Smarter Brand Setup and Management

Brand onboarding got much easier with Fill from Link for X/Twitter profiles, plus improved brand data controls for tickers, topics, and trademark records at the brand level.

This reduces manual setup time and improves detection quality by keeping brand context more complete and structured.

Broader X/Twitter Protection

X/Twitter coverage expanded to include more high-signal activity, including quote-based patterns and richer account-context detection.

The result is wider scam and impersonation coverage with better signal quality and less analyst noise.

Ad Library Asset Coverage

ChainPatrol added dedicated support for Google Ads and Bing Ads assets with new GOOGLE_AD and BING_AD asset types.

Ad-library URLs are now parsed into structured identifiers (including advertiser, creative, and ad IDs where available), enabling higher-precision ad abuse detection and faster actionability.

Expanded Platform and Asset Coverage

ChainPatrol expanded support across more threat surfaces, including Rednote asset support, stronger Instagram coverage, and new automated provider flows for DigitalOcean, Zapier, and Calendly.

Additional Hosting and Domain Coverage

We added broad new hosting and domain parsing coverage across providers and PAGE domains, including infrastructure like Wasmer, EdgeOne, Boxmode, Tumblr-hosted pages, and expanded TLD-to-provider routing (including Google Registry and Radix domains).

Supporting Evidence for Reports

Reports via Slack and Intercom now support adding additional attachments as evidence. Add screenshots, files, and .eml files to provide evidence to hosting providers and platforms of abuse.

These updates make it easier to investigate threats, preserve supporting evidence, and allow users to have more control for what data gets submitted with reports.

Default Organization Setting & Trademark Improvements

Users who belong to multiple organizations can now choose a default organization to redirect to when logging in. Organization settings were also expanded to support a Name of the Rights Owner field in trademark registration records.

These changes make multi-account access smoother and improve the completeness of brand enforcement information stored in ChainPatrol.

Twitter Detection in Replies & Mentions + URLScan Hostname Detection

Profile protection on X/Twitter now scans both replies and mentions, expanding coverage for impersonation and support-scam activity targeting protected accounts. URLScan detection sources were also improved with hostname-based detection and org-aware default queries, helping surface newly observed attacker infrastructure without requiring every customer to manually configure searches.

Platform Coverage Expansion

ChainPatrol expanded support across additional asset types, platforms, and takedown targets during February:

• Rarible NFT asset support

• New takedown coverage for Issuu, Letterboxd, and Vercel-hosted domains

• Flathub, SoundCloud, VidLii, Vevioz, and Zapper platform support

This expands the range of surfaces customers can monitor, normalize, and take action on directly inside ChainPatrol.

Additional Improvements

• Reports now include blockchain explorer links for contract addresses, making Web3 investigations faster from the report view.

• Liveness check workflows were also improved with clearer status feedback and domain-hold detection, helping distinguish assets that are still online from domains already disabled at the registrar level.

Audit Logging and Admin Governance

Audit logging is now available in the settings page to see changes to your organization settings over time. Logs include events for changes to brand protection configuration, API key setting updates, member additions/removals/role updates, and service-level changes.

Takedowns Tasks and Details

Improved takedown task details available in your ChainPatrol dashboard. ChainPatrol continues to handle takedowns from domain registrars to social media platforms. Threat takedowns require different approaches depending on platform and asset type with various responses.

This change gives better visibility into the unique updates per takedown. With this view, organizations can see initial filings, re-filings, as well as platform responses.

Threat Fingerprints and Detection Improvements

ChainPatrol now tracks new threat fingerprints and includes a dedicated fingerprints page with UI improvements for investigation and review.

These upgrades make it easier to identify repeated attacker infrastructure and patterns across reports. Analysts can correlate incidents faster and carry more context between triage, review, and remediation decisions.

Platform Coverage Expansion

Expanded coverage across additional blockchain assets, social/video platforms, and hosting pages:

• Address ecosystems - Soneium address support

• Social/video platforms - Bilibili, Bluesky, Vimeo, Dailymotion

• Web hosting pages - zapier.app, codepen, irys.xyz

Audit Logging

Audit logs now track all critical actions across your organization, including member changes, assets, service settings, and API keys.

