https://github.com/metamask/eth-phishing-detect

Utility for detecting phishing domains targeting Web3 users
https://github.com/metamask/eth-phishing-detect

Last synced: 7 months ago
JSON representation

Utility for detecting phishing domains targeting Web3 users

• Host: GitHub
• URL: https://github.com/metamask/eth-phishing-detect
• Owner: MetaMask
• License: other
• Created: 2017-08-03T01:57:18.000Z (over 8 years ago)
• Default Branch: main
• Last Pushed: 2025-06-23T18:55:49.000Z (7 months ago)
• Last Synced: 2025-06-23T19:03:44.290Z (7 months ago)
• Language: TypeScript
• Homepage:
• Size: 31.6 GB
• Stars: 1,184
• Watchers: 134
• Forks: 995
• Open Issues: 79
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

          
# eth-phishing-detect

[![Greenkeeper badge](https://badges.greenkeeper.io/MetaMask/eth-phishing-detect.svg)](https://greenkeeper.io/)

List of malicious domains targeting Web3 users.

For checking why a given domain was blocked, there is a third-party [search tool](https://app.chainpatrol.io/search) maintained by ChainPatrol.

## Blocking Policy

We are constantly evolving the ideal policy that guides this list, but a few clearly defined rules have emerged. We will be quick and decisive to block websites that:

-   Impersonate other known and established sites.

-   Use their interfaces to collect user signing keys (especially cryptocurrency keys) and send them back to home servers.

There are other grounds for blocking, and we will ultimately do our best to keep our users safe.

### Basic usage

UPDATE: The phishing detector has been moved [here](https://github.com/MetaMask/core/tree/main/packages/phishing-controller).

## Contributions

To keep a tidy file, use the CLI or library functions to modify the list.

### Adding new domains

```bash

yarn add:blocklist crypto-phishing-site.tld

yarn add:allowlist legitimate-site.tld

```

```js

addDomains(config, "blocklist", ["crypto-phishing-site.tld"]);

addDomains(config, "allowlist", ["legitimate-site.tld"]);

```

### Removing existing domains

```bash

yarn remove:blocklist legitimate-site.tld

yarn remove:allowlist malicious-site.tld

```

```js

removeDomains(config, "blocklist", ["legitimate-site.tld"]);

removeDomains(config, "allowlist", ["crypto-phishing-site.tld"]);

```

## Safeguards

We maintain a list of domains pulled from various sources in `test/resources`. Each file is plaintext with one host per domain. These domains are used to reduce the risk of false positives. If you need to block a domain that is featured on one of these lists, you'll need to add a bypass to `test/test-lists.ts`.

To update the lists, run `yarn update:lists`. Note that you'll need a CoinMarketCap Pro API key.

## Auditing submissions & removals

Running the command below will pull all pull requests associated to example.com.

`git log -S "example.com" -- src/config.json`