Wallet Forensics CLI — Analyze crypto wallet behavior from the terminal.
Understanding wallet behavior currently requires expensive SaaS tools (Arkham ~$500/mo, Chainalysis enterprise-only) or tedious manual block explorer work. Developers, researchers, and trading agents need lightweight wallet analysis.
- Wallet classification — Analyze transaction patterns to classify: whale, bot, mixer-user, DeFi user, NFT trader, dormant
- Fund flow tracing — Trace where money came from and where it went (N-hop graph)
- Related wallet clustering — Find wallets connected by deployer, funding source, transfer patterns, or activity timing
- Risk scoring — Detect mixer interactions, flagged addresses, suspicious patterns
- Multiple output formats — Text (human-readable), JSON (machine-readable), Mermaid (graphs)
# Clone the repo
git clone https://github.com/thinkshake/furo.git
cd furo
# Install dependencies
bun install
# Run directly
bun run src/index.ts --help
# Or link globally
bun link# Analyze a wallet
furo profile vitalik.eth
furo profile 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045
# Trace fund flows (with 3 hops)
furo trace 0x1234...abcd --hops 3
# Find related wallets
furo cluster 0x1234...abcd
# Assess risk factors
furo risk 0x1234...abcd
# Output as JSON (for programmatic use)
furo profile 0x1234...abcd --format json
# Output as Mermaid diagram (for visualization)
furo trace 0x1234...abcd --format mermaidAnalyze a wallet and classify its behavior:
- Transaction count, first/last activity, age
- Classification: whale, bot, DeFi user, NFT trader, mixer-user, dormant
- Top protocols interacted with
- Volume stats (in/out)
- Risk indicators
Trace fund flows:
- Where funds came from (funding sources)
- Where funds went (major recipients)
- N-hop tracing (default 2, max 5)
- Output as text, JSON, or Mermaid graph
Find related wallets:
- Same deployer
- Frequent bilateral transfers
- Common funding source
- Similar transaction timing patterns
Risk assessment:
- Known mixer interactions (Tornado Cash)
- Flagged address interactions
- Suspicious patterns (rapid in-out, circular flows)
- Risk score 0-100 with level (low/medium/high/critical)
--format text(default) — Human-readable terminal output with boxes and colors--format json— Machine-readable JSON for scripts and agents--format mermaid— Mermaid diagram syntax for visualization
ETHERSCAN_API_KEY— Required. Get a free API key at etherscan.io/apis. The Etherscan V2 API requires authentication. Free tier provides 5 calls per second, which is sufficient for most analysis.
Before following "smart money" or interacting with a counterparty:
# Is this really a whale or a wash trader?
furo profile 0x... --format json
# Is this wallet connected to scam addresses?
furo risk 0x... --format json
# What other wallets does this person control?
furo cluster 0x... --format json# Trace how funds moved after a hack
furo trace 0xHackerAddress --hops 3 --format mermaid
# Identify related wallets in a sybil attack
furo cluster 0xSuspiciousAddress# Before interacting with a new protocol or counterparty
furo risk 0xContractAddress
furo profile 0xDeployerAddressResults are cached locally in ~/.cache/furo/ for 5 minutes to respect API rate limits and speed up repeated queries.
- Mainnet only (v1) — No multi-chain support yet
- ETH transactions only — Internal transactions and token transfers used for some analysis, but full ERC-20 tracking not implemented
- Public data only — Uses Etherscan API (free tier compatible)
- No historical pricing — Volume shown in ETH, not USD
- TypeScript + Bun
- Etherscan API
- ENS resolution via ensideas.com
MIT
Built with 🛁 by Aston & Shota @ thinkshake