# https://blockaid.io llms-full.txt ## Onchain Security Solutions [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # End-to-End Onchain Security The only security platform for detecting and responding to fraud, scams, financial risks, **and** smart contract exploits in real time. Request a Demo Protecting the best [![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![Stellar Light BG](https://blockaid.io/api/media/file/stellar-light-bg-1.svg)](https://stellar.org/) [![](https://blockaid.io/api/media/file/opensea-light-bg.svg)](https://opensea.io/) [![World Light BG](https://blockaid.io/api/media/file/world-light-bg.svg)](https://world.org/) [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Uniswap Light BG](https://blockaid.io/api/media/file/uniswap-light-bg.svg)](https://uniswap.org/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![Starknet Light BG](https://blockaid.io/api/media/file/starknet-light-bg.svg)](https://www.starknet.io/) [![Soneium Light BG](https://blockaid.io/api/media/file/soneium-light-bg.svg)](https://soneium.org/) [![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75)](https://core.app/) [![Jupiter Light BG](https://blockaid.io/api/media/file/jupiter-light-bg.svg)](https://jup.ag/) [![Polymarket Light BG](https://blockaid.io/api/media/file/polymarket-light-bg.svg)](https://polymarket.com/) ## Blockaid Raises $50m Series B to Meet Demand for its Onchain Security Platform The round was led by Ribbit, with participation from Variant, Cyberstarts, and Google Ventures. [Learn More ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://blockaid.io/blog/behind-blockaids-series-b-securing-an-onchain-future) ### Enterprise-grade security for everything onchain Trusted by chains, protocols, wallets, exchanges, banks, and hedge funds to understand and secure what matters most. Request a Demo End-User Protection Protect users from fraud, scams, and hacks. ![](https://blockaid.io/api/media/file/feature_end_user.svg) for wallets, dapps, exchanges [Learn More ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://blockaid.io/end-user-protection) Onchain Asset Security Detect and respond to scams, fraud, exploits, and financial risks. ![](https://blockaid.io/api/media/file/feature_onchain_monitoring.svg) For Chains, Protocols [Learn More ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://blockaid.io/onchain-asset-security) Crypto Fraud Detection Identify and prevent sophisticated fraud like pig butchering. ![](https://blockaid.io/api/media/file/feature_fraud_detection.svg) For Exchanges, Banks, Fintechs [Learn More ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://blockaid.io/crypto-fraud-protection) Operational Security Monitor position risks, maintain anonymity, and automatically respond to threats. ![](https://blockaid.io/api/media/file/feature_opertaional_security.svg) For Hedge Funds, Trading Desks [Learn More ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://blockaid.io/operational-security) ### Powered by superior threat intelligence Combining dedicated security research, unmatched pre-and-post transaction visibility, and internet-wide scanning to detect and stop threats at their source. #### Blockaid network ![blockaid network](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fhome-feature-1-x2-new.png&w=3840&q=100) #### Blockaid network Our direct integrations with the most popular wallets and dApps mean Blockaid sees more transaction data than any other provider. #### Onchain data ![onchain data](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fhome-feature-2-x2.png&w=3840&q=100) #### Onchain data Blockaid indexes onchain data and applies advanced machine learning and AI, clustering algorithms to detect similarities in patterns, bytecode, and other onchain activity associated with threats. #### Offchain data ![offchain data](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fhome-feature-3-x2.png&w=3840&q=100) #### Offchain data Most web3 fraud and scams start on web2. Only Blockaid scans the entire internet to identify threats before they move onchain. ### Battle-tested and proven at scale 3.7 billion transactions scanned $180 billion assets secured 300 million attacks prevented $9.3+ billion in losses averted ### Endorsed and implementedby industry leaders ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg) Reducing fund loss incidents in MetaMask is a Consensys wide initiative that has been spearheaded by Blockaid. Blockaid has pushed our team to heights we didn’t know possible and continue to enable us to make users more secure than they have ever been in web3. Dror Avieli Managing Director & VP, Customer Support at Consensys ![](https://blockaid.io/api/media/file/opensea-light-bg.svg) The web3 space is, in aggregate, a measurably safer place ever since Blockaid came to market — they've solved trust & safety problems for wallets and marketplaces like OpenSea with an urgency & quality that's unparalleled. Integrating with Blockaid was a game-changer for OpenSea. Nadav Hollander CTO at OpenSea ![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg) The quality of Blockaid's product is second to none. They have helped us detect and prevent scams and hacks from our users. The team's expertise in cybersecurity, with years of experience, has been evident in the results since the early stages of integration. Andrey Balyasnikov Head of Product at Zerion ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs ![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg) At Backpack, we prioritize security as the foundation for storing and managing cryptocurrencies. Our partnership withBlockaid enhances our commitment to safety, enabling users to interact with onchain apps with confidence. Armani Ferrante CEO at Backpack Previous slide Next slide Backed by the best investors [![investor sequioa](https://blockaid.io/api/media/file/investor-sequioa.svg)](https://www.sequoiacap.com/) [![investor greylock](https://blockaid.io/api/media/file/investor-greylock-1.svg)](https://greylock.com/) [![investor cyber starts](https://blockaid.io/api/media/file/investor-cyberstarts.svg)](https://cyberstarts.com/) [![investor ribbit capital](https://blockaid.io/api/media/file/investor-ribbit-capital.svg)](https://ribbitcap.com/) [![](https://blockaid.io/api/media/file/gv_transparent-copy%20(2)-1.svg)](https://www.gv.com/) [![investor variant](https://blockaid.io/api/media/file/investor-variant.svg)](https://variant.fund/) ### Latest resources and news [View All](https://blockaid.io/blog) [![Blockaid Announces $50M Series B](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-series-bannouncement.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **Behind Blockaid's Series B—Securing an Onchain Future** \\ \\ This investment will help us scale to meet the surging demand for our security platform as we protect the largest companies operating onchain.\\ \\ February 18, 2025\\ \\ Announcements](https://blockaid.io/blog/behind-blockaids-series-b-securing-an-onchain-future) [![Exchange Tokens](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftokens.png&w=3840&q=100)\\ \\ **How Blockaid Helps Exchanges Turn Token Listings into a Competitive Advantage** \\ \\ Learn how Blockaid enables exchanges to list tokens instantly while automatically blocking scams—eliminating slow manual reviews, reducing risk, and unlocking new opportunities.\\ \\ January 28, 2025\\ \\ Token Security](https://blockaid.io/blog/how-blockaid-helps-exchanges-turn-token-listings-into-a-competitive-advantage) ### Upcoming events June 30th ETHCC 8 * * * ![Right](https://blockaid.io/_next/static/media/location-pin.6c0ab73d.svg)Cannes, France Meet Us There ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg) October 1st Token 2049 Singapore * * * ![Right](https://blockaid.io/_next/static/media/location-pin.6c0ab73d.svg)Singapore Meet Us There ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg) ### Detect, understand, and protect against fraud, scams, exploits, and financial risks with Blockaid Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Page Not Found [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # This page doesn't exist. Just like a successful attack on a Blockaid customer. [Let's start over](https://blockaid.io/) ## Page Not Found [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # This page doesn't exist. Just like a successful attack on a Blockaid customer. [Let's start over](https://blockaid.io/) ## Transaction Validation Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Cosigner ## Validate every transaction and never sign blindly again $2B has been lost to blind signing. Add an automated security check to prevent losses, even when devices have been compromised. Request a Demo ![Blockaid Cosigner](https://blockaid.io/api/media/file/cosigner-hero-4.svg) Trusted to protect 180M+ web3 transactions every month [![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Uniswap Light BG](https://blockaid.io/api/media/file/uniswap-light-bg.svg)](https://uniswap.org/) [![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg)](https://backpack.app/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![OKX Light BG](https://blockaid.io/api/media/file/okx-light-bg-1.svg)](https://www.okx.com/) 3.7B transactions scanned 300M attacks prevented $180B assets secured ## Protection beyond multisig approval Add an automated security check to protect against UI spoofing, compromised signers, supply chain attacks, social engineering, and more. Integration #### Validate every transaction initiated by your multisig or institutional wallet ![Blockaid Cosigner Integration](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fblockaid-cosigner-integration.png&w=3840&q=100) Integration #### Validate every transaction initiated by your multisig or institutional wallet Cosigner integrates with your existing infrastructure to automatically verify transactions before final signature. Safe Fireblocks AND MORE Engine #### Expose the hidden threats in every transaction ![Blockaid Cosigner Engine](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fblockaid-cosigner-engine.png&w=3840&q=100) Engine #### Expose the hidden threats in every transaction Protect against UI spoofing, compromised signers, supply chain attacks, and more. Blockaid enables you to block malicious transactions even with signer approval. Analysis #### Gain an in-depth understanding of every transaction ![Blockaid Cosigner Analysis](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fblockaid-cosigner-analysis.png&w=3840&q=100) Analysis #### Gain an in-depth understanding of every transaction Track every validation check and decision with detailed documentation. Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block more threats. ![blockaid network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-3.svg)![Blockaid Network](https://blockaid.io/api/media/file/blockaid-network.svg) ### Battle-testedand proven at scale ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg) The quality of Blockaid's product is second to none. They have helped us detect and prevent scams and hacks from our users. The team's expertise in cybersecurity, with years of experience, has been evident in the results since the early stages of integration. Andrey Balyasnikov Head of Product at Zerion ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![Blockaid Announces $50M Series B](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-series-bannouncement.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **Behind Blockaid's Series B—Securing an Onchain Future** \\ \\ This investment will help us scale to meet the surging demand for our security platform as we protect the largest companies operating onchain.\\ \\ February 18, 2025\\ \\ Announcements](https://blockaid.io/blog/behind-blockaids-series-b-securing-an-onchain-future) [![How to Prevent the Next Bybit $1.5B hack: A Strategic Approach to Solving Blind Signing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit4.png&w=3840&q=100)\\ \\ **How to Prevent the Next $1.5B Bybit Hack: A Strategic Approach to Solving Blind Signing** \\ \\ The ByBit $1.5B hack was a replay of the Radiant incident - and it could have been prevented. Here's how.\\ \\ February 21, 2025\\ \\ Threat Intelligence](https://blockaid.io/blog/how-to-prevent-the-next-15b-bybit-hack-a-strategic-approach-to-solving-blind-signing) ### Validate every transaction and never sign blindly again Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Blockaid Security Platform [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # About Blockaid Blockaid is the onchain security platform for monitoring, detecting, and responding to onchain and offchain threats. Comprehensive security platform for Web3 projects #### The Onchain Security Platform ![Blockaid Founders](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2FFounders_Blockaid-1.png&w=3840&q=100) Comprehensive security platform for Web3 projects #### The Onchain Security Platform Blockaid provides an end-to-end solution that can help any company building in the space keep their users safe - including tools like smart contract monitoring, transaction simulation, dApp scanning, token security tools, on-chain and off-chain threat hunting capabilities, and more. From nation state cybersecurity - to the onchain battlefield #### Built by elite security researchers ![Blockaid Team](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fteam%2520(1).jpg&w=3840&q=100) From nation state cybersecurity - to the onchain battlefield #### Built by elite security researchers Founded in 2022 by former Israeli cyber intelligence operatives, Blockaid is the security solution of choice for leading web3 companies like Metamask, Coinbase, Stellar and more. With offices in New York and Tel Aviv, Blockaid has raised $83M from Ribbit, Variant, Cyberstarts, Sequoia, Greylock, and Google Ventures. Backed by industry leaders [![investor sequioa](https://blockaid.io/api/media/file/investor-sequioa.svg)](https://www.sequoiacap.com/) [![investor greylock](https://blockaid.io/api/media/file/investor-greylock-1.svg)](https://greylock.com/) [![investor cyber starts](https://blockaid.io/api/media/file/investor-cyberstarts.svg)](https://cyberstarts.com/) [![investor ribbit capital](https://blockaid.io/api/media/file/investor-ribbit-capital.svg)](https://ribbitcap.com/) [![](https://blockaid.io/api/media/file/gv_transparent-copy%20(2)-1.svg)](https://www.gv.com/) [![investor variant](https://blockaid.io/api/media/file/investor-variant.svg)](https://variant.fund/) ## Let’s secure the future together We are always on the lookout for talented people who are passionate about onchain security. Get in touch to explore a role that could be right for you. [Explore Careers](https://www.comeet.com/jobs/blockaid/69.00b) ## DeFi Operational Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Operational Security ## Secure your DeFi investments and operations Monitor position risks, maintain anonymity, and automatically respond to threats across DeFi protocols. Request a Demo ![investor protection](https://blockaid.io/api/media/file/hero-investor-protection.svg) Trusted by leading investment and compliance teams [![Safe Light BG](https://blockaid.io/api/media/file/safe-light-bg-2.svg)](https://safe.global/) [![Fireblocks Light BG](https://blockaid.io/api/media/file/fireblocks-light-bg.svg)](https://www.fireblocks.com/) [![](https://blockaid.io/api/media/file/anchorage_light_bg.svg)](https://www.anchorage.com/) ### Maximize your upside, minimize your risk Understand and adjust to investment risks while maintaining position security and regulatory compliance. Protect position anonymity Get instant alerts when addresses are exposed and execute automated position moves. ![Protect position anonymity](https://blockaid.io/api/media/file/investor-protection-card-1.svg) Maintain regulatory compliance Monitor interactions with sanctioned actors and generate required compliance documentation. ![Maintain regulatory compliance](https://blockaid.io/api/media/file/investor-protection-card-2.svg) Instantly respond to threats Detect protocol exploits and execute automated exit strategies to protect investments. ![Instantly respond to threats](https://blockaid.io/api/media/file/investor-protection-card-3.svg) Make informed decisions Track dependencies, upgrades, and yield changes that could impact investment risk. ![Make informed decisions](https://blockaid.io/api/media/file/investor-protection-card-4.svg) ### Full-cycle DeFi investment security Monitor positions, detect threats, and respond automatically across your DeFi operations. Monitor #### Track positions, protocol states, and compliance risks across DeFi ![monitor](https://blockaid.io/api/media/file/investor-protection-1.svg) Monitor #### Track positions, protocol states, and compliance risks across DeFi Detect #### Identify deanonymization attempts, compliance risks, and protocol security threats ![detect](https://blockaid.io/api/media/file/investor-protection-2.svg) Detect #### Identify deanonymization attempts, compliance risks, and protocol security threats Respond #### Execute automated exit strategies and maintain SAR reporting requirements ![respond](https://blockaid.io/api/media/file/investor-protection-3.svg) Respond #### Execute automated exit strategies and maintain SAR reporting requirements Investigate #### Analyze protocol risks and monitor position exposure across platforms ![investigate](https://blockaid.io/api/media/file/investor-protection-4.svg) Investigate #### Analyze protocol risks and monitor position exposure across platforms Network ### Unmatched visibility into threats Combine intelligence from the largest network of wallet integrations with dark web monitoring to protect positions before threats materialize. ![ network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-5.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Latest resources and news [View All](https://blockaid.io/blog) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing** \\ \\ Prevent blind signing exploits with Blockaid Cosigner, which validates and enforces policy at the signature layer.\\ \\ April 15, 2025\\ \\ Operational Security](https://blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) [![Response Plan](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fresponse.png&w=3840&q=100)\\ \\ **How to Create an Incident Response Plan for Your Onchain Protocol** \\ \\ Learn how to build a structured incident response plan for your onchain protocol to detect, contain, and mitigate threats effectively when an attack occurs.