The Audit Engine.

The first phase of our pipeline is SERP (Search Engine Results Page) harvesting. For each entity in our index, we execute programmatic queries against organic search data — deliberately excluding sponsored results, shopping ads, and promoted listings that can be purchased by malicious actors.

We collect the top organic results for each keyword, extracting URL metadata, page titles, SERP snippets, and domain registration data. This gives us an unfiltered view of what the open web believes about a given crypto entity — without advertiser bias.

Our crawlers operate continuously, refreshing data for high-priority entities every few hours and less-active entities on a rotating schedule.

Raw SERP data is fed into our phishing detection module, which applies regular expression pattern matching against a curated lexicon of high-risk signals: scam, hack, stolen, drainer, fake, honeypot, rug, warning, phishing, ponzi, and 200+ additional threat indicators.

We also perform domain similarity analysis — comparing the target entity's official domain against registered lookalike domains using Levenshtein distance scoring and Unicode character substitution detection. A cluster of lookalike domains with recent registration dates is a strong signal of coordinated phishing infrastructure.

Results that trigger high-risk patterns are flagged with red sentiment badges in the final report. Entities with a concentration of phishing-related results receive a significantly penalized Trust Score.

Beyond SERP data, our engine ingests social signals to detect coordinated manipulation. We analyze sentiment patterns across indexed community discussions, news aggregators, and developer forums.

Key signals include: sudden spikes in negative sentiment velocity (indicating an active exploit or exit scam), bot-like patterns in promotional content (indicating artificial shilling), and discrepancies between the entity's claimed functionality and community-reported experience.

We apply a temporal weighting model — recent signals carry more weight than historical data, ensuring the Trust Score reflects current conditions rather than outdated information.

For DeFi protocols and tokens, our engine incorporates on-chain data analysis. We examine liquidity depth and holder distribution to identify potential honeypot mechanics and centralization risks.

Specific signals include: top-wallet concentration (if 10 wallets control >50% of supply, centralization risk is high), liquidity lock duration and contract (unlocked liquidity with recent large buys is a rug-pull precursor), and contract verification status on block explorers.

Unverified contracts with unusual transfer restrictions are automatically flagged. We cross-reference contract addresses against known exploit databases including Rekt.news, DeFiHackLabs, and SlowMist's intelligence feeds.

The final Trust Score (0–100%) is calculated by a 42-point weighted security matrix. Each dimension contributes differently to the final score based on its predictive power for user harm:

SERP sentiment composition (35% weight): ratio of positive-to-negative-to-neutral organic results. Domain authority signals (20% weight): age, registration data, SSL validity, and backlink diversity. Phishing cluster proximity (25% weight): number and freshness of lookalike domains detected. On-chain indicators (15% weight): contract verification, liquidity lock, and holder distribution. Community consensus (5% weight): aggregated forum sentiment score.

Scores above 70% are classified as Verified Safe. Scores between 40–70% trigger a Moderate Risk advisory. Scores below 40% trigger a Critical Alert.

Trust Scores are not static — they are living assessments. Our data nodes refresh continuously in a priority queue based on entity activity level, recent search volume, and detected anomaly signals.

High-profile entities (top-50 exchanges, major DeFi protocols) are refreshed every 2–4 hours. Mid-tier entities refresh daily. Long-tail entities in our index are refreshed weekly or when triggered by anomaly detection (sudden spike in phishing-related queries).

When a new exploit or security incident is reported by on-chain monitoring services, our system automatically queues an emergency re-index for the affected entity, often updating the Trust Score within minutes of the event.