Zafu — Zero-trust Address Framework for Users

Tracking since May 12, 2026.

Changelog

• May 31, 2026
  description

  Zafu — Zero-trust Address Framework for Users
  
  Sending crypto still asks you to trust a tiny paste field with irreversible money.
  
  Zafu gives every transfer one final address check before you send.
  
  What it does:
  When you paste a crypto address on any wallet or exchange, Zafu checks it before it reaches the input field. In under 200ms, it runs nine detection checks and shows the full address in readable chunks:
  
  Copy/paste match: is this still the address you copied?
  Address poisoning: is this a near-identical fake designed to fool your eyes?
  Scam signals: does it match known scam databases or community reports?
  Trusted contact: have you sent value to this address before?
  Transfer Check is on by default. It shows a final review before paste: copied-address match, threat signals, field context, and the full segmented address.
  
  Works across wallet and exchange websites:
  Zafu is cross-platform. It activates on wallet and exchange websites — wherever you paste a crypto address. Your protection is not tied to a single product.
  
  Your address book, secured:
  Zafu automatically builds a trusted address index from your transaction history. Addresses you've sent to before are recognized instantly. Addresses that look similar but are slightly different trigger a poisoning alert.
  
  Privacy-first by design:
  - Local-first storage for your wallet list, labels, and trusted contacts
  - Optional Google Sign-In backs up your address book, trusted contacts, labels, and notes
  - Optional community threat intelligence shares suspected attacker addresses and signal types only when users manually report them or opt in to automatic threat signals
  - No analytics, no tracking, no browsing history access
  - Never touches your private keys or seed phrases
  - Public Chrome extension source: github.com/jimozo/zafu-extension
  
  Transfer Check:
  Transfer Check is free and on by default. Before the address reaches the field, Zafu shows you the threat signals it ran, the full segmented address, and confirms the pasted value stayed unchanged after insertion.
  
  Segmented address display:
  Industry standard shows only the first 4 and last 4 characters of an address. Zafu shows the full address in 4-character segments, making it actually readable and comparable.
  
  Install Zafu. Double-check every crypto address before you send.

  Zafu — Crypto Address Management and Transfer Safety
  
  Sending crypto still asks you to trust a tiny paste field with irreversible money. Zafu gives you a safer address book and one final recipient check before you send.
  
  Manage trusted recipients:
  
  Zafu is a local-first crypto address book with paste-time protection built in. Add public wallets to build a trusted recipient index from your own EVM or Solana transaction history. Save contacts manually, mark Favorites, add labels and notes, copy clean addresses, show QR codes, and review important contacts before high-value sends.
  
  Suspicious addresses stay separate from trusted recipients. Dust, spam, and inbound-only history are clearly marked so you do not confuse an attacker-pattern address with someone you actually paid.
  
  Check addresses before they reach the field:
  
  When you paste a crypto address on a wallet, exchange, or dapp, Zafu checks it before insertion:
  
  - Copy/paste match: is this still the address you copied?
  - Address poisoning: is this a near-identical fake designed to fool your eyes?
  - Scam signals: does it match known scam databases or community reports?
  - Trusted contact: have you sent value to this address before?
  - Suspicious history: did this address appear through dust, spam, or inbound-only activity?
  
  Transfer Check is on by default. Before paste, Zafu shows copied-address match, threat signals, field context, and the full address in readable chunks. After insertion, it confirms the pasted value stayed unchanged.
  
  Telegram Web source check:
  
  If you copy an address from Telegram Web, Zafu records local address-only source evidence and shows a small confirmation. When you paste, it can show whether the pasted address still matches the recent Telegram-copied address. If the same-chain paste differs from the last browser-observed copy, Zafu shows a Possible Clipboard Mismatch review instead of claiming a confirmed hijack.
  
  On Telegram Web itself, Zafu only intervenes when the pasted text is exactly one supported crypto address. It does not intercept mixed text, bot commands, chat text, sender identity, group names, message IDs, URLs, or full clipboard history.
  
  EVM, Solana, and TRON:
  
  Zafu supports EVM and Solana address-book workflows, wallet history sync, Address Intel, and paste-time protection. v1.1.7 adds local TRON validation, trusted-contact comparison, address poisoning checks, and copy-vs-paste mismatch review for USDT TRC-20 workflows. TRON support in this release is local-only and does not call Tronscan.
  
  Privacy-first by design:
  
  - Local-first storage for your wallet list, labels, and trusted contacts
  - Optional Google Sign-In backs up your address book, trusted contacts, labels, and notes
  - Optional community threat intelligence shares suspected attacker addresses and signal types only when users manually report them or opt in to automatic threat signals
  - Optional Network Mode sends anonymous aggregate counts only and does not require Google Sign-In
  - No advertising analytics, no cross-site tracking, no browsing history access
  - Never touches your private keys or seed phrases
  - Public Chrome extension source: github.com/jimozo/zafu-extension
  
  Segmented address display:
  
  Industry standard shows only the first 4 and last 4 characters of an address. Zafu shows the full address in 4-character segments, making it actually readable and comparable.
  
