diff --git a/backend/src/routes/accounts.test.ts b/backend/src/routes/accounts.test.ts
index cf7e081..30f4413 100644
--- a/backend/src/routes/accounts.test.ts
+++ b/backend/src/routes/accounts.test.ts
@@ -11,8 +11,8 @@ vi.mock('../services/horizon', () => ({
 }));
 
 describe('GET /api/account/:address', () => {
-    // Valid 56-character Stellar address
-    const mockAddress = 'GA5W6GSR6G2CXP747U7S6ZPH5EALQY57V22K6YJSP2XYG47YJ3PGLRTI';
+    // Valid Stellar address (verified via Keypair.fromPublicKey)
+    const mockAddress = 'GA4LYCAMDLLOJPGXHQCHHPXBISH5RAWSS7ZTCSQAPKASBXG4NTB5MJ6N';
 
     beforeEach(() => {
         vi.clearAllMocks();
diff --git a/backend/src/routes/accounts.ts b/backend/src/routes/accounts.ts
index 5f7fcb3..f1ca792 100644
--- a/backend/src/routes/accounts.ts
+++ b/backend/src/routes/accounts.ts
@@ -1,4 +1,5 @@
-import { Router, Request, Response } from 'express';
+import { Router, Request, Response, NextFunction } from 'express';
+import { Keypair } from '@stellar/stellar-sdk';
 import {
   getAccountDetails,
   getAccountTransactions,
@@ -6,8 +7,17 @@ import {
 
 const router = Router();
 
+function validateAddress(req: Request, res: Response, next: NextFunction): void {
+  try {
+    Keypair.fromPublicKey(req.params.address as string);
+    next();
+  } catch {
+    res.status(400).json({ error: 'Invalid Stellar address' });
+  }
+}
+
 // GET /api/account/:address
-router.get('/:address', async (req: Request, res: Response) => {
+router.get('/:address', validateAddress, async (req: Request, res: Response) => {
   try {
     const address = req.params.address as string;
     const account = await getAccountDetails(address);
@@ -27,10 +37,11 @@ router.get('/:address', async (req: Request, res: Response) => {
 });
 
 // GET /api/account/:address/transactions
-router.get('/:address/transactions', async (req: Request, res: Response) => {
+router.get('/:address/transactions', validateAddress, async (req: Request, res: Response) => {
   try {
     const address = req.params.address as string;
-    const limit = Math.min(parseInt(req.query.limit as string) || 20, 200);
+    const parsed = parseInt(req.query.limit as string);
+    const limit = Number.isNaN(parsed) ? 20 : Math.min(parsed, 200);
     const cursor = typeof req.query.cursor === 'string' ? req.query.cursor : undefined;
     const order = req.query.order === 'asc' ? 'asc' : 'desc';