How I built a wallet risk scanner on a Raspberry Pi, and what it taught me about Web3 trust.

Oleksandr — Thu, 30 Apr 2026 07:33:25 +0000

A few weeks ago I got frustrated with how Web3 security tools felt. Dark, aggressive, technical, intimidating. Every wallet scanner looked like it was designed to scare you rather than inform you.

So I built my own. It runs on a Raspberry Pi 4 sitting in my room. It's live at scan.chlora.xyz and it's free.

Here's what I built, how I built it, and what reading DeFi hack post-mortems at night taught me about why the trust problem in Web3 is much bigger than anyone's scanner can fully solve.

At first, it all started on a sunday with just a C++ backend with CMake and an empty Raspberry Pi, I used Etherscan for the scanning part, and then with some algorithms I analyzed the protocols of the wallet. It flagged each protocol in different risk levels based on the control they had over the wallet, and made a clean smooth resulting output. From there I built a simple front end that ran on my local host just to see how appealing it is with the backend, and then it hit me, it seemed I was following some sort of script like I had to make the website dark and matrix-like and I wasn't satisfied. And then I realized how nature and something techy like the blockchain are both related, it seemed to me that the blockchain was just a field.

From there, I redesigned the front-end giving that feel of breathing in a spring's field, I had to find a name and ended up with Chlora, and then bought a domain, chlora.xyz, then I hosted the website in my raspberry pi where i routed it through claudefare to make it public with a new landing page. So I realized at that moment that my program had faults, it didn't take in mind protocols like Uniswap or Aave that are safe, nor other known protocols. So from there I built a whitelist system, where now I ended up with a 209.000+ contracts vault that were optimized to a binary form and improved the analyzing algorithm.

Seeing the potential of Chlora, I made an API for free and distribuited it on RapidAPI not before making a docs page of course. After all, I was satisfied with what I had, but I saw that I didn't have enough comprehension of what I was solving. I decided to see the biggest hacks and the most recent ones in rekt, a news platform, where I realized how big and unsafe is trusting in web3. Not only that, but many of the hacks happened and they only realized afterwards, no flags, no active checking, just an invisible delayed knock out punch.

From all of this, I realized how much there's left to do with Chlora. This was just the beginning. Every major DeFi hack in 2026 had the same root cause — something trusted something it shouldn't have. Not a code problem. Not a cryptography problem. A trust problem.

$18.4 million gone before most users finished their morning coffee. $196 million from a bridge nobody controlled. Billions lost to misplaced trust.
Chlora won't solve all of that. Not yet. But the direction is clear — from a scanner to continuous monitoring, from a tool to infrastructure, from a weekend project on a Raspberry Pi to the trust layer that Web3 is missing.
If you're building something in DeFi and want to add a trust layer — the API is free and live at docs.chlora.xyz.

And if you just want to see what your wallet looks like — scan.chlora.xyz. No wallet connection needed.

Update — May 2026
Since publishing this I've added two new endpoints:
GET /v1/contract — check if a contract is safe to interact with before trusting it. Returns trust level, deployment age, and a plain-English recommendation. Free tier.

POST /v1/monitor — register a wallet for continuous hourly monitoring. Get a webhook alert when the risk score changes significantly. Pro tier.
The contract endpoint is what would have prevented the Rhea Finance hack — $18.4M lost because a protocol trusted a contract it had never seen before. One API call would have flagged it as "Very new contract — do not trust without audit."

The scanner at scan.chlora.xyz now shows contract risk inline for every HIGH flag — click any flag to see the contract's age, trust level and recommendation without leaving the page.

Security that breathes.

DEV Community: Oleksandr

How I built a wallet risk scanner on a Raspberry Pi, and what it taught me about Web3 trust.