Building in public · Solana-first

A spatial
decisioning layer

ThreatMap renders DD.xyz risk intelligence as precomputed, interactive heatmaps. Not one score — a seven-dimension risk vector mapped to color, size, motion, and topology. For human operators and AI agents.

Follow @threatmapDD See the views ↓
SOLBaseETHARB
Snapshot 2m ago Volume treemap · risk bands
Safe
Critical
Trending + watchlist · Risk vector composite
Beyond the score

Seven dimensions. One glance.

A single risk score hides more than it reveals. ThreatMap normalizes DD.xyz outputs into a canonical risk vector — seven independent dimensions that map to color, border, motion, and tooltip across every surface.

CT
Contract

Honeypots, mintable, freeze, proxy patterns, bytecode threats

TK
Token

Transfer restrictions, fake tokens, clone detection, tax functions

MK
Market

Liquidity depth, pool imbalance, volume anomalies, wash trading

HL
Holder

Concentration, bundling, snipers, deployer holdings, distribution

BH
Behavior

Coordinated trading, fraud patterns, sybil clusters, anomaly signals

CP
Compliance

Sanctions, blacklists, AML flags, regulatory exposure

ST
Stability

Depeg risk, vault composition, stablecoin flow, RWA exposure

The problem

Risk data is invisible until it's too late

On-chain risk intelligence is trapped in tables and numeric scores. Tools like Bubblemaps and Arkham visualize wallet networks — but none are DD-native, embeddable, or AI-consumable. DD.xyz has the engine. It's missing the spatial layer.

TokenRiskFlag
0x8f3c...a2d172HIGH
0x1b7e...f4c845MED
0xd4a9...3b7f91CRIT
0x6c2f...e89112LOW
0x9e5d...c3a467HIGH
Nobody reads this
Four surfaces

Not an app. An operating layer.

ThreatMap is a spatial risk operating layer with four distribution surfaces — each aligned with a DD.xyz business lane.

01
Explorer
Public app

Interactive heatmaps with drill-down, saved views, screenshots, and shareable links.

02
Widget
Embeddable

Sandboxed iframe first, Lit web component second. Drop risk visualization into any DEX or wallet.

03
Agent API
JSON interface

Structured spatial risk data for AI trading agents, guardrails, and compliance bots.

04
Console
Chain + partner

Ecosystem health dashboards for L1/L2 teams, wallets, and institutional partners.

Three views

See everything. Miss nothing.

Precomputed snapshots, not live tile-by-tile API calls. Each view transforms DD.xyz risk intelligence into spatial maps.

01
Token risk heatmap
The battlefield
Trending tokens, watchlists, and launch feeds sized by volume or liquidity, colored by composite risk or any single dimension. Delta mode shows what became risky fast.
Render → D3 treemap + PixiJS WebGL
02
Wallet threat topology
Investigation mode
Force-directed graph from address analysis, sanctions checks, multi-hop traces, and transaction history. Start from a suspicious token, then follow the web.
Render → Sigma.js + Graphology + ForceAtlas2
03
Chain health dashboard
The pulse
Time × risk-family matrix. Solana in real time via webhooks, multi-chain via scheduled snapshots. Hot zones reveal coordinated attack campaigns.
Render → Webhooks (SOL) + polling (EVM)
Architecture

Snapshot system. Not live queries.

DD.xyz runs at constrained request rates and cold scans are expensive. ThreatMap is a background-aggregated snapshot system with lazy drill-down on click. 

Webacy SDK + webhooks
        │
        ▼
Ingest workers
(polling, watchlists, launch feed, webhook consumer)
        │
        ▼
Normalization → 7-dimension risk vector
        │
        ├── TimescaleDB  (snapshots, materialized views)
        ├── Redis Streams (durable event bus)
        └── Object storage (exports, screenshots)
        │
        ▼
Aggregation jobs (heatmap tiles, topology, pulse)
        │
        ▼
Next.js APIExplorer · Widget · Agent JSON
Powered by DD.xyz

The risk engine.
We add the eyes.

DD.xyz by Webacy has one of the most comprehensive on-chain risk engines in crypto. Their SDK already serves DEXs, wallets, and chains. ThreatMap gives that model a missing sensory system.

400+
Risk flags
8+
Chains
B+
Tx protected
7
Dimensions
Build order

Ship in sequence.

Phase 1

Token risk heatmap

The headline MVP. Solana-first with trending, watchlists, and a launch feed. Most shareable, cleanest fit with DD.xyz positioning.

Phase 2

Widget + export layer

Earlier than people think. The iframe widget and share-state flow turn ThreatMap from a neat app into a distribution surface.

Phase 3

Wallet threat topology

Investigation view, not landing page. Drill down from suspicious tokens or watchlist alerts via multi-hop traces.

Phase 4

Chain health dashboard

The enterprise play. Solana real time plus multi-chain snapshots. The surface that chains and partners will pay for.

The builder

Solo builder. AI-augmented studio.

ThreatMap is built by NTWRKD Labs — a one-person, AI-augmented software studio. The heatmap architecture is built on direct experience reverse-engineering exchange-grade liquidation heatmaps from scratch.


The snapshot-based aggregation pattern is the same architecture that makes professional trading heatmaps possible. Different data. Same rule: if you can see the field, you can act before everyone else does.

Genesis Heatmap engine
HyperScalper Live trading bot
Sanctuary Protocol WebGPU game
NTWRKD Labs Portfolio →
Ship it

DD.xyz tells you the score.
ThreatMap shows you the entire battlefield.

Follow the build → NTWRKD Labs
Open-source renderer · Snapshot architecture · Solana-first · Human + Agent