Each event includes before/after values, timestamps, and user context—making compliance, security reviews, and troubleshooting significantly easier.

Customer Review & Escalations Workflow

Customers now have a direct way to have final approval for threats we add to the blocklist on your behalf. After enabling, customers can configure which asset types need a customer's final review and which assets types can automatically be added to the blocklist.

Review labels and decision information persist to the final approval, making the customer decision easier to apply.

Slack Org Connect & Escalation Alerts

Teams can connect dedicated Slack channels to receive real-time notifications for escalations and reports.

Escalation alerts include threat details and direct links to the review page, ensuring urgent escalations and threats are never missed.

Automated Takedowns & Scanning Capabilities

Automated takedowns now support additional providers including GoDaddy, Vercel, Registrar.eu, Tucows, Public Domain Registry, Hostinger, Cloudflare, and Webflow.

Automated form filling and custom takedown notes reduce manual effort while improving tracking and context.

Public API

New public API endpoints are available, allowing more programmatic access to ChainPatrol data. Full API key management from the dashboard.

The API now includes new dedicated endpoints for organizations, takedowns, and reports:

• GET /organization/assets - List organization assets with filtering and pagination

• POST /organization/assets - Batch add assets to organization allowlist

• PUT /organization/assets/{assetId} - Update an organization asset

• DELETE /organization/assets/{assetId} - Delete an organization asset

• GET /organization/asset-groups - List organization asset groups

• POST /organization/asset-groups - Create an asset group

• PUT /organization/asset-groups/{groupId} - Update an asset group

• DELETE /organization/asset-groups/{groupId} - Delete an asset group

• GET /organization/metrics - Get organization metrics with date range and brand filtering

• GET /organization/reports - List organization reports with filtering and pagination

• POST /takedowns/list - List takedowns for an organization with filtering

• POST /threats/list - List threats for an organization

• POST /reports/search - Search reports by asset contents within an organization

The following endpoints are now deprecated:

• POST /public/getOrganizationReports

• POST /public/getOrganizationMetrics

See more implementation details at https://chainpatrol.com/docs/external-api/overview

Metrics & Dashboard Improvements

Dashboard performance has been improved with faster load times and more accurate real-time data.

New public metrics endpoints enable more integration with ChainPatrol metrics to view external reporting and analytics data.

Separate Blocklist and Takedowns Pages

Threats are now split into two focused pages—Blocklist and Takedowns. This reduces clutter and provides clearer context around detections and takedown progress, making it much easier to navigate and review active issues.

Customer Final Approval

This feature gives organizations more control over threat response decisions and ensures alignment between ChainPatrol and your organization's protection outcomes. Any threat ChainPatrol approves now goes to your "Review" tab on the dashboard.

Right-Click to Report in Discord

Customers can now report malicious users or messages directly from Discord via right-click → Apps → “Report user/message.” This makes it easier and faster for communities to surface suspicious activity to ChainPatrol.

Performance Improvements

The app now loads faster across key areas, including organization switching and large proposal queues. Scheduled jobs have been redistributed to reduce spikes in load, resulting in more reliable detections, liveness checks, and takedown operations.

Reviewing Experience

Trusted Reviewer

Customers can now escalate and review threats in app with enhanced permissions. This is useful for customers with integrations set up with us at ChainPatrol that want the ability to block threats instantly.

Refactored Review Page and Proposal Panel

The UI has been refactored with clearer proposal types, improved filters, and labels. Risk indicators are collapsed into a compact, toggleable section so reviewers can keep context without scrolling. This cleans up the overall display for users to see what threat intelligence is available when reviewing.

Performance improvements

Report and review screens render faster for smoother navigation through large queues. Users no longer have to worry about queuing large amounts data and screenshots when trying to get a trend view of their organization.

Brand Intelligence & Automated Takedowns

Brand-level Rules & Takedowns

Rules and detection sources now operate at the brand level, unlocking precise automation and approvals per brand. Once an asset is blocked for a specific brand, takedowns can proceed automatically using brand data (name, website, legal docs).

