Why this matters
Phishing attacks evolve quickly and often look like legitimate dApps. You need fast, local checks that do not rely on a single database or domain list. ChainGuard combines heuristics, reputation data, and page behavior to reduce false negatives.What is analyzed
- URL structure, redirects, and lookalike patterns
- SSL and certificate validity for active domains
- Page scripts that request wallet actions
- Visual patterns that mimic known dApps
Detection pipeline
- Normalize the URL and resolve redirects.
- Compare domain signals against known brand patterns.
- Analyze wallet connection flows and injected scripts.
- Evaluate risk based on combined signals and confidence.
What you see
- A warning when signals are suspicious
- A block screen when risk is confirmed
- A short explanation of the signals detected
What you control
- Allowlist trusted domains
- Report false positives
- Disable warnings per site if needed
Reduce false positives
You can reduce noise by keeping your allowlist tight and reviewing alerts before you dismiss them. When you report a false positive, include any context about the site so the team can validate the domain faster.Recommended actions
- Verify the domain name before connecting your wallet.
- Check for unusual redirect chains or unexpected popups.
- If a site is blocked, navigate away and search for the official URL.
Next steps
- Review how transaction simulations work in Transaction analyzer.
- Learn how domain signals affect Risk scoring.