Skip to content
IronCoin is an anti-phishing, anti-hijacking, anti-punycode attack extension focused on the cryptocurrency industry. It helps to prevent scams and malicious attacks by validating the authenticity of sites and flagging sites with malicious practices. It also provides news alerts related to crypto security events.
JavaScript CSS HTML
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
assets
css
font
html
icons
jquery
js
.gitignore
LICENSE
README.md
affiliates.json
manifest.json
phishing-domains.json
phishing-urls.json

README.md

IronCoin

IronCoin is a crypto security extension which detects phishing, puny code attacks, and hijacking attempts. It helps to prevent scams and malicious attacks by validating the authenticity of sites and flagging sites with malicious practices. It also provides news alerts related to crypto security events.

Ongoing development of IronCoin is funded using GitCoin. IronCoin funds bounties for open-source developers, to help make high-quality software free and available to everyone. Check out our current issues to earn bounties paid in ETH.

Download:

Download for Chrome via Chrome Webstore

Download for Brave via Chrome Webstore

Current Stats:

Currently IronCoin blocks 56,497 malicious top level domains and 267 malicious phishing pages hosted on other sites.

How Does It Work:

IronCoin sits in your web browser as an extension, it loads Javascript to detect the links you are navigating to and check them against a database of known bad links. It also runs basic checks to see if the link is using malicious puny code.

We'll also send real time alerts of major security news in the cryptocurrency space, such as exchange hacking or 0-day exploits.

What We Block Right Now:

  1. Crypto Phishing Domains
  2. Crypto Puny Code Domains.
  3. Sites attempting reflexive XSS attacks on cryptosites.
  4. Crypto Sites that can be used to execute malicious code.
  5. Crypto Sites that attempt to exploit unlocked wallets.
  6. Crypto scams.
  7. Crypto related malware.
  8. Pump and Dump scams.
  9. Fake crypto exchanges.
  10. Fake crypto software (such as fake 'official' wallets).
  11. Wallet generates that are known to have weak randomness.
  12. Crypto News/Viral link spam sites.
  13. Crypto MLM scams.
  14. Crypto referral scams.

Planned Updates:

  • Implement Gitcoin to reward contributions. (Completed!)
  • Support for Firefox, Safari and Edge.
  • Add support for anti-phishing phrases.
  • Add support for wallet safelist.
  • Add support to detect and block clipboard hijacking and manipulation.
  • Add ML for detecting new scam sites based on common behavior.

Who Created IronCoin?

Redditor AdamSC1 who is a moderator of Reddit's /r/cryptocurrency and /r/EthTrader. These subreddits have had more than 10M+ unique monthly visitors at their peak, and are often innundated with crypto scams. While the teams use manual moderation and tools like Reddit's AutoMod to keep scams at bay, Adam wanted to find a way to extend user protection across the web.

What Permissions Does IronCoin's Extension Need?

  1. IronCoin requests access to webRequest, webRequestBlocking, <all_urls>, tabs and active tabs in order to scan the links you are visiting in your browser and detect phishing sites or punycode links.
  2. We provide permission to google-analytics.com to record interaction events with our app, to better understand how users are using the app.
  3. We request access to the 'storage' permission in order to store a local whitelist on your computer, this way no information needs to go back to the cloud.
  4. We request the 'gcm' 'notifications' and 'identity' APIs for Chrome Extensions in order to power our notification messaging system which is run in Firebase and OneSignal. This allows users to get real time notifications.
  5. We request the 'certificateProvider' API, although it is not yet in use. This will be used to check the validity of certificates in future releases. (Note: Due to changes in browser security policies for extensions we will likely be removing this feature.)

Is IronCoin Monetized?

Yes.

IronCoin is free and open source. But, to support the cost of servers, team development and the constant update of new blocking URLs IronCoin does include monetization.

Currently, if you visit a cryptocurrency site that:

  • Has a referral program.
  • The referral program does not detract from you as the user.
  • You do not have a referral link.
  • You go to their sign-up page.

We'll add in our own referral link so that you can help support the development of this extension. The IronCoin logo will change color and you can click on it to see a drop down when this happens.

The referral programs do not impact prices you pay at thes services, in fact, in a few instances being referred will provide you with a bonus.

The re-writing of the URL happens on the client side of the extension, so that no information is sent to IronCoin servers and you are not being redirected so you can ensure that you are still secure and going to the authentic site.

In the future, we may also consider monetizing a limited number of news alerts, so long as they are limited, and high-quality.

The proceeds of monetization will go directly to funding further development of this project.

If users wish to not have any monetization in the exchange, they can download and install the source code correctly, while disabling the affiliate redirect. But, that version of the extension will run without live time alerts, or future updates.

Privacy

IronCoin respects your privacy.

We currently run the OneSignal SDK, and a Google Analytics event SDK, both of those products are bound by the respective privacy policies of those companies.

Beyond that, IronCoin does not transmit any data back to their own servers, or record information about users.

Whitelisting

The blocking in IronCoin is very aggressive and as such will occassionally block legitimate sites that you wish to access. In this case you are able to add the site to your own personal whitelist either from the red block screen or from the drop down menu.

This whitelist is stored locally on your computer in the systems local storage in order to ensure you are not communicating with a remote system. This means if you frequently clear browser settings, cookies, etc you may need to restart your whitelist.

How Can I Add/Remove Sites From The List?

If you've discovered a site that should be added or removed from our list, please open up an issue on GitHub for us to review.

Licensing and Attribution:

IronCoin contains open source code from SegaSec and WarpDesign. Those components are released under ISC and MIT licenses respectively by those parties.

Portions of our list have been provided by BlurpSec of MyCrypto, Etherscam Database, by Mitchellkrogza's Phishing Database, and the moderation teams at /r/cryptocurrency and /r/ethtrader.

Disclaimer:

The views, code and goals within this project are those of individual contributors and should not be considered to be a reflection of the views of their employers. No work herein is endorsed by the employer of any individual and all contributions have been done independently.

Donations:

Want to support IronCoin? Consider donating:

Donations:

ETH: 0xfEa4350e69F4a338F54D4eA5466D2445A6eFF1aF

BTC: 32kuXSK5FNUyGBonU9vvNLw7uxx2p91A4A

ETC: 0x942fB8FF7e0462bB4535AbBC802AD6d844101F7E

LTC: LLrrSAC2J1NggCrjo2hP3VAex2tnNHTM9G

ZRX: 0xeE12B02eb9D600d7BD7c0c938408666BCeDBbA08

BAT: 0xc1c747Fb6C6c51C8fc7966FDeAc83d657056fca8

USDC: 0xABFBA0dD8421Fba227c8A907c583C2F887ad3546

ZEC: t1QA4pK3sttTzG4nqqvPbKbXLxikJXRWrAa

DAI: 0x727060eaf3F68173536618E9E27E60C6463197BB

LINK: 0xEF33c571159034257F399D912B9e0B1f83454574

XRP: rw2ciyaNshpHe7bCHo4bRWq6pqqynnWKQg (XRP Tag: 3506326396)

XLM: GDQP2KPQGKIHYJGXNUIYOMHARUARCA7DJT5FO2FFOOKY3B2WSQHG4W37 (Memo ID: 4109461196)

REP: 0xc3c6cFe462ED45b2b35b560D0830cdD22Dd8d7A7

BCH: qq0hs9wyqydzl2nxv8ma5s93fc3tck06nvpymppq9m

Don't see your preffered crypto? Message AdamSC1 on Reddit.

You can’t perform that action at this time.