Security Model

Read-only TRON security.
No custody, ever.

TRONSEC scans wallets, contracts, and URLs without holding your keys. No seed phrases, no custodial access, no wallet connection required for analysis — connect only when you revoke TRC-20 approvals.

Open app Privacy policy
Read-only scans
No accounts
Client-side logic
Public data only
Principles

How we keep you safe

Six design constraints that shape every module in the terminal.

Read-only by design

Every scan queries public blockchain data through TronGrid and TronScan. Wallet analysis, AML checks, and contract scans require zero wallet connection.

Not a wallet

TRONSEC does not store, transmit, or access your funds. A wallet connection is only requested when you explicitly revoke a TRC-20 approval — signed by you, in your wallet.

No backend accounts

No registration, no user database, no tracking profiles. The app runs in your browser with direct API calls to public TRON infrastructure.

Transparent sources

All data comes from public sources: TronGrid, TronScan, VirusTotal, and community blocklists. Risk scores are computed client-side from on-chain data.

Local-first caching

Scan results cache in your browser session only. Purge Cache clears everything instantly — nothing is sent to TRONSEC servers.

Revoke-only signing

The only on-chain action TRONSEC facilitates is approval revocation — and only when you initiate it through your own wallet.

Architecture

What happens when you scan

Your browser is the only runtime. No TRONSEC backend receives your input.

01

Paste identifier

Address, TXID, contract, or URL — input stays in your browser.

02

Direct API calls

Your browser queries TronGrid, TronScan, and other public endpoints.

03

Client-side analysis

Risk scoring, pattern matching, and graphs run locally.

04

You decide

Review findings and act — or walk away. No auto-signing, ever.

Data sources

Where information comes from

Every module pulls from auditable public infrastructure — nothing proprietary or hidden.

TronGrid

Public TRON chain API — balances, transactions, contract calls.

TronScan

Explorer data — token holdings, verification status, contract ABIs.

VirusTotal

Multi-engine URL reputation for the phishing scanner module.

Community lists

User-submitted scam reports aggregated into shared watchlists.

Boundaries

What we never do

If a site or app claiming to be TRONSEC does any of the following — it is not us.

  • Ask for your seed phrase or private key
  • Hold, move, or custody your funds
  • Require registration or store personal profiles
  • Send scan inputs to TRONSEC servers
  • Auto-sign transactions on your behalf
Disclaimer

Important limitations

TRONSEC provides informational analysis, not financial or legal advice.

  • Risk scores are heuristic estimates — not guarantees. Always verify independently.
  • Blocklist data may have false positives or miss newly deployed threats.
  • Contract analysis covers known ABI patterns but cannot detect all vulnerabilities.
  • TRONSEC is not affiliated with the TRON Foundation, any exchange, or wallet vendor.

Verify it yourself

Open the app, run a scan, and inspect network requests — no wallet connection required.

Launch TRONSEC All tools