We’ve rolled out the Page Clone Rule, which enables us to detect indicators suggesting a webpage was generated using a page cloning tool.

Phishing pages are often created by cloning legitimate website landing pages and embedding a wallet drainer script. During this process, these page cloning tools leave behind specific indicators that give our system high confidence in identifying potentially malicious pages.

With our new page cloning detection rule, we’ve updated our system to provide an automated review process, resulting in faster detection and blocking of such websites.

We’re enabling organizations to log in to ChainPatrol using their existing corporate identity provider, such as Okta, Google Workspace, OneLogin, and others, with single sign-on (SSO).

The introduction of SSO offers two major benefits:

• It allows enterprise customers to enforce additional requirements and security rules within their identity provider of choice.

• It provides more authentication options for ChainPatrol and simplifies the onboarding process for new users.

Please, reach out to us if you’d like to set up SSO for your organization.

We've extended the reach of our detection by introducing four new sources: 

• Bing

• Yahoo

• DuckDuckGo

• Guestbooks

By tapping into these new detection sources, we’ve enhanced protection across various search engines and hidden guestbook websites, where scammers often post their content. It enables us to improve both the quality and speed of detection for all organizations that are being monitored by ChainPatrol.

We’ve implemented an important update that involves periodically running checks on specific URL assets and extending our liveness checks with deeper analysis. This allows us to extract more information and make higher-quality decisions.

With this implementation, we are now conducting a more thorough and repetitive analysis of URLs that increases the quality of protection while reducing the chance of false positives. This also results in an increased frequency of asset updates, enabling our staff and automation to decide on the appropriate actions for certain assets.

We’ve introduced a new feature of the ChainPatrol Telegram Bot that allows users to flag malicious links in chat groups. Additionally, the reporting function now provides detailed information for links already in our system. If a link has already been blocked, the bot will display the current takedown progress to the user.

This new feature enhances the transparency and integration of ChainPatrol with Telegram, making it possible for the bot to include a community-facing feature. Additionally, users are kept informed about the progress of the takedown.

Note: You can check if your group settings are set up properly right here.

ChainPatrol’s Twitter Detection feature now monitors quoted tweets and retweets, to gather intel about more sophisticated scams. This provides increased quality of detection for replies under organization tweets, leading to more thorough protection for customers. It also enables a deeper analysis of Twitter profiles, allowing ChainPatrol to catch more impersonation attempts.

Wallet drainers are the primary way that users are losing funds through scams that leverage the trust those users have with Web3 brands. In an effort to reduce the frequency of this scam, we've shipped two new wallet drainer kit rules that now detect the use of common scripts for stealing funds from users.

Our automated reviewing system treats these new rules as high confidence signals for malicious activity and automatically blocks these sites as soon as they are detected. We continue to track new drainer kits and Indicators of Compromise (IOCs) of these sites, and we will update our detection rules accordingly.

The ChainPatrol app now leverages AI to automatically populate and submit takedown request forms directly on the website of specific providers. Previously, ChainPatrol members had to navigate to provider websites and manually fill out forms.

Here are the providers we have shipped so far:

• Webflow

• Gitbook

• Vercel

• Quora

• GoDaddy

• Hostinger

• Registrar.eu

• Tucows

With this update, a manual step has been eliminated, ensuring takedown requests are processed more efficiently, and reducing the potential for human error. AI ensures the forms are filled out correctly minimizing errors, and it speeds up the takedown process. 

Automated form filling works best when all required details (for example, legal documents), are uploaded into the system. For unsupported providers, the manual form submission process remains available as a fallback option.