Uppsala's Sentinel Protocol

Sentinel Protocol, operated and developed by Uppsala Security, is the world's first crowdsourced Threat Intelligence Platform powered by blockchain technology to protect the cyberspace.
The blockchain-based Threat Reputation Database (TRDB) lies at the core of the Sentinel Protocol. TRDB is the nexus of our decentralized ecosystem that stores information about the latest cyber threats. Uppsala security experts validate and curate crowdsourced data into whitelists and blacklists. All TRDB data is shared with our community in real-time through our Defence Security and Threat Intelligence solutions.
The Interactive Cooperation Framework (ICF) API enables any subscribers to query the TRDB in real time. Using the ICF API, the TRDB can be integrated with any application framework to actively digital protect crypto assets or to retrieve threat intelligence data.
The function getSentinelProtocolData(targetAddress,blockchainSymbol) takes the Blockchain address with the Blockchain symbol it belongs to and returns the structured data from the Sentinel Protocol associated with this address.


Is supported
Bitcoin (BTC)
Ethereum (ETH)
Algorand (ALGO)
Work in Progress
Work in Progress


targetAddress: address; the target Blockchain address to retrieve Sentinel Protocol data for
blockchainSymbol: string; the symbol of the Blockchain, the address belongs to (i.e. "ETH", "BTC")
{ labels: list of string, securityCategory: string, annotation: string, reference: { source: string, externalId: string, url: string } }
labels - contains a list of risk indicators (i.e. "#Phishing", "#Fraud", "#Scam", "#Malware" etc)
Labels are yet not standardized and the values returned in a list might vary
securityCategory - the risk category the target address belongs to. Possible values are
  • whitelist - if the address is completely safe according to the Sentinel Protocol
  • greylist - if the address is most probably safe according to the Sentinel Protocol, but the malicious behavior may still happen
  • blacklist - if the address is very suspicious or already has beein involved into malicious behavior
  • none - if the address is not yet labelled; most probably it will not be of blacklist category, since Uppsala prioritizes suspicious addresses and the absence of label means that most probably it is not one of them
annotation - the comma-separated categories that the target address lands under (i.e. "Coinbase, Exchange, Relay"
reference - contain additional information, like source (i.e. "Sentinel Protocol"), externalId (unique id of the entity in the Sentinel Protocol matching this address, i.e. "cde3a9df368040aba1c4aaf36aa14abd"), url (the web link to the Sentinel Protocol's Portal to that address entity for extended research possibilities, i.e. "https://portal.sentinelprotocol.io/indicator/cde3a9df368040aba1c4aaf36aa14abd")
Last modified 10mo ago