🚨

Watch Your Back

awaiting build

Lightning-channel openers, sextortion, ransomware, clipper-malware archive.

Rows in labels.db

0

Confidence

0.7-0.95

Refresh cadence

Quarterly

Schema

per-subkey

About this source

Watch Your Back is a security-research dataset out of cybersec-code on GitHub. It aggregates 17 sub-categories of BTC addresses associated with security incidents: Lightning Network channel-opening transactions, sextortion campaigns, ransomware payment endpoints, clipper-malware destination addresses, and an archived snapshot of BitcoinAbuse before it shut down. Each sub-category becomes its own source subkey (watchyourback:sextortion, watchyourback:ransomware, etc.) so filtering by attack class is one query.

How we got the data

Cloned from the cybersec-code/watchyourback GitHub repository. 17 sub-source directories walked, .tags rows parsed and ingested. ~480K addresses total.

Why this confidence

Varies by sub-category. Lightning openers (mechanical extraction from on-chain data) get 0.95. Ransomware and sextortion entries vary; some are first-hand victim reports, others are reposts from other feeds. Confidence per entry preserves the original dataset's per-entry annotation.

License & attribution

Permissive open-data license per upstream. We carry the original sub-source directory name as our subkey so attribution back to the dataset's curators is always one click away.

Sample addresses

labels.db hasn't been built with this source yet. Run python tools/build_labels_db.py --update --only watchyourback to populate it.

See the data live

Every row from this source is queryable through the /address aggregator and the JSON API.

JSON API Cross-source

Want this as a feed?

Same data drives the Address Monitoring API: real-time inflow / outflow events on these addresses as they confirm.

About the API
← back to all sources