Wallet Lifeboat

Check a risky wallet before adding gas.

Paste a wallet address to scan visible approvals, NFT permissions, and possible compromised-wallet signals. This is read-only and never asks for your seed phrase or private key.

Never enter your seed phrase or private key anywhere.

If a wallet's seed phrase or private key is compromised, revoking approvals does not make the wallet safe again. This tool helps you understand visible risks and possible next steps.

Triage target

Paste a wallet to inspect public risk.

Read-only

Ethereum Mainnet

Wallet Lifeboat scans one network at a time in this first pass. Use the standard scanner for its full multi-network workflow when you are ready to continue.

Before taking action

Never enter your seed phrase or private key anywhere.

This Wallet Lifeboat scan is read-only and does not move assets or submit transactions.

Do not add gas to a wallet you believe is compromised until you review the risks.

Revoking approvals may reduce spender risk, but it does not secure a wallet if the seed phrase or private key is compromised.

Do not add gas to a wallet you believe is compromised until you review the scan. Some compromised wallets use sweepers that automatically drain native gas before you can move assets.

Incident dashboard

Triage summary

No wallet scanned

Visible approval risk

Not scanned

NFT permission risk

Not scanned

Visible assets at risk

Not scanned

Gas-sweeper pattern

Not scanned

Pending transaction activity

Not scanned

Approval-to-drain timeline

Not scanned

Address poisoning signals

Not scanned

Spender contract risk

Not scanned

Permit2 exposure

Not scanned

Known-risk registry

Not scanned

HEX stake status

Not scanned

Good Accounting Assist

Not scanned

EIP-7702 delegation

Not scanned

Smart wallet / Safe

Not scanned

ERC-4337 / session keys

Not scanned

ERC-6909 approvals

Not scanned

Token/NFT dust traps

Not scanned

Report completeness

Not scanned

Visible approval risk

Active token approvals

Paste a wallet address to start a read-only scan.

Not scanned

NFT permission risk

NFT approvals

Paste a wallet address to start a read-only scan.

Not scanned

Visible assets at risk

Assets exposed by active approvals

Paste a wallet address to summarize assets exposed by active approval rows.

Not scanned

This module summarizes token and NFT assets exposed by active approval rows already found by the read-only scanner. It does not fetch balances, crawl wallets, move assets, or claim to show every asset in the wallet.

Possible gas-sweeper activity

Recent native-gas movement

Paste a wallet address to check for a bounded sweeper-like activity pattern.

Not scanned

This diagnostic checks recent normal native-token transfers for gas deposits followed quickly by outgoing native transfers. It does not confirm an attacker and does not rule out sweepers that use private relays, token transfers, internal calls, or unindexed activity.

Pending transaction activity

Latest vs pending nonce

Paste a wallet address to check whether the selected RPC reports pending wallet activity.

Not scanned

This diagnostic compares the latest and pending nonce reported by the selected network RPC. A pending nonce gap can mean the wallet already has one or more transactions waiting, but this check cannot see every private, dropped, replaced, or unindexed transaction.

Approval-to-drain timeline

Visible event ordering

Paste a wallet address to build a bounded read-only approval and movement timeline.

Not scanned

This diagnostic builds a bounded timeline from recent public explorer data, looking for approval-like calls followed by outbound native or token movement. It can show visible ordering, but it does not prove causation or identify an attacker.

Address poisoning signals

Recent lookalike addresses

Paste a wallet address to check for possible lookalike-address history poisoning.

Not scanned

This diagnostic compares recent inbound counterparties against outbound addresses from the bounded history window. Similar prefix and suffix matches can be address-poisoning context, but they are not proof of attacker control or intent.

Spender contract risk

Approval spender context

Paste a wallet address to check active approval spenders for public contract context.

Not scanned

This diagnostic checks approval spenders for public contract context such as bytecode presence, verified-source availability, proxy-like metadata, and reviewed registry matches. Unknown or unverified spenders are review signals, not proof of malicious activity.

Permit2 exposure

Delegated Permit2 allowances

Paste a wallet address to check for active Permit2 delegated allowances where the selected scan supports them.

Not scanned

This diagnostic surfaces active Permit2 delegated allowances already live-read by the existing approval scanner. It does not request signatures, sign messages, submit transactions, or claim that missing rows prove the wallet is safe.

