Free, open-source crypto safety checker. Paste a domain, wallet address, or Telegram handle โ get a risk assessment in seconds.
Web: roko.help ยท Bot: @RokoHelpBot ยท Alerts: @roko_help
Roman had been using an exchanger and recommended it to Peter. But the site had turned into an AML-drain scam โ it asked Peter to "verify his wallet for AML compliance." He connected his wallet and lost his funds.
The domain was old. Everything looked legit. We're both experienced in crypto and IT. We still got scammed.
If it happened to us, it can happen to anyone. So we built Roko.
| Input | What Roko does |
|---|---|
Domain (e.g. exchanger.com) |
DNS, WHOIS age, SSL, phishing similarity to known brands, sanctions lists, site content AI analysis |
| Wallet (BTC / ETH / TRON) | Balance, transaction count, account age, USDT balance, OFAC sanctions screening |
| @handle (Telegram) | Suspicious patterns ("manager", "support"), brand impersonation |
- Web: Open roko.help, paste a link or address, hit Check
- Telegram: Send any link/address to @RokoHelpBot
# Web (static, no build step)
npx serve -l 3457 public/
# Bot (requires ROKO_TELEGRAM_TOKEN in /path/to/LLM/.env)
node bot/index.jsnpx firebase deploy --only hosting --project roko-helpThe easiest way to help โ no code required:
- Report a scam domain โ open an issue
- Add a safe domain โ edit
data/safe-domains.jsonand open a PR - Add a translation โ see CONTRIBUTING.md
data/ โ Open scam/safe databases (JSON)
scam-domains.json Scam & sanctioned domains
safe-domains.json Verified safe domains
warn-domains.json Closed / problematic services
phishing-targets.json Brands for phishing detection
ofac-addresses.json OFAC sanctioned crypto addresses (auto-updated)
public/ โ Web app (static HTML, no framework)
index.html Main page + checker
quest.html Scam Quest (interactive game)
bot/ โ Telegram bot
index.js Bot with full checks + AI analysis
scripts/ โ Utilities
update-ofac.js OFAC SDN list parser
Roko does not use purchasable reviews. Scoring is based on:
- Domain age โ 90% of scam sites are less than a month old
- DNS/SSL โ is the site even real and secure?
- Phishing detection โ Levenshtein distance to known brand domains
- Sanctions lists โ OFAC SDN, known mixers, seized domains
- AI content analysis โ LLM scans site content for AML-drain, phishing, and token approval patterns (bot only)
- Blockchain data โ wallet balance, age, activity patterns
All checks use public APIs. No proprietary data. Fully reproducible.
Interactive game with 7 real-world scam scenarios. Can you spot the scam?
Play: roko.help/quest
- Frontend: Vanilla HTML/CSS/JS (zero dependencies, works offline)
- Bot: Node.js, Telegram Bot API
- AI: Gemini Flash Lite (free tier) via LLM orchestrator โ zero API costs
- Data: Public APIs (dns.google, rdap.org, mempool.space, TronGrid, Etherscan)
- Hosting: Firebase Hosting / GitHub Pages
Built by Roman Selivan & Peter Farbey โ for friends, and for you.
MIT โ do whatever you want with it.