We’re happy to share that we’ve added three new rules for Telegram channels reported to our platform:

• Channel name similarity: compares the channel name to your organization’s official Telegram channels and brand name

• Channel image similarity: compares the channel profile picture to your organization’s official Telegram channels and brand logo

• AI-powered channel similarity: performs a LLM-based query about the metadata related to the suspicious Telegram channel to look for signs of impersonation

Together these rules help speed up automated reviews and capture a snapshot of malicious Telegram channels to provide evidence for channel takedowns.

Wallet partners can now use a brand new endpoint called Asset Changelog that returns a chronological list of status changes to assets in our allowlist/blocklist. This is an immutable log of status transitions that can be synced into a local blocklist over time.

Compared to our Asset List endpoint, this provides more granular access to ChainPatrol's blocklist and can be used to:

1. Detect false positives (status transition from BLOCKED -> ALLOWED)

2. Determine exactly when an asset was added to our allowlist or blocklist

A new active threats card on the dashboard displays the malicious assets that are currently being blocked and/or taken down, including information like:

• Links to the threat source for quick reference

• Status icons indicating whether a threat is blocked or in the process of being taken down

We're doubling down on our rules engine this week with three new rules based of threat intel we've discovered from threats targeting our customers:

• Domain newly registered - Check if the domain was registered in the last 30 days

• Twitter username similarity - Check if the Twitter username is similar to organization Twitter usernames

• Twitter profile image similarity - Check if a Twitter profile image is similar to organization's Twitter profile images

We're adding and tweaking new rules all the time so that we can adapt to the ever-changing threat landscape.

Twitter assets are now scanned using the Twitter API to fetch data like the profile picture, name of the account, and any links promoted by the account. We are using these new data points to enrich our rules engine to automatically approve or reject Twitter reports for faster takedowns.

We've revamped the Settings page in the Admin Dashboard to better organize the different knobs and dials that control your protection.

You can:

• Add and update your organization logo and name

• Add new organization assets to track and monitor for impersonations

• Invite new members to your organization

• See which features are enable for your organization

Use these settings to bolster your protection and provide us with information about your organization to improve our monitoring & review systems.

Get the big picture of your protection with our brand new Organization Dashboard page. From Detected to Blocked to Takedown, we visualize the volume of threats that are targetting your organization.

Please reach out to us if you have any feedback or would like to see something new added.

We've rolled-out a new API endpoint for fetching detailed information about why an asset has been added to our global blocklist. If the asset was blocked as a result of a report, you can retrieve the Report URL to audit the findings.

We've added a new opt-in feature for our Discord bot that will scan new messages across specific Discord channels looking for users who are posting suspicious links. The bot will react to the message with the 🚨 emoji if it is present on our global blocklist, letting others know that they should be cautious before interacting with it.

Reach out to us if you'd like to try this out in your server

We're shipping a new check that will check a reported website for the presence of keywords that indicate an active threat. For example, if the page contains keywords like "airdrop", "giveaway", "token drop", we can flag the website as potentially malicious.

Over the past year, we've seen the same types of scams targeting our customers over and over again. Often, scammers will re-use the same scam kits or screenshots of your product.

We've just shipped a new check that will take advantage of this called "Tracked Threats". This new check will compare a reported threat against tracked threats to compare them for visual similarity.

Our Discord bot makes it super easy to create reports right from Discord using the /report slash command. These reports will now show up in your admin dashboard with the Discord username and profile picture attached. Use this information to reach out to users for more details or to reward them for helping make your community safer!

We're excited to share that we’ve built a JavaScript SDK that you can use to interact with our threat detection APIs. Written in TypeScript and available today from NPM, our SDK is the simplest way to start blocking scams in your wallet, dApp, or messaging applications.

Sort, search, and filter all the assets that ChainPatrol has blocked for your organization. Identify threats that are still active, that we're actively submitting takedowns for, and which ones have been taken offline.

Drill down the metrics page to the most recent day, week, month, and year to get a details picture of the threats affecting your organization. Discover trends in new reports and malicious domains and Twitter profiles.

Automated checks are run when a new report is submitted to better detect suspicious activity on a webpage. Identify what techniques scammers are using to impersonate your brand and lure your community members into malicious transactions.

We've implemented the following checks so far:

• Domain similarity - This check compares the reported URL against your organization's assets to determine if it is similar to any of your legitimate sites. Scammers will often use slight misspellings or visually similar characters to mislead users into thinking they are interacting with the legitimate site.

• Visual similarity - This check compares the screenshot we generate for the reported site against the screenshots we've generated for your organization's assets. Often, fake sites will simply copy and paste the HTML from your legitimate site and make subtle edits, such as changing the Connect Wallet button or immediately requesting a malicious transaction from the user's wallet. We can detect this threat vector using this check and provide evidence to our reviewer staff members to expedite the review process.

