and reporting
- 50+ lessons with progress tracking
- Quiz at the end of every module
- Designed for compliance analysts of all skill levels
FEATUREApril 5, 2026
OFAC sanctions sync
- Weekly cron syncs the official OFAC SDN list every Monday
- Extracts all sanctioned Ethereum addresses automatically
- Stored in sanctions_registry for fast scoring lookups
Want updates as they ship? Email
wade@credscore.us to get added to the release announcements list.