In "Web3 Investment Guide | Security (06): What is a social engineering attack and how to prevent it?", we mentioned that social engineering attacks are becoming one of the biggest security threats to Web3 investors. From fake customer service, phishing websites to fake contract signatures, attackers have an endless variety of methods that are hard to guard against.

Many investors are accustomed to focusing their security efforts on wallet settings and private key protection, but in fact, from a daily perspective, what can truly block risks in the first place are some simple and practical security tools, such as anti-fraud security plug-ins.

In this article, Portal Labs recommends several mainstream anti-fraud plug-ins with good reputation on the market to help you improve the security of your assets from the source and build your own Web3 protection shield.

Anti-phishing plugin list

In the process of Web3 investment, investors are exposed to countless websites, wallet signatures, and social media messages every day. The amount of information is huge, and it is difficult to be 100% cautious in every operation. However, attackers take advantage of this "habitual trust" to launch attacks.

The role of the anti-fraud plug-in is to give investors an extra "security reminder" before each click, each signature, and each authorization, helping you expose potential threats in advance. Even if you have limited knowledge of security, these plug-ins can still effectively reduce the risk of being phished or stolen.

The following is a list of 9 popular anti-fraud plugins (in no particular order, only alphabetical order).

Blockem

Blockem uses artificial intelligence algorithms to simulate transactions and score interactive addresses to help users identify potential risks. The plug-in provides personalized security recommendations by analyzing transaction patterns and historical data.

  • Focus: Simulated transactions, contract/token/address security score
  • Source of security database: Risk assessment is carried out based on self-developed AI models and rule bases.
  • Applicable wallet: compatible with mainstream wallets.
  • Suitable for: Users who want to use AI technology to enhance security protection.

DefiLlama Extension

DefiLlama Extension provides real-time data and analysis of DeFi projects to help users identify potential risks. By displaying key indicators such as the project's locked amount and rate of return, users can better evaluate the security of the project.

  • Focus: DeFi project security analysis
  • Security database source: Integrate the data of DefiLlama platform to ensure the accuracy and timeliness of information.
  • Applicable wallet: compatible with mainstream wallets.
  • Suitable for: Investors active in the DeFi field.

Fire Extension

Fire Extension was launched by the well-known Web3 security company Blowfish. It can analyze transaction signatures in real time, detect high-risk contract interactions, and is particularly sensitive to malicious contract authorization. When a user attempts to interact with a potentially dangerous contract, the plug-in will issue a warning to prevent asset loss.

  • Focus: Authorization management, simulated signature risks
  • Security database source: Professional security data support provided by Blowfish.
  • Applicable wallets: Already compatible with MetaMask, Phantom and other wallets, some of which have built-in API services.
  • Suitable for people: high net worth investors, Web3 project wallet management users.

GoPlus Security

GoPlus was also mentioned in the previous "Tools (03)", when we introduced the use of the APP. In addition to the APP, GoPlus also has a plug-in version, which can also provide complete on-chain data security services. The plug-in integrates multi-dimensional detection functions such as contracts, tokens, and address risk scanning, and can identify token scams, malicious addresses, etc. in real time.

  • Focus: Contract/Token/Address Security Score
  • Security database source: Integrate multi-party on-chain data and security community information.
  • Applicable wallets: Compatible with a variety of mainstream wallets. Please refer to the official compatibility list for details.
  • Suitable for: Investors who prefer to fully understand the on-chain assets and interaction risks from a data perspective.

Metashield

Metashield was developed by the BuidlerDAO team. It can identify authorized transactions, and help users to warn and block phishing websites by blacklisting and whitelisting and checking the status of authorized addresses. The plug-in can be used without connecting to a wallet, providing convenient security protection.

  • Focus: Contract/Token/Address Security Score
  • Source of security database: Professional security data support is provided by the BuidlerDAO team.
  • Applicable wallet: No need to connect to a wallet to use it.
  • Suitable for people: Users who want to increase security without affecting the use of wallets.

