Supporting Evidence for Reports

Reports via Slack and Intercom now support adding additional attachments as evidence. Add screenshots, files, and .eml files to provide evidence to hosting providers and platforms of abuse.

These updates make it easier to investigate threats, preserve supporting evidence, and allow users to have more control for what data gets submitted with reports.

Default Organization Setting & Trademark Improvements

Users who belong to multiple organizations can now choose a default organization to redirect to when logging in. Organization settings were also expanded to support a Name of the Rights Owner field in trademark registration records.

These changes make multi-account access smoother and improve the completeness of brand enforcement information stored in ChainPatrol.

Twitter Detection in Replies & Mentions + URLScan Hostname Detection

Profile protection on X/Twitter now scans both replies and mentions, expanding coverage for impersonation and support-scam activity targeting protected accounts. URLScan detection sources were also improved with hostname-based detection and org-aware default queries, helping surface newly observed attacker infrastructure without requiring every customer to manually configure searches.

Platform Coverage Expansion

ChainPatrol expanded support across additional asset types, platforms, and takedown targets during February:

• Rarible NFT asset support

• New takedown coverage for Issuu, Letterboxd, and Vercel-hosted domains

• Flathub, SoundCloud, VidLii, Vevioz, and Zapper platform support

This expands the range of surfaces customers can monitor, normalize, and take action on directly inside ChainPatrol.

Additional Improvements

• Reports now include blockchain explorer links for contract addresses, making Web3 investigations faster from the report view.

• Liveness check workflows were also improved with clearer status feedback and domain-hold detection, helping distinguish assets that are still online from domains already disabled at the registrar level.

Audit Logging and Admin Governance

Audit logging is now available in the settings page to see changes to your organization settings over time. Logs include events for changes to brand protection configuration, API key setting updates, member additions/removals/role updates, and service-level changes.

Takedowns Tasks and Details

Improved takedown task details available in your ChainPatrol dashboard. ChainPatrol continues to handle takedowns from domain registrars to social media platforms. Threat takedowns require different approaches depending on platform and asset type with various responses.

This change gives better visibility into the unique updates per takedown. With this view, organizations can see initial filings, re-filings, as well as platform responses.

Threat Fingerprints and Detection Improvements

ChainPatrol now tracks new threat fingerprints and includes a dedicated fingerprints page with UI improvements for investigation and review.

These upgrades make it easier to identify repeated attacker infrastructure and patterns across reports. Analysts can correlate incidents faster and carry more context between triage, review, and remediation decisions.

Platform Coverage Expansion

Expanded coverage across additional blockchain assets, social/video platforms, and hosting pages:

• Address ecosystems - Soneium address support

• Social/video platforms - Bilibili, Bluesky, Vimeo, Dailymotion

• Web hosting pages - zapier.app, codepen, irys.xyz

Audit Logging

Audit logs now track all critical actions across your organization, including member changes, assets, service settings, and API keys.

Each event includes before/after values, timestamps, and user context—making compliance, security reviews, and troubleshooting significantly easier.

Customer Review & Escalations Workflow

Customers now have a direct way to have final approval for threats we add to the blocklist on your behalf. After enabling, customers can configure which asset types need a customer's final review and which assets types can automatically be added to the blocklist.

Review labels and decision information persist to the final approval, making the customer decision easier to apply.

Slack Org Connect & Escalation Alerts

Teams can connect dedicated Slack channels to receive real-time notifications for escalations and reports.

Escalation alerts include threat details and direct links to the review page, ensuring urgent escalations and threats are never missed.

Automated Takedowns & Scanning Capabilities

Automated takedowns now support additional providers including GoDaddy, Vercel, Registrar.eu, Tucows, Public Domain Registry, Hostinger, Cloudflare, and Webflow.

Automated form filling and custom takedown notes reduce manual effort while improving tracking and context.

Public API

New public API endpoints are available, allowing more programmatic access to ChainPatrol data. Full API key management from the dashboard.

The API now includes new dedicated endpoints for organizations, takedowns, and reports:

• GET /organization/assets - List organization assets with filtering and pagination

• POST /organization/assets - Batch add assets to organization allowlist

• PUT /organization/assets/{assetId} - Update an organization asset

• DELETE /organization/assets/{assetId} - Delete an organization asset

• GET /organization/asset-groups - List organization asset groups

• POST /organization/asset-groups - Create an asset group

• PUT /organization/asset-groups/{groupId} - Update an asset group

• DELETE /organization/asset-groups/{groupId} - Delete an asset group

• GET /organization/metrics - Get organization metrics with date range and brand filtering

• GET /organization/reports - List organization reports with filtering and pagination

• POST /takedowns/list - List takedowns for an organization with filtering

• POST /threats/list - List threats for an organization

• POST /reports/search - Search reports by asset contents within an organization

The following endpoints are now deprecated:

• POST /public/getOrganizationReports

• POST /public/getOrganizationMetrics

See more implementation details at https://chainpatrol.com/docs/external-api/overview

Metrics & Dashboard Improvements

Dashboard performance has been improved with faster load times and more accurate real-time data.

