Crypto Firewall: Your Digital Shield in the Cryptocurrency Ecosystem
The Crypto Firewall is a security-focused threat intelligence and blocking system designed to protect users from crypto-related threats including phishing, scams, malware, and cryptojacking.
It provides continuously updated blocklists, filters, and indicators of compromise (IOCs) that can be deployed across browsers, operating systems, and network infrastructure.
The Crypto Firewall project is committed to enhancing your safety in the volatile crypto landscape, helping you avoid scams and protect your valuable digital assets. By implementing our strategies, you can trade with confidence and peace of mind.
If you discover a false positive or need to add a new block, then feel free to raise an Issue or a Pull request to add/remove them to the lists.
- Why Crypto Firewall?
- Quick Start β‘
- Recommended Setup β
- Who is this for? π―
- Threat Model π§
- What this is NOT β
- Data & Updates π
- Free DNS / Hosting Blocking π
- Bad Browser Extensions & Package Names π¨βπ»
- ASN Blocking ποΈ
- IP Blocking π
- Custom IP Block Lists π
- Email Blocking π§
- Spam Call Blocking βοΈ
- Wallet Addresses π΅οΈ
- Transactions π‘οΈ
- Mining Pools π¦
- OFAC Sanctions π«
- Issues π¨
- Changelog π
- Support / Donations πππ
- Sponsors β¨
- Backers β¨
- Contributions β¨
- Requesting Icons π
The cryptocurrency ecosystem is a high-value target for attackers. Threats evolve rapidly, and traditional protections often lag behind.
Crypto Firewall helps reduce risk by:
- Blocking known malicious domains and infrastructure
- Preventing access to phishing and scam sites
- Disrupting cryptojacking and malicious scripts
- Supporting integration with modern security tooling
Get protected in under 2 minutes:
- Install an ad blocker (recommended: Brave or uBlock Origin)
- Add one of the following lists to your DNS, ad blocker, or network filtering solution:
-
Lite Version (Low resource usage):
https://raw.githubusercontent.com/chartingshow/crypto-firewall/master/src/blacklists/lite-version.txt -
Full Version (Recommended):
https://raw.githubusercontent.com/chartingshow/crypto-firewall/master/src/blacklists/full-version.txt -
Mega Version (Maximum protection):
https://raw.githubusercontent.com/chartingshow/crypto-firewall/master/src/blacklists/mega-version.txt
- (Optional) Add the Crypto Annoyances filter
- Restart your browser
β‘οΈ See Installation for mega setup options
- Most users: Full Version
- High-performance systems / network-level blocking: Mega Version
- Low-end devices / mobile: Lite Version
- Testing / early adopters: Beta Version
Crypto Firewall is designed for:
- Individual traders and investors
- Security-conscious users
- Developers and system administrators
- Network operators and security teams
It supports deployment at:
- Browser level (ad blockers)
- Operating system level (hosts file)
- Network level (DNS, firewalls, IDS/IPS)
Crypto Firewall focuses on mitigating:
- Phishing domains and scam infrastructure
- Cryptojacking and browser-based mining
- Malware distribution endpoints
- Command-and-control (C2) servers
- Fraudulent blockchain-related services
It does not protect against:
- Zero-day exploits
- Compromised devices or endpoints
- Social engineering outside detectable infrastructure
- Not a complete security solution
- Not a replacement for antivirus or endpoint protection
- Not guaranteed to block all threats
This project should be used as part of a layered security strategy.
Blocklists are continuously updated based on:
- Threat intelligence research
- Community contributions
- Ongoing analysis of emerging threats
Users should enable automatic updates wherever possible.
Choose where to deploy the crypto firewall at the browser level, operating system level, and/or network perimeter - for layered, comprehensive protection.
Install an ad blocker in your desktop or mobile browser that uses the Adblock Plus' filter list:
Brave Browser offers built-in ad and tracker blocking, making it an excellent choice for enhanced privacy and security.
-
Brave Desktop Browser Instructions Guide - Provides robust privacy features, including a built-in ad blocker and Tor integration for anonymous browsing. -
Brave Mobile Browser Instructions Guide - Offers similar privacy protections on mobile devices.
