How Firewall Detects and Blocks On-Chain Scams

Every day, attackers are innovating new ways to trick users, drain wallets and abuse protocols. Phishing kits, rug pulls and fake tokens have become standard tools in their arsenal, costing users billions.

Forta Firewall is built to stop them. By continuously screening every transaction in real time, Firewall identifies malicious patterns and blocks them before they can cause harm. Here’s how it works against three of the most common scam categories. And why this is just the beginning.

Phishing: The Rise of Drainer Kits

A growing share of attacks now come from drainer kits: ready-made software packages sold by a small number of vendors, such as Inferno Drainer. Once deployed, these kits exploit approvals and interactions to drain wallets with a single click.

The vendor-consumer dynamic is striking: a small vendor base produces kits that many bad actors deploy. Firewall identifies both the original vendor signatures and the consumer deployments, flagging them as high risk and preventing wallet-draining attacks from spreading further.

Rug Pulls: Hard-Coded Exploits in Token Contracts

Not all rug pulls are soft. Some tokens are engineered with hard rug pull mechanisms baked directly into their code: functions that allow privileged actors to drain liquidity pools, mint or burn at will, impose transfer blacklists, or change taxes unilaterally.

These traits often hide behind obfuscated logic or nonstandard ERC-20 implementations, but Firewall’s detection engines are designed to surface them. When tokens contain owner-only liquidity removal, unrestricted minting, or other signs of malicious privilege, Firewall automatically raises the alarm, protecting users and protocols from becoming exit liquidity.

Fake Tokens: Look-Alike Assets Designed to Deceive

One of the oldest tricks in the book is deploying a token that mimics the name, symbol, andor decimals of a trusted asset (eg.. Stablecoins and base assets like USDC, USDT and ETH) are prime targets because of their ubiquity and perceived safety.

Attackers use these fake tokens to enable “address poisoning”: sending these tokenssmall amounts to wallets so users see them in explorers or interfaces, and then either unknowingly interact with malicious links or swap pairs, or mistakenly send real tokens to the scammers.

Firewall flags these tokens by analyzing metadata at the moment of contract deployment. It looks for near-identical names or symbols that mimic trusted assets and the use of unusual or deceptive characters designed to confuse users. By catching these similarities early, Firewall prevents impersonation tokens from being mistaken for legitimate assets.

More to Come

Scammers will continue to evolve, but so will Firewall. With every new scam vector, Forta adds fresh detection modules. Ensuring that whether it’s phishing today or an entirely new threat tomorrow, Firewall remains the first line of defense for users and chains.

On-chain finance can only scale if it stays secure. Firewall is here to make sure it does.

About Forta Firewall

Forta Firewall is the leading onchain security and compliance layer, providing real-time transaction screening for blockchains, rollups and appchains. It blocks malicious and non-compliant activity, from exploits and scams to sanctions violations, before execution. Forta Firewall delivers sub-10ms performance, plug-and-play integration, and comprehensive auditability. Today, it screens millions of transactions per day across leading ecosystems.

‍