BitGuard is a Bitcoin wallet address risk assessment tool designed to help users evaluate whether a wallet may be safe, suspicious, or potentially linked to illicit activity. By combining blockchain-derived features with machine learning, BitGuard aims to turn complex transaction behavior into a simple, understandable risk assessment.
Graduate Students from UC Berkeley
- Chirag Agarwal
- Noah Cederholm
- Steven Au
- Wes Morberg
Sending Bitcoin to the wrong wallet can be costly and irreversible. Many users, especially those with limited blockchain experience, have no easy way to judge whether a wallet address is trustworthy before sending funds.
BitGuard addresses this problem by analyzing wallet behavior and producing a risk assessment that can help users make safer decisions. The goal is to provide a simple interface backed by a more advanced modeling pipeline, so users do not need to understand raw blockchain data in order to benefit from it.
https://www.youtube.com/watch?v=lx0kMLqsAPY
BitGuard is intended for:
- First-time or occasional Bitcoin users
- Less technical users who want a simple confidence check before sending funds
- Users copying wallet addresses from unfamiliar sources
- Wallet providers or exchanges interested in lightweight wallet risk scoring
- Wallet address risk assessment
- Easy-to-understand output for end users
- Machine learning-based scoring using blockchain-derived features
- Backend integration with Neo4j graph data
- Cached request/response flow for improved performance
- Web-based frontend for submitting wallet addresses
The BitGuard modeling workflow begins with Bitcoin-related graph data stored in Neo4j. Data is extracted and transformed into model-ready features, which are then passed into a machine learning model to generate predictions.
flowchart LR
subgraph Data_Source
A[(Neo4j)]
end
subgraph Data_Processing
B[Extract Data]
C[Feature Engineering]
end
subgraph Modeling
D[ML Model]
end
subgraph Output
E[Predictions]
end
A --> B --> C --> D --> E
flowchart LR
U[User]
subgraph Oracle["<span style='color:#2c7be5'>Oracle VM</span>"]
direction TB
subgraph OracleFrontend["<span style='color:#17a2b8'>Oracle Frontend</span>"]
FE[Frontend Web App]
end
subgraph OracleBackend["<span style='color:#3b5bdb'>Oracle Backend</span>"]
SUBMIT["/submit Endpoint"]
CACHE[(Redis Cache)]
end
end
style Oracle fill:#2b2b2b,stroke:#4a4a4a
subgraph Backend["<span style='color:#c0392b'>Backend API</span>"]
direction TB
subgraph AWS["<span style='color:#e67e22'>Amazon VM</span>"]
direction LR
VALIDATE["/validate Endpoint"]
MODEL[ML Model]
APIRESP[API Response]
end
subgraph Graph["<span style='color:#27ae60'>Neo4j Graph Database</span>"]
DB[(Neo4j Database)]
end
end
style Backend fill:#2b2b2b,stroke:#4a4a4a
U --> FE
FE -- POST request --> SUBMIT
SUBMIT --> CACHE
CACHE -- POST request --> VALIDATE
VALIDATE -- POST request --> DB
DB -- data --> MODEL
DB -- Not found or Error --> APIRESP
MODEL -- prediction --> APIRESP
APIRESP --> CACHE
CACHE --> FE
FE --> U
At a high level, BitGuard follows this process:
- A user enters a Bitcoin wallet address into the web interface.
- The frontend sends the request to the backend through the submit endpoint.
- The backend checks the cache for an existing result.
- If needed, the backend queries Neo4j and or model-ready data sources.
- Features associated with the wallet are passed into the machine learning model.
- The model returns a risk assessment.
- The result is sent back to the user through the frontend.
This flow is intended to make sophisticated blockchain analysis easier to use for non-technical users.
- Open the BitGuard web application in your browser.
- Enter a Bitcoin wallet address into the search or input field.
- Submit the address for analysis.
- Review the returned risk assessment and any supporting output shown in the interface.
A user receives a Bitcoin wallet address for payment, investment, or transfer. Before sending funds, they can paste the address into BitGuard to get a quick risk check. The goal is to provide an additional layer of confidence before taking an irreversible action.
A typical high-level structure for this project includes:
frontend/- web interface and static assetsbackend/- API and model-serving logicREADME.md- project documentation
You can update this section to match the exact structure of your repository if needed.
The backend API is a monetizable service. It supports two access paths:
- public requests to
POST /validatecan be protected with x402 pay-to-access - trusted server-to-server requests require the correct
X-Internal-API-Keyheader
When deploying the api, make sure to configure these values in .env:
MODEL_PATHDATABASE_URLINTERNAL_API_KEYX402_ENABLED=trueX402_PAY_TO_ADDRESSX402_NETWORKX402_FACILITATOR_URL
INTERNAL_API_KEY is the shared secret used for trusted bypass access.
- requests without that header, or with the wrong value, go through the x402 payment middleware
Set X402_PAY_TO_ADDRESS to the wallet address that should receive payment for API access.
X402_NETWORK is the x402 network identifier. The current default, eip155:84532, is a Base Sepolia test network. Please change to different one accordingly to the right network.
X402_FACILITATOR_URL is the facilitator service used by x402 to verify and settle payments. The current example value, https://x402.org/facilitator, is appropriate for testing. Production deployments should point this to the facilitator you intend to use on mainnet.
BitGuard relies on blockchain-related data and derived wallet features to support its predictions. These features may include transaction behavior, graph-based signals, and other indicators associated with wallet activity.
The exact modeling approach, feature set, and evaluation strategy may continue to evolve as the project develops.
Potential future directions for BitGuard include:
- expanding wallet coverage and labeling
- improving model interpretability
- providing more detailed explanations for flagged wallets
- adding confidence intervals or explanation layers to model outputs
- strengthening evaluation against known risky wallet categories
- improving frontend UX for non-technical users
BitGuard is intended as a decision-support tool, not a guarantee of wallet safety. A low-risk score does not prove that a wallet is safe, and a high-risk score should be interpreted as a warning signal rather than definitive proof of wrongdoing.
Users should treat BitGuard as one input into a broader decision-making process.
This project builds on external resources and infrastructure related to Bitcoin graph data and Neo4j restoration workflows.
Special acknowledgement to:
- EBA
- Neo4j database restoration documentation
Resources:
For future maintenance of the paid API flow, these are the main x402 references used in this project:
- Seller quickstart: https://docs.x402.org/getting-started/quickstart-for-sellers
- Facilitator concept: https://docs.x402.org/core-concepts/facilitator
- Network and token support: https://docs.x402.org/core-concepts/network-and-token-support
- FAQ: https://docs.x402.org/faq
BitGuard is an academic/capstone project and should not be treated as a production-grade compliance, fraud prevention, or forensic platform. Its outputs are intended for research, demonstration, and educational purposes.