Explore additional secure browsers like Firefox, Opera and Carbon Browser, each offering unique features such as ad-blocking, privacy enhancements and cryptocurrency support.
-
AdBlock Browser Instructions Guide - Is a fast, secure, and ad-free web browser developed by the Adblock Plus team. -
Opera Browser - Includes ad blocking by default since Opera 50. -
Chrome Browser - Includes Manifest V3 by default limiting adblocker rules to only 30,000. Is the most popular browser used on the internet. -
Vivaldi Browser Instructions Guide - Browse with desktop-style tabs, block ads and trackers, and sync data between devices safely.
You can use these blocklists with popular adblockers like uBlock Origin, AdAway, Blokada, AdBlock Plus and others to block malicious crypto-related domains and trackers.
-
AdAway Instructions Guide - Is a free and open-source ad-blocking application for the Android mobile operating system. -
AdBlock Instructions Guide - Is a user-supported browser extension that lets you surf the web ad-free. -
AdBlock Plus Instructions Guide - Popular ad-blocking extension for various browsers. -
AdGuard Instructions Guide - Comprehensive ad and tracker blocking solution. -
Blokada Android Instructions Guide and Blokada iOS Instructions Guide - Block ads and trackers in apps and games, comes with a fast and private DNS and VPN. -
DNS66 Instructions Guide - Is a DNS-based host blocker for Android. -
uBlock Origin (Manifest V2) Instructions Guide - Efficient, wide-spectrum content blocker. -
uBlock Origin Lite (Manifest V3) Instructions Guide - Is a permission-less MV3-based content blocker.
Google Chrome's Manifest V3, rolled out in June 2024, will significantly impact ad-blockers and other browser extensions. This update limits extensions to 30,000 rules, far below the 300,000 rules many ad-blockers currently use to function effectively. The change from the webRequest API to the declarativeNetRequest API will reduce ad-blockers' flexibility and ability to update rules in real-time.
While some ad-blockers like AdGuard, uBlock Origin Lite and Ghostery have adapted to Manifest V3, users may notice decreased effectiveness in blocking ads. This move has sparked controversy, with critics arguing it gives Google more control over extensions and potentially benefits its advertising business. As a result, some users are considering alternative browsers like Firefox, which has committed to continuing support for Manifest V2.
You may use the hosts file with below applications to block these miners on whole networks. Simply add the link to the above hosts file in each system.
-
Bind RPZ Instructions Guide - Is a DNS firewall feature supported by BIND. It allows rewriting or blocking DNS responses for specific domains based on a configured policy - like redirecting malware-site.comto127.0.0.1. -
Bind Zone Instructions Guide - Is simply a DNS zone file - it defines DNS records (A, MX, CNAME, etc.) for a domain or set of domains, usually for authoritative DNS services.
-
Blocky Instructions Guide - Is a DNS proxy and ad-blocker for the local network written in Go. -
Dnscrypt-Proxy Instructions Guide - Is a flexible DNS proxy, with support for modern encrypted DNS protocols such as DNSCrypt v2, DNS-over-HTTPS, Anonymized DNSCrypt and ODoH (Oblivious DoH). -
Dnsmasq Android Instructions Guide and Dnsmasq Linux Instructions Guide and Dnsmasq Mac OS Instructions Guide and Dnsmasq Windows Instructions Guide - Provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. -
NextDNS Instructions Guide - Protects you from all kinds of security threats, blocks ads and trackers on websites and in apps and provides a safe and supervised Internet for kids - on all devices and on all networks. -
pfSense with pfBlockerNG Instructions Guide - Provides firewall capabilities by allowing users to filter both inbound and outbound traffic using IP and DNS blocklists. -
Pi-hole Instructions Guide - Provides a Linux network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole and optionally a DHCP server, intended for use on a private network. -
Snort3 Instructions Guide - Is a high-performance, open-source network intrusion detection and prevention system (IDS/IPS) that analyzes traffic in real time to detect and block malicious activity. -
Splunk Instructions Guide and Crypto Firewall Splunk App - It offers an unified interface for monitoring, troubleshooting, detecting threats, ensuring compliance and gaining operational intelligence through customizable dashboards, alerts and visualizations. -
Suricata Linux & Mac OS Instructions Guide and Suricata Windows Instructions Guide - Is an open-source intrusion detection system (IDS) and intrusion prevention system (IPS) developed by the Open Information Security Foundation (OISF). -
Suricata SNI Linux Instructions Guide and Suricata SNI Mac OS Instructions Guide and Suricata SNI Windows Instructions Guide - Refers to Suricata's ability to inspect TLS (encrypted) traffic and extract the Server Name Indication (SNI) - the domain name requested during HTTPS connections-enabling visibility and filtering of encrypted traffic based on domain names.