Brand UI polish

The creation/update flow has been streamlined, and brand details surface more prominently across detection and threats pages to set up future brand-level filtering and analytics. Going through the proposal view now shows all the brand rule executions.

Threat Visibility & Visuals Across App

Customers now see visual examples of active threats on their dashboard for a quicker glance into confirmed threats. The report lists also show real enrichment screenshots, giving an immediate view of evidence.

Brand Intelligence

Brand-Specific Rules & Detection Sources

Threat detection sources and legitimacy rules now operate at the brand level instead of organization-wide. This enables fine-grained automation, approvals, and more accurate enforcement logic per brand.

Filter Threats by Brand

Brand data is now displayed directly on the Threats page, laying the groundwork for brand-specific filtering, analytics, and reporting.

Rule Freshness and Re-validation

Rules can now include staleness timers, triggering re-validation after a configurable period. This helps ensure legitimacy decisions remain current and auditable.

Threat Snapshots

Redesigned Snapshot Layout

Threat snapshot reports now follow an updated format that highlights key threat insights in a more scannable visual layout.

Threat Breakdown Analytics

Each snapshot includes structured analytics showing which scams targeted the customer across which platforms.

Case Study Evidence

Snapshots now include selected threat examples, complete with screenshots and narrative context for high-risk scams.

App Updates and FAQ Section

Each snapshot includes recent app product changelog items and responses to common customer questions or industry changes.

Social Detection and Web3 Enhancements

Automated Twitter Takedown Flow

Twitter detections now automatically trigger takedown requests, reducing response time and manual workload.

Redirect Intelligence from Blocklist

Redirects from previously blocked URLs are now tracked and analyzed to surface repeat offenders and network-level indicators.

Canary Token Deployment Improvements

Canary tokens are easier to generate and integrate self-serve in our admin dashboard, improving customer adoption and proactive scam tracking.

Detection & Threat Coverage

Google Ads Detection Source

We added a new source for detecting malicious Google Ads, including location and language targeting. This improves coverage for threats tailored to specific geographies.

App Store Scanning & Detection

This month we expanded support for detecting malicious apps on both Apple and Google Play stores in an automated fashion. We now scan app stores daily looking for fake wallet apps and copycat apps.

DexScreener Detection Source

We introduced initial support for detecting copycat tokens via DexScreener search, helping surface early scams in decentralized exchanges.

YouTube Rules Expansion

Improved rule system to auto-approve obvious scams and reduce false positives from legitimate promotions on YouTube. We are now leveraging more metadata from YouTube's API to detect common patterns of behavior used by bots and scammers.

Link Extraction Improvements

Our detection system now extracts links from static and dynamic HTML in a robust way. This improvement will help with threat discovery to make sure that we not only takedown the initial pages that impersonating your brand, but also the malicious links and iframes embedded inside those pages.

Triage System & Organization Configuration

Asset Triage System Rewritten in Rust

We rebuilt our asset triage engine in Rust, resulting in a 100x speed increase for processing incoming threats. This system acts as the first line of defense — processing thousands of URLs, domains, and profiles every few minutes to route them to the right organization. This massive speedup improves our real-time threat triage and ensures faster protection for customers.

Trademark Registration Configuration

Organizations can now upload trademark registration data, helping support providers that require trademark verification during takedown submission.

API Improvements

Asset Parse API

Introduced a new /asset/parse API that exposes our parsing logic to integrators. Use this endpoint to determine what asset type an arbitrary URL has. Read the docs here: https://chainpatrol.com/docs/external-api/asset-parse.

Report Wallet Addresses Across Chains

We now support reporting wallet addresses using the CAIP-2 standard format, allowing for precise attribution across multiple blockchains. This enhancement improves confidence for clients like Coinbase who track malicious contracts and wallets across chains.

Example input:

• eip155:1:0xabc123... (for Ethereum mainnet)

• solana:4k3Dyjzvzp8e... (for Solana)

• etc.