Ensuring your security in Web3 often seems like a difficult task. But it really shouldn’t be, given the wide variety of best practices users can observe to increase their level of security as they peruse the blockchain. Yet many simply continue to blind themselves to the lessons of the past and other practical security solutions developed by their peers until it is too late.
Except in the wake of a notable hack or scam, security seems to be a secondary or even tertiary priority for many in Web3. But significant grievances can end up causing problems for the majority of those in the NFT space, depending on who is affected by them. How can we end this cycle?
The solution is twofold. First, we must understand that the security of the NFT space is not the sole responsibility of the user, but must be a collective effort. Second, users should become familiar with and begin using the tools that are already readily available to protect makers, collectors, and builders. Here are some of the best to know.
Web3 antivirus
Web3 Antivirus is a security tool for makers, collectors and builders at every level. It installs as a browser extension on Chrome, Brave, Firefox, and Edge. The extension works by checking the smart contracts a user engages with to identify dangerous logic, critical vulnerabilities, and compromising access rights.
By checking contracts, Web3 Antivirus warns users for they engage in malicious contracts or otherwise take potentially dangerous actions. Currently, only the free basic version of Web3 Antivirus is available, while a premium paid version (equipped with a range of new features) will be released soon.
safe soul
SafeSoul is a free browser extension created by the same team behind the Digital Animals NFT project. The service is compatible with Chrome, Brave, Firefox, Opera, and Safari. It identifies potential NFT scams using bright red brackets as Web3 users navigate popular platforms such as Twitter, Google, and YouTube.
Threats are constantly monitored by the SafeSoul team, but the service also relies heavily on community members to identify potential malicious accounts and content. With the SafeSoul Web3 Patrol, users are incentivized to flag potential dangers by asserting their identity using non-transferable Soulbound Tokens (the SafeSoul Token) that authenticate them as trusted members of the NFT community.
immunity
Immunefi is one of, if not the most prominent, bug bounty platforms available in Web3. For those unfamiliar, a bug bounty is a reward (monetary or otherwise) provided to benevolent hackers who successfully attempt to find and flag a vulnerability or bug for a developer of an application (or smart contract).
In the NFT space, smart contract checking is a critical step before launching a project and one that can significantly impact user security in Web3 if done incorrectly. Given that hacks and scams are reported to have cost the Web3 community more than $4 billion in 2022 alone, Immunefi has continued to encourage hackers to claim bug bounties to avoid more capital being pointlessly funneled away from creatives. The platform reports that it has saved $25 billion on hacking so far.
Unusual
NotCommon is a service that provides real-time customized alerts on Web3 security threats to users of Ethereum, Polygon, Solana, and Tezos. By linking a wallet to the service and downloading the service’s Chrome extension, users get updates on security threats specific to their NFTs, tokens, and the projects they follow.
The reactionary model that NotCommon puts forward has seemingly proven effective so far, with the platform identifying more than 160,000 scams to date. By identifying threats as they emerge, NotCommon can send a signal that can keep collectors from malicious links or trading unofficial and nefarious NFTs.
Harpy
Harpie is an on-chain firewall that aims to provide a new, essential layer of security for Web3 wallets to stop hacks “before they ever go on-chain.” The service checks a user’s wallet hundreds of times per second and works to automatically stop any malicious transaction or transfer in transit.
Users can expect to be defended against front-end attacks, bait and scam sites, private key theft, phishing attacks, and accidental transfers. Besides being the first and only company to ever stop a theft of private keys automaticallyHarpie also claims to be non-custodial, operating on immutable and controlled contracts, and using a system of checks and balances to avoid single points of failure.
Forta
Forta is the first discovery network built for the security and operational monitoring of blockchain activities. The goal of the service is to create a Web3 approach to securing the open economy from threats and anomalies within the DeFi and NFT ecosystems – as well as across governance, bridges and other Web3 systems – in real time detect.
Forta runs on the Ethereum, Polygon, BSC, Avalanche, Arbitrum, Optimism, and Fantom blockchains and provides users (traders, developers, and investors) with timely and useful information about the security and stability of their systems. To date, Forta’s community-run security network has protected tens of billions of valuable assets from exploits.