For system-wide protection, consider modifying your device's hosts file:
Linux Hosts File Instructions Guide - Edit the hosts file to block unwanted domains at the system level.
MacOS Hosts File Instructions Guide - Modify the hosts file to prevent access to specific websites and services.
Windows Hosts File Instructions Guide - Update the hosts file to block connections to undesired IP addresses.
For the blocking based on the HOSTS file use the below link:
- https://raw.githubusercontent.com/chartingshow/crypto-firewall/master/src/blacklists/hosts-domains-only.txt
- https://raw.githubusercontent.com/chartingshow/crypto-firewall/master/src/blacklists/hosts-domains-and-ips.txt
Here's a simple guide on how to access your hosts file on Linux, macOS and Windows.
This optional filter list removes cryptocurrency-related annoyances and unwanted content to create a cleaner, less distracting browsing experience. It focuses on UI-level cleanup and tracking reduction, without breaking core site functionality.
Block Crypto Annoyances Filter List - Reduce visual noise, tracking, and promotional clutter across crypto-related sites.
Specifically, it:
- Removes marketing and referral URL parameters (e.g.
utm_*) - Hides cookie banners and compliance overlays on major exchanges (Binance, Coinbase, etc.)
- Suppresses promoted posts and sponsored content on social platforms
- Blocks TradingView popups, notifications, and non-essential telemetry
- Cleans up CoinGecko and CoinMarketCap by removing ads, banners, and promotional feeds
For a thorough explanation on how to add the to your adblocker, open one of the help guides found in this folder:
The firewall is known to reduce performance slightly and this is why we have several different versions.
Here's a suggested guide based on cpu processors:
-
Intel i3 - use
fullversion (if you experience bad performance then tryliteversion instead). -
Intel i5 - use
fullversion (if you experience bad performance then tryliteversion instead). -
Intel i7 - use
megaversion (if you experience bad performance then tryfullversion instead). -
Intel i9 - use
betaormegaversions (if you experience bad performance then tryfullversion instead). -
AMD Ryzen 3 - use
liteversion (if you experience bad performance then tryfullversion instead). -
AMD Ryzen 5 - use
fullversion (if you experience bad performance then tryliteversion instead). -
AMD Ryzen 7 - use
megaversion (if you experience bad performance then tryfullversion instead). -
AMD Ryzen 9 - use
betaormegaversions (if you experience bad performance then tryfullversion instead).
Here's a suggested guide based on device:
- Laptop or Computer - use
betaormegaversions (if you experience bad performance then tryfullversion instead). - Tablet - use
megaorfullversions (if you experience bad performance then tryfullversion instead). - Powerful Smartphone - use
fullversion (if you experience bad performance then tryliteversion instead). - Low-End Smartphone - use
liteversion.
The Lite version excludes all the modules.
There are two methods to install into your adblocker:
- Click the link below:
- Copy and paste the link in the settings of the ad-blocker:
The Full version contains all the modules (except the crypto annoyances (stable), domains (stable), subdomains (stable), urls (stable) and adverts-filters (unstable) modules).
There are two methods to install into your adblocker:
- Click the link below:
- Copy and paste the link in the settings of the ad-blocker:
The Mega version contains all the modules (except adverts-filters (unstable) module).
There are two methods to install into your adblocker:
- Click the link below:
- Copy and paste the link in the settings of the ad-blocker:
The Beta version contains all the stable and unstable modules.
To help the repo grow, please feel free to report any bugs!
