How ZAFU treats community risk signals.
Community Signals help ZAFU warn about risky addresses earlier, while keeping labels explainable and avoiding overclaiming from a single report.
Signal states
| State | What it means |
|---|---|
| Community-reported | One or more ZAFU users reported the address, and the address crossed the community threshold. Treat it as high risk and verify independently. |
| Pattern-detected | ZAFU detected suspicious behavior such as dust, zero-value inbound transactions, or poisoning-style lookalike activity while indexing opted-in wallet history. |
| Team-reviewed | A human review checked available evidence, on-chain behavior, and report context. This raises confidence but still remains evidence-based. |
| Confirmed malicious | The address is confirmed by trusted threat intelligence, strong on-chain evidence, or a reviewed campaign cluster. ZAFU reserves this wording for higher-confidence cases. |
| Disputed | A user or address owner challenged the signal. Disputes are reviewed and can lower confidence, change copy, or remove an address from warnings. |
What reports include
ZAFU community submissions are designed around security evidence, not user tracking. Reports can include the suspected attacker address, chain, signal source, timestamp, and a private install ID for deduplication and abuse resistance.
Public share links use a separate referral ID. The private install ID is not placed in public URLs.
What ZAFU does not collect by default
- Raw browsing history.
- All pasted addresses.
- Clipboard contents.
- Private labels, notes, balances, or portfolio value for community use.
- Seed phrases, private keys, wallet passwords, or transaction signing access.
How warnings are applied
ZAFU checks community signals alongside bundled blocklists and external threat checks. If a community-only address appears, ZAFU describes it as community-reported and asks users to verify independently. That language is intentional.
Explainable signals Not every report is confirmed