We're just getting started with checks. We have tons of ideas for new checks like: detecting wallet drainers, checking for common scam kits, and much more.

When you have lots of reports, it can be tough to see them all on one page. We've shipped an improvement to the reports page to help with this: Pagination!

Now we'll show you the first 10 reports in a given stage, and you can use the pagination controls to cycle through the next 10.

Previously, you could not add new users to your organization without help from ChainPatrol staff.

We've now added a way for you to invite your colleagues to ChainPatrol self-serve. Use this ability to invite Admins to manage your security dashboard, or add members of your customer support team with the Reporter role so they can submit reports.

We've re-built the assets admin page from the ground up to make it easier to group and organize your assets! The groups that you create for your assets will be reflected on the Public Page that is generated for your organization.

Keeping your assets up-to-date helps protect your sites from being accidentally blocked and letting your users know what sites to trust.

We now track when Hexagate starts blocking a site that was reported on ChainPatrol. When a report is approved by a ChainPatrol staff member and Closed, after a few minutes, you will see an item in the Activity section of the report that lets you know that the site is now blocked by Hexagate.

We're rolling out our API to more security tools every day, and we'll continue to keep you in the loop about the impact and coverage of ChainPatrol's scam protection.

We now track when Coinbase Wallet starts blocking a site that was reported on ChainPatrol. When a report is approved by a ChainPatrol staff member and Closed, after 15 mins, you will see an item in the Activity section of the report that lets you know that the site is now blocked by Coinbase Wallet.

We're rolling out our API to more wallets every day, and we'll continue to keep you in the loop about the impact and coverage of ChainPatrol's scam protection.

We've shipped a new graph on the Metrics page that displays the number of report that are being created in your organization each calendar day. This should be helpful for visualizing trends in scam reports and for reporting purposes.

We've revamped the report page with a fresh coat of paint! Reporting a scam now opens a fullscreen experience with a simplified set of steps to report. For admins, we now also skip the contact information page since it's not necessary for logged in users.

We'll continue to refine this area of the product in the coming weeks. Some future improvements to look out for:

• Automatically grab screenshot from URL assets reported

• Improved navigation via keyboard shortcuts

• Estimates on how much money scam has already stolen from users

Reports are now sorted into categories to easily review. This is especially helpful in large reports with lots of proposals. We sort proposals into the following categories:

• All

• Needs Review

• Reviewed

• Scan Failed

• Malicious

• No Ops (the item is already allowed/blocked)

• On Allowlist

We've added a new page https://app.chainpatrol.io/dispute where you can let us know about websites that we've blocked when they shouldn't be. We try to avoid false positives like this by manually reviewing each new report to our site, but if we've made a mistake, use this form and we'll reach out to you with more information.

Get more information about a reported domain with our new URL Scanning feature!

Whenever you submit a report containing a proposal for a potentially malicious URL, we will submit the URL to be scanned using URLScan.io. We grab a screenshot as well as useful information about where and who is hosting the site.

Use this information to make a more educated decision about the proposed report to determine if it is legitimate or not. You might also find hosting data useful to figure out who to reach out to to get the site taken down, in addition to being blocked by wallets.

We've added a new page: Metrics! Here you'll find some numbers on:

• How many reports have been created in your org

• How many assets (websites and contracts) have been blocked thanks to one of your reports

We're planning on adding more metrics here in the future. If there's something you'd like to see added, feel free to reach out!

You can now upload screenshots to new and existing reports. Screenshots give reviewers a better understanding of the scam report and can make it faster to review. For example, if the scam is an impersonation of an existing brand or website, take a screenshot of the site to compare it to the targeted site to show how it imitates or misleads site visitors.

We've reworked our calculation of report statuses. Now when you view all reports in your organization, you'll see your reports grouped in three categories:

• To Do: None of the proposals in the report have been reviewed yet

• In Progress: Some of the proposals in the report have been reviewed

• Closed: All of the proposals in the report have been reviewed

We think this will make it easier for you to understand which reports require your review and what reports you need to wait for ChainPatrol staff to review.

We now send an email notification to all Admins or Owners in an organization when a new report is created. This will allow organizations to respond faster to new reports and have a quick link straight to the report to review it.

We're still figuring out the right cadence to send out these emails, so let us know what you think!

We've added more detailed messaging for report activity. You'll now be able to see individual approvals and rejections for the proposals in the report in a chronological order. Reviews from ChainPatrol staff will be highlighted so it's clear when the changes have been added to our allow/blocklist.

We've added contracts on your org's public page. You can add contracts from the Assets page in the Admin Dashboard. We support Ethereum and EVM compatible contract addresses.

We've added the ability to sign into your admin dashboard with your email address. Once you've provided us with your email address to create your account, whenever you login to your admin dashboard, you will have the option to type in your email address. You will receive an email with a temporary login link. Clicking that link will open up your admin dashboard.

That's it!

No passwords to remember. No extra sign in steps.