The leak check matches a wallet-derived hash against KeyAudit's 6.94M-record index. You paste an address or SHA-256 hash of a seed/private key — the client-side hash is computed using `SubtleCrypto.digest('SHA-256', data)` before the query is sent. No plaintext seed or key leaves your browser.

The hash goes to our public API, which first checks a Bloom filter for existence, then queries MySQL for confirmed matches. Because the hash is the searchable artifact (not the raw key), your secrets never transit the network. For dict_derived entries, the match is theoretical — a dictionary seed that could produce the address, not evidence of theft.