ethereum-lists
Ethereum-lists is a community-maintained repository of curated lists for Ethereum security, including phishing URLs, fake token addresses, and malicious smart contracts. Contributors submit additions and corrections via pull requests, which are reviewed before inclusion.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | MyEtherWallet/ethereum-lists |
| Owner | MyEtherWallet |
| Primary language | JavaScript |
| License | MIT — OSI-approved |
| Stars | 711 |
| Forks | 1.3k |
| Open issues | 94 |
| Latest release | Unknown |
| Last updated | 2025-11-11 |
| Source | https://github.com/MyEtherWallet/ethereum-lists |
What ethereum-lists is
A JavaScript-based data repository structured as JSON files organized by asset type (addresses, tokens, contracts, URLs) across multiple blockchain networks. Includes optional metadata like token logos, ABIs, and decimal precision; supports validation via npm scripts (linting, token/contract checks).
Get the ethereum-lists source
Clone the repository and explore it locally.
git clone https://github.com/MyEtherWallet/ethereum-lists.gitcd ethereum-lists# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Validate token metadata (decimals, symbol) and contract ABIs against on-chain state before caching or displaying to prevent stale or incorrect data from being served to users.
- Implement versioning and checksum validation (e.g., git commit hash) to track which snapshot of the repository your application is using, especially if phishing lists are critical to security.
- Plan for local mirroring or caching; do not assume real-time availability. Use a periodic sync job (hourly or daily) to fetch updates from the repository.
- Establish internal review and testing for high-risk entries (darklist addresses/URLs) before deployment to production; community-sourced lists can contain false positives.
- Monitor open issues and PR activity for corrections or retractions of previously listed addresses or URLs, and provide a mechanism to update cached lists accordingly.
When to avoid it — and what to weigh
- Requiring Real-Time, High-Frequency Updates — The repository relies on volunteer contributions and PR review cycles. It is not designed for millisecond-level threat feeds or automated real-time detection without additional infrastructure.
- Need for Guaranteed Accuracy or Liability Coverage — README explicitly states the list 'may not always be up to date, and may occasionally get it wrong.' No formal SLA, verification process, or indemnification exists for false positives or omissions.
- Proprietary or Closed-Source Workflows — All contributions and data are public and open-source. If you require confidential threat intelligence or cannot publish security findings, this is not suitable.
- High-Volume, Automated Submission Pipelines — The project is designed for manual PR submission with peer review. Bulk or programmatic ingestion of data would require custom tooling and is not natively supported.
License & commercial use
MIT License. Permits commercial use, modification, and redistribution with attribution and liability disclaimer. No patent indemnity or trademark rights granted.
MIT is an OSI-approved permissive license permitting commercial use. However, review the README liability disclaimer carefully: the project makes no guarantees of accuracy. Commercial products relying on this data should implement independent verification, document the limitations, and obtain appropriate legal review before deployment.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | Low |
| DEV.co fit | Good |
| Assessment confidence | High |
This is a crowdsourced security list; consider it a heuristic aid, not a complete security solution. False positives (legitimate addresses flagged as phishing) and false negatives (new threats not yet listed) are possible. Recommend complementary checks (DNS reputation, contract bytecode analysis, threat feeds). Verify critical entries against multiple sources before taking blocking action. No cryptographic signatures or attestation of list integrity are provided; validate checksums or use HTTPS + certificate pinning if deploying at scale.
Alternatives to consider
OpenPhish / PhishTank
Focused exclusively on phishing URLs with automated detection and broader web ecosystem coverage, but less Ethereum-specific and less blockchain address/token data.
MetaMask Token Lists (tokenlists.org)
Community token metadata and whitelist service with broader DApp ecosystem integration; does not include phishing or darklist data.
Chainalysis / TRM Labs API
Commercial threat intelligence with real-time phishing/scam detection, compliance-grade accuracy, and SLA; significantly higher cost and closed-source.
Build on ethereum-lists with DEV.co software developers
Use ethereum-lists to protect your users from phishing and scams. Build your security integration with our open data—or let us help you design a compliant, scalable solution.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
ethereum-lists FAQ
How often is the list updated?
Can I get an automated feed of changes?
What if I find an error in a listed address or URL?
Are there separate lists for different blockchains?
Custom software development services
DEV.co helps companies turn open-source tools like ethereum-lists into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your open-source security stack.
Integrate Real-Time Ethereum Threat Data
Use ethereum-lists to protect your users from phishing and scams. Build your security integration with our open data—or let us help you design a compliant, scalable solution.