Crypto wallets combat scammers with transaction previews and blocklists
United States-based crypto
On Jan. 30, the crypto exchange announced it had integrated a new suite of safety features to its wallet app to make it easier for users to spot and take action on potential foul play from scammers.
Such integrations include a transaction preview feature which gives the user an estimation of how users “token and NFT balances will change” during a transaction before the confirm button is hit.
Transaction preview: Coinbase
The firm has also rolled out token approval alerts, which make it clear to the user when a decentralized application dApp is requesting approval to withdraw tokens and nonfungible tokens (NFTs).
Additionally the firm has also introduced new layers of permission management that enable users to revoke dApp connections directly from the app to help minimize “exposure to potential vulnerabilities.”
The crypto exchange joins the ranks of several other crypto wallet providers that have either rolled out or announced similar features aimed at combating crypto scams and phishing attacks, including Solana-based Phantom, Web3 wallet provider Ember and Bitski.
Just two days after Moonbirds creator Kevin Rose admitted to losing $1.1 million in NFTs via a targeted phishing attack, Phantom reminded users on Jan. 27 that its wallets are protected with a number of security features which include transaction previews, an open source blocklist, NFT spam reporting and burning.
The firm explained its transaction preview feature: when you take an action in Phantom, like minting an NFT, we scan your transaction and proactively find anything that looks fishy. Website looks fishy? You get a warning. Trying to obfuscate code? Warning. Interacting with suspicious tokens? Warning.”
While the open-source blocklist consists of a “community-maintained list of malicious domains” that Phantom blocks users from mistakenly connecting with.
12/ We’re proud of the security features we have implemented, but this is only the beginning.
We will continue to work tirelessly to protect our users with best-in-class security features, education, and support to make everyone’s journey through web3 safe, easy, and fun.
— Phantom (@phantom) January 26, 2023
Tweeting on the same day as Phantom, Web3 wallet provider Ember detailed the list of its own security tools.
The list includes translation previews, token and NFT locking to stop assets being drained as part of malicious transactions, and approvaling revoking.
5/7) As well, Ember allows you to lock your NFTs and tokens, which disables the ability to send or sell them until they have been unlocked which requires your authentication to do so
This means that if you do sign a malicious transaction, your locked assets can’t be drained
— Ember (@EmberWallet) January 27, 2023
On Jan. 24, Bitski also indicated that it was working on similar integrations via its 2.0 wallet, with product designer Jasmine Xu noting that this will cover “self custody, dapp browser, transaction simulation previews, notifications about account activity, in-app burner vault, and a bunch more in a few weeks.”
Related: 5 sneaky tricks crypto phishing scammers used last year: SlowMist
In its most recent blog post, Coinbase said in the coming weeks, the firm will launch a feature so that users can “view and revoke existing token balances.”
These types of features are important for crypto and NFT users, as scammers/hackers deploy a wide array of tools to hijack transactions and get funds sent to them instead of the originally intended destination.
Popular methods that dupe even experienced users consist of phishing attacks, scam airdrops directing people to click on malicious links and malware.