Forta Detects Major Phishing Operation on Ethereum Mainnet

Forta Firewall has expanded its security coverage to include **address poisoning detection**, targeting one of the most prevalent on-chain scams that exploits normal user behavior. **What's new:** - Address poisoning detection now joins existing protections against phishing drainers and fake tokens - Chains can intercept fraudulent transactions before funds are transferred - The timing follows a recent incident where a victim lost approximately $50M USDT through this attack vector **How it works:** Address poisoning scams create confusion by mimicking legitimate addresses in transaction histories. Attackers send zero-value tokens to create fake transaction records, sometimes adding small "lure" payments to appear authentic. Users copying addresses from their history may inadvertently send funds to the attacker's address instead. Forta's detection system can identify the complete attack sequence: initial poisoning attempt, lure payment, and final execution. The expanded protection aims to prevent high-volume theft by flagging suspicious activity in real-time across blockchain networks. [Read more](https://www.forta.org/blog/forta-firewall-expands-scam-coverage-with-address-poisoning)

The US Treasury's Office of Foreign Assets Control (OFAC) has sanctioned TRON wallets connected to cryptocurrency exchanges Zedcex and Zedxion for allegedly helping Iran's Islamic Revolutionary Guard Corps (IRGC) evade sanctions. **Key Details:** - OFAC designated the wallets on January 30, 2026 - The exchanges are accused of facilitating sanctions evasion for Iran's IRGC - Forta Firewall has mapped these TRON addresses to EVM 0x equivalents - This enables monitoring and pre-execution blocking across EVM-compatible chains **Why It Matters:** Interacting with OFAC-sanctioned wallets creates regulatory and compliance risks for protocols and users. Real-time screening helps prevent inadvertent exposure to sanctioned addresses. View the [official OFAC designation](https://ofac.treasury.gov/recent-actions/20260130) for complete details.

Forta is positioning its Firewall product as essential compliance infrastructure for financial institutions entering blockchain markets. The company's representative will attend London's Digital Assets Forum to connect with teams working on institutional on-chain adoption. **Key developments:** - Forta Firewall provides compliance and security layers specifically designed for financial institutions - Recent partnership with Ink demonstrates real-world application, offering sanctions screening and real-time exploit monitoring - The company anticipates regulatory clarity will drive all assets on-chain with built-in compliance Forta argues that compliance infrastructure remains the missing component preventing broader institutional adoption of blockchain technology. Their Firewall product aims to bridge this gap by combining security monitoring with regulatory requirements. The timing aligns with increasing institutional interest in digital assets, though actual adoption rates and regulatory frameworks remain in development. [Learn more about Forta's institutional compliance approach](http://www.forta.org/blog/financial-institutions-need-compliance-infrastructure)

**AI-powered blockchain security gains recognition** as Forta Firewall appears in Messari's latest State of AI report. The inclusion highlights how **artificial intelligence is becoming integral** to onchain security infrastructure. Forta's AI-driven transaction screening technology represents the evolution of blockchain defense mechanisms. - AI-powered attackers require AI-powered defenders - Real-time transaction screening at scale - Growing integration across multiple blockchain networks With **290M+ transactions already screened**, Forta Firewall demonstrates practical AI implementation in blockchain security, moving beyond theoretical applications to active threat detection.

**Yearn Finance suffered a $9M exploit** on mainnet through a sophisticated price manipulation attack. **How the attack worked:** - Attacker drained liquidity pools - Broke pricing mechanisms - Minted cheap yETH tokens - Sold them for regular ETH at inflated prices **Detection vs Prevention:** Forta Firewall **flagged the exploit in real time** but couldn't stop it. The attack happened so fast that only real-time detection was possible. **Key insight:** Pre-execution screening could have **prevented this attack entirely** rather than just detecting it after the damage was done. This follows a pattern of recent price manipulation exploits, including attacks on DRLVaultV3 (~$100K) and RWB (~$180K), highlighting the critical need for **proactive security measures** in DeFi protocols.