Summary
| Rule | Account types | Status |
|---|---|---|
| Large Transfer | Wallet / contract; native + tokens | 🟢 Active |
| Activity Spike | Wallet (EOA) | 🟢 Active |
| Flow Spike | Wallet (EOA) | 🟢 Active |
| Transfer Deviation | Wallet (EOA) | 🟢 Active |
| Dormant Wallet Reactivation | Wallet (EOA) — cold / dormant | 🟢 Active |
| Unknown Counterparty Interaction | Wallet (EOA) + counterparty | 🟢 Active |
| Balance Threshold Alert | Wallet / contract; tokens | 🟢 Active |
| Balance Change Delta | Wallet (EOA) / program | 🟢 Active |
| Large Cross-Chain Transfer | Bridge protocols; sender / receiver | 🟢 Active |
| Successful Transaction | Any account | 🟢 Active |
| Full Balance Sweep | Wallet (EOA) | ⚪ Deprecated |
| Suspicious Multi Send | Wallet (EOA) | ⚪ Deprecated |
| Account Closed | Wallet / program | ⚪ Deprecated |
Rules
🟢 Large Transfer
🟢 Large Transfer
Detects. A monitored wallet sends or receives a transfer above a USD threshold.
| Trigger | A native or token transfer involving a monitored address exceeds the configured USD minimum. Supports inbound / outbound / both, with optional address, token, and amount filters. |
| Account types | Wallet / contract senders and receivers; native + tokens |
| Status | Active |
🟢 Activity Spike
🟢 Activity Spike
Detects. A wallet’s outbound transaction count spikes far above its normal rate.
| Trigger | Outbound transaction count per time window exceeds the address’s baseline by a configurable Z-score. (Scheduled.) |
| Account types | Wallet (EOA) |
| Status | Active |
🟢 Flow Spike
🟢 Flow Spike
Detects. A wallet’s outbound USD volume spikes far above its normal level.
| Trigger | Outbound USD volume per time window exceeds the address’s baseline by a configurable Z-score. (Scheduled.) |
| Account types | Wallet (EOA) |
| Status | Active |
🟢 Transfer Deviation
🟢 Transfer Deviation
Detects. A single transfer that is far larger than the wallet’s historical norm.
| Trigger | A transfer deviates significantly from the address baseline (Z-score ≥ 3). Supports inbound / outbound / both. (Scheduled, baseline-driven.) |
| Account types | Wallet (EOA) |
| Status | Active |
🟢 Dormant Wallet Reactivation
🟢 Dormant Wallet Reactivation
Detects. A long-inactive wallet suddenly transacts again — useful for spotting
unauthorized use of cold or dormant treasury accounts.
| Trigger | A monitored address with no activity for a configurable number of days signs a new transfer. Supports inbound / outbound / both. (Scheduled.) |
| Account types | Wallet (EOA) — cold / dormant treasury |
| Status | Active |
🟢 Unknown Counterparty Interaction
🟢 Unknown Counterparty Interaction
Detects. A monitored wallet transacts with a counterparty that isn’t on your
allow-list.
| Trigger | A transfer to or from a wallet not in the provided allow-list. Supports inbound / outbound / both. |
| Account types | Wallet (EOA) + counterparty |
| Status | Active |
🟢 Balance Threshold Alert
🟢 Balance Threshold Alert
Detects. A watched wallet’s balance crosses a floor or ceiling.
| Trigger | A monitored account’s native or token balance falls below a lower bound or rises above an upper bound. (Scheduled.) |
| Account types | Wallet / contract addresses; tokens |
| Status | Active |
🟢 Balance Change Delta
🟢 Balance Change Delta
Detects. A monitored account’s balance changes beyond a threshold.
| Trigger | A transaction changes the account’s native or token balance past a configurable token and/or USD threshold. Supports inbound / outbound / both. |
| Account types | Wallet (EOA) / program; tokens |
| Status | Active |
🟢 Large Cross-Chain Transfer
🟢 Large Cross-Chain Transfer
Detects. A large amount bridges into or out of a network.
| Trigger | A cross-chain inflow or outflow over a USD minimum across any supported bridge. Filter by direction and specific bridges. (Scheduled.) |
| Account types | Bridge protocols; cross-chain sender / receiver addresses |
| Status | Active |
🟢 Successful Transaction
🟢 Successful Transaction
Detects. A monitored account is part of any successful transaction — a basic
activity / audit-trail signal.
| Trigger | The monitored account appears in a successful transaction. |
| Account types | Any account (wallet / program / contract) |
| Status | Active |
Deprecated
⚪ Deprecated rules (migration context)
⚪ Deprecated rules (migration context)
Retired from a previous runner, kept for completeness:
- Full Balance Sweep — a full balance sweep out of an account.
- Token Transfer — a large token transfer (superseded by Large Transfer).
- Suspicious Multi Send — a wallet sends to multiple recipients in a single transaction.
- Account Closed — an account is closed.