Blog Docs Changelog
Book a Demo Sign in

Keeping Scroll Secure: Tackling Threats As They Emerge

Erin Hynes
Erin Hynes Head of Marketing, ChainPatrol
Keeping Scroll Secure: Tackling Threats As They Emerge

Scroll is a leading zero-knowledge (ZK) rollup that enhances Ethereum’s scalability while maintaining its security and decentralization. Built to be fully compatible with Ethereum, Scroll allows developers to deploy existing smart contracts seamlessly while benefiting from lower fees and faster transactions. 

By leveraging advanced ZK technology, Scroll provides a high-throughput, developer-friendly environment that empowers builders, users, and organizations to create and scale Web3 applications. Their mission is to scale Ethereum for good, fostering an open and accessible blockchain ecosystem for everyone.

Like most Web3 organizations, Scroll has seen threat activity grow as their network scales. From phishing scams to impersonation attempts, bad actors are constantly evolving, putting users and projects at risk.

We caught up with the team at Scroll to learn how Scroll identifies and mitigates threats to their organization and community. We unpack the evolving threat landscape, and how working with security partners (like ChainPatrol!) helps keep users safe. 

🛡 ChainPatrol:

Scroll is the leading zero-knowledge rollup, with the goal of scaling Ethereum for good. Can you share some of the major benefits of Scroll, for users? 

🎙️ Scroll:

Scroll leverages fast finality and high throughput, in order to create a more accessible, and secure on-chain future for all. Scroll’s mission is to build the Open Economy and to provide an easy-to-use, developer-friendly environment to scale Ethereum for good. Scroll empowers builders, users, and founders to ascend beyond today’s limitations and drive real-world impact. 

Our mainnet has been live for over a year now, and since then, we’ve reduced gas fees significantly while ensuring full compatibility with Ethereum’s existing smart contracts and developer tools. Users benefit from faster transactions, a seamless experience with Ethereum-native applications

🛡 ChainPatrol:

When and how did the Scroll team come to realize that the organization was being targeted by online threats like phishing and impersonation? 

🎙️ Scroll:

The Scroll team became aware of increasing online threats (phishing and impersonation) as the project gained more visibility, especially during the lead-up to mainnet launch and TGE, and even as we go into 2025 over a year later. 

Initial signs of these issues came from fake X (formerly Twitter) accounts and email addresses impersonating Scroll and even team members. On top of this, phishing scams for fake SCR tokens, fraudulent dApps, fake Telegram and Discord groups, and more.

Community reports and internal monitoring helped identify these threats, prompting Scroll to take proactive action to mitigate these security concerns.

🛡 ChainPatrol:

What are the main ways that these threats impact your business, and what threat is most problematic or concerning?  

🎙️ Scroll:

These online threats pose significant risks to both users and Scroll’s broader ecosystem. The most immediate concern is user security, as they can lead to financial losses and hurt communities within the space. It can also create confusion or mislead users with false partnerships/company updates.

Addressing these threats requires constant vigilance, as they not only impact individuals, but also divert internal resources that could otherwise be focused on development and innovation.

🛡 ChainPatrol:

Can you describe how ChainPatrol works with your existing team? 

🎙️ Scroll:

ChainPatrol plays a critical role in protecting Scroll’s ecosystem by providing real-time monitoring, rapid takedown services, and proactive phishing detection. By identifying fraudulent websites and fake social media accounts, ChainPatrol helps mitigate threats before they spread.

🛡 ChainPatrol:

As your organization scales, are you finding that threats grow as well? How are your protection needs evolving?

🎙️ Scroll:

As Scroll continues to scale, security threats are also evolving in both frequency and sophistication. The larger the user base and liquidity involved, the more attractive the ecosystem becomes for attackers. 

The increase in advanced phishing techniques require stronger and more automated defenses. To address this, Scroll is continuously refining its security strategy, expanding monitoring efforts, and leveraging trusted partners like ChainPatrol to stay ahead of any emerging risks.

🛡 ChainPatrol:

How does leveraging a platform like ChainPatrol pass on benefits to your users and contribute positively to the reputation of Scroll?

🎙️ Scroll:

By proactively detecting and neutralizing threats, ChainPatrol enhances user safety and reduces the risk of financial loss from scams. This not only protects individual users but also reinforces Scroll’s reputation as a secure and reliable L2. A safer ecosystem attracts more developers, institutions, and end-users, contributing to the long-term success and adoption of Scroll.

🛡 ChainPatrol:

Decentralization is a core principle of Web3, but it can also make Web3 security more complex. How does Scroll balance decentralization with the need for strong security measures?

🎙️ Scroll:

Both decentralization and security are at the core of Scroll’s mission, but balancing both requires a careful balance. 

While decentralization ensures resilience against censorship and control, it also demands solid user education and proactive protection measures to mitigate risks like phishing and smart contract exploits. By leveraging permissionless innovation alongside rigorous security protocols, Scroll upholds the principles of Web3 while keeping users safe.

🛡 ChainPatrol:

What advice would you give to other Web3 projects looking to strengthen their security against phishing and impersonation threats?

🎙️ Scroll:

For Web3 projects looking to strengthen security against phishing and impersonation, the key is proactive defense. Implementing phishing detection systems, partnering with specialized security services, and educating users about common scams can make a world of difference.

Projects should also establish official communication channels, verify domains across platforms, and develop rapid response strategies for emerging threats. The earlier security measures are integrated into a project’s roadmap, the easier it is to mitigate risks as adoption grows.

🛡 ChainPatrol:

What’s been the biggest lesson learned from dealing with threats like phishing and impersonation? Has it changed how you approach security and brand protection?

🎙️ Scroll:

One of the biggest lessons learned is that security cannot be an afterthought—it must be built into every layer of the ecosystem. Waiting for an attack to happen before taking action is too late. The Scroll team has learned the importance of continuous monitoring, rapid response strategies, and transparent communication with the community.

As Web3 adoption grows, so will the sophistication of attacks, making ongoing vigilance essential for both projects and users.

Are you ready to protect your brand and community? Book a ChainPatrol demo to learn how we can help.