\\ \\ January 29, 2025\\ \\ Protocol Security](https://blockaid.io/blog/how-to-create-an-incident-response-plan-for-your-onchain-protocol) ### Protect your positions maintain compliance Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Crypto Fraud Protection [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Crypto Fraud Protection ## Stop push payment fraud before funds leave your platform Protect users and meet compliance requirements in real time by identifying scams and preventing bad actors from misusing your platform. Request a Demo ![crypto fraud](https://blockaid.io/api/media/file/hero-crypto-fraud.svg) Trusted by leading exchanges, fintechs, and banks [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![OKX Light BG](https://blockaid.io/api/media/file/okx-light-bg-1.svg)](https://www.okx.com/) ### Real-time protection against crypto fraud Most fraud detection fails against new addresses. Only Blockaid combines exchange monitoring with real-time wallet intelligence to stop fraud at the source. Stop fraud and minimize liability Monitor critical assets and infrastructure with comprehensive coverage across your stack. ![Stop fraud and minimize liability](https://blockaid.io/api/media/file/crypto-fraud-card-1.svg) Maintain AML and OFAC compliance Stop attacks before they cause damage with instant detection and automated response. ![Maintain AML and OFAC compliance](https://blockaid.io/api/media/file/crypto-fraud-card-2.svg) Gain visibility into onchain fraud Reduce investigation time with automated threat analysis and detailed audit trails. ![Gain visibility into onchain fraud](https://blockaid.io/api/media/file/crypto-fraud-card-3.svg) Proactively detect emerging threats Meet regulatory requirements with automated reporting and comprehensive audit logs. ![Proactively detect emerging threats](https://blockaid.io/api/media/file/crypto-fraud-card-4.svg) ### Comprehensive fraud detection and prevention Automatically identify and stop push payment fraud with continuous monitoring and real-time response. Monitor #### Continuously monitor payment rails, exchange outflows, and onchain signals ![monitor](https://blockaid.io/api/media/file/crypto-fraud-1.svg) Monitor #### Continuously monitor payment rails, exchange outflows, and onchain signals ACH Transfers Wire transfers wallet interactions Externally Owned Assets (EOAs) AND MORE Detect #### Identify fraud, scams, exploits, financial risks and operational faults with battle-tested ML models ![detect](https://blockaid.io/api/media/file/crypto-fraud-2.svg) Detect #### Identify fraud, scams, exploits, financial risks and operational faults with battle-tested ML models Pig butchering money mulling money laundering ofac addresses AND MORE Respond #### Block transactions, freeze accounts, and implement user checks in real time ![respond](https://blockaid.io/api/media/file/crypto-fraud-3.svg) Respond #### Block transactions, freeze accounts, and implement user checks in real time Alert Compliance on Slack block transactions trigger captcha open new case AND MORE Investigate #### Drill into chargeback incidents and quantify users impacted by the same campaigns ![investigate](https://blockaid.io/api/media/file/crypto-fraud-4.svg) Investigate #### Drill into chargeback incidents and quantify users impacted by the same campaigns Alert Compliance on Slack block transactions trigger captcha open new case AND MORE ### Enterprise-grade security, seamless integration Deploy production-ready security in days with flexible APIs and dedicated engineering support. Request a Demo Custom API integration ![Custom API integration](https://blockaid.io/api/media/file/end-user-protection-enterprise-1.svg) Native SDK implementations ![Native SDK implementations](https://blockaid.io/api/media/file/end-user-protection-enterprise-2.svg) Continuous threat updates ![Continuous threat updates](https://blockaid.io/api/media/file/end-user-protection-enterprise-3.svg) Dedicated engineering support ![Dedicated engineering support](https://blockaid.io/api/media/file/end-user-protection-enterprise-4.svg) Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![ network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-5.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Trusted by leading products foraccurate, comprehensive protection ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ### Latest resources and news [View All](https://blockaid.io/blog) [![Stablecoins](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fstable.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **How Blockaid Secures the $5.7T Stablecoin Economy Against Threats** \\ \\ As a stablecoin issuer, the risks to your business extend far beyond technical vulnerabilities - Blockaid provides tailor made solutions to mitigate these risks and help you detect and respond to threat across your ecosystem.\\ \\ February 5, 2025\\ \\ Onchain Detection and Response](https://blockaid.io/blog/how-blockaid-secures-the-5-7-trillion-stablecoin-economy-against-threats) [![Trump Coin](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftrump_coin.png&w=3840&q=100)\\ \\ **Data Spotlight: How Scammers Reacted to the $TRUMP Token Launch** \\ \\ A look into how scammers exploited the $TRUMP token launch with malicious tokens and fake dApps.\\ \\ January 20, 2025\\ \\ Token Security](https://blockaid.io/blog/data-spotlight-how-scammers-reacted-to-the-trump-memecoin-token-launch) ### Protect your users from fraud, phishing, and hacks Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Onchain Asset Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Onchain asset security ## Monitor and protect what matters most—in real time Detect threats to assets and infrastructure, investigate incidents, and trigger automated security alerts and workflows. Request a Demo ![onchain monitoring](https://blockaid.io/api/media/file/hero-onchain-monitoring.svg) Trusted by leading ecosystems and protocols [![World Light BG](https://blockaid.io/api/media/file/world-light-bg.svg)](https://world.org/) [![Uniswap Light BG](https://blockaid.io/api/media/file/uniswap-light-bg.svg)](https://uniswap.org/) [![Starknet Light BG](https://blockaid.io/api/media/file/starknet-light-bg.svg)](https://www.starknet.io/) [![Abstract Light BG](https://blockaid.io/api/media/file/abstract-light-bg.svg)](https://www.abs.xyz/) [![Eclipse Light BG](https://blockaid.io/api/media/file/eclipse-light-bg.svg)](https://www.eclipse.xyz/) [![Sui Light BG](https://blockaid.io/api/media/file/sui-light-bg.svg)](https://sui.io/) ### Comprehensive protection and compliance in one platform Monitor assets, prevent incidents, investigate threats, and meet regulatory requirements—without ever leaving the Blockaid platform. Real-time visibility into threats Monitor critical assets and infrastructure with comprehensive coverage across your stack. ![Real-time visibility into threats](https://blockaid.io/api/media/file/onchain-monitoring-card-1.svg) Automated incident prevention Stop attacks before they cause damage with instant detection and automated response. ![Automated incident prevention](https://blockaid.io/api/media/file/onchain-monitoring-card-2.svg) Deep investigation capabilities Reduce investigation time with automated threat analysis and detailed audit trails. ![Deep investigation capabilities](https://blockaid.io/api/media/file/onchain-monitoring-card-3.svg) Streamlined compliance Meet regulatory requirements with automated reporting and comprehensive audit logs. ![Streamlined compliance](https://blockaid.io/api/media/file/onchain-monitoring-card-4.svg) ### Full-cycle security from monitoring to investigation Complete protection across the entire transaction lifecycle—from pre-transaction analysis to post-transaction investigation. Monitor #### Continuously monitor smart contracts, wallets, and critical infrastructure ![monitor](https://blockaid.io/api/media/file/onchain-monitoring-1.svg) Monitor #### Continuously monitor smart contracts, wallets, and critical infrastructure Entire Web Wallet Interactions Smart Contracts Treasury Wallets Multisig Wallets Sequencers Externally Owned Assets (EOAs) Mempools Validators Bridges AND MORE Detect #### Identify fraud, scams, exploits, financial risks and operational faults with battle-tested ML models ![detect](https://blockaid.io/api/media/file/onchain-monitoring-2.svg) Detect #### Identify fraud, scams, exploits, financial risks and operational faults with battle-tested ML models Malicious Transactions Malicious tokens Compromised Frontends Suspicious Function Calls Multisignature Approvals Suspicious Transfers MEV Attacks Majority Collusion Attacks Liquidity Anomalies AND MORE Respond #### Automate risk mitigation with custom workflows and real-time alerts ![respond](https://blockaid.io/api/media/file/onchain-monitoring-3.svg) Respond #### Automate risk mitigation with custom workflows and real-time alerts Alert SecOps on Slack Deny Cosigner Signature Unwind Positions Revoke Approvals Change Parameters Pause Contracts Notify Third Party Wallets AND MORE Investigate #### Analyze money laundering patterns, OFAC interactions, and drill into comprehensive incident reports ![investigate](https://blockaid.io/api/media/file/onchain-monitoring-4.svg) Investigate #### Analyze money laundering patterns, OFAC interactions, and drill into comprehensive incident reports ### Deploy monitoring and protection in less than 20 minutes Deploy production-ready security in days with flexible APIs and dedicated engineering support. Request a Demo Add assets and infrastructure to monitor ![Add assets and infrastructure to monitor](https://blockaid.io/api/media/file/onchain-monitoring-deploy-card-1.svg) Review and customize detection rules ![Review and customize detection rules](https://blockaid.io/api/media/file/onchain-monitoring-deploy-card-2.svg) Configure alerts and mitigation workflows ![Configure alerts and mitigation workflows](https://blockaid.io/api/media/file/onchain-monitoring-deploy-card-3.svg) Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![ network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-5.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Trusted by leading products foraccurate, comprehensive protection ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ### Latest resources and news [View All](https://blockaid.io/blog) [![Stablecoins](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fstable.png&w=3840&q=100)\\ \\ **How Blockaid Secures the $5.7T Stablecoin Economy Against Threats** \\ \\ As a stablecoin issuer, the risks to your business extend far beyond technical vulnerabilities - Blockaid provides tailor made solutions to mitigate these risks and help you detect and respond to threat across your ecosystem.\\ \\ February 5, 2025\\ \\ Onchain Detection and Response](https://blockaid.io/blog/how-blockaid-secures-the-5-7-trillion-stablecoin-economy-against-threats) [![Response Plan](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fresponse.png&w=3840&q=100)\\ \\ **How to Create an Incident Response Plan for Your Onchain Protocol** \\ \\ Learn how to build a structured incident response plan for your onchain protocol to detect, contain, and mitigate threats effectively when an attack occurs.\\ \\ January 29, 2025\\ \\ Protocol Security](https://blockaid.io/blog/how-to-create-an-incident-response-plan-for-your-onchain-protocol) [![How to Prevent the Next Bybit $1.5B hack: A Strategic Approach to Solving Blind Signing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit4.png&w=3840&q=100)\\ \\ **How to Prevent the Next $1.5B Bybit Hack: A Strategic Approach to Solving Blind Signing** \\ \\ The ByBit $1.5B hack was a replay of the Radiant incident - and it could have been prevented. Here's how.\\ \\ February 21, 2025\\ \\ Threat Intelligence](https://blockaid.io/blog/how-to-prevent-the-next-15b-bybit-hack-a-strategic-approach-to-solving-blind-signing) ### Protect your users from fraud, phishing, and hacks Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## End-User Protection [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) End-user protection ## Stop fraud, scams, and  hacks before they impact your users Integrate enterprise-grade security directly into your onchain application. Request a Demo ![end user protection](https://blockaid.io/api/media/file/hero-end-user-protection.svg) Trusted by leading wallets, dApps, and DEXs [![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg)](https://rainbow.me/en/) [![Uniswap Light BG](https://blockaid.io/api/media/file/uniswap-light-bg.svg)](https://uniswap.org/) [![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg)](https://zerion.io/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![1inch Logo Light](https://blockaid.io/api/media/file/1inch-light-bg.svg)](https://1inch.io/) [![DEX Screener Light BG](https://blockaid.io/api/media/file/dex-screener-light-bg-1.svg)](https://dexscreener.com/) [![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75)](https://core.app/) [![Jupiter Light BG](https://blockaid.io/api/media/file/jupiter-light-bg.svg)](https://jup.ag/) [![OKX Light BG](https://blockaid.io/api/media/file/okx-light-bg-1.svg)](https://www.okx.com/) [![client cool wallet](https://blockaid.io/api/media/file/client-coolwallet.svg)](https://www.coolwallet.io/) ### Safe users, better business outcomes Just one malicious transaction can devastate users and destroy trust. Blockaid helps you keep users safe with real-time security that stops threats before they cause damage. Prevent losses before they happen ![prevent losses before it happens](https://blockaid.io/api/media/file/end-user-protection-card-1.svg) - $5.3B+ in user funds protected - 71M+ attacks prevented - 300+ attack vectors detected Build user trust and retention ![Build user trust and retention](https://blockaid.io/api/media/file/end-user-protection-card-2.svg) - 20M+ protected users - 99.9% threat detection accuracy - Real-time protection Reduce support overhead ![Reduce support overhead](https://blockaid.io/api/media/file/end-user-protection-card-3.svg) - 90% reduction in security tickets - Automated threat responses - Proactive user protection Stay ahead of evolving threats ![Stay ahead of evolving threats](https://blockaid.io/api/media/file/end-user-protection-card-4.svg) - 24/7 threat monitoring - First to detect new attack vectors - Internet-wide threat scanning ### End-to-end security for your onchain product Comprehensive protection across the entire transaction lifecycle—from pre-transaction analysis to post-transaction investigation. Monitor #### Continuously monitor interactions with transactions, dApps, and tokens ![monitor](https://blockaid.io/api/media/file/end-user-protection-1.svg) Monitor #### Continuously monitor interactions with transactions, dApps, and tokens Detect #### Accurately identify malicious transactions, dApps, tokens, and addresses in real time ![detect](https://blockaid.io/api/media/file/end-user-protection-2.svg) Detect #### Accurately identify malicious transactions, dApps, tokens, and addresses in real time Respond #### Provide users with information on the safety of each transaction, dApp, and token before they sign ![respond](https://blockaid.io/api/media/file/end-user-protection-3.svg) Respond #### Provide users with information on the safety of each transaction, dApp, and token before they sign Investigate #### Drill down into incident reports to better understand root causes and network effects ![investigate](https://blockaid.io/api/media/file/end-user-protection-4.svg) Investigate #### Drill down into incident reports to better understand root causes and network effects ### Enterprise-grade security, seamless integration Deploy production-ready security in days with flexible APIs and dedicated engineering support. Request a Demo Custom API integration ![Custom API integration](https://blockaid.io/api/media/file/end-user-protection-enterprise-1.svg) Native SDK implementations ![Native SDK implementations](https://blockaid.io/api/media/file/end-user-protection-enterprise-2.svg) Continuous threat updates ![Continuous threat updates](https://blockaid.io/api/media/file/end-user-protection-enterprise-3.svg) Dedicated engineering support ![Dedicated engineering support](https://blockaid.io/api/media/file/end-user-protection-enterprise-4.svg) Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![ network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-5.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Trusted by leading products foraccurate, comprehensive protection ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![](https://blockaid.io/api/media/file/opensea-light-bg.svg) The web3 space is, in aggregate, a measurably safer place ever since Blockaid came to market — they've solved trust & safety problems for wallets and marketplaces like OpenSea with an urgency & quality that's unparalleled. Integrating with Blockaid was a game-changer for OpenSea. Nadav Hollander CTO at OpenSea ![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg) The quality of Blockaid's product is second to none. They have helped us detect and prevent scams and hacks from our users. The team's expertise in cybersecurity, with years of experience, has been evident in the results since the early stages of integration. Andrey Balyasnikov Head of Product at Zerion ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs ![Cointracker Light BG](https://blockaid.io/api/media/file/cointracker-light-bg.svg) Spam was a growing problem at CoinTracker, and worsened the user experience. We tried multiple solutions, but determined that Blockaid was the only solution that could meet our needs. The product is high quality, the team is special, and they even fine tuned their solution to our preferences. Sanjiv Prabhunandan Senior Software Engineer at CoinTracker ![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg) Rainbow takes security extremely seriously. When seeking a partner to elevate our defenses, we didn’t settle. We chose Blockaid — not just ninjas, but seasoned warriors who have squared off against the world’s most sophisticated nation-state adversaries. We’re excited to partner with Blockaid to bolster our defenses. Mike Co-founder of Rainbow ![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg) At Backpack, we prioritize security as the foundation for storing and managing cryptocurrencies. Our partnership withBlockaid enhances our commitment to safety, enabling users to interact with onchain apps with confidence. Armani Ferrante CEO at Backpack ![DEX Screener Light BG](https://blockaid.io/api/media/file/dex-screener-light-bg-1.svg) Keeping up with the flood of pump and dumps and other scam tokens was a massive headache. Blockaid solved this for us. Andy Founder at DEX Screener Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![Sui and Blockaid Security Partnership](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsui-blockaid.jpg&w=3840&q=100)\\ \\ FEATURED\\ \\ **Sui Foundation Partners With Blockaid to Strengthen Ecosystem Security and Simplify SecOps** \\ \\ The partnership will bring Blockaid’s industry-leading protection to Sui wallets and infrastructure.