Pocket Universe

Pocket Universe is a popular wallet transaction protection plug-in. Before the user initiates a transaction, it will automatically simulate the real consequences of the transaction, including whether authorization is involved, whether the funds will be transferred to an unfamiliar address, etc., and provide real-time risk warnings.

  • Focus: Risks of simulated signatures
  • Security database source: Use its own simulation engine and rule base to conduct risk assessment.
  • Applicable wallets: Supports MetaMask, Coinbase Wallet, Phantom and other mainstream wallets.
  • Suitable for people: Users who frequently interact with DApps and participate in DeFi and NFT transactions.

Revoke.cash

Revoke.cash pops up a prompt before the user signs the license, informing the user of the license details to help prevent the signing of malicious licenses. In addition, users can also view and revoke previous authorizations through the plug-in to ensure asset security.

  • Focus: Authorization Management
  • Security database source: Use its own rule base to conduct risk assessment.
  • Applicable wallets: Applicable to all EVM-based chains such as Ethereum, Polygon and Avalanche.
  • Suitable for people: Users who need to manage authorization and avoid malicious contracts.

Scam Sniffer

When a user connects to a wallet and initiates an interaction, Scam Sniffer scans the interaction logic and displays a pop-up window to inform the user of the security scan results and risks. This plug-in can identify risks such as phishing contracts and unfamiliar airdrops, protecting users from fraud.

  • Focus: Anti-phishing websites
  • Security database source: Integrate security data from multiple parties and update risk information in real time.
  • Applicable wallets: Supports MetaMask and other mainstream wallets.
  • Suitable for people: Users who need to guard against risks such as phishing contracts and unfamiliar airdrops.

Wallet Guard

Wallet Guard features global browser protection, which can detect malicious links, phishing websites, and fake airdrops, and prevent malicious signature authorization. It will pop up a warning when the user visits a suspicious website or prepares to connect to a wallet.

  • Focus: Anti-phishing websites
  • Source of security database: It integrates multiple well-known security community databases such as PhishFort and Chainabuse. The database is updated frequently and covers a wide range of risk information.
  • Applicable wallets: Supports multiple mainstream wallets including MetaMask and Coinbase Wallet.
  • Suitable for people: Investors who are active on social platforms such as Discord, Telegram, Twitter, etc. and have easy access to various airdrops or project links.

However, many investors mistakenly believe that installing a plug-in can completely avoid phishing.

In fact, the plug-in database also has the risk of lag, especially when encountering targeted disguises (such as a friend’s account being stolen or the project party’s Discord being hacked), the plug-in may not be able to react in the first time.

Therefore, the plug-in is a bottom-line guarantee and cannot replace your cautious operation habits of official website verification and private keys.

Anti-phishing plug-in usage suggestions

When investing in Web3, the most frightening thing is not not understanding the market, but “I thought it was safe, but ended up falling for a link.”

Anti-fraud plug-ins may not help you get rich overnight, but they can often protect you from fatal blows at critical moments.

Especially for investors who frequently participate in DeFi, NFT transactions, MEME coins, new coin interactions, airdrop activities, or high-net-worth users who are responsible for the core wallets of the project parties, these plug-ins are not icing on the cake, but a safety cushion to protect your bottom line.

It is recommended to select at least 2-3 plug-ins to use together, covering multi-dimensional scenarios such as signature detection, malicious contract identification, phishing link filtering, authorization management, etc.:

  • Fire Extension + Pocket Universe + Metashield → Core wallet multi-signature pre-simulation + authorization protection
  • Wallet Guard + Scam Sniffer → Protection against social engineering phishing and fake links
  • Revoke.cash → Regular authorization cleanup to prevent long-term authorization risks

Remember, security is never a tournament, but a long-distance race - only by keeping risks out of the door can you have the opportunity to enjoy the dividends of Web3.

The Web3 market is changing rapidly, but security is always a must for participants.