Digital tripwires for files, APIs, and crypto wallets (ETH, SOL, BIP39 seed phrases)

Know when you're
breached

Deploy digital tripwires across your infrastructure. Plant fake credentials, documents, and API keys — get alerted the instant someone touches them. Before real damage happens.

Deploy Your First Token — FreeSee How It Works

5 free tokens · No credit card · Crypto payments accepted

alert.log

[2026-03-23 14:32:01] Token triggered: prod-aws-key

[2026-03-23 14:32:01] Source: 185.220.101.xx (Tor exit node)

[2026-03-23 14:32:01] Location: Unknown — VPN/Proxy detected

[2026-03-23 14:32:02] Alert sent → #security-alerts on Slack

⚠ Someone used your decoy AWS key. Breach detected.

Tripwires everywhere attackers look

Plant digital tripwires across your infrastructure. Each one is a silent alarm that fires the moment an intruder touches it.

🔗

HTTP & DNS Tokens

Unique URLs and hostnames that trigger alerts when accessed or resolved. Plant in configs, wikis, or internal docs.

📄

Document Tokens

Word and PDF files with embedded tracking. Know when someone opens a sensitive document they shouldn't have.

🔑

Crypto Wallet Canaries

Decoy ETH and SOL wallets, plus BIP39 seed phrases that monitor 5 derived wallets each. Monitor the blockchain — alert if anyone moves funds.

🏪

Exchange API Keys

Coming Soon

Fake Binance and Coinbase API keys. Detect when stolen credentials are tested against exchanges.

🌐

Custom Domains

Your tokens use your own domains. Undetectable by TruffleHog, GitLeaks, or any known blocklist.

Instant Alerts

Slack, Discord, webhooks, email. Know within seconds, not hours. Full API for CI/CD integration.

Three steps to breach detection

01

Create a token

Choose a type — URL, DNS hostname, document, QR code, or email pixel. Give it a name and deploy instructions.

02

Plant it

Place the token where an attacker would find it. A .env file, a private repo, a shared drive, a config file.

03

Get alerted

When someone accesses the token, you get an instant alert with their IP, location, user agent, and timestamp.

Why not the free tool?

Canarytokens.org covers the basics. CanaryGuard gives you the visibility, control, and privacy that production teams demand.

FeatureFree toolsCanaryGuard
Email alerts (basic)
Dashboard & search
Custom domains (undetectable)
Slack / Discord / webhook alerts
REST API for CI/CD
Team management & RBAC
Crypto wallet canaries (ETH, SOL, BIP39 seed phrase)
Token lifecycle management
Audit log
BTC / Lightning payments (no cards)
Plan subscriptions with auto-renewal

Simple, transparent pricing

Start free. Pay with Bitcoin or Lightning. No enterprise sales calls required.

Scout

Free

5 tokens · 1 user

Start Free
  • ✓ Dashboard
  • ✓ Email alerts

Starter

$29/mo

50 tokens · 2 users

Get Started
  • ✓ Dashboard
  • ✓ Email alerts
  • ✓ Slack & Discord alerts
Most popular

Team

$59/mo

200 tokens · 5 users

Get Started
  • ✓ Dashboard
  • ✓ Email alerts
  • ✓ Slack & Discord alerts
  • ✓ REST API
  • ✓ Custom domains
  • ✓ Webhook alerts
  • ✓ Crypto wallet canaries (ETH, SOL, seed phrase)

Pro

$99/mo

1000 tokens · 15 users

Get Started
  • ✓ Dashboard
  • ✓ Email alerts
  • ✓ Slack & Discord alerts
  • ✓ REST API
  • ✓ Custom domains
  • ✓ Webhook alerts
  • ✓ Crypto wallet canaries (ETH, SOL, seed phrase)
  • ✓ Audit log
  • ✓ SIEM integration

Need more? Enterprise plans with SSO, SLA, and dedicated infrastructure. Contact us

Don't wait for the breach report.

The average breach goes undetected for 204 days. Your first tripwire takes 2 minutes to deploy.

Start Free — Deploy in 2 Minutes