\\ \\ March 11, 2025\\ \\ Partnerships](https://blockaid.io/blog/sui-foundation-partners-with-blockaid-to-strengthen-ecosystem-security-and-simplify-secops) [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ EIP-7702 is live - and Blockaid is working with the biggest companies in crypto to help them support 7702 safely and confidently. \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) ### Protect your users from fraud, phishing, and hacks Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Address Validation [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Address Validation ## Identify and block malicious addresses in real time Gain an immediate understanding of a crypto address's security status and whether it is tied to OFAC-sanctioned entities. Request a Demo ![address validation](https://blockaid.io/api/media/file/hero-address-validation.svg) Trusted to scan 25M+ web3 addresses every month [![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg)](https://backpack.app/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![ByBit Light BG](https://blockaid.io/api/media/file/bybit-light-bg-1.svg)](https://www.bybit.com/) [![OKX Light BG](https://blockaid.io/api/media/file/okx-light-bg-1.svg)](https://www.okx.com/) ### Detailed address insights and validation Instantly uncover risks and security insights for any crypto address—keeping transactions safe in real time. Multi-Chain Support #### Validate addresses across a variety of blockchain networks ![multi chain support](https://blockaid.io/api/media/file/address-validation-1.svg) Multi-Chain Support #### Validate addresses across a variety of blockchain networks - Support for multiple blockchain networks - Accurate validation with chain-specific analysis - Flexibility to adapt to different blockchain ecosystems - Consistent security across diverse blockchain platforms Entity Evaluation #### Log security and regulatory information on every address involved in a transaction ![entity evaluation](https://blockaid.io/api/media/file/address-validation-2.svg) Entity Evaluation #### Log security and regulatory information on every address involved in a transaction - Identify fund transfers to malicious addresses - Protect users from address poisoning - Prevent interaction with OFAC-sanctioned entities Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![ network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-5.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Battle-testedand proven at scale ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg) Reducing fund loss incidents in MetaMask is a Consensys wide initiative that has been spearheaded by Blockaid. Blockaid has pushed our team to heights we didn’t know possible and continue to enable us to make users more secure than they have ever been in web3. Dror Avieli Managing Director & VP, Customer Support at Consensys ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs ![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg) Rainbow takes security extremely seriously. When seeking a partner to elevate our defenses, we didn’t settle. We chose Blockaid — not just ninjas, but seasoned warriors who have squared off against the world’s most sophisticated nation-state adversaries. We’re excited to partner with Blockaid to bolster our defenses. Mike Co-founder of Rainbow Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![AI Agents](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F677be78406a88549199ff583_ai_agents3.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **How to Build Smarter, Safer Onchain AI Agents with Blockaid** \\ \\ Blockaid launches AI-native tools for secure, next-gen AI agents—enhancing risk analysis, threat detection & agent decision making.\\ \\ January 2, 2025\\ \\ Onchain Detection and Response](https://blockaid.io/blog/how-to-build-smarter-safer-onchain-ai-agents-with-blockaid) [![Restake Farming](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Frestake_farming.png&w=3840&q=100)\\ \\ **Emerging Attack Vector: Restake Farming** \\ \\ Angel Drainer group has introduced a new attack vector utilizing a protocol to execute a novel form of approval farming attack through the queue Withdrawal mechanism.\\ \\ January 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/emerging-attack-vector-restake-farming) ### Identify and block malicious addresses Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Token Scanning [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Token Validation ## Stop rugs and other token-related scams Identify and neutralize malicious tokens associated with wallet drainers, rugpulls, spam, and more. Request a Demo ![token scanning](https://blockaid.io/api/media/file/token-header.svg) Trusted to prevent 5M+ token scams each month [![](https://blockaid.io/api/media/file/opensea-light-bg.svg)](https://opensea.io/) [![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg)](https://rainbow.me/en/) [![Uniswap Light BG](https://blockaid.io/api/media/file/uniswap-light-bg.svg)](https://uniswap.org/) [![1inch Logo Light](https://blockaid.io/api/media/file/1inch-light-bg.svg)](https://1inch.io/) [![DEX Screener Light BG](https://blockaid.io/api/media/file/dex-screener-light-bg-1.svg)](https://dexscreener.com/) [![Cointracker Light BG](https://blockaid.io/api/media/file/cointracker-light-bg.svg)](https://www.cointracker.io/) ![Azura Light BG](https://blockaid.io/api/media/file/azura-light-bg.svg) [![Jupiter Light BG](https://blockaid.io/api/media/file/jupiter-light-bg.svg)](https://jup.ag/) [![Magic Eden BG](https://blockaid.io/api/media/file/magic-eden-light-bg.svg)](https://magiceden.io/) [![Sui Light BG](https://blockaid.io/api/media/file/sui-light-bg.svg)](https://sui.io/) ### Protect against every type of malicious token Threat Detection #### Identify a wide range of token-based scams ![threat detection](https://blockaid.io/api/media/file/token-scanning-1.svg) Threat Detection #### Identify a wide range of token-based scams - Detect airdrops with embedded malicious traits - Uncover impersonation tokens mimicking legitimate assets - Expose malicious airdrops on reputable ERC-1155 platforms - Identify potential rugpulls, pump & dumps, and honeypots User Protection #### Provide real-time alerts and filtering ![user protection](https://blockaid.io/api/media/file/token-scanning-2.svg) User Protection #### Provide real-time alerts and filtering - Alert users to potentially harmful tokens - Prevent interaction with deceptive or malicious assets - Protect against financial losses from token-based scams Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![blockaid network mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-3.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Battle-testedand proven at scale ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs ![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg) Rainbow takes security extremely seriously. When seeking a partner to elevate our defenses, we didn’t settle. We chose Blockaid — not just ninjas, but seasoned warriors who have squared off against the world’s most sophisticated nation-state adversaries. We’re excited to partner with Blockaid to bolster our defenses. Mike Co-founder of Rainbow ![DEX Screener Light BG](https://blockaid.io/api/media/file/dex-screener-light-bg-1.svg) Keeping up with the flood of pump and dumps and other scam tokens was a massive headache. Blockaid solved this for us. Andy Founder at DEX Screener Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![Exchange Tokens](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftokens.png&w=3840&q=100)\\ \\ **How Blockaid Helps Exchanges Turn Token Listings into a Competitive Advantage** \\ \\ Learn how Blockaid enables exchanges to list tokens instantly while automatically blocking scams—eliminating slow manual reviews, reducing risk, and unlocking new opportunities.\\ \\ January 28, 2025\\ \\ Token Security](https://blockaid.io/blog/how-blockaid-helps-exchanges-turn-token-listings-into-a-competitive-advantage) [![Uniswap + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Funiswap_plus_blockaid.jpg&w=3840&q=100)\\ \\ **Uniswap Labs Selects Blockaid to Launch New Token Warning Feature** \\ \\ The update provides a notification when users interact with tokens that Blockaid has determined have dangerous properties or patterns.\\ \\ December 18, 2024\\ \\ Partnerships](https://blockaid.io/blog/uniswap-labs-selects-blockaid-to-launch-new-token-warning-feature) [![Sui and Blockaid Security Partnership](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsui-blockaid.jpg&w=3840&q=100)\\ \\ **Sui Foundation Partners With Blockaid to Strengthen Ecosystem Security and Simplify SecOps** \\ \\ The partnership will bring Blockaid’s industry-leading protection to Sui wallets and infrastructure.\\ \\ March 11, 2025\\ \\ Partnerships](https://blockaid.io/blog/sui-foundation-partners-with-blockaid-to-strengthen-ecosystem-security-and-simplify-secops) ### Detect and flag all token-related scams Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Web3 Security Resources [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # Resources Center Explore our collection of Web3 security threat research, white papers, podcasts, best practices, and more. Filters Topics Operational SecurityAnnouncementsTransaction SecurityThreat Intelligence ResearchPartnershipsToken SecurityOnchain Detection and ResponseProtocol Security Type [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets**\\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks**\\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit**\\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing**\\ \\ April 14, 2025\\ \\ Operational Security](https://blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) [![privy_blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect.png&w=3840&q=100)\\ \\ **Privy Integrates Blockaid to Bring Transaction Security into Global Wallets**\\ \\ March 31, 2025\\ \\ Partnerships](https://blockaid.io/blog/privy-integrates-blockaid-to-bring-transaction-security-into-global-wallets) [![Sui and Blockaid Security Partnership](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsui-blockaid.jpg&w=3840&q=100)\\ \\ **Sui Foundation Partners With Blockaid to Strengthen Ecosystem Security and Simplify SecOps**\\ \\ March 11, 2025\\ \\ Partnerships](https://blockaid.io/blog/sui-foundation-partners-with-blockaid-to-strengthen-ecosystem-security-and-simplify-secops) [![Bybit $1.5B hack technical explanation](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit-hack-hero.jpg&w=3840&q=100)\\ \\ **The $1.5B Bybit Hack Explained: A Technical Breakdown**\\ \\ February 21, 2025\\ \\ Transaction SecurityThreat Intelligence](https://blockaid.io/blog/the-15b-bybit-hack-explained-a-technical-breakdown) [![How to Prevent the Next Bybit $1.5B hack: A Strategic Approach to Solving Blind Signing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit4.png&w=3840&q=100)\\ \\ **How to Prevent the Next $1.5B Bybit Hack: A Strategic Approach to Solving Blind Signing**\\ \\ February 21, 2025\\ \\ Threat Intelligence](https://blockaid.io/blog/how-to-prevent-the-next-15b-bybit-hack-a-strategic-approach-to-solving-blind-signing) [![Blockaid Announces $50M Series B](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-series-bannouncement.png&w=3840&q=100)\\ \\ **Behind Blockaid's Series B—Securing an Onchain Future**\\ \\ February 18, 2025\\ \\ Announcements](https://blockaid.io/blog/behind-blockaids-series-b-securing-an-onchain-future) [![Stablecoins](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fstable.png&w=3840&q=100)\\ \\ **How Blockaid Secures the $5.7T Stablecoin Economy Against Threats**\\ \\ February 5, 2025\\ \\ Onchain Detection and Response](https://blockaid.io/blog/how-blockaid-secures-the-5-7-trillion-stablecoin-economy-against-threats) [![Response Plan](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fresponse.png&w=3840&q=100)\\ \\ **How to Create an Incident Response Plan for Your Onchain Protocol**\\ \\ January 29, 2025\\ \\ Protocol Security](https://blockaid.io/blog/how-to-create-an-incident-response-plan-for-your-onchain-protocol) [![Exchange Tokens](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftokens.png&w=3840&q=100)\\ \\ **How Blockaid Helps Exchanges Turn Token Listings into a Competitive Advantage**\\ \\ January 28, 2025\\ \\ Token Security](https://blockaid.io/blog/how-blockaid-helps-exchanges-turn-token-listings-into-a-competitive-advantage) [![Trump Coin](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftrump_coin.png&w=3840&q=100)\\ \\ **Data Spotlight: How Scammers Reacted to the $TRUMP Token Launch**\\ \\ January 20, 2025\\ \\ Token Security](https://blockaid.io/blog/data-spotlight-how-scammers-reacted-to-the-trump-memecoin-token-launch) [![AI Agents](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F677be78406a88549199ff583_ai_agents3.png&w=3840&q=100)\\ \\ **How to Build Smarter, Safer Onchain AI Agents with Blockaid**\\ \\ January 2, 2025\\ \\ Onchain Detection and Response](https://blockaid.io/blog/how-to-build-smarter-safer-onchain-ai-agents-with-blockaid) [![State of the Chain](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsotc.png&w=3840&q=100)\\ \\ **See What Only Blockaid Sees: Introducing State of the Chain**\\ \\ December 18, 2024\\ \\ Research](https://blockaid.io/blog/see-what-only-blockaid-sees-introducing-state-of-the-chain) [![Uniswap + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Funiswap_plus_blockaid.jpg&w=3840&q=100)\\ \\ **Uniswap Labs Selects Blockaid to Launch New Token Warning Feature**\\ \\ December 18, 2024\\ \\ Partnerships](https://blockaid.io/blog/uniswap-labs-selects-blockaid-to-launch-new-token-warning-feature) [![World + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F67450fe9817d11343fc83233_blockaid-world-app.jpg&w=3840&q=100)\\ \\ **World App Bolsters Security With New Blockaid Integration**\\ \\ November 25, 2024\\ \\ Partnerships](https://blockaid.io/blog/world-app-bolsters-security-with-new-blockaid-integration) [![iofinnet](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F6736318dc30af593a18f13d2_blockaid-iofinnet.jpg&w=3840&q=100)\\ \\ **io.finnet Strengthens Institutional DeFi Security Through Strategic Blockaid Integration**\\ \\ November 13, 2024\\ \\ Partnerships](https://blockaid.io/blog/io-finnet-strengthens-institutional-defi-security-through-strategic-blockaid-integration) [![Lottie](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F6723ac8eeae3ca2e10ace8df_Lottie.png&w=3840&q=100)\\ \\ **Attack Report: Lottie Player supply chain attack**\\ \\ October 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/attack-report-lottie-player-supply-chain-attack) [![Transaction verification](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftxv.png&w=3840&q=100)\\ \\ **Transaction Verification: A Solution to Blind Signing in Hardware Wallets**\\ \\ October 27, 2024\\ \\ Transaction Security](https://blockaid.io/blog/transaction-verification-a-solution-to-blind-signing-in-hardware-wallets) [![Immutable](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fba_x_immutable.png&w=3840&q=100)\\ \\ **Immutable Passport integrates Blockaid to protect Web3 gaming**\\ \\ October 24, 2024\\ \\ Partnerships](https://blockaid.io/blog/immutable-passport-integrates-blockaid-to-protect-web3-gaming) [![Blockaid + Stellar](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F671119801c9fdde786d7085a_blockaid-stellar.jpg&w=3840&q=100)\\ \\ **Stellar Bolsters Ecosystem-Wide Security With Blockaid**\\ \\ October 16, 2024\\ \\ Partnerships](https://blockaid.io/blog/stellar-bolsters-ecosystem-wide-security-with-blockaid) [![Unmasking](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbanner.png&w=3840&q=100)\\ \\ **Unmasking Wallet Drainers: Step-by-Step Breakdown of a Crypto Heist**\\ \\ October 13, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/unmasking-wallet-drainers-step-by-step-breakdown-of-a-crypto-heist) [![Argent Partnership](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F66f1756c30561bdf55a6a467_argent-social-post-banner.jpg&w=3840&q=100)\\ \\ **Argent Releases Upgraded Wallet, Now Secured by Blockaid**\\ \\ September 22, 2024\\ \\ Partnerships](https://blockaid.io/blog/argent-releases-upgraded-wallet-now-secured-by-blockaid) [![Solana TOCTOU](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftoctou.png&w=3840&q=100)\\ \\ **Dissecting TOCTOU Attacks: How Wallet Drainers Exploit Solana's Transaction Timing**\\ \\ September 21, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/dissecting-toctou-attacks-how-wallet-drainers-exploit-solanas-transaction-timing) [![Safe + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsafe_wallet.jpg&w=3840&q=100)\\ \\ **Safe{Wallet} Gets Even Safer: Introducing Blockaid Integration**\\ \\ September 16, 2024\\ \\ Partnerships](https://blockaid.io/blog/safe-wallet-gets-even-safer-introducing-blockaid-integration) [![AngelX](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fanglex.png&w=3840&q=100)\\ \\ **Threat Report: AngelX**\\ \\ September 4, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/threat-report-angelx) [![WazirX](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fwazir_header.png&w=3840&q=100)\\ \\ **The $230M Blind Spot: Lessons from the WazirX Hack**\\ \\ August 21, 2024\\ \\ Transaction Security](https://blockaid.io/blog/the-230m-blind-spot-lessons-from-the-wazirx-hack) [![Blockaid x Alchemy](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-x-alchemy-header.jpg&w=3840&q=100)\\ \\ **Alchemy Selects Blockaid as a Web3 Security Partner for Rollups**\\ \\ July 31, 2024\\ \\ Partnerships](https://blockaid.io/blog/alchemy-selects-blockaid-as-a-web3-security-partner) [![Squarespace Incident](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsquarespace_header.png&w=3840&q=100)\\ \\ **Squarespace Domain Hijacking Incident: Attack Report**\\ \\ July 14, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/squarespace-defi-domain-hijack-incident) [![1inch + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F1inch_blockaid.png&w=3840&q=100)\\ \\ **Driving Trust: Blockaid and 1inch's Shared Mission in Web3 Security**\\ \\ June 19, 2024\\ \\ Partnerships](https://blockaid.io/blog/driving-trust-blockaid-and-1inchs-shared-mission-in-web3-security) [![Bypasses](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbypass_graphic.png&w=3840&q=100)\\ \\ **Bypasses: How Attackers Evade Transaction Simulation**\\ \\ June 11, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/bypasses-how-attackers-evade-transaction-simulation) [![Core + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fheader.png&w=3840&q=100)\\ \\ **Blockaid Bolsters Security on Avalanche with Core Integration**\\ \\ June 5, 2024\\ \\ Partnerships](https://blockaid.io/blog/blockaid-bolsters-security-on-avalanche-with-core-integration) [![Address Poisoning](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Faddress_poisoning_header.jpg&w=3840&q=100)\\ \\ **Deep Dive into Address Poisoning**\\ \\ May 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/a-deep-dive-into-address-poisoning) [![Violet