- What does TRONORIGIN actually do?
-
It analyzes the transaction history of a TRON wallet and answers two
questions. For the wallet's origin, it produces a ranked
list of the addresses most likely responsible — each candidate gets a
relative origin share, a confidence band (Low / Medium / High), and a
plain-language explanation of why it ranked where it did. For
current control, it names who can sign for the wallet now,
determined from the wallet's on-chain permission evidence.
-
What does “origin” mean — what is the difference between
activation, funding history, and current control?
- Activation is who created or first funded the wallet. Funding history is who has been consistently involved over the wallet’s life — recurring
transfers (including the small TRX top-ups that keep a wallet fueled) and resource
delegation all count. Current control is who can sign for the
wallet right now. Activation and funding history together answer the origin question
and are scored into relative origin shares. Current control is answered separately
— rule-first from the wallet's on-chain permission keys and permission-change
history, not from a score — because it is a different question, and the
two answers can legitimately disagree.
- How does the confidence score work?
-
The origin score weighs activation and funding-history signals (transaction
patterns, resource delegation, return flows, and more), applies bonuses and
penalties, and produces normalized origin shares. The origin confidence band
reflects the strength of the top candidate’s signals, how dominant its
origin share is, and whether the activation-window and longer-term funding
evidence corroborate each other — the gap to the next-closest
candidate drives the separate stability indicator. The controller headline
carries its own confidence, based on how direct the permission evidence is.
A 70% origin share with a large gap means something different than a 70%
share with three candidates clustered within a few points of each other.
- Where does TRONORIGIN get its data?
-
Analysis draws on public TRON blockchain data via TRONscan and TronGrid
APIs. Token price lookups use CoinGecko. Security flags (blacklist status,
fraud history) come from TRONscan’s security APIs. All data sources
are public; TRONORIGIN does not have access to any private or off-chain
information.
- What is takeover detection?
-
Takeover detection fires when the address that dominated the wallet’s
early history is different from the address that dominates its recent
activity, and the divergence is significant enough to be unlikely by chance.
When this happens, TRONORIGIN flags the result and classifies the likely
type of transition — for example, a sale, a wallet compromise, or a
secondary wallet coming into regular use. It does not mean something
malicious happened; it means the data suggests control changed hands.
- Can it identify a specific person?
-
No. TRONORIGIN attributes addresses to known clusters, entities, or labeled
addresses (exchanges, contracts, faucets, and so on) where the on-chain
evidence supports that attribution. It does not attempt to link blockchain
addresses to real-world identities. If a candidate address is already
labeled in the registry — for example, as a Binance hot wallet —
that label will appear; otherwise, you see a raw address.
- How accurate is it?
-
Accuracy depends on the wallet’s history. Wallets with rich,
consistent activity and clear delegation relationships tend to produce
reliable results. Wallets with very few transactions, heavy mixer
involvement, or deliberately obfuscated histories will show lower confidence
and may not produce actionable attribution. The confidence band and data
quality indicator (Insufficient / Limited / Adequate / Rich) are there to
tell you how much weight to put on any given result.
- Is it free?
-
Yes, the tool is free to use. Running a standard or deep-scan analysis costs
nothing. If usage patterns change in the future, pricing information will be
posted here.
- Is anything sent to a server when I analyze an address?
-
When you submit an address, the request goes to a stateless serverless
analysis function, which fans out to public TRON data sources (TRONscan,
TronGrid, CoinGecko) to fetch transaction history and account data. The AI
summary feature sends the structured analysis result to the Anthropic Claude
API to generate the natural-language explanation. No query history is stored
on TRONORIGIN’s infrastructure; each analysis is stateless. Be aware
that requests to third-party APIs (TRONscan, CoinGecko, Anthropic) are
subject to those providers’ own data handling practices.
- Why does the AI summary sometimes hedge?
-
The AI summary is generated from the structured analysis result — it
reflects whatever confidence level the heuristic produced. When the
underlying data is ambiguous, limited, or contradicted by competing signals,
the summary will say so rather than projecting false certainty. That hedging
is intentional: the goal is to help investigators make informed decisions,
not to give them a confident-sounding answer that the data doesn’t
support.
- I found a wrong attribution — what should I do?
-
Use the feedback button in the analysis view to report it. Include the
address you analyzed and a brief description of what you believe the correct
attribution is. Attribution errors are the most valuable feedback the
project receives and directly inform scoring improvements.