There are two methods to install into your adblocker:
- Click the link below:
- Copy and paste the link in the settings of the ad-blocker:
This repo blocks specific free dns / hosting services, that are completely saturated with hosting malware and viruses. This is to reduce the size of the filter lists and increase the performance. A list of services currently blocked can be found in the folder here:
Malicious browser extensions pose critical risks by enabling cybercriminals to hijack browsing sessions, steal sensitive credentials and establish persistent access. These threats often masquerade as legitimate tools while exfiltrating cookies, authentication tokens and financial data.
Malicious apps are a method of manipulating users into downloading malware that allows cybercriminals to steal personal information, including login credentials or payment information. It's also possible that they can even take control of a user's device. A list of bad browser extensions and malicious package names currently blocked can be found in the following folder:
An Autonomous System Number (ASN) is a globally unique 16-digit identification number assigned by the Internet Assigned Numbers Authority (IANA) to Autonomous Systems (AS). ASNs are crucial for routing within networks and exchanging routing information with other Internet Service Providers. Autonomous systems numbered one to 64511 are available by IANA for global use. The 64512 to 65535 series is reserved for private and reserved purposes.
An Autonomous System Number (ASN) can also be blocked, be aware that ASN's contain a load of ip addresses assigned to them. You can add them to a firewall of your choice.
The ASN block list can be found here:
IP Addresses can also be blocked, these contain things such as command-and-control (C2) servers for crypto malware etc. You can add them to a firewall of your choice.
The IP block list can be found here:
For a thorough explanation on how to add block an ip address in your firewall, you can open one of the help guides found in this folder:
These custom IP address filter lists block specific malware and can be found in the folder:
The reason why these custom lists aren't in the main IP filter list is because these IP addresses maybe shared and used for public access or hosting multiple domains! These custom IP address filter lists are for advanced users who can customize them in order to not block their access or applications.
Email addresses can be blocked, our email block list contains known Crypto scammers, Ransomware, Sextortion and Blackmail email addresses.
The Email block list can be found here:
To learn how to protect yourself from Sextortion emails, see here:
How to Identify a Ransomware Email Attack, see here:
It's essential to note that tech support scammers often use spoofed or fake numbers to disguise their true location and identity. These numbers may appear legitimate, but they are actually being used to perpetuate fraudulent activities.
Remember, if you receive a suspicious call or message claiming to be from technical support, hang up immediately and do not provide any personal or financial information. Report the incident to the relevant authorities and take steps to secure your device.
A list of spam blocking mobile apps can be found here:
Avoid sending cryptocurrency to bad actors and scammers, a list of bad blockchain wallet addresses can be found here in this folder:
Cybercriminals are increasingly abusing blockchain transactions as covert communication channels, sometimes even using them as command-and-control (C2) servers to deliver malware or issue instructions. Avoid interacting with, confirming, or broadcasting any transaction hashes (txids) known to be linked to fraud, scams, or C2 activity.
A curated list of suspicious transaction hashes can be found in this folder:
Avoid joining bad cryptocurrency mining pools, a list of bad blockchain mining pool addresses can be found here in this folder:
OFAC publishes lists of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. OFAC may add digital currency addresses to the SDN List to alert the public of specific digital currency identifiers associated with a blocked person.
The OFAC Sanctioned Digital Currency Addresses lists can be found in this folder:
Sanctioned entities refer to entities listed on economic/trade embargo lists, such as by the US, EU, or UN, with which anyone subject to those jurisdictions is prohibited from dealing. Currently, this includes the Specially Designated Nationals (SDN) list of the US Department of the Treasury's Office of Foreign Assets Control (OFAC).
You can search the full list of OFAC Specially Designated Nationals in OFAC's sanctions database.
This repo contains various filter list modules, which users can check out in the following folders:
- Abuse Filter List
- Ad Server Filter List
- Adverts Filter List
- Bank Phishing Filter List
- Botnet Filter List
- Domain Filter List
- Fake News Filter List
- Fraud Filter List
- Malicious Filter List
- Malware Filter List
- Phishing Filter List
- Phishing Other Filter List
- PUP Filter List
- Pig Butchering Filter List
- Ransomware Filter List
- Scam Filter List
- Subdomain Filter List
- Tracking Filter List (Note: This filter list blocks javascript files found on many websites and stop things from working correctly)
- Url Filter List
- URLhaus Filter List
Mining (Opt-in and opt-out) will be blocked by default. If you see that mining is important, you would have to whitelist the website you actually want to support.