Drainer](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fviolet.webp&w=3840&q=100)\\ \\ **How Blockaid Stopped Violet Drainer Before It Could Start**\\ \\ April 18, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/how-blockaid-stopped-violet-drainer-before-it-could-start) [![Blockaid + CoinTracker](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fcointracker.png&w=3840&q=100)\\ \\ **How Blockaid Helped CoinTracker Solve Its Spam Token Problem**\\ \\ March 20, 2024\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helped-cointracker-solve-its-spam-token-problem) [![Restake Farming](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Frestake_farming.png&w=3840&q=100)\\ \\ **Emerging Attack Vector: Restake Farming**\\ \\ January 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/emerging-attack-vector-restake-farming) [![Inferno](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Finferno.png&w=3840&q=100)\\ \\ **Putting Inferno Drainer Group Out of Business**\\ \\ January 3, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/putting-inferno-drainer-group-out-of-business) [![Ledger Connect Kit Attack](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fledger_kit_header.png&w=3840&q=100)\\ \\ **Attack Report: Ledger Connect Kit**\\ \\ December 14, 2023\\ \\ Threat Intelligence](https://blockaid.io/blog/attack-report-ledger-connect-kit) [![Blockaid + Zerion](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid_zerion.png&w=3840&q=100)\\ \\ **Zerion: Phishing Defense Powered by Blockaid**\\ \\ December 7, 2023\\ \\ Partnerships](https://blockaid.io/blog/zerion-phishing-defense-powered-by-blockaid) [![Blockaid + Rainbow](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Frainbow.png&w=3840&q=100)\\ \\ **Rainbow Wallet: Mobile App and Browser Extension Powered By Blockaid**\\ \\ December 6, 2023\\ \\ Partnerships](https://blockaid.io/blog/rainbow-wallet-mobile-app-and-browser-extension-powered-by-blockaid) [![Drainers](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fheader-dapps-101.png&w=3840&q=100)\\ \\ **Malicious dApp 101: Wallet Drainers Are Stealthier, More Complex than Ever**\\ \\ November 14, 2023\\ \\ Threat Intelligence](https://blockaid.io/blog/malicious-dapp-101-wallet-drainers-are-stealthier-more-complex-than-ever) [![Blockaid + Metamask](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fmetamask.png&w=3840&q=100)\\ \\ **Blockaid + MetaMask: Securing Web3 Users While Preserving Privacy**\\ \\ October 31, 2023\\ \\ Partnerships](https://blockaid.io/blog/blockaid-metamask-securing-web3-users-while-preserving-privacy) [![Malicious dApps 101](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fheader-1.png&w=3840&q=100)\\ \\ **Malicious dApps 101: Wallet Drainers**\\ \\ October 30, 2023\\ \\ Threat Intelligence](https://blockaid.io/blog/wallet-drainers-vitalik-metamask) [![Emerging from Stealth](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fstealth_header.png&w=3840&q=100)\\ \\ **Emerging from stealth with $33M in funding to secure web3**\\ \\ October 5, 2023\\ \\ Announcements](https://blockaid.io/blog/emerging-from-stealth-with-33-m-in-funding-to-secure-web3) ## Malicious dApp Detection [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) dApp Scanning ## Detect and flag every malicious dApp Neutralize threats before they impact your users with the only solution that detects malicious dApps before they’re used in an attack. Request a Demo ![dapp scanning](https://blockaid.io/api/media/file/hero-dapp-scanning.svg) Trusted to secure 120M+ dApp connections every month [![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![Stellar Light BG](https://blockaid.io/api/media/file/stellar-light-bg-1.svg)](https://stellar.org/) [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg)](https://rainbow.me/en/) [![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg)](https://zerion.io/) [![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg)](https://backpack.app/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![Starknet Light BG](https://blockaid.io/api/media/file/starknet-light-bg.svg)](https://www.starknet.io/) [![Soneium Light BG](https://blockaid.io/api/media/file/soneium-light-bg.svg)](https://soneium.org/) [![Fireblocks Light BG](https://blockaid.io/api/media/file/fireblocks-light-bg.svg)](https://www.fireblocks.com/) [![dYdX Light BG](https://blockaid.io/api/media/file/dYdX-light-bg-1.svg)](https://dydx.exchange/) [![Sui Light BG](https://blockaid.io/api/media/file/sui-light-bg.svg)](https://sui.io/) 1.6 million malicious dApps blocked monthly 75 million domains scanned monthly 4 minutes time to detect newly deployed scam ### Proactive defense against malicious dApps Internet-Wide Scanning #### Identify new malicious dApps before they harm users ![internet-wide scanning](https://blockaid.io/api/media/file/dapp-scanning-1.svg) Internet-Wide Scanning #### Identify new malicious dApps before they harm users Blockaid’s unique approach pre-emptively identifies new malicious dApps by: - Monitoring for new domain registrations - Employing active web crawling for comprehensive coverage - Monitoring social media platforms for new dApp discussions Sandboxed Analysis #### Simulate user interactions to expose hidden threats ![sandboxed analysis](https://blockaid.io/api/media/file/dapp-scanning-2.svg) Sandboxed Analysis #### Simulate user interactions to expose hidden threats - Intercept network and JSON-RPC requests - Fuzz user interfaces to trigger all transaction types - Mock high-net-worth wallet interactions - Flag evasion techniques used by attackers Transaction Validation #### Analyze and flag malicious transactions in real-time ![transaction validation](https://blockaid.io/api/media/file/dapp-scanning-3.svg) Transaction Validation #### Analyze and flag malicious transactions in real-time - Identify fund transfers to malicious addresses - Protect users from address poisoning - Prevent interaction with OFAC-sanctioned entities Network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![Blockaid Network Mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-1.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Battle-testedand proven at scale ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg) The quality of Blockaid's product is second to none. They have helped us detect and prevent scams and hacks from our users. The team's expertise in cybersecurity, with years of experience, has been evident in the results since the early stages of integration. Andrey Balyasnikov Head of Product at Zerion ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![Lottie](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F6723ac8eeae3ca2e10ace8df_Lottie.png&w=3840&q=100)\\ \\ **Attack Report: Lottie Player supply chain attack** \\ \\ Step-by-step analysis of the Lottie Player Supply Chain Attack - and how Blockaid was able to detect it within minutes\\ \\ October 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/attack-report-lottie-player-supply-chain-attack) [![Solana TOCTOU](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftoctou.png&w=3840&q=100)\\ \\ **Dissecting TOCTOU Attacks: How Wallet Drainers Exploit Solana's Transaction Timing** \\ \\ Attackers are now abusing the time gap between simulation and execution to target Solana users.\\ \\ September 21, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/dissecting-toctou-attacks-how-wallet-drainers-exploit-solanas-transaction-timing) [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ EIP-7702 is live - and Blockaid is working with the biggest companies in crypto to help them support 7702 safely and confidently. \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) ### Detect and block every malicious dApp Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Transaction Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Transaction Security ## Simulate and validate every transaction in real time Enable users to understand the state changes and outcomes that would result if a transaction were executed and if it should be trusted. Request a Demo ![transaction security](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Ftransaction-security.png&w=3840&q=100) Trusted to protect 180M+ web3 transactions every month [![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![World Light BG](https://blockaid.io/api/media/file/world-light-bg.svg)](https://world.org/) [![Kraken Light BG](https://blockaid.io/api/media/file/kraken-light-bg.svg)](https://kraken.com/) [![Safe Light BG](https://blockaid.io/api/media/file/safe-light-bg-2.svg)](https://safe.global/) [![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg)](https://zerion.io/) [![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg)](https://backpack.app/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75)](https://core.app/) [![Exodus Light BG](https://blockaid.io/api/media/file/exodus-light-bg.svg)](https://www.exodus.com/) [![Farcaster Light BG](https://blockaid.io/api/media/file/farcaster-light-bg.svg)](https://www.farcaster.xyz/) [![Magic Eden BG](https://blockaid.io/api/media/file/magic-eden-light-bg.svg)](https://magiceden.io/) [![OKX Light BG](https://blockaid.io/api/media/file/okx-light-bg-1.svg)](https://www.okx.com/) ### Full support for popular and emerging chains ![ethereum](https://blockaid.io/api/media/file/chain-ethereum.svg) ![solana](https://blockaid.io/api/media/file/chain-solana.svg) ![base](https://blockaid.io/api/media/file/chain-base.svg) ![linea](https://blockaid.io/api/media/file/chain-linea.svg) ![blast](https://blockaid.io/api/media/file/chain-blast.svg) ![optimism](https://blockaid.io/api/media/file/chain-optimism.svg) ![bitcoin](https://blockaid.io/api/media/file/chain-bitcoin.svg) * * * Building a new chain? [Get in touch](https://blockaid.io/contact) to learn about how Blockaid can provide custom solutions for helping chains secure their users from day one. ### Protection for the entire transaction lifecycle Transaction Preview #### Reveal the full onchain impact of a transaction—before it’s signed ![transaction preview](https://blockaid.io/api/media/file/ts-f-1.svg) Transaction Preview #### Reveal the full onchain impact of a transaction—before it’s signed - Ultra-low latency (<300ms P99) - Generic EIP-712 Support - EIP-4337 Support - Bulk transaction support Security Assessment #### Protect users from signing transactions that will drain their assets ![security assessment](https://blockaid.io/api/media/file/ts-f-2.svg) Security Assessment #### Protect users from signing transactions that will drain their assets - Flag complex attack scenarios - Protect users from wallet drainers - Prevent transfers to unauthorized entities - Stop interactions with malicious contracts Entity Evaluation #### Log security and regulatory information on every address involved in a transaction ![entity evaluation](https://blockaid.io/api/media/file/ts-f-3.svg) Entity Evaluation #### Log security and regulatory information on every address involved in a transaction - Identify fund transfers to malicious addresses - Protect users from address poisoning - Prevent interaction with OFAC-sanctioned entities network ### Powered by the largest network of web3 interfaces Blockaid is directly integrated with the most used web3 wallets and interfaces. Our system sees more data and is able to block threats directly on our network. ![Blockaid Network Mobile](https://blockaid.io/api/media/file/blockaid-network-mobile-1.svg)![network desktop](https://blockaid.io/api/media/file/blockaid-network-desktop-2.svg) ### Real impact for leadingorganizations ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg) Reducing fund loss incidents in MetaMask is a Consensys wide initiative that has been spearheaded by Blockaid. Blockaid has pushed our team to heights we didn’t know possible and continue to enable us to make users more secure than they have ever been in web3. Dror Avieli Managing Director & VP, Customer Support at Consensys ![Zerion Light BG](https://blockaid.io/api/media/file/zerion-light-bg.svg) The quality of Blockaid's product is second to none. They have helped us detect and prevent scams and hacks from our users. The team's expertise in cybersecurity, with years of experience, has been evident in the results since the early stages of integration. Andrey Balyasnikov Head of Product at Zerion ![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75) Blockaid's real-time security alerts integrated within Core provide users with a proactive shield against emerging threats, empowering them to navigate the Avalanche ecosystem with confidence. Together, Blockaid and Core are not just securing transactions; they are paving the way for a safer, more resilient Web3 future. Akash Gupta Head of Consumer Products at Ava Labs ![Rainbow Light BG](https://blockaid.io/api/media/file/rainbow-light-bg.svg) Rainbow takes security extremely seriously. When seeking a partner to elevate our defenses, we didn’t settle. We chose Blockaid — not just ninjas, but seasoned warriors who have squared off against the world’s most sophisticated nation-state adversaries. We’re excited to partner with Blockaid to bolster our defenses. Mike Co-founder of Rainbow ![Backpack Light BG](https://blockaid.io/api/media/file/backpack-light-bg-1.svg) At Backpack, we prioritize security as the foundation for storing and managing cryptocurrencies. Our partnership withBlockaid enhances our commitment to safety, enabling users to interact with onchain apps with confidence. Armani Ferrante CEO at Backpack Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![World + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F67450fe9817d11343fc83233_blockaid-world-app.jpg&w=3840&q=100)\\ \\ **World App Bolsters Security With New Blockaid Integration** \\ \\ Over the past two months, Tools for Humanity has been working with Blockaid to bring enhanced transaction security to World App.\\ \\ November 25, 2024\\ \\ Partnerships](https://blockaid.io/blog/world-app-bolsters-security-with-new-blockaid-integration) [![Solana TOCTOU](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftoctou.png&w=3840&q=100)\\ \\ **Dissecting TOCTOU Attacks: How Wallet Drainers Exploit Solana's Transaction Timing** \\ \\ Attackers are now abusing the time gap between simulation and execution to target Solana users.\\ \\ September 21, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/dissecting-toctou-attacks-how-wallet-drainers-exploit-solanas-transaction-timing) [![privy_blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect.png&w=3840&q=100)\\ \\ **Privy Integrates Blockaid to Bring Transaction Security into Global Wallets** \\ \\ Blockaid's Transaction Security is now available in Privy Global Wallets—helping users stay safe before they sign.\\ \\ March 31, 2025\\ \\ Partnerships](https://blockaid.io/blog/privy-integrates-blockaid-to-bring-transaction-security-into-global-wallets) ### Simulate, validate, and protect every transaction in real time Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Onchain Security Solutions [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Onchain Detection and Response ## One platform for visibility, investigation, and real-time end-user protection Detect, understand, and automatically respond to fraud, scams, exploits, and financial risks. Request a Demo ![hero platform](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fblockaid-platform.png&w=3840&q=100) Protecting the best [![Stellar Light BG](https://blockaid.io/api/media/file/stellar-light-bg-1.svg)](https://stellar.org/) [![World Light BG](https://blockaid.io/api/media/file/world-light-bg.svg)](https://world.org/) [![Uniswap Light BG](https://blockaid.io/api/media/file/uniswap-light-bg.svg)](https://uniswap.org/) [![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg)](https://www.coinbase.com/) [![Starknet Light BG](https://blockaid.io/api/media/file/starknet-light-bg.svg)](https://www.starknet.io/) [![Soneium Light BG](https://blockaid.io/api/media/file/soneium-light-bg.svg)](https://soneium.org/) [![](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcore_black_fn2.png&w=640&q=75)](https://core.app/) [![Abstract Light BG](https://blockaid.io/api/media/file/abstract-light-bg.svg)](https://www.abs.xyz/) [![Eclipse Light BG](https://blockaid.io/api/media/file/eclipse-light-bg.svg)](https://www.eclipse.xyz/) [![Immutable Light BG](https://blockaid.io/api/media/file/immutable-light-bg.svg)](https://www.immutable.com/) [![Jupiter Light BG](https://blockaid.io/api/media/file/jupiter-light-bg.svg)](https://jup.ag/) [![Sui Light BG](https://blockaid.io/api/media/file/sui-light-bg.svg)](https://sui.io/) ### Industry-leading intelligence, complete control The most comprehensive onchain security platform and the flexibility to use only what you need—from monitoring specific assets to instantly protecting millions of users. Monitor Assets Track owned and external assets plus on and offchain signals. ![monitor assets](https://blockaid.io/api/media/file/platform-f-1.svg) Measure Impact Gain insight into actual and potential losses from fraud, scams, and hacks. ![measure impact](https://blockaid.io/api/media/file/platform-f-2.svg) Investigate Incidents Automate incident research while being able to drill down into the details. ![investigate incidents](https://blockaid.io/api/media/file/platform-f-3.svg) Protect Users Provide real-time protection against blind-signing, fraud, scams, and hacks. ![protect users](https://blockaid.io/api/media/file/platform-f-4.svg) ### Full-cycle security from monitoring to investigation Blockaid empowers Security, Product, and Compliance teams to understand, report on, and protect their onchain interests. Monitor #### Continuously monitor onchain assets, infrastructure, and on and offchain signals ![monitor](https://blockaid.io/api/media/file/platform-1.svg) Monitor #### Continuously monitor onchain assets, infrastructure, and on and offchain signals Entire Web Wallet Interactions Smart Contracts Treasury Wallets Multisig Wallets Sequencers Externally Owned Assets (EOAS) Mempools Validators AND MORE Detect #### Identify scams, fraud, exploits, and financial risks with battle-tested ML models and heuristics ![detect](https://blockaid.io/api/media/file/platform-2.svg) Detect #### Identify scams, fraud, exploits, and financial risks with battle-tested ML models and heuristics Malicious Transactions Malicious Tokens Compromised Frontends Suspicious Function Calls Multisignature Approvals Suspicious Transfers MEV Attacks Majority Collusion Attacks Liquidity Anomalies AND MORE Respond #### Automatically respond to threats in real time with pre-defined and custom workflows ![respond](https://blockaid.io/api/media/file/platform-3.svg) Respond #### Automatically respond to threats in real time with pre-defined and custom workflows Alert SECOPS on Slack Deny Cosigner Signature Unwind Positions Revoke Approvals Pause Contracts Change Parameters Notify Party Wallets AND MORE Investigate #### Drill down into every incident report to explore the details and root cause ![investigate](https://blockaid.io/api/media/file/platform-4.svg) Investigate #### Drill down into every incident report to explore the details and root cause Related Entities Attack Type AND MORE ### Wallet and interface integration Monitor transactions, dApps, and tokens within wallets and interfaces to detect threats and alert users in real-time. Transaction SecuritydApp ScanningToken Scanning ![](https://blockaid.io/api/media/file/tx_scanning.svg) as seen in ![](https://blockaid.io/api/media/file/MetaMask-logo-white.svg) ![coinbase](https://blockaid.io/api/media/file/client-coinbase-dark.svg) ![Ledger Dark BG](https://blockaid.io/api/media/file/ledger-dark-bg-1.svg) ![backpack](https://blockaid.io/api/media/file/logo-backpack-dark.svg) ![Starknet Dark BG](https://blockaid.io/api/media/file/starknet-dark-bg.svg) ### Comprehensive security, proven track record ![cube](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcube-list-marker.png&w=3840&q=100)Complete coverage * * * Onchain security goes beyond smart contracts. Blockaid also detects scams, fraud, and financial risks using internet-wide scanning and pre-and-post transaction data. ![cube](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcube-list-marker.png&w=3840&q=100)Proven at scale * * * Integrated with the highest volume platforms including Coinbase, Metamask, World App, Safe, Uniswap, and more. ![cube](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcube-list-marker.png&w=3840&q=100)Fast implementation * * * Onboard your security team and start monitoring within minutes with hands-on engineering support and continuous threat model updates. ![cube](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fcube-list-marker.png&w=3840&q=100)Maximum impact * * * Ability to embed Blockaid interface security in your own apps and also alert 20+ million users across Blockaid's network of web3 interfaces. Request a Demo ### Real impact for leadingorganizations ![Coinbase Light BG](https://blockaid.io/api/media/file/coinbase-light-bg.svg) Integrating Blockaid helped evolve and improve onchain security for our users. By supporting safety on Ethereum Mainnet as well 6+ other EVM chains such as Base, Optimism, and Polygon, we have been able to improve both UX and safety for Coinbase Wallet users. Getting security right is critical for bringing one billion people onchain. Chintan Turakhia Senior Director, Engineering at Coinbase ![](https://blockaid.io/api/media/file/MetaMask-logo-black-1.svg) Reducing fund loss incidents in MetaMask is a Consensys wide initiative that has been spearheaded by Blockaid. Blockaid has pushed our team to heights we didn’t know possible and continue to enable us to make users more secure than they have ever been in web3. Dror Avieli Managing Director & VP, Customer Support at Consensys Previous slide Next slide ### Latest resources and news [View All](https://blockaid.io/blog) [![Stablecoins](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fstable.png&w=3840&q=100)\\ \\ **How Blockaid Secures the $5.7T Stablecoin Economy Against Threats** \\ \\ As a stablecoin issuer, the risks to your business extend far beyond technical vulnerabilities - Blockaid provides tailor made solutions to mitigate these risks and help you detect and respond to threat across your ecosystem.\\ \\ February 5, 2025\\ \\ Onchain Detection and Response](https://blockaid.io/blog/how-blockaid-secures-the-5-7-trillion-stablecoin-economy-against-threats) [![Response Plan](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fresponse.png&w=3840&q=100)\\ \\ **How to Create an Incident Response Plan for Your Onchain Protocol** \\ \\ Learn how to build a structured incident response plan for your onchain protocol to detect, contain, and mitigate threats effectively when an attack occurs.\\ \\ January 29, 2025\\ \\ Protocol Security](https://blockaid.io/blog/how-to-create-an-incident-response-plan-for-your-onchain-protocol) [![World + Blockaid](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F67450fe9817d11343fc83233_blockaid-world-app.jpg&w=3840&q=100)\\ \\ **World App Bolsters Security With New Blockaid Integration** \\ \\ Over the past two months, Tools for Humanity has been working with Blockaid to bring enhanced transaction security to World App.\\ \\ November 25, 2024\\ \\ Partnerships](https://blockaid.io/blog/world-app-bolsters-security-with-new-blockaid-integration) ### Detect, understand, and protect against fraud, scams, exploits, and financial risks with Blockaid Request a Demo ![with blockaid](https://blockaid.io/api/media/file/highlight-s.svg) ## Contact Blockaid [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # Get in touch Have questions or need assistance? We're here to help. Sales Speak with our sales team about using Blockaid for your use case. ![](https://blockaid.io/api/media/file/Contact.svg) Contact Sales![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg) Documentation Learn how to integrate Blockaid into your platform with integration guides, SDKs, and API reference. ![](https://blockaid.io/api/media/file/Integration%20guides.svg) [Visit Docs![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://docs.blockaid.io/) Careers Join us and work with the best team in the industry on the biggest issue of the market. ![](https://blockaid.io/api/media/file/Careers.svg) [Explore Positions![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://www.comeet.com/jobs/blockaid/69.00b) Report an Issue Flag a scam, report a false positive result, or verify your project will pass security checks. ![](https://blockaid.io/api/media/file/Issue.svg) [Support Portal![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg)](https://report.blockaid.io/) ### Meet us F2F at these events June 30th ETHCC 8 * * * ![Right](https://blockaid.io/_next/static/media/location-pin.6c0ab73d.svg)Cannes, France Meet Us There ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg) October 1st Token 2049 Singapore * * * ![Right](https://blockaid.io/_next/static/media/location-pin.6c0ab73d.svg)Singapore Meet Us There ![Right](https://blockaid.io/_next/static/media/learn-more-arrow.d4afd305.svg) # Other questions? Name \* Email \* Message \* Submit By submitting this form, you agree to our [Privacy Policy](https://blockaid.io/legal/privacy-policy). ## Supply Chain Attack Overview [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) This week, the web3 ecosystem witnessed one of the most brutal frontend attacks ever experienced. While most attacks are highly targeted on a specific frontend (i.e. BadgerDAO, [Galxe.com](https://www.galxe.com/), or [balancer.fi](https://balancer.fi/)), this time the exploit broadly impacted upwards of 100 frontends causing each dApp and their users to fall victim. This can be attributed to the nature of the attack: a supply chain attack. With the attack 48 hours behind us, we’re now able to provide full visibility into the anatomy of the attack. Specifically, let’s go through a timeline, understand supply chain attacks, and dive deep into this specific attack perpetrated by the Angel Drainer Group. We’ll also show how Blockaid’s automatic detection and proactive protection ensured that each and every wallet that had Blockaid integrated was safe as soon as the malicious payload was deployed. ### Timeline Here are the key moments from the start of the attack to the patch/fix deployed: - **2:37am PST, December 14th** \- a malicious payload was deployed by an attacker into the @ledgerhq/connect-kit versions 1.1.5, 1.1.6, 1.1.7 - **2:43am PST, December 14th**, Blockaid frontend attack alerts were triggered through a dApp scan initiated on hey.xyz. All related transactions were instantly blocked as soon as the payload was deployed, and dApp connections were then blocked after this dApp scan at 2:43 am PT. - **4:28am PST, December 14th** \- Blockaid publishes the first [tweet](https://x.com/blockaid_/status/1735275569586090221) in regard of the attack, only after disclosing to Ledger and receiving confirmation from their team. - **5:18am PST, December 14th** \- A patched version, 1.1.8 was deployed by Ledger. ### What’s a Supply Chain Attack? Most of the time, when an attacker aims to target a specific application they will attempt to detect vulnerabilities, misconfigurations, or other types of weak spots directly within that specific application. In contrast to these straight-forward attacks, a supply chain attack is more sophisticated. Instead of finding a vulnerability directly within the targeted application, the attacker will instead navigate through the various dependencies or components included in the application to identify a point of weakness, or vulnerability. For example, If the attackers can successfully target a dependency of an application, it provides them with a free entry point into the actual application. ![supply_chain.png](https://blockaid.io/api/resourceContentImages/file/supply_chain.png) ### Anatomy of the attack The attacker was able to inject a malicious wallet-draining payload into the @ledgerhq/connect-kit NPM package, affecting versions 1.1.5, 1.1.6, and 1.1.7. Importantly, although the malicious code was injected into a Ledger package, the attack is not only targeted at Ledger wallet users. Instead, it affects **every wallet** that ultimately connects to each compromised dApp. The attacker exploited the ‘supply chain,’ the fact that the Ledger connect-kit package is a piece of code used across many applications in the ecosystem. Once the packages with the malicious payload were deployed to NPM, every dApp using this dependency pulled the new version from NPM and served it to its users. Among the affected dApps were hey.xyz (attributed to the Lens protocol), sushi.com, zapper.xyz, and counltess other dApps using the package. ![scanner_view.png](https://blockaid.io/api/resourceContentImages/file/scanner_view.png) ### Blockaid Real-time Protection Blockaid helps wallets and dApps protect users from scams, phishing, and hacks. Our engine can detect exploits like this in real-time at both the dApp and transaction levels. We process terabytes of data daily just to guard against events like this one. By monitoring a vast amount of data in real-time, our engine identified malicious transactions originating from previously benign dApps. This immediately triggered a set of real-time scans on these dApps, resulting in them being flagged as malicious at the very onset of the attack - **without any human involvement!** The scans triggered alerts for the Blockaid research team, who immediately investigated into the code and quickly comprehended the true scale of the attack. Automatic, real-time detection contributed to making Blockaid the first team to not only detect the attack but understand the implications of it. Here are some public examples of wallets and applications that had Blockaid real-time protection enabled, ensuring their users were completely protected from the attack from the moment it began. _OpenSea, Metamask, Zerion, Rainbow_ ![blockaid_customers.png](https://blockaid.io/api/resourceContentImages/file/blockaid_customers.png) ### Real-time Protection VS. Reactive Manual Protection It’s worth focusing on the significance of real-time protection in this context. Unlike human-made deny-lists that are difficult to maintain and may not capture events like this until widespread damage is done, real-time detection ensures the highest level of protection—an essential component that every user in the ecosystem should demand. During the early hours of the attack, there was a lot of uncertainty about what was happening. Reports circulated highlighting certain frontends as compromised, which didn’t properly understand the sheer scale of the impact. Thanks to our real-time protection, we were able to communicate the incident as quickly as possible and convey the seriousness of this event. ![chat.png](https://blockaid.io/api/resourceContentImages/file/chat.png) For those relying on manual protection or weaker detection engines, they were only able to protect their users several hours into the attack, with the majority of the damage occurring in the initial hours. The way we see it, when it comes to security _a minute late is too late._ ### The attack group responsible: Angel Drainer At Blockaid, our models are based on deep knowledge regarding various attack groups that deploy drainers and their strategies. We have been tracking the Angel Drainer, the group behind this attack, for a very long time. As early as October, Blockaid had discovered a consistent launching of new, malicious dApps that all lead back to the same onchain drainer infrastructure. You can see that the Angel Drainer group has been increasing the number of dApps it launches daily leading up to the attack: ![angel_per_day.png](https://blockaid.io/api/resourceContentImages/file/angel_per_day.png) Within minutes of the Ledger Connect Kit attack, Blockaid researchers were able to identify the attack emanated from the Angel Group based on known onchain addresses, as well as the SDKs and CNC interactions. ### Onchain The attack involved a number of addresses: 1. [**0x000067464bdcbec51051ddcce8551e702f130000**](https://etherscan.io/address/0x000067464bdcbec51051ddcce8551e702f130000) \- the main draining contract, referred to as **main-drainer**. 2. [**0x658729879fca881d9526480b82ae00efc54b5c2d**](https://etherscan.io/address/0x658729879fca881d9526480b82ae00efc54b5c2d) \- an EOA used for collecting profits from the **main-drainer** and obtaining direct approvals/permits from the attacked users. Referred to as **collector-wallet**. 3. [**0x00003ffA7857408ab714c28B1451914330240000**](https://etherscan.io/address/0x00003ffA7857408ab714c28B1451914330240000) \- an EOA used to execute operations on the **main-drainer**. It’s also the owner of the **main-drainer** contract. Referred to as **operator-wallet**. 4. [**0x412f10AAd96fD78da6736387e2C84931Ac20313f**](https://etherscan.io/address/0x412f10AAd96fD78da6736387e2C84931Ac20313f) \- an EOA that holds the ENS angel-drainer.eth. Used to collect fees for the usage of the Angel Drainer infrastructure, referred to as **fee-collector-wallet**. To understand how it works, consider the following example [transaction](https://etherscan.io/tx/0x730884cebcb36e272387b39cf75ed529ec2c1586b8b53955323e6dd51a9f70dd). As seen, the **operator-wallet** address triggered a built-in **multicall** function inside the **main-drainer**. One can observe that exactly 15% of the funds go to the **fee-collector-wallet**, and the remaining 85% go to the **collector-wallet**. This revenue-sharing structure repeats itself in this attack, as well as in many other draining activities in the wild. ![onchain_graph.png](https://blockaid.io/api/resourceContentImages/file/onchain_graph.png) The attack also introduced a new type of assault that creates dedicated contracts on demand. This type of attack will be covered further in a future blog. Upon examining the bytecode of the **main-drainer**, one can see that it actually includes a multicall function accessible only to the contract owner (in our case, the **operator-wallet**). This is a technique employed by many drainer contracts to maintain a "backdoor" for running arbitrary code within the context of the main draining contract. Blockaid has an automatic decompilation component capable of detecting these types of behaviors in real-time while analyzing a transaction. ![code_obf.png](https://blockaid.io/api/resourceContentImages/file/code_obf.png) ### Offchain The attacker used a set of Command & Control (CNC) servers as the infrastructure for the operation. ![cnc_list.png](https://blockaid.io/api/resourceContentImages/file/cnc_list.png) As mentioned before, these CNCs were all previously used in other malicious drainers that the attacker deployed outside the scope of this attack. Visualized below, the attacker was using the same contracts to operate his draining infrastructure. The red dots indicate dApps while the blue dots connote onchain wallets and smart contract infrastructure. This is a common attacker technique: using the same onchain infrastructure to support different drainers. This is why at Blockaid, we believe in deep behavioral analysis rather than the casual maintenance of deny-lists and bloom-filters. ### Conclusion 1. **Supply Chain Attacks:** Supply chain attacks, a well-known attack vector, have been employed across various industries in the past couple of years. Our community is not immune to them, and we must implement relevant web2 security measures to guard against such threats. A huge shoutout to the Ledger team for their responsiveness and the swift release of a patch to mitigate the attack at the NPM level. 2. **dApps & Transaction Level Protection:** Regardless of whether a user was targeted through a compromised frontend, phishing attack, social engineering, or another attack type, the final step to be scammed is a transaction. If wallets and applications can detect threats at the transaction level, it would protect user funds and would be a significant win for web3. 3. **Real-time Protection:** The attack underscored the importance of having real-time protection enabled. Wallets and applications that relied on mechanisms detecting and announcing the attack several hours into the event suffered significant losses. The majority of the damage occurred in the first few hours of the attack. Attackers are getting smarter and more sophisticated. Simple deny-lists or bloom-filters are too little, too late. 4. **Blockaid:** Our commitment to our customers is to be at the forefront of understanding and preventing these types of attacks at the wallet/transaction level and to empower builders with an understanding of the situation. We take pride in being the first team to detect this attack, and the fact that our engine successfully prevented it at both the dApp and transaction levels without human intervention. While all Blockaid-protected users remained unaffected by this attack, we believe that our growth will bring more trust and safety to web3, enabling the industry to realize its true potential. If you're a wallet/application building on web3 and seeking real-time protection, don't hesitate to reach out. We won’t stop until we make it virtually impossible for attack groups to make millions of dollars draining web3 user wallets. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Zerion Phishing Defense [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) A core part of Zerion's new browser extension and mobile app update is their Phishing Defense. We’re proud to have worked closely with the Zerion team to power Phishing Defense with Blockaid dApp Scanning and Transaction validation. Anytime a user of Zerion Wallet tries to access a malicious dApp URL or sign a transaction with an entity related to a malicious wallet drainer, a user will be notified with an interstitial that looks like this: ![blockaid_zerion_integration.png](https://blockaid.io/api/resourceContentImages/file/blockaid_zerion_integration.png) While it’s that simple for the user, the work comes underneath the hood. Scanning the internet to proactively find malicious dApps as they come online. Simulating and validating transactions as users tee them up for signature, ensuring that they’re safe. We believe that a key barrier to widespread usability and adoption of web3 is trust. Underlying trust is security. That’s what we spend each and every day thinking about. And we’re excited to protect Zerion users from fraud, phishing, and hacks. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid and MetaMask Collaboration [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Last week we [emerged from stealth](https://www.blockaid.io/post/emerging-from-stealth-with-33-m-in-funding-to-secure-web3) with MetaMask as one of our inaugural customers. We’re proud of the work we’ve done together to help protect web3 users from fraud, phishing, and hacks. This week, we’re sharing that together we’ve pioneered technology that ensures web3 security can align with a core value of privacy. ![metamask_warning_example.png](https://blockaid.io/api/resourceContentImages/file/metamask_warning_example.png) Starting this week, MetaMask users will get access to enhanced privacy protection. We’re excited to do this important work with MetaMask and are hopeful that we’ll improve security and usability in web3. Together we’ll help protect billions of dollars worth of assets that might otherwise be vulnerable to malicious actors. Learn more about the feature in MetaMask’s blog [here](https://metamask.io/news/latest/metamask-enables-privacy-preserving-security-alerts-with-blockaid/). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Emerging Attack Vector [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) _TL;DR - Angel Drainer group has introduced a new attack vector utilizing a protocol to execute a novel form of approval farming attack through the queueWithdrawal mechanism. As we help share impacted wallet addresses, we have also begun to roll out a fix to ensure that all Blockaid-enabled users are protected._ * * * ## **What is Restaking and what is the new technique being used?** Restaking rewards are an incentive provided by EigenLayer, an EVM protocol that enables restaking to extend ETH cryptoeconomic security to additional applications. This allows users that stake ETH natively or with a liquid staking token (LST) to take those staked funds to restake in other applications. **‍** As is often the case with new and innovative technologies, attackers seek to find novel ways to drain user wallets. In this case, the Angel Drainer Group (which is responsible for last month’s [Ledger Connect Kit attack](https://www.blockaid.io/post/attack-report-ledger-connect-kit)) have introduced a novel form of approval farming through the queueWithdrawal mechanism of the EigenLayer protocol. ## **How does the attack work?** Central to the attack, a user signing a queueWithdrawal transaction effectively approves a malicious withdrawer to withdraw the wallet’s staking rewards from the EigenLayer protocol to an address of the attacker’s choosing. Unlike the regular ERC20 approve method, this is a special kind of approval that is needed due to the nature of Ethereum staking. From [Ethereum Foundation](https://ethereum.org/staking/withdrawals): > _Due to how withdrawals from Ethereum are designed, users can only initiate one partial withdrawal per_ [_sequential sweep_](https://ethereum.org/en/staking/withdrawals/#validator-sweeping) _of all validators (which takes approximately 4-5 days)._ > > _All funds unstaked from EigenLayer go through a 7-day escrow period before being able to be withdrawn. Thus after you initiate your unstake, you must wait 7-days before being able to withdraw your assets._ Because this is a new kind of approval method, most security providers or internal security tooling does not parse and validate this approval type. So in most cases it’s marked as a benign transaction. To make it even harder to detect the malicious attack, this attacker uses the CREATE2 mechanism in order to approve these withdrawals to an empty address. ## **A live example of the attack** Here’s an example for an approval [transaction](https://etherscan.io/tx/0x411a70f0a3dc84f79518ec380fbb962ca1b8f49b1b60d680a9b33ff04defb2db). ![queue_restake.png](https://blockaid.io/api/resourceContentImages/file/queue_restake.png) Here’s the draining [transaction](https://etherscan.io/tx/0x878034925f20fd502cd9665044bca719d767be6fdcd6ee0f82e4ee674f73008d) that took place 14 days after. ![complete_queue_restake.png](https://blockaid.io/api/resourceContentImages/file/complete_queue_restake.png) **What can we do about it?** For all Blockaid-enabled wallets and dApps, we’re rolling out a fix that will ensure that they are protected from this attack vector. We’ve already contacted the team at EigenLayer to ensure they are aware of this ongoing attack. Let’s get the word out and protect web3 from this new attack vector. If you’ve been impacted — or you want to see if you have any impacted users — please reach out to Blockaid to learn about how you can keep users safe.‍ ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## CoinTracker's Spam Solution [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ### **About Cointracker:** CoinTracker is a leading platform for tracking taxable crypto transactions. It integrates with exchanges, wallets, and major blockchains to automate the process of compiling and producing tax reports. ### **The Problem:** With blockchains becoming cheaper, there’s been a major uptick in spam transactions. Crypto users don’t want the headache of scrolling through thousands of transactions just to find the legitimate ones. Nor do they want to be charged for these unwanted transactions as part of their CoinTracker bill. While Cointracker’s engineering team evaluated many possible solutions and providers, no single solution could cover 100% of the spam token surface area with enough precision to encompass all the chains and tokens CoinTracker supports. That’s because it’s hard to both flag all the spam and avoid too many false positives, the latter of which could result in lost revenue for CoinTracker and tax implications for the user. ### **Goal:** CoinTracker needed to solve the endless problem of spam tokens once and for all, with minimal engineering effort—and all in time for a quickly approaching tax season. ### **Solution:** CoinTracker swiftly integrated Blockaid’s comprehensive APIs, allowing the CoinTracker software to distinguish between spam and legitimate tokens across every supported chain and token type with immense precision. CoinTracker’s new automatic spam detection feature hides spam and flags suspicious tokens so users have a clear and clean view of their transactions. ![cointracker_powered_by_blockaid.jpg](https://blockaid.io/api/resourceContentImages/file/cointracker_powered_by_blockaid.jpg) ### Results: CoinTracker now filters out over 1.5 million spam tokens across Ethereum, Solana, and other ecosystems; that list grows daily because Blockaid continuously scans every new and existing token across all chains in real-time to ensure applications remain secure. ![tweet-1.png](https://blockaid.io/api/resourceContentImages/file/tweet-1.png) CoinTracker’s engineers are satisfied with how little time this solution took to implement and the low lift required to maintain it. And in the last week alone, customers have reported a vast improvement to the CoinTracker interface—just in time for tax season. To see how blockaid can solve your spam problems once and for all. Reach out for a demo. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid Stops Violet Drainer [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) At Blockaid, our goal is to make the lives of drainers so hard that they quit. One recent example is Violet Drainer, which recently announced it was shutting down its business—before it was able to drain even $100k from user accounts. ![shutting_down.webp](https://blockaid.io/api/resourceContentImages/file/shutting_down.webp) Wallet drainers are financially motivated—their only objective is to make money. When we’re able to make it hard enough for them to do that, they give up. Violet is just one of many drainers that have had to pause operations or shut down entirely in recent months because we’ve made their lives significantly harder. ![telegram_talk_violet.webp](https://blockaid.io/api/resourceContentImages/file/telegram_talk_violet.webp) We do this with multi-layered approach to wallet security: 1. **Internet Wide dApp Scanning** that proactively scans the entire internet to detect new threats originating from these malicious actors. 2. **Transaction Simulation & Validation** that first simulates then applies models and heuristics to determine if a transaction is malicious or not. We’re able to achieve this because of the vast amounts of data Blockaid has access to. By working with amazing partners, and indexing the entire internet and various chains, Blockaid is able to detect these threats in ways others simply haven’t been able to in the past. Stopping malicious actors like Violet in their tracks is a team effort Blockaid is doing its part to vastly improve security in our ecosystem together with amazing customers including MetaMask, Coinbase, Zerion, and Rainbow, as well as partners including Samczsun and others. If you want to join the fight against drainers, and keep your users safe, reach out and check out a demo. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Address Poisoning Explained [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) While the decentralized nature of blockchains brings remarkable opportunities, it also poses significant risks. As open networks of value, blockchains allow anyone to send anything to anyone—a quality that makes them susceptible to various forms of spam transactions, much like how email spam floods our inboxes. Amidst this flood of spam, various attack vectors have emerged, with one of the most prominent being **address poisoning**, a deceptive technique used by attackers to target unsuspecting users and platforms, leveraging the openness of blockchain to deceive and steal. With a significant rise in the volume of these attacks in the last couple of months (a rise that is caused by various factors, not least of which is the steep decline in gas prices), understanding how they work and how to protect yourself is more crucial than ever. Let's dive into the mechanics, effectiveness, and prevention of address poisoning attacks to help you stay safe in the evolving crypto landscape. ## What is an Address Poisoning Attack? An address poisoning attack is a deceptive tactic malicious actors use to trick users into sending cryptocurrency to an incorrect address. Unlike phishing attacks, which often involve social engineering and malicious websites, address poisoning operates within the blockchain's infrastructure. The attacker aims to "poison" a user's address book by flooding it with addresses controlled by the attacker, hoping the user will mistakenly send funds to one of these fraudulent addresses in the future. ### Why Address Poisoning Attacks are Effective Address poisoning attacks are particularly effective due to several factors: - **User Behavior**: Many users rely on their transaction history for convenience, especially when sending funds to frequent contacts. The attack leverages this behavior, increasing the likelihood of a mistake. - **Low Detection Rate**: These attacks can be subtle and difficult to detect, as they don't involve overtly malicious actions like phishing. The transactions are legitimate, making it harder for users to recognize the threat. - **Cost-Effective for Attackers**: Since the attacker only needs to send small amounts of cryptocurrency to poison the address book, the cost of conducting such an attack is relatively low, and the potential returns are high. ## Deep dive - How Address Poisoning Attacks Work Address poisoning attacks exploit the human tendency to reuse addresses from recent transactions. Here's a step-by-step breakdown of how these attacks typically unfold: 1. **Initial Setup and Monitoring**: The attacker identifies a notable wallet, such as a high-value or frequently used address, and monitors its activity on the blockchain. They use blockchain explorers and analytics tools to track movements and identify wallet transaction patterns. 2. **Generating Similar Addresses**: The attacker generates an address that resembles one that the victim often interacts with. We will dive into this process in a minute. 3. **Issuing Transactions**: The attacker sends small amounts of cryptocurrency from the fake, similar address to the target's wallet. These transactions are small enough to avoid suspicion but significant enough to appear in the target’s wallet transaction history. 4. **Poisoning the Address Book**: As these transactions are recorded on the blockchain, the attacker’s addresses appear in the target’s transaction history. These addresses are crafted to look very similar to the legitimate addresses the target has previously interacted with. 5. **User Mistake**: When the target user decides to send a large amount of cryptocurrency, they often refer to their transaction history for convenience. Due to the address poisoning, the user sees multiple transactions involving addresses similar to the legitimate recipient's address. In a hurry or due to oversight, the user mistakenly selects one of the attacker’s addresses. 6. **Successful Theft**: The target user sends the large transaction to the attacker’s address instead of the intended recipient. The funds are now under the attacker's control, and the target realizes the mistake only after the transaction is irreversible. By monitoring notable wallets and generating similar-looking addresses, attackers significantly increase the chances of a successful address-poisoning attack. This method relies on the natural human behavior of reusing addresses and the randomness of address creation to deceive users into making costly mistakes. ### Creating Similar Addresses in a Random Address Generation System Even though the address creation process is random, attackers can generate addresses until they find one that closely matches a target address. This process is computationally intensive and may require generating millions of addresses, but it is still feasible enough to be used by attackers. Here’s how attackers can do it: 1. **Target an Existing Address**: Identify an address frequently used by the victim. 2. **Generate Addresses**: Use the Bitcoin address creation method to generate many addresses. 3. **Check Similarity**: Compare each generated address to the target address. If the similarity criteria are met (e.g., same prefix or suffix), the address is kept; otherwise, it is discarded. 4. **Repeat**: Continue generating addresses until a suitably similar one is found. #### Example Code for Address Similarity Here’s a simplified Python example demonstrating how an attacker might search for similar addresses: ``` 1def generate_bitcoin_address(): 2 [...] 3 4def find_similar_address(target_prefix): 5 while True: 6 address = generate_bitcoin_address() 7 if address.startswith(target_prefix): 8 return address 9 10target_address = '1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa' 11similar_address = find_similar_address(target_address[:5]) 12print(f"Target Address: {target_address}") 13print(f"Similar Address: {similar_address}") ``` This code continually generates Bitcoin addresses until it finds one with the same prefix as the target address. While this example uses a prefix for simplicity, more sophisticated similarity metrics can be used. ### Step-by-Step Attack Scenario Let's analyze a possible attack scenario involving a USDT whale, their intended recipient, and a malicious actor. ##### Step 1: Identifying the Target A malicious actor identifies a USDT whale who frequently transfers large amounts of USDT. This whale regularly sends funds to a specific recipient, such as an exchange or a cold wallet. ##### Step 2: Setting Up Malicious Addresses The attacker generates multiple USDT addresses under their control. These addresses are created to resemble the legitimate recipient's address closely but differ slightly in some characters. ##### Step 3: Poisoning the Address Book The attacker sends a small amount of the native token to the whale's address using the generated addresses. These transactions are insignificant and intended to blend into the whale's transaction history without raising suspicion. ##### Step 4: Exploiting the Poisoned Address When the whale decides to send a large sum of USDT to their intended recipient, they check their transaction history for convenience. Due to the address poisoning, the whale sees multiple transactions involving addresses similar to the recipient's address. In a hurry or due to oversight, the whale selects one of the attacker's addresses. ##### Step 5: Successful Theft The whale sends the large USDT transaction to the attacker's address instead of the intended recipient. The funds are now under the attacker's control, and the whale realizes the mistake only after the transaction is irreversible. ![address_poisoning_flow.png](https://blockaid.io/api/resourceContentImages/file/address_poisoning_flow.png) ## Event Spoofing and Address Poisoning Now that we understand the structure of an address-poisoning attack, let's look at another method attackers use to enhance its effectiveness: manipulating blockchain events to create a false sense of legitimacy around the attacker’s addresses. This method is called **Event spoofing**. Event spoofing is a technique attackers use to manipulate blockchain events, creating a false sense of legitimacy around their addresses. By exploiting the design of smart contract standards, like ERC-20, attackers can generate fake transaction events that appear genuine. This deceptive tactic enhances the effectiveness of address-poisoning attacks by making malicious addresses seem involved in legitimate activities, thereby increasing the likelihood that users will mistakenly trust and interact with them. ### How Event Spoofing Works 1. **Creating Fake Events**: The attacker creates fake events on the blockchain, which appear legitimate. In the context of ERC-20 tokens, these events can be token transfers or approvals. 2. **Associating Events with Poisoned Addresses**: These fake events are associated with both the attacker's and the victim's addresses, making them appear to have been involved in legitimate transactions. 