  Install Zafu to manage trusted recipients and double-check every crypto address before you send.

• May 31, 2026
  short_description

  Catches address poisoning and clipboard hijacking before you send. Works on wallet and exchange sites. Never touches your keys.

  Catches address poisoning, clipboard mismatches, and post-paste address changes before you send. Never touches your keys.

• May 24, 2026
  description

  Zafu — Zero-trust Address Framework for Users
  
  Sending crypto still asks you to trust a tiny paste field with irreversible money.
  
  Zafu gives every transfer one final address check before you send.
  
  What it does:
  
  When you paste a crypto address on any wallet or exchange, Zafu checks it before it reaches the input field. In under 200ms, it runs nine detection checks and shows the full address in readable chunks:
  
  - Copy/paste match: is this still the address you copied?
  - Address poisoning: is this a near-identical fake designed to fool your eyes?
  - Scam signals: does it match known scam databases or community reports?
  - Trusted contact: have you sent value to this address before?
  
  Transfer Check is on by default. It shows a final review before paste: copied-address match, threat signals, field context, and the full segmented address.
  
  Works across wallet and exchange websites:
  
  Zafu is cross-platform. It activates on wallet and exchange websites — wherever you paste a crypto address. Your protection is not tied to a single product.
  
  Your address book, secured:
  
  Zafu automatically builds a trusted address index from your transaction history. Addresses you've sent to before are recognized instantly. Addresses that look similar but are slightly different trigger a poisoning alert.
  
  Privacy-first by design:
  
  - Local-first storage for your wallet list, labels, and trusted contacts
  - Optional Google Sign-In backs up your address book, trusted contacts, labels, and notes
  - Optional community threat intelligence shares suspected attacker addresses and signal types only when users manually report them or opt in to automatic threat signals
  - No analytics, no tracking, no browsing history access
  - Never touches your private keys or seed phrases
  - Public Chrome extension source: github.com/jimozo/zafu-extension
  
  Transfer Check:
  
  Transfer Check is free and on by default. Before the address reaches the field, Zafu shows you the threat signals it ran, the full segmented address, and confirms the pasted value stayed unchanged after insertion.
  
  Segmented address display:
  
  Industry standard shows only the first 4 and last 4 characters of an address. Zafu shows the full address in 4-character segments, making it actually readable and comparable.
  
  Install Zafu. Double-check every crypto address before you send.

  Zafu — Zero-trust Address Framework for Users
  
  Sending crypto still asks you to trust a tiny paste field with irreversible money.
  
  Zafu gives every transfer one final address check before you send.
  
  What it does:
  When you paste a crypto address on any wallet or exchange, Zafu checks it before it reaches the input field. In under 200ms, it runs nine detection checks and shows the full address in readable chunks:
  
  Copy/paste match: is this still the address you copied?
  Address poisoning: is this a near-identical fake designed to fool your eyes?
  Scam signals: does it match known scam databases or community reports?
  Trusted contact: have you sent value to this address before?
  Transfer Check is on by default. It shows a final review before paste: copied-address match, threat signals, field context, and the full segmented address.
  
  Works across wallet and exchange websites:
  Zafu is cross-platform. It activates on wallet and exchange websites — wherever you paste a crypto address. Your protection is not tied to a single product.
  
  Your address book, secured:
  Zafu automatically builds a trusted address index from your transaction history. Addresses you've sent to before are recognized instantly. Addresses that look similar but are slightly different trigger a poisoning alert.
  
  Privacy-first by design:
  - Local-first storage for your wallet list, labels, and trusted contacts
  - Optional Google Sign-In backs up your address book, trusted contacts, labels, and notes
  - Optional community threat intelligence shares suspected attacker addresses and signal types only when users manually report them or opt in to automatic threat signals
  - No analytics, no tracking, no browsing history access
  - Never touches your private keys or seed phrases
  - Public Chrome extension source: github.com/jimozo/zafu-extension
  
  Transfer Check:
  Transfer Check is free and on by default. Before the address reaches the field, Zafu shows you the threat signals it ran, the full segmented address, and confirms the pasted value stayed unchanged after insertion.
  
  Segmented address display:
  Industry standard shows only the first 4 and last 4 characters of an address. Zafu shows the full address in 4-character segments, making it actually readable and comparable.
  
  Install Zafu. Double-check every crypto address before you send.

Permissions & access

Permissions

storagealarmsidentity

Host access

https://api.etherscan.io/*, https://*.etherscan.io/*, https://cloudflare-eth.com/*, https://api.thegraph.com/*, https://api.gopluslabs.io/*, https://api.coingecko.com/*, https://public-api.solscan.io/*, https://pro-api.solscan.io/*, https://www.googleapis.com/*, https://*.supabase.co/*

Screenshots