The Hidden Problem: Over $1B a Year Lost to Phishing, and How Forta Firewall Stops It

Phishing is the most “quietly expensive” failure mode in crypto. Not because it’s rare, but because it’s normalized.

It doesn’t require breaking a protocol. It breaks the user. Wallet drainers, malicious approvals, fake tokens and address poisoning all aim at the same moment: getting someone to sign a transaction that looks routine but is designed to transfer control or funds.

In security terms, this is a pre-execution problem: once a malicious transaction is signed and broadcast, most only notice after  funds move. And at that point, enforcement becomes damage control.

Meanwhile, reported losses from online fraud and crypto-enabled scams are measured in billions annually, with phishing consistently ranking among the most common cybercrime categories. In one recent incident, a user was drained for $30M+ in a phishing attack. An extreme example, but a clear illustration of how catastrophic these attacks can be.

The shift that matters: prevention at the chain level

Forta Firewall flips that model to prevention. Firewall integrates into the transaction flow and screens transactions in real time so malicious patterns can be stopped before inclusion and execution. That matters for phishing because the highest-impact scams tend to be “one-click irreversible”: a single approval, a single call to a drainer contract, a single transfer to a look-alike address. 

When you can enforce policy pre-execution, you can block the loss event itself, not just document it afterward. Firewall can block phishing contracts before they spread by analyzing the contract’s bytecode and blocking the deployment transaction.

Plenty of systems can tell you something bad happened. Forta Firewall is built to stop it from happening in the first place, so phishing attempts don’t become irreversible losses.

Integrate Firewall: subscribe or plug into the API

Firewall is already running in production with chains including Celo, Ink, and Plume, where it’s integrated at the infrastructure level to deliver “security by default.” And the same intelligence can be consumed downstream: companies like Elliptic and Phantom are consuming Firewall signals via the API to enrich their own products.

If you’re a chain that needs phishing resistance as default infrastructure, you can request a demo of Forta Firewall. 

If you’re building a wallet, exchange, block explorer, or risk platform, you can integrate with the Forta API to consume threat intelligence.

Forta Firewall exists for a simple outcome: fewer users getting tricked into signing irreversible losses and safer ecosystems that don’t rely on perfect vigilance.

‍