NFT phishing sites on the rise: an inventory of "anti-phishing plug-ins" on the rise
On January 28, Azuki’s Twitter account was hacked, leading followers to connect to a phishing link while causing over 122 NFTs were stolen and a loss of over $780,000. On January 26, Kevin Rose, founder of the NFT project Moonbirds, had his wallet stolen, with about 40 NFTs stolen and the loss exceeded $2 million, again using the NFT “zero dollar purchase” phishing technique. “ On January 15, @NFT_GOD had all of his accounts (substack twitter, etc.), cryptocurrencies, and NFTs stolen when he clicked on a phishing link on Google.
Why are both regular users and project founders getting phishing attacks, and what anti-phishing browser plugins are available on the market? This article will introducte 11 anti-phishing plug-ins.
Mainstream plug-ins (> 10k installs)
1. PeckShieldAlert：50k+ installs, Chinese and English interface. PeckShield team product.
The website shows that the number of malicious addresses included is 1,286,478 and the number of phishing sites included is 90,931, and it is constantly being updated. Currently only supports ETH and BSC chains.
Features include: Token contract monitoring, wallet authorization management, active defense against fraudulent token threats, active defense against phishing website threats, trusted domain detection, malicious plug-in detection and other anti-phishing website features.
2. Pocket Universe: 20k+ installs, works with Firefox, Microsoft Edge, Google Chrome and other browsers, only for ETH mainnet. Claims to have cooperation with Metamask, Coinbase wallets.
Features: monitors malicious Seaport transactions, Honeypot NFT and phishing sites.
No link to the wallet, verify transaction security by simulating transactions, slightly affects transaction speed (no more than 1 second).
3. Revoke.cash: 10k+ installs, English and Chinese interface. Works with all EVM-based chains such as Ethereum, Polygon and Avalanche, available for Firefox, Microsoft Edge, Google Chrome and other browsers.
Features include: pop-up warnings for non-whitelisted NFT trading sites, transactions on phishing sites; can revoke authorization.
4.Fire: 10k+ installs, works on Ether mainnet and Polygon, compatible with MetaMask and Coinbase wallets, works with any Ether wallet.
How it works: Monitor the security of scanned transactions by simulating users’ affected ERC-20, ERC-721 and ERC-1155 transactions.
Niche plug-ins (less than 10k installs)
1. Wallet Guard: 6k+ installs, Binance Labs Incubation
Features: block access to recently created sites with low trust, automatically disable malicious extension applications, monitor and block access to phishing sites.
2. MetaDock: 3k+ installs, open source code, security company BlockSec team products.
Features: Only supports BTC, ETH, BSC, Polygon, Fantom, Arbitrum, Cronos, Avalanche, Optimism, Moonbeam Blockchains, and Opensea. Which can view the flow of funds to addresses, monitor the risk of NFT collections, and interact with products such as Debank and NFTGo.
3. Blockem: 930 installs
Features: AI algorithm simulation trading and address scoring
4. Metashield: 864 installs, open source code, the first project incubated by BuidlerDAO.
Working principle: identify approve and send transactions, and help users to alert and block phishing sites by means of black and white lists and checking the status of authorized addresses. No wallet connection and no authorization required.
5. Stelo: 628 installs, open source code, works with any Chromium-based browser.
6. Scam Sniffer: 615 installs, open source code.
Features : Detector API (monitoring transfer of user assets, requests for authorization and other malicious behavior), simulated transactions, etc.
7. Beosin Alert: 291 installs, developed by Beosin team, a blockchain security audit company.
The founder of SlowMist, @evilcos, said he focused on Scam Sniffer, Revoke.cash, Wallet Guard, Pocket Universe, Fire.
PeckShieldAlert, which is the most used and full-featured, but in terms of the number of installs, it is almost negligible compared to MetaMask 10M+ and Phantom 2M+. In addition, there is no financing information in this field, which shows that no real attention has been paid to it from the perspective of users or investors.
SlowMist team member @IM_23pds’s view.
Phishing attacks on the blockchain industry are mainly distributed in the “domain name, signature” two points, of which 90% of NFT phishing are related to false domain names. If users open a phishing page, the relevant plug-ins and browsers can directly prompt the risk, so that there is no subsequent step of fraudulent signature, and the risk can be blocked in the first step.
Previously, the 360 era in the Web2 world solved the problem of virus attacks on Novice users at that time, but it is not a solution to the Trojan virus problem. There is always a time gap between virus detection and virus immunity (a professional technique to avoid antivirus detection, you can Google it yourself), and how to achieve a smaller time gap, faster sample size and more accurate identification determines the extent of the antivirus software.
Similarly, in blockchain and NFT industry, how to identify and alert to the real-time situation of phishing sites in the first step, and the speed and recognition degree of feedback on the user end also determine the ability of an anti-phishing plug-in; and if the relevant products do not identify these phishing domains in the first step, the risk of users losing coins increases greatly.
Previously, if the wallet had fraudulent signature identification, it could well show the details of the user to sign, such as for what, how much, to whom, and other human readable data, which could also avoid theft to a certain extent. However, although MetaMask currently has a market share of 80%, the analysis is really difficult.
Any products, articles, and reminders are auxiliary. Only by establishing your own security awareness can you be able to stand on a place where you don’t lose cryptocurriencies or NFTs. Personal safety awareness is king.
Blockchain researcher @tmel0211’s view:
The technical logic of self-hosted wallets such as MetaMask is to help users securely keep local private keys, handle user transaction signatures, provide gateways to connect to major blockchain main networks, and conveniently expand smart contract interactions such as DeFi. Theoretically speaking, it is feasible to embed any plug-in service that optimizes the experience without affecting the interaction function of wallet transfer. Anti-phishing address screening can only be considered one of the rigid needs.
However, the current mainstream wallet products are very simple in their functionality and restrained in their service optimization. The reasons are as follows.
1. affected by the client-side information payload, mobile interaction compared to browser plug-ins need to be more concise; 2. affected by decentralized consensus, phishing sites, blacklist libraries, etc. need centralized operation and maintenance support, which will generate consensus-side non-controversy; 3. affected by commercialization tendencies, service mezzanine although it can optimize the experience but it is difficult to commercial realization.
The current market mainstream browser security plug-ins, mostly provided by third-party security data companies: the experience are good, but the popularity is not enough. They all have a dream to become the guardian of web3 360 security guards, although the road is blocked and long:.
1. the plug-in service to provide the plug-in itself also has potential security risks may, its trust consensus needs time to accumulate; 2. often traded in the DEX environment or Mint NFT active users at this stage of security awareness is still weak, user habits to be developed; 3. phishing site updates, blacklist address base and other operations and maintenance challenges.
In my opinion, the wallet narrative should tend to vertical segmentation. 1. minimalist wallets for geeks; 2. security interaction anti-phishing wallets for whites; 3. customizable wallets for institutions; 4. MPC wallets; 5. smart contract wallets and so on.
But in any case, this and security plug-in services market does not conflict, at this stage coexist, complementary, I believe that an excellent browser security plug-in will eventually become a wallet like the standard.