On January 28, Azuki's Twitter account was hacked, leading his followers to click on phishing links, stealing more than 122 NFTs, and inflicting a loss of more than $780,000. Kevin Rose, the creator of the NFT project Moonbirds, had his wallet taken on January 26. A total of 40 NFTs were taken, and more than $2 million was lost. OpenSea-licensed assets A phishing ad link was clicked on by @NFT GOD on January 15th, leading to the theft of all accounts (including stack twitter, etc.), bitcoins, and NFTs.
Why are common users and project founders targeted by phishing attacks so frequently? What browser add-ons that protect against phishing are available? In this post, 11 anti-phishing attack plugins are listed.
Standard Plugins (Over 10,000 Installs)
- PeckShieldAlert: Chinese and English UI, 50k+ installation times. Team PeckShield product.
The website claims to have 1,286,478 malicious addresses and 90,931 phishing websites in its database, and it is continually being updated. Only ETH and BSC are supported at this time.
Included features include monitoring of token contracts, wallet authorization management, active defense against dangers posed by fake tokens and phishing websites, trusted domain name detection, malicious plug-in detection, and more anti-phishing website features.
- Only applicable to the ETH mainnet, Pocket Universe has more than 20,000 installations and is accessible through Firefox, Microsoft Edge, Google Chrome, and other browsers. claims to work with the wallets from Coinbase and Metamask.
Detection of fraudulent Seaport transactions, Honeypot NFTs, and phishing websites are among the functions offered.
Use features such as those that prevent wallet linking, simulate transactions to check for transaction security, and somewhat slow down transactions (no more than 1 second).
- Revoke.cash: interface in Mandarin and English, over 10,000 installs. Suitable for use with all EVM-based chains, including Ethereum, Polygon, and Avalanche, and accessible through browsers like Firefox, Microsoft Edge, Google Chrome, etc.
Features include the ability to revoke authorization and pop-up warnings for transactions made on phishing and non-whitelisted NFT trading websites.
- Fire: suited for the Ethereum mainnet and Polygon, with over 10,000 installations. Works with any Ethereum wallet and is compatible with the Coinbase and MetaMask wallets.
How it works: By replicating the ERC-20, ERC-721, and ERC-1155 transactions impacted by users, it checks the security of scanned transactions.
Specific Plugins (Less Than 10,000 Installs)
- 6k+ installations of Wallet Guard, developed by Binance Labs.
Features: Monitor and limit access to phishing websites, automatically disable harmful extensions, block access to freshly established and low-trust websites.
- MetaDock: The product of the security firm BlockSec team, with over 3,000 installations and open-source code.
Function: Supports only Opensea, Polygon, Fantom, Arbitrum, Cronos, Avalanche, Bitcoin, Ethereum, and Bitcoin Classic. You can observe the movement of money within an address, keep an eye on the danger of NFT collections, and interact with services like Debank and NFTGo.
- 930 installations of Blockem
Function: Address and transaction simulation using AI
- Metashield: The code is open source, there are 864 installations, and this is the first project that BuilderDAO has nurtured.
Working theory: To assist users in alerting and blocking phishing websites, identify, approve, and transfer transactions. Use black and white lists, as well as verify the status of approved addresses. No wallet connection is necessary, and no authorization is needed.
- Stelo: Open source, 628 installations, works with any Chromium-based browser.
- Scam Sniffer: There are now 615 installations. The code is freely available.
Integrated features include simulated transactions, a detector API (tracking harmful behaviors like transferring user assets and asking authorization), and more.
- Beosin Alert: 291 installations created by the blockchain security audit business Beosin's team.
Wallet Guard, Pocket Universe, Fire, Scam Sniffer, and Revoke.cash are the main priorities of SlowMist's founder Cosine.
PeckShieldAlert is the most popular and feature-rich. However compared to Phantom 2M+ and MetaMask 10M+, it has a very small number of installs. Also, there is no finance information in this area, indicating that neither users nor investors have given it any thought.
90% of NFT phishing attempts pertain to phony domain names. Phishing attacks on the blockchain business are primarily dispersed in two points: domain names and signatures. When a user accesses a phishing page, the appropriate plug-ins and browsers can immediately alert the user to the risk, preventing the need for a future fraudulent signature step and allowing the risk to be eliminated in the initial stage.
For new users at the time, the 360 period in the prior Web2 era resolved viral attacks, but it did not resolve the issue of Trojan horse viruses. The timing of virus detection and prevention is never the same (a professional technology to avoid anti-virus software detection and killing, you can Google it yourself). The anti-virus software's level of power is determined by how to reduce the time difference, increase the number of samples quickly, and improve recognition.
Similar to this, the ability of an anti-phishing plug-in in the blockchain and NFT industries depends on how to spot phishing sites in the first place and alert users to them. Failure to spot these phishing domain names in the first place would significantly raise the danger of users losing money.
Earlier, if the wallet had a fake signature, it could display the user's signature's full details, including what to authorize, how much to authorize, to whom, and other information that could be read by humans, and it could also, to some extent, deter theft. Although though MetaMask presently holds 80% of the market, the analysis is very challenging.
Even while some products perform well in terms of analysis, they are still unable to stop the loss of coins and NFT. All goods, writings, and reminders are extra. You can only stand in a position where you don't lose money or NFTs by developing your own security awareness. Awareness of personal safety is paramount.
Self-custodial wallets, like MetaMask, function according to a technical logic that enables users to securely store local private keys, process user transaction signatures, offer connections to the primary networks of important blockchains, and enable smart contract interactions like DeFi.
Theoretically, any plug-in service that enhances the user experience without impacting the wallet transfer interface function might be embedded. Anti-phishing address screening is the sole criteria that may be characterized as strict.
Unfortunately, the present generation of widely used wallet solutions perform extremely basic tasks and have limited service optimization capabilities. The following are the causes:
- Mobile terminal interaction must be shorter than browser plug-ins due to the client information payload;
- Phishing websites, blacklist libraries, etc. are impacted by decentralized consensus and require centralized operation and maintenance assistance, which will provide consensus.
- Due to the propensity for commercialization, even though the service mezzanine can improve the experience, doing so is challenging.
Nowadays, third-party security data providers provide the majority of the widely used browser security plug-ins on the market; while the experience is good, the popularity is insufficient. Despite the long and challenging road ahead, they all hope to one day work as 360 security guards protecting web 3:
- The plug-in that offers plug-in services also has possible security threats, and it takes time for its trust consensus to build;
- There is a need to create user behaviors since active users who frequently trade in the DEX environment or Mint NFT currently have little security awareness;
- The blacklist address database and updating phishing websites present significant operational and maintenance problems;
The wallet narrative ought to, in our perspective, be split vertically.
- Nerds' minimalist wallet;
- A beginner-friendly secure interactive anti-phishing wallet;
- Institutional wallet that can be customized;
- MPC purse;
- Smart contract wallets and similar products often have vertical segments.
In any case, this is not in opposition to the market for security plugin services. They currently cohabit and support one another. We predict that, like a wallet, a top-notch browser security plug-in will someday become the norm.