Would it not be great to get a warning that alerts us that we are about to sign a malicious crypto transaction?
Well, we are in luck...Wallet Guard is an open-source browser extension that detects wallet drainers before they interact with your crypto wallet.
Wallet Guard does:
- Simulate transactions
- Detect Phishing Websites
- Detect Malicious Extensions
- Detect High-Risk Approvals
Let's have a look into the details of those features.
Wallet Guard Transaction Simulation
Once Wallet Guard is installed as a browser extension, it will simulate any transaction approval so you can verify the transaction details before proceeding with the crypto wallet approval.
As an example, we are listing one of our NFTs in the OPENSEA marketplace.
To approve the listing, OpenSea is asking us to review and confirm the listing in our crypto wallet but, before this happens, Wallet Guard will review the transaction request.
Wallet Guard will review the transaction request for scams, and if none is detected will prompt us to Continue (or Reject) the transaction.
If we choose to continue, our crypto wallet will send us a notification to sign or reject the transaction.
While Wallet Guard actually scans for a considerable number of threats, you CANNOT leave all your personal security to juts an APP.
Wallet Guard is an additional layer of defense.
Your first layer of defense must always be your personal Digital and Crypto Knowledge and applying as many Security and Crypto Good Practices as possible.
Type of Scams Detected by Wallet Guard
Get to know what type of threats Wallet Guard can detect and which ones are yet beyond the application's capabilities.
As described in their Reference Documentation webpage, Wallet Guard can detect or plan to detect the following scam types:
Wallet Drainers (available): A fraudulent new NFT mint site that drains all NFTs, tokens or other assets within your wallet
Seaport Listing Scams (available): Exploits open approvals on the old OpenSea wyvern contract which allows assets to be listed and bought by an attacker on OpenSea for 0 ETH. This is how Kevin Rose was scammed
Blur Listing Scams (available): Exploits open approvals from assets you've previously sold/listed on Blur. Attacker is able to sell the asset to themselves for 0 ETH
Malicious signatures (available): Set Approval For All, eth_sign, and other arbitrary value transfer functions. Set Approval For All is allowed on verified marketplaces
ETH Drainers (available): A scam website that claims to be a NFT mint but actually steals all the Ethereum from an account
Low trust domains (available): Websites with very low reputation, which are often related to spam, malware, social engineering, and scams.
Homoglyphs (available): opensea.com (malicious) vs opensea.io (verified)
URL typo-squatting (available): opensae.net (malicious) vs opensea.io (verified)
OFAC blocklist (coming soon): Screening information against OFAC's blocklist
Honeypot detection (coming soon): Smart contracts that only allow for assets to be sent in and not sent out.
Address screening (coming soon): Aggregating data from other blockchain data providers
Rug pulls (not available): We cannot predict the intentions of an NFT project that is minted legitimately but then proceeds to abandon the project.
Seed phrase compromise (not available): We cannot detect scams that lure a user into giving away their seed phrase to an attacker. However, if the method for the attack is a phishing website it is possible that the Phishing Detection Service's URL scanner may catch it.
(not available): Malicious file downloads from play-to-earn malware campaigns or any form of malware.
Wallet Guard Phishing Detection
Wallet Guard proactively detects and blocks high-risk websites associated with wallet drainers and other dangerous activities.
As an example, we have looked for a suspicious website, one for which we are quite sure is just a phishing website, and tried to access it.
However, Wallet Guard detected that the website was very recently created and blocked the access.
Wallet Guard Malicious Extension Detection
Malicious browser extensions are designed to infiltrate your browser and steal personal information, redirect to malicious websites, or display unwanted ads.
Once a malicious extension is installed, it works in the background, collecting personal information such as login credentials, browsing history, and even credit card information.
Some of those malicious browser extensions can also redirect your browser to malicious websites, which can further infect your computer with more malware or attempt to steal personal information.
Wallet Guard Approval Reminders
Forgotten approvals quite be very dangerous.
Crypto wallet approvals made months or years ago can come back to hunts us.
Hackers may be waiting for you to have a significant amount of, for example, MATIC in your wallet before proceeding to exploit a vulnerability, hack your wallet, and drain it from all the MATIC that you have just sent to the wallet.
Wallet Guard does identify any potentially dangerous transaction so you can take steps and avoid any unfortunate hack.
Can Wallet Guad be Trusted?
As described in the Wallet Guard Snap webpage
- Wallet Guard has been audited by Consensys Diligence* and they are making available the audit report
- Wallet Guard has made available their Github repository open-source, which means that there is nothing they want to hide.
Consensys Diligence performs blockchain security and Ethereum smart contracts audits with 100+ blockchain companies protected and 200+ issues discovered.
How to Start Using Wallet Guard (3 Simple Steps)
Start using Wallet Guard is quite straightforward, it just takes a few steps
1 - Install the Wallet Guard Extension
First of all, you will need to download the Wallet Guard Extension.
Installing the extension is quite similar for all browsers. But, as an example, use the Chrome Extension Webstore and search for 'Wallet Guard Extension'.
Now, and this is VERY IMPORTANT, make sure that you install the legitimate extension.
Before installing any extension, make sure that it is the legitimate one by:
- Verifying that a significant amount of users have downloaded it. A low download count should raise your internal red flag.
- Checking for reviews. No reviews or negative reviews should raise your internal yellow flag.
- Reviewing the 'Overview' and 'Additional Information' for anything suspicious.
If you are not 100% sure of the legitimacy of an extension, do NOT install it.
2 - Launch the App and Connect Your Crypto Wallet
Once installed, find on your browser the extensions button and left mouse click the button over the Wallet Guard extension;
- Find below highlighted in green how to find the extensions button in a browser
- Find below highlighted in grey the Wallet Guard extension button
Once you have launched the app, you will need to 'Connect (Your) Wallet' by clinking over the top right corner button.
And you will be prompted by your wallet to 'Connect to (Wallet Guard) website':
3 - Run Your First Security Scan
Once your wallet is connected, you can run your first scan and find out:
- Your security score: As per the screenshot below, we have got a 98% rate. Good but not great because one of our wallets needs an update.
- What type of action is required from you to be fully protected: In our case, our METAMASK wallet does require an update.
And that is all, you have added another layer of defense to protect your digital assets from hacks and scams.
Congratulations on completing this 5-minute digital safety power-up.
We hope this short article has helped increase your digital safety knowledge and awareness, and the 5 minutes read was worth the time.
For more 5-minute Power Power-Ups, please consider subscribing to our blog.
