FAQ

Common questions
about TRONSEC.

Detailed answers on read-only scans, wallet connection, TRC-20 approvals, risk scores, privacy, scam reporting — plus an honest limitations section.

Open app Documentation

General

What is TRONSEC?

TRONSEC is a free, read-only TRON security terminal — eight modules in one browser shell. Paste a wallet address, contract, transaction hash (TXID), or URL to see on-chain risk signals before you sign anything.

There is no account, no custody, and no seed phrase collection. Analysis runs client-side and queries public TRON APIs (TronGrid, TronScan). TRONSEC is an independent community tool, not affiliated with TRON Foundation.

Is TRONSEC a wallet?

No. TRONSEC never holds funds, never asks for a private key or seed phrase, and cannot send transactions on your behalf. It is a read-only analysis layer you use alongside TronLink, Trust Wallet, Klever, or any TRON wallet.

If a website or app claiming to be TRONSEC asks you to import a seed phrase or enter a private key — it is a scam. The real TRONSEC only reads public blockchain data.

Is TRONSEC free?

Yes — all eight modules are free with no premium tier, no registration, and no paywalled features. Wallet scanner, approvals monitor, AML check, phishing scanner, contract scan, TX decoder, network analytics, and scam reporting are all included.

The app is open source on GitHub. We do not sell user data or gate core security features behind a subscription.

Who is TRONSEC for?

Everyday TRON users checking a counterparty before sending USDT, DeFi traders reviewing contract risk, researchers tracing fund flows, and communities building shared scam watchlists.

You do not need to be a developer. If you can copy-paste a TRON address, you can run a scan.

Is TRONSEC affiliated with TRON Foundation?

No. TRONSEC is an independent community project. TRON® is a trademark of TRON Foundation; we are not affiliated, endorsed, or officially connected.

We build for TRON Mainnet because that is where our users need help — not because we speak for the foundation.

Using the app

Do I need to connect my wallet?

No for analysis. Every scan module works with a pasted address, TXID, contract, or URL — no wallet extension required.

Wallet connection is only relevant if you choose to revoke a TRC-20 approval yourself inside your own wallet app. TRONSEC surfaces approval data; the on-chain revoke transaction is yours to sign.

What can I scan?

Wallet addresses (TRX + TRC-20 portfolio, staking, resources, 0–100 risk score), TRC-20 approval history and unlimited spenders, AML / watchlist exposure with fund-flow graph, phishing URLs and fake dApps, smart contract bytecode patterns, raw transactions via TXID, and live TRON network stats.

See the tools overview for module-by-module detail or jump straight into the app.

Does TRONSEC store my addresses?

Scans run in your browser and query public TRON APIs directly. We do not operate user accounts and do not persist wallet addresses on TRONSEC servers.

Your inputs may remain in browser local storage (theme, language) but are not uploaded as scan telemetry. Full details are in our privacy policy. You can verify behavior in DevTools → Network while scanning.

Can TRONSEC revoke my token approvals?

TRONSEC shows which TRC-20 spenders have allowance on your address, including uint256-max (unlimited) approvals. Revoking is done by you in your wallet — we do not submit revoke transactions for you.

The open-source app is honest about scope: approval visibility is live; connecting a wallet to revoke depends on your wallet provider, not TRONSEC custody.

Which languages are supported?

The app UI is available in eight languages: English, Russian, Chinese, Spanish, Portuguese (Brazil), Vietnamese, Turkish, and Indonesian.

Marketing pages (docs, FAQ, glossary) follow the same locale switcher in the nav. Module labels and risk explanations are localized in-app.

Does it work on mobile?

Yes — TRONSEC is a responsive web app. Open tronsec.io/app in mobile Safari, Chrome, or any modern browser.

No install required. For heavy contract or graph views, desktop screen space helps, but core wallet and approval scans work fine on phone.

Risk & trust

How does the risk score work?

The wallet risk score (0–100) combines on-chain signals: watchlist hits, TRC-20 approval hygiene (active unlimited spenders), interaction with flagged contracts, account age, and inbound/outbound heuristics documented in our methodology.

Each finding shows which check triggered it. The score is a prioritization aid — not proof of guilt, innocence, or legal compliance.

What data sources does TRONSEC use?

Public TRON infrastructure: TronGrid (node API), TronScan (explorer labels, verified contracts), community watchlists from scam reports, and block explorer transaction history.

Sources, architecture, and what we never collect are listed on the security page. We do not run private surveillance databases behind the app.

How do I report a scam?

Use the Report Scam module in the app — submit a TRON address, domain, or short description. Reports feed community intel surfaced in wallet and AML modules.

For background on how watchlist hits affect scores, read the watchlist guide. False reports may be deprioritized; repeated abuse does not help the community.

Can I trust a low risk score?

A low score means fewer public red flags fired today — not a lifetime safety guarantee. New exploits, freshly deployed drainers, and off-chain social engineering are not fully visible on-chain.

Use TRONSEC as one layer in your checklist: verify the recipient, decode the transaction before signing, and revoke stale approvals periodically.

Limitations

What TRONSEC cannot promise — stated plainly, without marketing spin.

Is TRONSEC financial or legal advice?

No. TRONSEC provides informational security analysis only. We are not a licensed financial advisor, exchange, custodian, law firm, or compliance officer.

Risk scores, AML labels, and contract flags are heuristics to help you ask better questions — not instructions to buy, sell, hold, or transfer assets.

Can TRONSEC guarantee a wallet or contract is safe?

No tool can. We flag known patterns, watchlist matches, and suspicious bytecode — but a clean scan today does not rule out a malicious upgrade tomorrow (especially on proxy contracts) or activity we have not indexed yet.

Always cross-check high-value transfers independently. When in doubt, send a small test amount first.

Is AML screening the same as exchange KYC?

No. TRONSEC aggregates public watchlist and heuristic fund-flow signals — it is not a regulated KYC/AML service and cannot clear you for banking or exchange onboarding.

A "no hits" result does not mean an address is licensed, sanctioned-clean, or government-approved. See our terms for full disclaimers.

Will contract scan catch every exploit?

Contract scan uses static rules (proxy patterns, mint functions, owner controls, unverified bytecode) — it does not execute or fuzz live contracts. Novel zero-day logic, off-chain oracle manipulation, and social engineering are out of scope.

Verified source on TronScan improves coverage, but unaudited or obfuscated contracts can still hide risk between scans.

Can the phishing scanner detect every fake site?

It compares URLs against typosquat patterns, known drainer domains, community reports, and suspicious JavaScript — but brand-new domains registered minutes ago may not be in any list yet.

Bookmark official dApps, verify URLs character-by-character, and decode transaction calldata before approving unknown spenders — do not rely on a single green checkmark.

What happens when public APIs are down or incomplete?

TRONSEC depends on TronGrid, TronScan, and other public endpoints. Rate limits, indexer lag, or outages can delay results, omit recent transactions, or show stale token balances.

If a scan fails or looks incomplete, retry later or verify directly on TronScan. We surface errors in-module rather than silently showing partial data as complete.