New public metrics endpoints enable more integration with ChainPatrol metrics to view external reporting and analytics data.

Separate Blocklist and Takedowns Pages

Threats are now split into two focused pages—Blocklist and Takedowns. This reduces clutter and provides clearer context around detections and takedown progress, making it much easier to navigate and review active issues.

Customer Final Approval

This feature gives organizations more control over threat response decisions and ensures alignment between ChainPatrol and your organization's protection outcomes. Any threat ChainPatrol approves now goes to your "Review" tab on the dashboard.

Right-Click to Report in Discord

Customers can now report malicious users or messages directly from Discord via right-click → Apps → “Report user/message.” This makes it easier and faster for communities to surface suspicious activity to ChainPatrol.

Performance Improvements

The app now loads faster across key areas, including organization switching and large proposal queues. Scheduled jobs have been redistributed to reduce spikes in load, resulting in more reliable detections, liveness checks, and takedown operations.

Reviewing Experience

Trusted Reviewer

Customers can now escalate and review threats in app with enhanced permissions. This is useful for customers with integrations set up with us at ChainPatrol that want the ability to block threats instantly.

Refactored Review Page and Proposal Panel

The UI has been refactored with clearer proposal types, improved filters, and labels. Risk indicators are collapsed into a compact, toggleable section so reviewers can keep context without scrolling. This cleans up the overall display for users to see what threat intelligence is available when reviewing.

Performance improvements

Report and review screens render faster for smoother navigation through large queues. Users no longer have to worry about queuing large amounts data and screenshots when trying to get a trend view of their organization.

Brand Intelligence & Automated Takedowns

Brand-level Rules & Takedowns

Rules and detection sources now operate at the brand level, unlocking precise automation and approvals per brand. Once an asset is blocked for a specific brand, takedowns can proceed automatically using brand data (name, website, legal docs).

Brand UI polish

The creation/update flow has been streamlined, and brand details surface more prominently across detection and threats pages to set up future brand-level filtering and analytics. Going through the proposal view now shows all the brand rule executions.

Threat Visibility & Visuals Across App

Customers now see visual examples of active threats on their dashboard for a quicker glance into confirmed threats. The report lists also show real enrichment screenshots, giving an immediate view of evidence.

Brand Intelligence

Brand-Specific Rules & Detection Sources

Threat detection sources and legitimacy rules now operate at the brand level instead of organization-wide. This enables fine-grained automation, approvals, and more accurate enforcement logic per brand.

Filter Threats by Brand

Brand data is now displayed directly on the Threats page, laying the groundwork for brand-specific filtering, analytics, and reporting.

Rule Freshness and Re-validation

Rules can now include staleness timers, triggering re-validation after a configurable period. This helps ensure legitimacy decisions remain current and auditable.

Threat Snapshots

Redesigned Snapshot Layout

Threat snapshot reports now follow an updated format that highlights key threat insights in a more scannable visual layout.

Threat Breakdown Analytics

Each snapshot includes structured analytics showing which scams targeted the customer across which platforms.

Case Study Evidence

Snapshots now include selected threat examples, complete with screenshots and narrative context for high-risk scams.

App Updates and FAQ Section

Each snapshot includes recent app product changelog items and responses to common customer questions or industry changes.

Social Detection and Web3 Enhancements

Automated Twitter Takedown Flow

Twitter detections now automatically trigger takedown requests, reducing response time and manual workload.

Redirect Intelligence from Blocklist

Redirects from previously blocked URLs are now tracked and analyzed to surface repeat offenders and network-level indicators.

Canary Token Deployment Improvements

Canary tokens are easier to generate and integrate self-serve in our admin dashboard, improving customer adoption and proactive scam tracking.

Detection & Threat Coverage

Google Ads Detection Source

We added a new source for detecting malicious Google Ads, including location and language targeting. This improves coverage for threats tailored to specific geographies.

App Store Scanning & Detection

This month we expanded support for detecting malicious apps on both Apple and Google Play stores in an automated fashion. We now scan app stores daily looking for fake wallet apps and copycat apps.

