Know what you're signing.

Pre-sign threat scanner for Solana multisig teams. Paste your Squads vault address and TxScope fetches your pending proposals, simulates each transaction against mainnet, and generates a plain language threat report before anyone signs.

Built for protocol security councils, DAO treasuries, and anyone signing Squads multisig transactions.

Aligned with Security Alliance (SEAL) framework standards for external transaction monitoring.

SCAN YOUR MULTISIG

Free. No login required.

CASE STUDYApril 1, 2026

Drift Protocol $285M Exploit

We scanned both exploit transactions from Solana mainnet using real on-chain data. Every red flag was detectable before any signer approved.

TX1: Admin Transfer (CRITICAL)TX2: Withdrawal Guards (HIGH)

How a $500 fake token drained $285M from Drift →

Full narrative investigation. Fund flows, social engineering, attribution, and what could have stopped it.

Would have caught every red flag in the Drift Protocol $285M exploit — before any signer approved.

What TxScope detects

Durable Nonce Detection

Transactions that never expire. The proposer can execute days or weeks after you sign.

Authority & Admin Transfer Detection

Admin, upgrade, mint, or freeze authority changing hands. Includes program code upgrades.

Known Attack Pattern Matching

8 documented exploit patterns matched across multiple detection modules.

Instruction-Level Trace & Decode

Every program called, every instruction decoded, with human-readable descriptions.

Proposer History & Anomaly Detection

First-time proposer flags, low balance alerts, unusual timing, and behavioral baselines.

Risk Scoring (0–100)

Numeric severity score on every transaction. Enables automated alerting thresholds.

How it works

TxScope is an external transaction monitor for Solana multisigs — the role that Security Alliance (SEAL) recommends every protocol fill as part of defense-in-depth security. We simulate, decode, and explain every pending proposal before any signer approves.

Paste

Squads URL, vault address, or raw transaction

Simulate

Transaction executed against mainnet state via Helius RPC

Report

Threat level, plain language summary, and detailed findings

What TxScope is (and isn't)

Not an audit

Audits verify code at one point in time. A $100K audit would not have caught the Drift hack — because the code wasn't the problem. The signers were. TxScope verifies every transaction, every time, at the moment of signing.

Not a wallet scanner

Consumer wallet tools flag known scam contracts and phishing sites. They don't understand multisig governance — durable nonces, authority transfers, withdrawal guard manipulation, oracle changes, proposer behavior. TxScope is built specifically for the governance layer where nine-figure decisions are made.

Read-only. Non-custodial. Simulation only.

TxScope never holds keys, never signs transactions, and never has write access to anything on-chain. We simulate the transaction against current mainnet state and report what we find. That's it.

We never say “safe”

The strongest positive signal TxScope gives is “No Known Threats Detected in Simulation.” We tell you what we found — you decide whether to sign. Simulation is a prediction, not a guarantee. On-chain conditions can change between analysis and execution.

What we catch that audits don't

Social engineering. Compromised signer keys. Pre-signed durable nonce transactions held for weeks. Fake tokens with manipulated oracles. Withdrawal guard thresholds raised 100,000x in a single transaction. Admin authority transferred to a wallet created yesterday. These are operational attacks — the kind that caused every major Solana hack in the last two years.

SEAL-aligned

External transaction monitoring is a recommended security control under the Security Alliance (SEAL) framework. TxScope fills this role for Solana multisigs.

TxScope — Mainnet Beta

hello@txscope.com @txscope_Aligned with SEAL Framework Standards