If you face any issue, you can create a new issue in the Issues tab and we will be glad to help you out!
Please see CHANGELOG for more information what has changed recently.
If you like Charting Show you can support the project's improvements and development of new features with a donation to our collective.
π https://opencollective.com/chartingshow
Support us by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor]
Thank you to all our backers! π [Become a backer]
This project exists thanks to all the people who contribute.
We are actively inviting new contributors! To get started, please read the contribution guide.
This project is only possible thanks to the work of many dedicated contributors. Everyone is encouraged to help in ways large and small. Here are a few ways you can contribute:
- Review existing content and help fix spelling, grammar, or clarity issues
- Pick an open issue and submit a pull request
- Open a new issue to suggest improvements, report bugs, or propose features
By submitting a contribution (including pull requests, issues, or any form of content), you agree that your contributions will be licensed under the GNU General Public License v3.0 (GPL-3.0).
You also confirm that:
- You have the legal right to contribute the content
- Your contribution does not violate any third-party rights
- Any included third-party material complies with its respective licensing terms
When you want to request a icon please feel to create a issue. See our contribution guidelines for more information.
We take security seriously and appreciate responsible disclosure.
If you discover a security vulnerability, please report it privately by contacting the maintainers rather than opening a public issue. This allows us to investigate and address the issue without exposing users to unnecessary risk.
For general bugs, false positives, or feature requests, please use the GitHub Issues tab.
This software is provided "as is", without warranty of any kind, express or implied, including but not limited to:
- Fitness for a particular purpose
- Reliability or availability
- Protection against all security threats
See the GNU General Public License v3.0 for full details.
In no event shall the maintainers or contributors be held liable for:
- Financial loss (including cryptocurrency loss)
- Security breaches or system compromise
- Data loss or corruption
- Service disruption or downtime
- Any direct, indirect, incidental, or consequential damages
arising from the use of this project.
Due to the nature of threat intelligence and filtering systems:
- Legitimate domains, IPs, or services may be incorrectly blocked
- Malicious actors may evade detection
Users are responsible for reviewing and validating the data before applying it in production environments.
This project does not provide financial or investment advice.
Users should always conduct their own due diligence when interacting with cryptocurrency platforms, wallets, or transactions.
By using this project, you acknowledge that:
- Security is a constantly evolving landscape
- No solution can provide complete protection
- You are solely responsible for how you implement and use this project
This project provides curated blocklists, filtering rules, and security guidance intended to help reduce exposure to malicious activity within the cryptocurrency ecosystem.
Crypto Firewall is a defensive security resource, not a guarantee of protection. It is designed to assist users in identifying and blocking known threats, but it should be used as part of a broader security strategy.
This project does not function as a traditional firewall appliance, and should not be relied upon as a sole line of defense.
Data included in this project is derived from a combination of:
- Publicly available threat intelligence sources
- Community contributions
- Independent research
While we aim for accuracy and relevance, we do not guarantee the completeness, accuracy, or timeliness of any data provided.
This project may reference third-party platforms, services, or trademarks (e.g. exchanges, browsers, tools).
All trademarks, logos, and brand names are the property of their respective owners.
This project is not affiliated with, endorsed by, or associated with any third-party services mentioned.
Copyright (c) Charting Show.
This project is licensed under the GNU General Public License v3.0 (GPL-3.0).
You are free to:
- Use, study, and run the software
- Modify and adapt the code
- Distribute original or modified versions
provided that any derivative work is also licensed under GPL-3.0.
For full license terms, see the LICENSE file or visit:
https://www.gnu.org/licenses/gpl-3.0
crypto security, crypto firewall, crypto scam protection, phishing protection, malicious domains, IP blocklist, ASN blocking, Web3 security, DeFi security, scam wallet blacklist, adblock crypto filter, DNS filtering, network security, threat intelligence, fraud prevention, crypto malware, browser protection, crypto phishing sites
Made with β€οΈ for the Decentralized World.