To Other Safety and Security Products: Better To Be Safe Than Sorry
In the vast, teeming, and sometimes treacherous world of cryptocurrencies, safety and security should always be top priorities. Since digital currencies operate entirely online, the risk of falling prey to hackers, identity thieves, and scam artists is very real.
To mitigate these risks, many users rely on a variety of security products and services. For instance, in an effort to beat the hackers as a collective, Chainabuse by TRM works as a unifying platform bringing stakeholders together to enhance security across the ecosystem. But that’s just one project attempting to get a collective of data to help the greater good.
Just recently, we learned that Threatslayer, Interlockweb3’s scam protection product, was in a state of neglect and disrepair and was simply non-functional to its users. This extension was still left on the Chrome Extension Store for almost 10 days after the CEO had announced its functional issues. This raises a huge question:
Are all these security platforms as effective as they claim to be?
The Advent of ‘Mono-Sources’ behind popular Web3 Security Products
A troubling trend in the digital security realm involves the creation of ‘mono-sources’ or single-point sources of data that house critical information on what smart contracts or wallets have been compromised. This limits the diversity and scope of security information accessible to an end-user. This may be a dynamic arising from the ever-competitive security landscape, where various companies are trying to best others on the quality of their security products to win integrations and users.
The Illusion of Safety
A good example of this scenario involves the false sense of security given by some tools.. For instance, Revoke.cash, a popular tool to help users revoke their approvals, has a wallet safety assessment. Shortly after one of the Axie Infinity / Ronin founders was hacked, their wallets were declared "safe" when in reality, it presented definite risks. Similar security services flagged this particular wallet, clearly demonstrating that Revoke.cash's assurance of safety was potentially based on a data source that had not been updated yet.
Case in Point: Lessons from Failed Security Tools
Several examples underscore the need for a more cautious approach. Recent tests on 5 security tools used on 2 scam sites showed significant weaknesses in scam detection. Two tools were completely bypassed, and one only partially effective. These security tools had not been updated with the latest threat information, leaving them blind to fresh threats and, in turn, the users they were supposed to be protecting vulnerable to attacks.
Additionally, extensions such as Blockaid by MetaMask have experienced “errors” while evaluating transactions and have left users with an ambiguous “may not be safe” warning. Given the high stakes, such vague warnings may not suffice to alert users, potentially leading to detrimental consequences. Cryptocurrency security should not be about covering one’s bases vaguely but rather about blunt and authoritative vigilance.
Also troubling is the apparent underperformance of some popular extensions. InterlockWeb3’s Threatslayer extension reportedly failed to recognize and issue any warnings on potentially dangerous scam sites. It has also been recently revealed theat InterlockWeb3’s scam protection product, Threatslayer, was malfunctioning, despite the company leaving the product available on the Google Chrome Extension Store for unassuming users. Given that these extensions are trusted by tens of thousands of users for their online safety, these gaps in service are alarming. It's worrisome to think that security tools, supposedly built to prevent scams, are possibly falling short of their promise.
A Plea for Prudence
Of course, false negatives from security platforms are far from ideal, but it’s far worse when they err on the side of complacency. It’s always better to be overly cautious than reckless. Therefore, digital security providers must err on the side of caution to protect their users.
Misleading security prompts can result in users losing their stored cryptocurrencies and much more. Beyond the financial loss, the resultant loss of credibility can have far-reaching implications for the provider whose services have been found wanting. It also hurts the industry overall; users begin trusting these products less and less, and sooner or later, we may return to where we started: a wild wild west of constant attack vectors and little to no protection mechanisms and recourse available for the consumer.
Action Point
This is, therefore, a call to action to all digital security service providers. They must ramp up their response mechanisms to enhance security within the emerging cryptocurrency environment. False assurances of security simply won't cut it. Providers need to ensure robust measures are in place to detect potential security threats.
In addition, they should deploy a multi-faceted approach to safeguard users against the various security threats prevalent in the ever-evolving cryptocurrency landscape. This should involve refining their data sources, updating them more frequently, teaming up with data collective initiatives, enhancing their security algorithms, and perhaps most importantly, honesty in communicating potential threats to their users.
Final Thoughts: It’s a Collaborative Effort
At Webacy, we work with 13+ data sources (and growing) and also participate in various ecosystem initiatives such as Chainabuse’s crowdsourcing initiative. No product is perfect, but we’re constantly providing revised scoring on wallets and smart contracts the second we, and any of our data providers, know more - providing partners with the largest breadth and coverage the industry has to offer.
The surging popularity of cryptocurrencies presents lucrative opportunities for growth, but it also invites considerable security threats. As a result, effective safety mechanisms are crucial to guarantee the long-term viability and acceptance of this game-changing innovation. In the end, it’s always better to be safe than sorry.
Here's to a more secure future in the world of cryptocurrencies and web3.