DexScreener Detection Source

We introduced initial support for detecting copycat tokens via DexScreener search, helping surface early scams in decentralized exchanges.

YouTube Rules Expansion

Improved rule system to auto-approve obvious scams and reduce false positives from legitimate promotions on YouTube. We are now leveraging more metadata from YouTube's API to detect common patterns of behavior used by bots and scammers.

Link Extraction Improvements

Our detection system now extracts links from static and dynamic HTML in a robust way. This improvement will help with threat discovery to make sure that we not only takedown the initial pages that impersonating your brand, but also the malicious links and iframes embedded inside those pages.

Triage System & Organization Configuration

Asset Triage System Rewritten in Rust

We rebuilt our asset triage engine in Rust, resulting in a 100x speed increase for processing incoming threats. This system acts as the first line of defense — processing thousands of URLs, domains, and profiles every few minutes to route them to the right organization. This massive speedup improves our real-time threat triage and ensures faster protection for customers.

Trademark Registration Configuration

Organizations can now upload trademark registration data, helping support providers that require trademark verification during takedown submission.

API Improvements

Asset Parse API

Introduced a new /asset/parse API that exposes our parsing logic to integrators. Use this endpoint to determine what asset type an arbitrary URL has. Read the docs here: https://chainpatrol.com/docs/external-api/asset-parse.

Report Wallet Addresses Across Chains

We now support reporting wallet addresses using the CAIP-2 standard format, allowing for precise attribution across multiple blockchains. This enhancement improves confidence for clients like Coinbase who track malicious contracts and wallets across chains.

Example input:

• eip155:1:0xabc123... (for Ethereum mainnet)

• solana:4k3Dyjzvzp8e... (for Solana)

• etc.

This month, we’ve been busy shipping several improvements to our platform to monitor, review, and take down emerging threats types in the Web3 space.

E2E Mozilla Add-ons Protection

Detection

We’ve integrated targeted monitoring for the Mozilla Add-ons store (AMO) to identify fake crypto wallet extensions containing malicious code. This detection source automatically ingests new submissions from AMO, enabling us to flag threats before they spread widely.

Rules/Reviewing

New detection rules now focus on high-risk extensions impersonating wallet brands like MetaMask, Sui, Rabby, and Coinbase. Automated analysis looks for phishing behavior and other red flags. Potentially malicious add-ons are then queued for rapid human review, ensuring that high-confidence threats move quickly to takedown.

Takedowns

Confirmed threats are sent through our automated takedown system, removing them directly from the Mozilla Add-ons store. This streamlined pipeline reduces the time from detection to removal, protecting end-users from credential theft and asset loss.

Collaborating With Mozilla

We’re actively collaborating with Mozilla’s security and add-ons teams to combat this emerging threat category, in direct alignment with their recent public warning: Crypto wallet scams: thwarting a new threat. ChainPatrol continues to be committed to covering new threat environments and collaborating with platforms to better combat waves of new threats.

Expanded Social Platform Coverage

We're excited to share that we’ve added automated detection for profiles on:

• Bluesky

• Farcaster

• Primal

• DeSo

• Snapchat

These platforms are actively being abused to target our customers recently. In response, we rapidly prototyped, tested, and delivered these new detection sources in under a week. At ChainPatrol, we are constantly iterating on our engineering and threat intelligence in alignment with our customers' needs.

Intercom Integration (Beta)

Many Web3 brands we work with rely on Intercom for customer support and ticketing. Increasingly, customer support teams are handling incoming reports from users who have been scammed or are at risk.

To reduce delays in gathering this valuable threat intel, our new Intercom Integration allows customer threat submissions to flow directly from Intercom conversations into ChainPatrol, ensuring faster triage and takedown.

If your team uses Intercom, please reach out to us to get access to the Beta.

Miscellaneous Improvements

• Detection Page Chart Improvements – Better x-axis labels and updated colors for easier interpretation.

• Detection Chart by Time – Filter detections using an interactive bar chart; click and drag to select time ranges.

• Detection Chart by Asset Type – View detection breakdowns by asset type over time to spot trends.

• Proposal Rule Result UI Refactor – New layout for rule contributions and score explanations for clearer reviews.

• Web3 Rule Group – New rule group for detecting Web3 presence in URLs, enabling confident automation.

• Open PageRank & Tranco Legitimacy Check – Added Open PageRank check and updated Tranco logic to reduce false positives.

• Search Page UX Refactor – Tabbed search UI by category for cleaner navigation.

• Polkadot Phishing Data Server – Now displays blocklist info from the Polkadot ecosystem.