Blockchain intelligence that doesn't need labels
ChainGenius fingerprints every EVM transaction by its execution structure — the shape of its call tree and address flow. Bots reuse the same shape thousands of times. Novel exploits create shapes never seen before. We detect both, automatically.
Free · No signup · Real Ethereum data
The problem
Block explorers need ABIs to decode transactions. Analytics platforms need protocol labels. ML models need training data. If nobody's labeled it yet, nobody sees it.
Can't decode unknown contracts. New protocols, proxies, and unverified code are invisible. You only see what Etherscan can label.
Requires training on known attacks. By definition, can't catch what hasn't been seen before. The next exploit is always a zero-day.
Brittle rules that break when attackers adapt. High false-positive rates. Constant manual tuning as adversaries evolve their strategies.
The insight
Forget addresses, amounts, and timestamps. Every EVM transaction has an underlying execution structure — the pattern of calls, delegatecalls, and events that occurred.
This structure is a fingerprint. And the distribution of fingerprints across the chain is shockingly concentrated: 100,000+ transactions collapse into a handful of distinct shapes.
That collapse is the intelligence. Bots are a fingerprint repeated 10,000 times. An exploit is a fingerprint that appears exactly once.
How it works
Every transaction's debug trace is parsed into two objects: a call tree (how operations nest) and an address graph (how contracts interact).
Each structure is reduced to a canonical form — a unique string representation. Two transactions with the same execution pattern produce the same string, regardless of addresses or values.
The canonical string is hashed (SHA-256) into a content-addressed fingerprint. Lookup is O(1). Every transaction that shares a fingerprint is in the same behavioral equivalence class.
Applications
Structural fingerprinting turns expensive trace-level scans into instant lookups.
A sandwich bot runs the same execution structure 10,000+ times a day with different token addresses and amounts. With structural fingerprinting, one lookup finds them all. No signatures to maintain, no classifiers to train.
1 fingerprint → 10,000 bot transactions
A novel exploit creates an execution structure that has never appeared before. A fingerprint with occurrence count of 1, against a background of patterns seen thousands of times, is an immediate red flag — no prior knowledge required.
occurrence = 1 → automatic anomaly
50 "unrelated" wallets all executing the same rare structural pattern? That's coordination. The fingerprint reveals relationships that address-level analysis completely misses.
rare fingerprint + many senders → cluster
You have a suspicious transaction. Instantly find every other transaction with the same execution structure — across the entire chain history. Content-addressed hashing makes it a single lookup, not a full scan.
SHA-256 lookup → all matching txs
Complex DeFi protocols are built from simpler sub-patterns. The containment hierarchy shows exactly how protocols compose — which building blocks are shared, which are unique.
containment poset → composition map
What does this address actually do? Filter the global pattern distribution by any address to see its complete behavioral repertoire — as sender, receiver, or intermediary.
address → ranked pattern distribution
Why structural analysis
No ABI decoding, no protocol registry, no token databases. New contracts, unverified code, proxy patterns — all fingerprinted the same way. Coverage is total from the first block.
ML needs examples of attacks to detect them. Structural fingerprinting needs no training data — a novel exploit is automatically anomalous because its shape has never been seen before.
Not heuristics — a formal decomposition based on quotient spaces and canonical forms. The fingerprints are deterministic: same input always produces same output. No tuning, no drift.
Pattern matching is O(1) via content-addressed hashing. No scanning, no index rebuilds. The more data you have, the more the power-law distribution reveals — signal gets stronger, not noisier.
Live now
ChainGenius Lite is running on real Ethereum data right now. No signup required.
The power-law distribution of all structural patterns on-chain. Filter by any address to see what it does. The rank-frequency plot is the starting point for all investigation.
Look up any transaction. See its structural equivalence class — every other transaction that did the same thing. Browse the class members, view execution trees and address graphs.
Deep analytics for any pattern. Execution diagrams, volume timeline, participation profiles, and the containment hierarchy showing parent and child patterns.
The full mathematical foundations. Quotient spaces, canonical forms, containment posets, realizability constraints, and the asymmetry between tree and graph posets.
Every transaction already tells you what it did. You just need to know how to look at it.
Launch ChainGenius Lite →Free · No signup · Real Ethereum data