Skip to main content
GET
https://api.credprotocol.com
/
api
/
v2
/
identity
/
address
/
{address}
/
sybil
curl -X GET "https://api.credprotocol.com/api/v2/identity/address/vitalik.eth/sybil" \
  -H "Authorization: Bearer YOUR_API_KEY"

{
  "address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "timestamp": "2024-03-12T14:30:00+00:00",
  "sybil_score": 12,
  "risk_level": "low",
  "indicators": {
    "count_unique_counterparties": 142,
    "count_unique_contracts_interacted": 37,
    "total_gas_spent_eth": 0.847,
    "funding_source_address": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F",
    "transaction_time_entropy": 0.82,
    "identity_attestations": 3,
    "wallet_age_days": 1095,
    "transaction_count": 456
  }
}

Overview

Analyzes an Ethereum address for sybil behavior by computing behavioral and relational signals from on-chain transaction data. Returns a composite sybil score (0-100, where higher = more likely sybil) along with individual indicator values.
This endpoint examines Ethereum mainnet transaction history to detect patterns consistent with sybil wallets -low diversity of counterparties, scripted timing, minimal gas expenditure, and lack of identity attestations.

Authentication

This endpoint supports two authentication methods:
MethodHeaderCost
API TokenAuthorization: Bearer YOUR_API_KEY3 Cred Units
x402 PaymentX-PAYMENT: <signed_payment>$0.03 USDC
x402 payments allow instant, accountless access. Pay per request with USDC on Base -no signup required. Try it live →

Path Parameters

address
string
required
Ethereum address or ENS name (e.g., vitalik.eth or 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045)

Response

address
string
The resolved Ethereum address (checksummed)
timestamp
string
ISO 8601 timestamp of when the analysis was computed
sybil_score
integer
Composite sybil score from 0-100. Higher scores indicate a greater likelihood that the address is a sybil.
risk_level
string
Human-readable risk classification derived from sybil_score. One of: low, medium, high, critical.
indicators
object
Individual signals used to compute the composite score.
indicators.count_unique_counterparties
integer
Number of unique addresses this wallet has transacted with (normal transactions + ERC-20 token transfers), excluding itself.
indicators.count_unique_contracts_interacted
integer
Number of unique smart contracts called (transactions with non-empty input data) or created.
indicators.total_gas_spent_eth
number
Total gas spent on outbound transactions, in ETH. Calculated as the sum of gasUsed times gasPrice for all transactions sent from this address.
indicators.funding_source_address
string
The address that first funded this wallet (sender of the first inbound ETH transfer). Null if no inbound value transfers exist.
indicators.transaction_time_entropy
number
Shannon entropy of inter-transaction time deltas, normalized to 0-1. Higher values indicate more varied (human-like) timing patterns; lower values suggest scripted/automated behavior.
indicators.identity_attestations
integer
Number of verified identity attestations associated with this address (ENS name, Gitcoin Passport, POAPs, credentials, etc.).
indicators.wallet_age_days
integer
Number of days since the wallet’s first transaction on Ethereum mainnet.
indicators.transaction_count
integer
Total number of normal transactions on Ethereum mainnet.

Risk Levels

ScoreRisk LevelInterpretation
0-24lowUnlikely sybil -diverse activity, verified identity
25-49mediumSome suspicious characteristics
50-74highLikely sybil -limited activity or identity
75-100criticalVery likely sybil -minimal on-chain presence

Scoring Methodology

The sybil score is computed by normalizing each indicator through a sigmoid function and combining them with the following weights:
IndicatorWeightDescription
Identity Attestations25%Verified on-chain/off-chain identity proofs
Unique Counterparties20%Diversity of transaction partners
Unique Contracts15%Breadth of smart contract interactions
Gas Spent10%Economic commitment to the network
Time Entropy10%Human-like transaction timing
Wallet Age10%Longevity of the address
Transaction Count10%Overall activity level
curl -X GET "https://api.credprotocol.com/api/v2/identity/address/vitalik.eth/sybil" \
  -H "Authorization: Bearer YOUR_API_KEY"

{
  "address": "0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045",
  "timestamp": "2024-03-12T14:30:00+00:00",
  "sybil_score": 12,
  "risk_level": "low",
  "indicators": {
    "count_unique_counterparties": 142,
    "count_unique_contracts_interacted": 37,
    "total_gas_spent_eth": 0.847,
    "funding_source_address": "0x71C7656EC7ab88b098defB751B7401B5f6d8976F",
    "transaction_time_entropy": 0.82,
    "identity_attestations": 3,
    "wallet_age_days": 1095,
    "transaction_count": 456
  }
}

Use Cases

Screen recipient addresses before distributing tokens. Flag addresses with high or critical risk levels to prevent sybil farming.
Verify that voters in DAO governance represent unique humans by checking sybil scores before counting votes or distributing voting power.
Combine sybil detection with credit scoring to identify borrowers who may be operating multiple wallets to circumvent lending limits.
Gate access to communities, allowlists, or early access programs by requiring a sybil score below a threshold (e.g., score under 25).

Performance

  • Response Time: Typically 2-5 seconds (uncached), under 100ms (cached)
  • Caching: Results cached for 30 minutes per address
  • Data Source: Ethereum mainnet only (via Etherscan API)