Ensuring your safety in Web3 may often seem like a difficult task. But it really shouldn’t be, considering the wide variety of best practices that users can observe to boost their level of security while perusing the blockchain. Yet, many simply glaze over the lessons of the past and other practical security solutions established by their peers until it’s too late.
Except in the wake of a remarkable hack or scam, security seems to be a secondary or even tertiary priority to many in Web3. But significant grifts can ultimately cause problems for the majority of those in the NFT space, depending on who’s affected. How can we end this cycle?
The solution is twofold. First, we must understand that the safety of the NFT space isn’t only the user’s responsibility but needs to be a group effort. Secondly, users need to familiarize themselves with and begin using the tools that are already readily available to help keep creators, collectors, and builders safe. Here are some of the top ones to know.
Web3 Antivirus is a security tool catered to creators, collectors, and builders at any level. It installs as a browser extension on Chrome, Brave, Firefox, and Edge. The extension works by auditing the smart contracts a user engages with to identify dangerous logic, critical vulnerabilities, and compromising access permissions.
By vetting contracts, Web3 Antivirus warns users before they engage with malicious contracts or otherwise take potentially dangerous actions. Currently, only the basic free version of Web3 Antivirus is available, while a premium paid version (equipped with a range of new features) is set to be released soon.
SafeSoul is a free browser extension created by the same team behind the Digital Animals NFT project. The service is compatible with Chrome, Brave, Firefox, Opera, and Safari. It identifies potential NFT scams using bright red brackets while Web3 users navigate popular platforms such as Twitter, Google, and YouTube.
Threats are constantly being monitored by the SafeSoul team, but the service also relies heavily on community members to identify potential malicious accounts and content. With the SafeSoul Web3 Patrol, users are incentivized to flag potential hazards by leveraging their identities using non-transferable Soulbound Tokens (the SafeSoul Token) that act to verify them as trusted members of the NFT community.
Immunefi is one of, if not the most prominent, bug bounty platforms available in Web3. For those unfamiliar, a bug bounty is a reward (monetary or otherwise) provided to benevolent hackers that seek to successfully find and flag a vulnerability or bug to an application (or smart contract) developer.
In the NFT space, smart contract auditing is a crucial step before launching a project and one that can significantly affect the safety of users in Web3 if performed incorrectly. Considering that, in 2022 alone, hacks and scams reportedly cost the Web3 community over $4 billion, Immunefi has continued to encourage hackers to claim bug bounties to prevent more capital from being senselessly funneled away from creatives. The platform reports that it has saved $25 billion from being hacked to date.
NotCommon is a service that provides real-time custom alerts about security threats in Web3 to users on Ethereum, Polygon, Solana, and Tezos. By connecting a wallet to the service and downloading the service’s Chrome extension, users will get updates about security threats specific to their NFTs, tokens, and the projects they follow.
The reactionary model that NotCommon is spearheading has thus far seemingly proved to be effective, with the platform having identified over 160,000 scams to date. By identifying threats as they occur, NotCommon can send up a flare that might save collectors from engaging with malicious links or trading unofficial and nefarious NFTs.
Harpie is an on-chain firewall that aims to provide a new, essential security layer for Web3 wallets in order to stop hacks “before they ever get on-chain.” The service monitors a user’s wallet hundreds of times a second and works to stop a malicious transaction or transfer in transit automatically.
Users can expect to be defended against front-end attacks, bait and scam sites, private key theft, phishing attacks, and accidental transfers. Aside from being the first and only company to ever stop a private key theft automatically, Harpie also lays claim to being non-custodial, operating off of immutable and audited contracts, and utilizing a system of checks and balances to avoid single points of failure.
Forta is the first detection network built for the security and operational monitoring of blockchain activity. The service’s goal is to create a Web3 approach to securing the open economy by detecting threats and anomalies within the DeFi and NFT ecosystems — as well as throughout governance, bridges, and other Web3 systems — in real time.
Running on the Ethereum, Polygon, BSC, Avalanche, Arbitrum, Optimism, and Fantom blockchains, Forta provides users (traders, developers, and investors) with timely and useful information about the security and stability of their systems. To date, Forta’s community-run security network has protected tens of billions of valuable assets from exploits.