False positive phishing detection

Hey! I’ve recently built a dApp for a customer and it appears that it has got flagged as “unsafe” by Coinbase Wallet, even though it’s a legitimate.

I believe that some sort of an automated system has incorrectly flagged it.

The support on Twitter has asked me to post about it here. I’d like to avoid the project’s name as I don’t want it to be indexed by search engines, but I’d like to find a way to contact someone from the team who’d be able to look into this. Thanks!

Thank you for using Coinbase forum, we are happy to help you !!

Without having more specific information about your implementation, here are some general suggestions to ensure that your website is generally deemed as “safe”:

  1. Use HTTPS: Implementing HTTPS by purchasing a SSL certificate should be your first step. It is the minimum level of security that all websites need to provide.

  2. Implement Content Security Policies: These are an added layer of security that help to prevent and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks.

  3. Consistently Update your Dependencies: If you’re using any open source libraries, make sure they are always up-to-date. This is important because outdated libraries can have security vulnerabilities.

  4. Security Headers: Implement HTTP security headers like: Strict-Transport-Security, Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, etc. In relation to Coinbase Wallet specifically, you must also comply with their specific requirements.

If all of the above recommendations has been met and still if you are getting the same issue please share the below mentioned details

  • Please elaborate on this warning message : This site may be unsafe. This site has been flagged as dangerous. If you continue, you could lose all of your crypto and NFTs.
  • What are your expected and actual behaviors?
  • Provide a screenshot to demonstrate the problem you are encountering.
  • Also, provide relevant information you figured out so it could help us expedite in finding a resolution.
    Please ensure to send any images or screenshots after hiding the sensitive information.

Hey! I’ve messaged the support on Twitter to report the false positive and the issue doesn’t happen anymore. You can close the thread.

Hi there,

Thank you for the information I’m closing the thread as per request.
Have a good day!!