Known-risk registry context

Reviewed address context

Paste a wallet address to compare discovered counterparties against the reviewed local registry.

Not scanned

This local registry can flag addresses only when Pulse Revoke has reviewed public source evidence. Unknown does not mean safe, and matches are context rather than proof of control, intent, or recoverability.

EIP-7702 delegation

Account-code delegation

Paste a wallet address to check whether supported networks report EIP-7702 delegation code.

Not scanned

This diagnostic reads latest account code on supported networks and checks for the EIP-7702 delegation designator. It does not request signatures, clear delegation, repair accounts, or claim that no delegation means no compromise.

Smart wallet / Safe configuration

Account and Safe configuration

Paste a wallet address to check whether this address looks like a smart wallet or Safe-compatible account.

Not scanned

This diagnostic reads latest account code and Safe-compatible owner, threshold, module, and nonce view methods where available. It does not change owners, disable modules, submit Safe transactions, use relayers, or claim that missing warnings prove the wallet is safe.

ERC-4337 / session-key signals

Account-abstraction activity

Paste a wallet address to check for recent ERC-4337 EntryPoint activity where supported.

Not scanned

This diagnostic checks a bounded recent window of EntryPoint UserOperationEvent logs for the scanned address. It does not contact bundlers, request UserOperation signatures, use paymasters, submit transactions, or clear session keys.

ERC-6909 multi-token approvals

Multi-token allowance activity

Paste a wallet address to check for recent ERC-6909 multi-token permission events where supported.

Not scanned

This diagnostic checks a bounded recent RPC log window for ERC-6909 Approval and OperatorSet events by the scanned address. It does not prepare generic multi-token revokes, submit transactions, or prove full current allowance state.

HEX stake status

Visible open stake rows

Paste a wallet address to check visible open HEX stake rows on supported networks.

Not scanned

This diagnostic reads visible open HEX stake rows on PulseChain, classifies active, mature, late, and Good Accounting candidate context, and does not run or prepare End Stake, Emergency End Stake, or Good Accounting.

Good Accounting Assist

Clean-wallet review context

Paste a wallet address to check whether visible late HEX stake rows may need manual Good Accounting review.

Not scanned

This assist layer explains when a visible late HEX stake may be relevant for manual Good Accounting review from a clean wallet. It does not prepare, sign, submit, relay, or simulate a Good Accounting transaction.

Token/NFT dust traps

Suspicious inbound assets

Paste a wallet address to check bounded inbound token and NFT history for dust or bait signals.

Not scanned

This diagnostic reviews bounded inbound token and NFT transfer history for dust or bait signals. It strips URL-like metadata, never fetches arbitrary token-provided websites, and treats suspicious metadata as context rather than proof that an asset is malicious.

Limits

What this scan can and cannot detect

Can help with

Review active approvals and unknown spenders.
Use the standard scanner only when you are ready to revoke from the matching wallet.
Use a clean wallet for future activity if the original wallet secret may be compromised.
Verify important token, spender, NFT, and transaction details directly on the relevant explorer.

Do not do

Do not fund the wallet until you understand whether sweeper-like activity may exist.
Do not share wallet secrets with anyone.
Do not trust recovery offers that ask for a seed phrase, private key, keystore, wallet password, remote desktop access, or screenshots of wallet backups.
Do not treat a missing approval result as proof that the wallet is clean.

Report completeness

Current diagnostic coverage

Token approvals: Not scanned
NFT approvals: Not scanned
Gas-sweeper pattern: Not scanned
Pending nonce: Not scanned
Approval-to-drain timeline: Not scanned
Address poisoning signals: Not scanned
Spender contract risk: Not scanned
Permit2 exposure: Not scanned
Visible assets at risk: Not scanned
Known-risk registry: Not scanned
HEX stake status: Not scanned
Good Accounting Assist: Not scanned
EIP-7702 delegation: Not scanned
Smart wallet / Safe: Not scanned
ERC-4337 / session keys: Not scanned
ERC-6909 approvals: Not scanned
Token/NFT dust traps: Not scanned

Export incident report

Save the read-only snapshot.

Export this report before taking action. It can help you review visible risks, approvals, stakes, and possible next steps without connecting the compromised wallet.