A follow-up to Web3 is about how to avoid expensive mistakes while looking for opportunities.
It happens all the time. As you browse through tech communities, Web3 platforms or services, you come across a requirement to connect your existing wallet. If you don’t know you want to deal with the service, you should give access to your funds right away. If it is about to drain your account, what will you do?
This doesn’t inspire a relaxing user experience within Web3 and isn’t indicative of progress in the overall adoption. We can all be taken off guard by the increasingly inventive scam and fakes. We had to research, code, test-drive, and finally roll out Web3 Antivirus after this.
Phishers knocked on our door themselves
Our mission chose us, so we didn’t have a say in that. We received an email on our Dribbble account while we were busy polishing Web3 Antivirus. There was a job offer for the creation of an NFT collection.
To assess the page’s current look and feel while giving a rough estimate, we were told to check in on a specific website. If you have trouble logging in, you will need to connect to the first window and approve the signature request in the second window. This is a fraud protection with multi-accounts and the wallet has to have a balance.
Imagine how alert we were. It couldn’t be a better time to get the game on, and so we did. As our solution investigated suspicious schemes behind signing the smart contract in question, the request turned out to be good old phish. All of our token would have gone into the air.
If it weren’t for W3A, we could have signed a blank check, as the page camouflaged the scam with a basic “login with MetaMask” procedure. The scam was behind something. It was just the eth_sign method and all of your assets were the target. Say you confirm it and kiss your token goodbye.
We told the Dribbble team about the social engineering scheme immediately, and the CEO appreciated our warning.
Waving scams goodbye is now easier
The Bored Ape Yacht Club NFTs were stolen through a hack similar to the one we described. Users are more likely to enter malicious websites and sign secret messages if they are encouraged to sign fake airdrop links.
These messages are free of gas fees and are invisible on the blockchain. Once a user signs them, hackers have easy permission to transfer assets.
We have meticulously crafted mechanisms to fight these frauds. Web3 is well-equipped to detect threats such as wallet draining risks, smart contract vulnerabilities, and malicious logic. We are a trust-first team, so we won’t be asking for access to user seed phrase, wallet, and assets.
What are the major kinds of vulnerabilities that W3A flag? It’s anything from improper access control and Ponzi schemes to miner extractable value, re-entrancy, and far beyond. All the transactions involved in smart contracts are mimicked in a matter of seconds by Web3 Antivirus.
Web3 is able to generate a report with an overall score of threats based on a massive underlying risk matrix. You get all the data to make a decision. Risks seem reasonable? If you reject the transaction, you’re free to sign it.
Learn more about Web3 Antivirus
Alex Dulub is on the Forbes Technology Council. He has been running an R&D company specializing in digital transformation for 14 years. Ex-blockchain lead for several companies.
9 years in the field of smart contract consulting, audit, and development, building DLT solutions from custom design L1 protocols and ecosystems to comprehensive research involving ZK implementations
It is possible that this is not accurate. The content and product on this page are not endorsed by the cointelegraph. Readers should do their own research before taking any actions related to the company and this article cannot be considered as investment advice.