dTAOscan block 8,587,934 · 3m ago Bittensor dTAO subnet explorer · signed, agent-native
CHChutesLEADER0.072732τ+0.8%TATargon0.053973τ+0.1%LIlium.io0.05331τ+0.1%VAVanta0.02999τ-0.2%AFAffine0.056136τ+0.0%SCScore0.037504τ-1.4%IOiota0.03321τ-0.8%GRGradients0.017956τ-1.0%NONOVA0.022382τ-2.1%HOHone0.01459τ+0.4%BIBitMind0.012285τ-0.1%BLblockmachine0.010531τ-1.4%HIHippius0.0167τ-0.3%RIRidges0.01181τ+1.6%ACActual0.049896τ+1.5%CACacheon0.010594τ+0.5%40404—GEN0.01008τ-0.9%APApex0.008579τ+0.1%DAData Universe0.006873τ+0.7%ENengyTOP MOVER0.0123τ-9.7%TRTrajectoryRL0.008415τ+9.6%DODojo0.006723τ-0.1%BIBitcast0.01064τ-0.6%GMgm0.013164τ+0.7%REReadyAI0.00623τ-0.5%SWSwap0.006318τ+2.0%ENEnigma0.008793τ+0.9%GRGraphite0.005465τ-0.8%ALAlmanac0.006484τ-0.5%VIVidaio0.006671τ-0.5%CHChutesLEADER0.072732τ+0.8%TATargon0.053973τ+0.1%LIlium.io0.05331τ+0.1%VAVanta0.02999τ-0.2%AFAffine0.056136τ+0.0%SCScore0.037504τ-1.4%IOiota0.03321τ-0.8%GRGradients0.017956τ-1.0%NONOVA0.022382τ-2.1%HOHone0.01459τ+0.4%BIBitMind0.012285τ-0.1%BLblockmachine0.010531τ-1.4%HIHippius0.0167τ-0.3%RIRidges0.01181τ+1.6%ACActual0.049896τ+1.5%CACacheon0.010594τ+0.5%40404—GEN0.01008τ-0.9%APApex0.008579τ+0.1%DAData Universe0.006873τ+0.7%ENengyTOP MOVER0.0123τ-9.7%TRTrajectoryRL0.008415τ+9.6%DODojo0.006723τ-0.1%BIBitcast0.01064τ-0.6%GMgm0.013164τ+0.7%REReadyAI0.00623τ-0.5%SWSwap0.006318τ+2.0%ENEnigma0.008793τ+0.9%GRGraphite0.005465τ-0.8%ALAlmanac0.006484τ-0.5%VIVidaio0.006671τ-0.5%

Don't trust. Verify.

Ed25519 · offline-verifiable · no key needed

Every dTAOscan API response is wrapped { data, receipt }. The receipt is an Ed25519 signature over the exact bytes of the data object. So you can prove any number here came from dTAOscan, at that block, unaltered, without trusting the connection or us. This is the difference between a scanner that says "trust me" and one that hands you proof.

The receipt

{
  "data": { ... the payload ... },
  "receipt": {
    "alg": "ed25519",
    "key": "dtaoscan-alpha-1",
    "publicKeyHex": "b1b6314faa1175d3e7852811e8e4a508065683b16b6927091f64938f8edce7c3",
    "payloadSha256": "<sha256 of the data JSON string>",
    "signatureHex": "<ed25519 signature over the data bytes>",
    "signedAt": "<ISO timestamp>"
  }
}

Verify it in four steps

1
Get the public key

Fetch /keys.json. It publishes the Ed25519 public key (dtaoscan-alpha-1) that signs every response. No account, no key of your own.

2
Fetch any signed endpoint

e.g. /api/ecosystem. Keep the raw bytes of the data field exactly as sent.

3
Check the hash

SHA-256 the data JSON string. It must equal receipt.payloadSha256. If it differs, the payload was altered in flight.

4
Check the signature

Ed25519-verify receipt.signatureHex over the data bytes with the public key. Valid means it is genuinely from dTAOscan and byte-identical to what we signed.

Verify with a script

import { webcrypto as crypto } from "node:crypto";

const res  = await fetch("https://dtaoscan.io/api/ecosystem").then(r => r.json());
const keys = await fetch("https://dtaoscan.io/keys.json").then(r => r.json());

const dataBytes = new TextEncoder().encode(JSON.stringify(res.data));
const pub = await crypto.subtle.importKey(
  "raw", Buffer.from(keys.keys[0].publicKeyHex, "hex"), "Ed25519", false, ["verify"]);
const ok = await crypto.subtle.verify(
  "Ed25519", pub, Buffer.from(res.receipt.signatureHex, "hex"), dataBytes);

console.log(ok ? "VERIFIED" : "TAMPERED");

How it is signed

dTAOscan signs with native Web Crypto Ed25519 inside the Cloudflare Worker, the same pattern the DRM3 lakehouse and MorScan Workers use. (The @drm3/provenance package is a Rust/WASM library for Node contexts; a Worker signs natively.) The signing key dtaoscan-alpha-1 is dTAOscan's own, self-published at /keys.json and independent of every other DRM3 key by design, so a dTAOscan receipt vouches for dTAOscan and nothing else. Alpha posture: the key is not yet in an external keyring.

Built for agents → · keys.json · API console