Protecting End Users with Forta

In 2021, Chainanalysis - in their 2022 cyber crime report - estimated scam losses far exceed losses of DeFi hacks with 7.7B and 2.3B respectively. Forta’s mission is to secure web3. So far, Forta’s efforts have primarily focused on securing on-chain protocols through monitoring of all on-chain activity. However, opportunities exist for Forta to protect end users as well. Forta already has intelligence that identifies malicious actors and compromised protocols on Web3.

Several entities are already thinking along the same lines. Omnid snap plugin exposes malicious accounts to Defi protocols via Metamask Flask, so Defi protocols can protect themselves against malicious entities; expansion towards protecting end users from malicious entities is in their plans. Trust wallet has recently reached out to build a similar feature for their wallets. Peckshield provides a scam protection plugin already.

Forta has an extensive set of detection bots that can provide the needed intelligence to make end-user protection a reality and the set of detection bots is continuing to grow. However, current findings do not clearly identify the malicious or compromised entity. A finding, currently exposes all addresses involved in the transaction. In order to consume intelligence of malicious or compromised entities, the information in the findings needs to more clearly identify those. Its suggested to add a set of dedicated fields in the finding and SDK that allows for tagging addresses if desired. The tags should be open ended, but in order to facilitate reuse, a set of common tags should be provided (list can be expanded through the SDK):

  • Malicious
  • Phisher
  • Scam
  • Compromised

In order to allow for consumption of these tags in downstream applications, an optional confidence score should be provided that is normalized at a range from 0.0-1.0.

The following detection bots would be providing the relevant intelligence:

  1. [Blocklisted Addresses](BotID: 0xaedda4252616d971d570464a3ae4a9f0a9d72a57d8581945fff648d03cd30a7d)
  2. Risky account ML model (in development by the community)
  3. Rug Pulls (in development by the community)
  4. Impersonation tokens (in development by the community)
  5. [Ice Phishing](BotID: 0x6a0960a22bb752532b68c266dfa507849009283bf11f086095f3504211c2b5fa)
  6. [NFT sleep minting](BotID: 0x20d0cd9432c7e15cb625097a718c15cc07f463b5252e3c36ae23acb7ef98d54e)

The proposal is to expand the SDK as suggested above, add this addition to the documentation, and work with the community to adjust the bots above, so a high confidence feed can be generated to be consumed through a Forta alerts Twitter handle, wallet software providers, and reputation sites (e.g.

Similarly, the Forta Explorer ought to be expanded to support tagging of addresses through the UI in a similar fashion to support expanding the set of intelligence in a community driven fashion. As there are risks of abuse only signed in wallets out to be able to tag. The UI and API should clearly differentiate whether the tag was provided by the bot or through UI tags.

I am asking for feedback/ suggestions on this thread regards this proposal.


congratulations :))