3. **Boosting Credibility**: When the target user reviews their transaction history or related blockchain events, the attacker's addresses seem more credible due to their involvement in multiple activities, increasing the likelihood of the user selecting the wrong address. ### Exploiting ERC-20 Token Events To better understand Event spoofing, let's look at how it is used within the Ethereum ecosystem. ERC-20 is a popular standard for creating tokens on the Ethereum blockchain. It includes several standard functions and events that help ensure interoperability between tokens and platforms. One of the core features of ERC-20 is the Transfer event, which logs when tokens are transferred from one address to another. Here's how the Transfer event is defined in the ERC-20 standard: `event Transfer(address indexed from, address indexed to, uint256 value);` This event is emitted whenever a token transfer occurs. It includes the sender's address ( `from`), the recipient's address ( `to`), and the amount of tokens transferred ( `value`). The issue with this structure is that nothing enforces that the from address included in the event is the address that issued the transaction that triggered it! For example, consider this simple contract: ``` 1contract FakeTransfer { 2 event Transfer(address indexed from, address indexed to, uint256 value); 3 4 function emitFakeTransfer(address _from, address _to, uint256 _value) public { 5 emit Transfer(_from, _to, _value); 6 } 7} ``` As you can see, this contract will emit the same Transfer event as any other ERC20 - but it will do so for any address you want - which can be used by attackers to increase the chances of a successful address poisoning attack - Let's see how, step by step: 1. **Deploying a Malicious Contract**: The attacker deploys a smart contract designed to emit fake `Transfer` events. This contract does not need to follow the full ERC-20 standard; it only needs to emit the `Transfer` events. To make things worse, attackers can also name the contract to resemble a well-known one, like USDT or DAI. 2. **Emitting Fake Transfer Events**: The attacker triggers the malicious contract to emit `Transfer` events, in which tokens are transferred from the attacker's address to various legitimate addresses - including the victim's. These events are recorded on the blockchain and visible to users and applications. 3. **Manipulating Wallet Histories**: When users or applications (such as block explorers) query the blockchain for transaction histories, they see these fake `Transfer` events. The attacker's addresses appear frequently - in some cases, the victim might see interaction between their address and the fake address - giving them a veneer of legitimacy. As you can see, by using event spoofing methods, attackers can make address poisoning attacks much more convincing, and as such - much harder to defend against. ## Address Poisoning in the wild To wrap this subject up, let's review how an address poisoning attack looks in practice. On May 3rd, 2024, an address poisoning attack, which also used event spoofing, enabled an attacker to steal 1155 WBTC tokens - worth over $68M. While the funds were [ultimately returned](https://cointelegraph.com/news/wbtc-thief-returns-71-million), this incident is a good case study to examine how these attacks look in a real-world attack scenario. Let's take a look. #### Step 1: Target acquisition The attacker notices a [movement](https://etherscan.io/tx/0xb18ab131d251f7429c56a2ae2b1b75ce104fe9e83315a0c71ccf2b20267683ac) from an address holding millions of dollars worth of tokens. Usually, attackers use bots that monitor new transactions being added to the chain to find targets worth pursuing. ![funds_moved.png](https://blockaid.io/api/resourceContentImages/file/funds_moved.png) #### Step 2: Generate a similar address To start the attack, the attacker has generated an address similar to the one that the WBTC holder has legitimately interacted with: Legitimate address: `0xd9A1b0B1e1aE382DbDc898Ea68012FfcB2853a91` Attacker's address:  `0xd9a1c3788d81257612e2581a6ea0ada244853a91` As you can [see](https://etherscan.io/txs?a=0xd9a1c3788d81257612e2581a6ea0ada244853a91&p=2), the first on-chain activity of the fake address was a few minutes after the original transaction: ![fake_address_creation.png](https://blockaid.io/api/resourceContentImages/file/fake_address_creation.png) #### Step 3: Event Spoofing The attacker employs an Event spoofing attack to gain additional credibility and potentially further poison the victim's wallet, creating [a malicious contract](https://etherscan.io/token/0x5e70ac37cd4c27c0fe0329df4a6c3547d57ac81e) named ERC-20 Token. Then, the attacker issues a transaction that causes many token transfer events to be emitted - all of them are spoofed transfers of a scam token worth nothing. In one of them, the spoofed event shows a transfer of funds from the WBTC holder (the victim) to the fake, attacker-controlled address. ![event_spoofing.png](https://blockaid.io/api/resourceContentImages/file/event_spoofing.png) #### Step 4: Dusting Attack Finally, to get into the victim's address book, the attacker-controlled address [sends](https://etherscan.io/tx/0x87c6e5d56fea35315ba283de8b6422ad390b6b9d8d399d9b93a9051a3e11bf73) a tiny dust transaction involving 0.00021 ETH (worth less than a dollar). ![dusting_attack.png](https://blockaid.io/api/resourceContentImages/file/dusting_attack.png) #### Step 5: User mistake Finally, the WBTC holder goes to make another transaction. They go into their address book and see an address similar to the one they've just interacted with - `0xd9a1...853a91`. They check their recent transactions and see that they've just sent 0.05 of _something_ to this address. Since they've just sent 0.05 ETH to another address that looks very similar, they figure that this is the address that they want to interact with. They [send their WBTC](https://etherscan.io/tx/0x3374abc5a9c766ba709651399b6e6162de97ca986abc23f423a9d893c8f5f570) to this address... and lose it. The attacker has succeeded. ![wbtc_lost.png](https://blockaid.io/api/resourceContentImages/file/wbtc_lost.png) ## Mitigations for Address Poisoning and Event Spoofing As you can see, address poisoning attacks are way more sophisticated than you might think. As such, preventing address poisoning attacks, including those that leverage event spoofing, requires a combination of user vigilance and platform-level protections. As a user, here are some strategies to mitigate the risk: 1. **Verify Addresses Carefully**: Always double-check the address before sending cryptocurrency. Avoid relying solely on your transaction history and use address books or contact lists for frequent transactions. 2. **Use Wallet Features**: Some wallets offer features like labeling addresses and creating whitelists. Utilize these features to ensure you're sending funds to the correct addresses. 3. **Monitor Transaction History**: Regularly review your transaction history for any suspicious activity. If you notice small, unsolicited transactions, it could indicate an address poisoning attempt. In addition to these steps, which are placing the responsibility on users to protect themselves, platforms can also act to keep users safe by implementing security tools: tools and services that detect and prevent address poisoning attacks. These tools can monitor unusual transaction patterns and alert users to threats, or even hide these addresses from the user interface to keep the user from ever interacting. ## Conclusion Understanding the current landscape of address poisoning attacks, including event spoofing, is crucial for developing effective strategies to mitigate these risks and protect the crypto community. These attacks are sophisticated and ever-evolving, and no user should ever think, "This won't happen to me!" as this is the first step towards an error that would leave you helpless. Stay informed, be vigilant, and leverage available tools to safeguard your digital assets. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Bypassing Transaction Simulations [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) **Transaction Simulation** is one of the most effective tools companies can use to help users understand what their transactions will do before they’re executed. By simulating a transaction, users can catch hidden risks like malicious approvals, phishing attempts, or even unintended asset transfers before it’s too late. However, attackers know this too. They also know how to bypass simulations which in turn circumvents many of the most common security tools. This leaves users unknowingly exposed to risks that would otherwise be caught and mitigated. Here’s why attackers work to create these so-called simulation bypasses, how they look like in practice, and what can be done to stay ahead of these evolving threats. ### **What is transaction simulation?** Transaction simulation allows security systems to run a transaction in a controlled environment before it’s actually executed. This means the transaction’s behavior—whether it's transferring assets, approving tokens, or interacting with smart contracts—can be analyzed without committing it onchain. ![simulation.png](https://blockaid.io/api/resourceContentImages/file/simulation.png) In essence, transaction simulation gives both users and platforms a critical layer of protection by revealing potential risks before they materialize, ensuring greater transparency and trust in the process. However, it’s important to understand that **transaction simulation is not a security solution**. While it helps visualize what will happen in a transaction, it doesn’t inherently stop malicious behavior. Many companies rely on it as if it were a standalone security measure, which can lead to vulnerabilities. Attackers exploit these gaps, knowing they can bypass the simulation and avoid detection. ### **How bypasses target transaction simulation** A bypass occurs when attackers exploit flaws or bugs in the simulation process to prevent it from analyzing a transaction properly. These bypasses can take different forms. Some are designed to cause the simulation to fail entirely, triggering errors that leave security systems without the data needed to assess the transaction’s risks. More complex approaches directly target the simulation, disrupting its ability to flag malicious behavior or allowing the transaction to slip through unnoticed. In either case, the outcome is the same: the simulation is unable to do its job, leaving the transaction unexamined and exposing users to potential threats. ### **Real-world example: How a bypass can exploit parsing errors** To see how bypasses work in practice, let’s look at a real-world example of a now-patched bypass that targets the simulation process in a wallet that is not integrated with Blockaid for security.. Note: This specific bypass is an older vulnerability that has since been fixed and no longer poses a threat to users. In this specific bypass, the attack focuses on exploiting a subtle weakness in simulation of `eth_signTypedData_v4` JSON-RPC calls. In a typical transaction, the user’s wallet will parse the data and simulate the transaction, flagging any malicious behavior—such as unauthorized token approvals or phishing attempts. Below is an example of how a standard transaction might look and be processed by the wallet: ``` 1window.ethereum.sendAsync({ 2 "method": "eth_signTypedData_v4", 3 "params": [\ 4 ...\ 5 \"message\": {\ 6 ...\ 7 "spender\":\"0x5...\",\ 8 ...\ 9 }"\ 10 ...\ 11 ], 12}) ``` In this case, the simulation works as intended, allowing the wallet to issue a warning about any potential risks before the user signs the transaction. ![malicious_tx.png](https://blockaid.io/api/resourceContentImages/file/malicious_tx.png) When this JSON-RPC is sent, the wallet flags it as a harmful transaction However, attackers have discovered a clever way to bypass this security check by exploiting a parsing bug. If the spender address in the transaction is changed from lowercase ( `0x`) to uppercase ( `0X`), the wallet’s security system fails to display the warning. While the transaction’s intent hasn’t changed, this subtle alteration causes the wallet to mishandle the parsing, preventing it from flagging the potential risk. Here’s an example of the bypassed transaction: ``` 1window.ethereum.sendAsync({ 2 "method": "eth_signTypedData_v4", 3 "params": [\ 4 ...\ 5 \"message\": {\ 6 ...\ 7 "spender\":\"0X5...\",\ 8 ...\ 9 }"\ 10 ...\ 11 ], 12}) ``` The wallet doesn’t display any warning in this case, leaving the user unaware of the potential danger. This bypass likely occurs due to an error in how the transaction is parsed by the security provider. When the simulation encounters this specific formatting change, the parsing fails, and the security process is effectively bypassed. ![bypass_screen.png](https://blockaid.io/api/resourceContentImages/file/bypass_screen.png) The same transaction - but this time, no warning is shown This example highlights how attackers can exploit seemingly small technical details to evade detection, emphasizing the need for robust threat detection mechanisms beyond basic simulation checks. ### **Relying solely on simulation isn’t enough** While simulation is a powerful tool, it’s not enough on its own. To provide stronger security, companies should implement additional layers that address the limitations of simulation. Here are some key approaches that complement simulation: **Real-time threat detection** Continuous monitoring of off-chain and on-chain activity is key. By tracking new dApps, addresses, and transaction patterns in real time, platforms can catch emerging threats that may bypass a single simulation check. **Transaction validation beyond simulation** Platforms should validate transactions using additional methods. Machine learning models can spot anomalies, while heuristic systems flag suspicious behavior. This adds an extra layer of protection to catch threats that simulation alone might miss. **Proactive threat hunting** Blockaid was the first web3 security company to create a dedicated team of cybersecurity researchers focused on threat hunting. This team actively monitors newly deployed malicious dApps and examines their transactions, identifying bypass techniques before they can reach users. By staying ahead of attackers, Blockaid ensures new vulnerabilities are mitigated early on. ### **Recap** Attackers are getting smarter, finding ways to bypass simulations by exploiting errors or manipulating outputs. Depending solely on simulation leaves dangerous gaps that attackers can and will exploit. ![attackers_chat.png](https://blockaid.io/api/resourceContentImages/file/attackers_chat.png) Attackers are constantly searching for new bypasses of security solutions To truly protect users, platforms need to go beyond simulation with a multi-layered approach. This means implementing real-time threat detection to monitor on-chain activity for new risks as they emerge, proactive threat hunting to uncover bypass techniques and stop them in their tracks, and advanced transaction validation that digs deeper than simulation alone. In an environment where attackers are constantly evolving, relying on a single layer of defense just isn’t enough. The key to staying ahead is integrating multiple, proactive security measures that anticipate and neutralize threats before they ever reach users. Anything less leaves platforms (and users) vulnerable—with attackers ready to exploit those weaknesses. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Inferno Group Shutdown [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Inferno is a wallet drainer group that boasts about its $80M+ in revenues generated through over 1,000 malicious dApp URLs which they’ve used to scam unfortunate web3 users around the world. From February 2023 until its recent “shutdown” last month, the group's method was to deploy these URLs via fake or hacked accounts impersonating blockchain figures and entities, including Vitalik Buterin, Arbitrum, Optimism, OpenSea, and Layer Zero Labs. Their stealthy approach tricked users into connecting their crypto wallets, which would immediately be drained. **Blockaid made it harder for Inferno to operate** Why did they decide to shut down? Well, the answer lies within their internal Telegram chat, where they explicitly mention Blockaid’s partnership with MetaMask a challenge to their business: ![telegram.jpg](https://blockaid.io/api/resourceContentImages/file/telegram.jpg) It’s no surprise that the partnership is making it tough for Inferno, as Blockaid’s proprietary Internet-wide dApp scanning and transaction simulation and validation are making those wallets immune to Inferno attacks. Here are the number of Inferno attacks on Blockaid-enabled wallets, meaning the number of instances that Blockaid-enabled wallets try to connect their wallet to the dApp and are warned not to. ![dapps.png](https://blockaid.io/api/resourceContentImages/file/dapps.png) dApp Scanning warnings are even keeping them from navigating to the malicious dApp in the first place. So attacks on these wallets are nearly non-existent. **Inferno stopped launching new onchain dApps** It’s quite the operation — all the dedicated personal, underlying onchain infrastructure, and network of agents and attackers. As one of the largest decentralized attacker groups Inferno has registered nearly 1000 unique domains that are each unique dApps that connect back to their wallet drainer onchain infrastructure. Here’s a graph of those domains deployed over time since late June showing that they have indeed stopped launching net new dApps in any large numbers, and seems to have had no new dApps launched since mid-October. ![domain_distro-1.png](https://blockaid.io/api/resourceContentImages/file/domain_distro-1.png) **Yet their infrastructure continues to profit off people who aren’t protected by Blockaid** Yet they still continue to profit daily from already-deployed infrastructure, as we can see with the number of wallets that connect to Inferno onchain infrastructure from Jan to December 2023: ![non_blockaid.png](https://blockaid.io/api/resourceContentImages/file/non_blockaid.png) _But over that same time period we see that internet/web3-wide, users are still connecting their wallets to Inferno infrastructure even to this day_ Closer examination shows that even on Christmas Day 2023 alone they stole nearly $800k from web3 users. **The solution is more Blockaid-protected wallets and dApps** Over the past few months, major crypto wallets and dApps including OpenSea, MetaMask, Rainbow, 1inch, and Zerion have integrated with Blockaid to protect users from these wallet-draining scams. This new security layer is what stalled Inferno’s operations. And we’re pleased to be part of putting the group out of business. Yet, despite this setback, the threat persists. The previously used URLs are estimated to still generate roughly $500,000 monthly in passive income. Furthermore, Inferno is just _**one**_ of the groups — Blockaid is also investigating the methods and strategies employed by the Angel drainer group, who perpetrated the [Ledger Connect Kit Hack](https://www.blockaid.io/post/attack-report-ledger-connect-kit) last month. While much progress has been made to make drainers’ lives difficult, the fact that so many web3 users are still impacted makes it hard for newcomers to trust the space. We believe that by solving onchain security, we can help enable the immense potential of web3 for billions of people around the world. And we’re just getting started. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Rainbow Wallet Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) We’re proud to share that Rainbow wallets are Powered by Blockaid, providing transparency so you know what will happen before you connect your wallet or send a transaction. Utilizing the Blockaid transaction security simulation and validation API, Rainbow users will now see rich transaction data: - What tokens will be sent and received - If the contract you’re connecting with is malicious or benign - What functions will be executed by the contract and what a user is allowing the contract to do in their wallet ![tx_data.png](https://blockaid.io/api/resourceContentImages/file/tx_data.png) Rich Transaction Data With dApp Scanning, Rainbow users will be given a heads up before connecting to a site that might be malicious, so you can browse web3 with peace of mind. ![dapp_blocked.png](https://blockaid.io/api/resourceContentImages/file/dapp_blocked.png) Web3 Browsing Protection Try the [Rainbow Extension](https://rainbow.me/download) and the [Rainbow mobile app](https://rainbow.me/download) today. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Wallet Drainers Explained [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ### **Intro** We’ve devoted our professional lives to tracking malware, first within Israel’s elite Unit 8200 for cybersecurity and now within web3. While there are differences between traditional security and web3 security, we see even more similarities. That might sound surprising. Whereas in web2, it’s all about securing code execution—via activities such as static scanning of binaries on disk and dynamic tracing during load and runtime—web3 revolves around _transactions_. But transactions are actually about much more than just transferring assets. Whenever someone initiates or receives a transaction, they are essentially executing code, much like how a program runs on a personal computer. Unfortunately, then, just as web2 is rife with malicious code, malicious applications (or dApps) are everywhere in web3—we’ve seen them pop up on Google Ads, NFT marketplaces, and Discord. Moreover, despite the transparency that blockchains provide, humans aren’t able to easily determine whether the given code is malicious. Without tools, web3 users are vulnerable to malware that can drain their crypto wallets. We want to make transacting in web3 as secure as opening a file on your computer or paying with your credit card on Amazon. This article aims to explain the characteristics of wallet drainers and why even the savviest crypto users need to be careful. ![circle_drainer.png](https://blockaid.io/api/resourceContentImages/file/circle_drainer.png) At a quick glance, it can be difficult to differentiate between a real website and a scam ### **What Is a Wallet Drainer?** To understand a wallet drainer, you have to first understand a bit about how decentralized applications, or dApps, are architected. A dapp is essentially a regular web application that connects to your wallet. When you connect your wallet to a dapp, you are authenticating yourself and allowing the dapp to perform various operations that involve reading and writing the state of the blockchain. For instance, a dApp can enable you to mint a new token. The problem arises from the level of trust that must be extended to a dApp. A dApp that offers to mint a free token can indeed carry out this action for the user. However, it can also drain your wallet by deceiving you into signing a malicious transaction. ![mint_drainer.png](https://blockaid.io/api/resourceContentImages/file/mint_drainer.png) _Can you spot the wallet drainer? On the left, a benign minting site; on the right, a wallet drainer._ New examples emerge everyday. Some target individuals by [hacking social media accounts](https://x.com/kevinrose/status/1618323487067869184). Other wallet drainers are covertly injected into [well-known dApps](https://cointelegraph.com/news/defi-protocol-balancer-hit-with-frontend-attack). Ultimately, malicious dApps typically share three main characteristics: impersonation, distinctive patterns of use for web3 APIs, and malicious transactions and signatures. **Impersonation of a brand or personality** Most wallet drainers try to emulate or impersonate a known brand in order to lure a user into entering and interacting with an application. ![malicious_dapps_example.png](https://blockaid.io/api/resourceContentImages/file/malicious_dapps_example.png) _Wallet drainers impersonating well-known brands - at the back, the original site; at the front, an impersonating drainer - Immutable, Ledger, Circle, from left to right._ **Distinct Pattern of Web3 API Usage** To count the victim's assets and determine how to discreetly extract maximum value from an address, most wallet drainers rely on web3 APIs. These APIs encompass a range of sources, including, for example, OpenSea's API for obtaining information on NFTs held by the victim and the Moralis API for retrieving data on token positions and dollar prices. The tricky part is that the use of these APIs is common practice; many popular and legitimate dApps utilize them as well. What sets wallet drainers apart is the distinct patterns in their API usage. Fortunately, we can scan for these patterns to detect wallet drainers. ![playground.png](https://blockaid.io/api/resourceContentImages/file/playground.png) _Web3 APIs used by wallet drainers: on the left, the enumeration of the victim's assets using the OpenSea API; on the right, the utilization of the Moralis API to enumerate the ERC20 tokens held by the victim._ **Malicious Transactions & Signatures** The ultimate goal of every wallet drainer is to obtain transactions and signatures from the user. These are the means through which they can steal assets from the victim's wallet. The challenge for these drainers is to accomplish this without arousing the user's suspicion; they need users to sign these transactions without hesitation. Attackers adapt quickly and adjust their techniques as new technologies are deployed in the web3 ecosystem. For example, we’ve observed attackers transitioning from attempting direct asset theft through transfers or approvals to using more covert methods involving interactions with OpenSea Seaport contracts, token permits, Blur, and decentralized platforms like Uniswap and PancakeSwap, among others. Attackers aim to make the user experience of signing malicious transactions appear as normal as possible. For instance, a user who receives a Blur order to sign might think, "This can't be malicious, as it bears an official Blur signature." Though the signature is indeed official and intended for use with the Blur contract, the attacker can nonetheless exploit it to abscond with all the user's assets. ### **Case Study: Vitalik’s Twitter Hack** Attackers and wallet drainers do not spare anyone, not even Ethereum co-founder Vitalik Buterin. On Sunday, September 10, the Twitter account belonging to Buterin was compromised by a malicious actor. The hacker executed a successful phishing scam, resulting in the theft of approximately $700,000 worth of assets, by posting a message that offered a limited-time NFT collection minted by ConsenSys. Of course, it was actually promoting a malicious dApp. Numerous users were lured into the campaign to mint free NFTs. However, the link associated with the post directed them to a phishing website that drained their crypto assets and NFTs from their wallets. ![vitalik.png](https://blockaid.io/api/resourceContentImages/file/vitalik.png) Blockaid successfully detected and flagged the malicious dApp even before its publication on Twitter. This meant that every wallet that integrated Blockaid security was prevented from interacting with the malicious dApp.This achievement was possible thanks to Blockaid's proactive approach, allowing us to identify potential threats in advance, preventing them from becoming active. By correlating onchain data with various threats observed in the wild by Blockaid's product, we successfully established a link between onchain contracts and addresses associated with prior wallet-draining incidents detected by Blockaid. This approach mirrors the tactics employed by attacker groups: they construct on-chain infrastructure and subsequently deploy it in various iterations to deceive as many users as possible. ‍ ![network_graph.png](https://blockaid.io/api/resourceContentImages/file/network_graph.png) ### **The attack used multiple methods to drain wallets** **1\. Native Assets Transfer with NetworkController Drainer** The primary contract involved in the hack was located at address [0x00000f312c54d0dd25888ee9CDC3DEE988700000](https://etherscan.io/address/0x00000f312c54d0dd25888ee9cdc3dee988700000). This contract was active across multiple EVM chains, including Ethereum, Polygon, and Optimism. It essentially functions as a straightforward "withdrawer" contract, with a basic feature that permits specific addresses to withdraw assets from it. Users who interact with this “NetworkController” contract are prompted to sign transactions labeled "NetworkMerge." Strikingly, these transactions lead to a call to the contract's fallback function, which is not even implemented in the contract. For the user, this seems to result in an inconsequential action, except for the unfortunate outcome of losing their native currency. ![metamask_warning.png](https://blockaid.io/api/resourceContentImages/file/metamask_warning.png) _What Metamask Users that had Blockaid enabled have seen while interacting with the contract_ **2\. Malicious usage of Token Methods** The drainer attempted to persuade users to sign approval and transfer requests to illegitimately seize their token assets. The assets were approved/transferred to the address at [0x63605e53d422c4f1ac0e01390ac59aaf84c44a51](https://etherscan.io/address/0x63605e53d422c4f1ac0e01390ac59aaf84c44a51). **3\. EIP-712 Signatures** The drainer utilized offline signatures, particularly [EIP-712](https://eips.ethereum.org/EIPS/eip-712), to deceive users into surrendering their assets. This included the manipulation of Seaport Orders, Permit Orders, and other offline signatures. The drainer dApp also employed a simulation-based deception method specifically designed for EIP-712, which will be further explained in a subsequent blog post. **4\. Employing Dex’s for stealing assets** The drainer leveraged well-known decentralized exchanges such as Uniswap to orchestrate asset-grabbing swaps. This tactic represents yet another instance where the drainer capitalizes on familiar technologies to lull users into a false sense of transaction legitimacy. Distinguishing between an innocent-but-unfair swap (for instance, someone genuinely transferring assets to another address in exchange for an asset like an NFT) and a malicious transaction is a fundamental aspect of Blockcaid’s detection technology. This capability enables us to identify and flag malicious actors while minimizing false positives on benign transactions. ‍ ### **Conclusion** At Blockaid, we recognize that security stands as a pivotal barrier to achieving widespread adoption in the web3 ecosystem. Our mission is to leverage the knowledge and expertise we've acquired as security experts to further this immensely significant objective. In addition, we are dedicated to sharing our insights and data through articles to disseminate knowledge to both builders and users within the ecosystem. For end users, we hope this article has shed light on the perils of wallet drainers and serves as a reminder to exercise caution when engaging with applications that are not integrated with Blockaid. If you're a builder seeking to enhance the security of your product, we encourage you to get in touch with us by signing up for a demo. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [iframe](https://td.doubleclick.net/td/rul/16585165352?random=1746703778280&cv=11&fst=1746703778280&fmt=3&bg=ffffff&guid=ON&async=1>m=45je5561v9108097933z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116026~103200004~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fblockaid.io%2Fblog%2Fwallet-drainers-vitalik-metamask&hn=www.googleadservices.com&frm=0&tiba=Malicious%20dApps%20101%3A%20Wallet%20Drainers%20%7C%20Blockaid%20Blog&npa=0&pscdl=noapi&auid=1233544647.1746703778&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config)[iframe](https://td.doubleclick.net/td/rul/11505270602?random=1746703778335&cv=11&fst=1746703778335&fmt=3&bg=ffffff&guid=ON&async=1>m=45be5561v9202428819z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101750~103101752~103116026~103200004~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116026~103200004~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fblockaid.io%2Fblog%2Fwallet-drainers-vitalik-metamask&hn=www.googleadservices.com&frm=0&tiba=Malicious%20dApps%20101%3A%20Wallet%20Drainers%20%7C%20Blockaid%20Blog&npa=0&pscdl=noapi&auid=1233544647.1746703778&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config) ## Wallet Drainers Explained [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) In the ever-evolving world of cybersecurity, wallet drainers have emerged as a persistent threat, continuously adapting their tactics to bypass security measures and exploit users. As security protocols strengthen, wallet drainers have evolved from simple scams to sophisticated operations, often backed by governments. This shift towards complexity reflects the increasing difficulty of executing successful scams in cryptocurrency, pushing attackers to develop more complex strategies. Let’s examine how Wallet Drainers are becoming more and more sophisticated in utilizing web2 technologies to attempt to scam users and avoid detection. Building upon our Malicious dApp 101 series, let’s dive deeper into _HOW_ these malicious actors use web2 tactics to attack web3 users. ![link_drainer.png](https://blockaid.io/api/resourceContentImages/file/link_drainer.png) Examples of wallet draining websites ## The Stealthy Evolution of Wallet Drainers To remain undetected and maximize their gains, wallet drainers utilize a range of techniques to conceal their activities and circumvent security barriers: - **Anti-Debugging:** Impeding the analysis of their code by employing obfuscation tactics and anti-debugging measures. - **Code Obfuscation:** Disguising the true intent of their code by making it difficult to understand and analyze. - **Data Collection:** Gathering information about their targets, such as wallet addresses, transaction history, and personal information, to refine and personalize their attacks. - **Managing Attack Logic on Backend Servers:** Centralizing the control of their attacks on remote servers, allowing for dynamic updates and remote execution of malicious code. Now that we’ve got the basics, let’s dive deeper into the web2 intricacies of wallet drainers, examining tactics. Conversely, let’s explore countermeasures that individuals and organizations can and should adopt to protect themselves from these sophisticated threats. ## Evading Detection Through Anti-Debugging Measurements and Code Obfuscation Put simply, the  measures mentioned above are designed to hide the true intent of the code and make it difficult for security researchers — and curious individuals — to understand what the code actually does. Wallet drainers monitor users when they seem to be inspecting the website’s code and behavior - actions such as pressing the right-key or opening Google Chrome's developer tools are being monitored by wallet drainers. If they detect these actions, they may try to navigate the user to a different page, close the tab, or clear the debugging console to evade detection. Common anti-debugging techniques employed by wallet drainers include: - **API hooking:** Intercepting and modifying calls to system APIs to prevent opening Google’s Chrome’s developer tools. - **Debugger detection:** Checking for the presence of debuggers on the system and terminating the process if one is detected. - **Code breakpointing:** Setting breakpoints in the code to prevent debuggers from stepping through it. ![cloack.gif](https://blockaid.io/api/resourceContentImages/file/cloack.gif) Wallet drainers may also use a variety of code obfuscation techniques to make their code more difficult to reverse engineer, such as: - **Control flow obfuscation:** Changing the order in which instructions are executed to make the code more difficult to follow. - **Data obfuscation:** Encrypting or encoding data to make it unreadable to debuggers. - **String obfuscation:** Encrypting or encoding strings to make them unreadable to debuggers. Here is an example code taken from a wallet drainer website next to a code snippet taken from a benign dApp: ![benign_code.png](https://blockaid.io/api/resourceContentImages/file/benign_code.png) A code snippet taken from a benign dApp ![malicious_code.png](https://blockaid.io/api/resourceContentImages/file/malicious_code.png) A code snippet taken from a malicious dApp Comparing the code snippets side by side - there is a notable difference between the two, the malicious dApp tries to hide the intention of its code while the benign dApp is much more readable and accessible. ## Managing Malicious Campaigns: Data Collection and Backend Servers Wallet drainers often use sophisticated data collection and backend server infrastructure to manage their campaigns. These threat actors deploy many websites controlled by a single central server, which collects data about potential victims, such as their wallet addresses, personal information, and the websites they visit. Wallet drainers use this data to identify new targets, develop more sophisticated attack vectors, and personalize attacks against individual victims. Additionally, the server is used to construct malicious transactions that steal the victim's cryptocurrency. Wallet drainers use sophisticated encryption techniques to protect their data and communications. Posted below is a decrypted (censored) message sent from a wallet draining dApp to its C2 server: ![c2.png](https://blockaid.io/api/resourceContentImages/file/c2.png) As can be seen, the wallet address, IP, country, assets, and the site that is being visited are logged. The C2 server constructs a transaction that will yield the highest profit based off the victim’s assets and attempt the victim to sign the transaction - hiding its tactics from clients. Here is a diagram showcasing the communication between a Wallet Draining dApp and its C2 server: ![c2_flow.png](https://blockaid.io/api/resourceContentImages/file/c2_flow.png) ## Conclusion Wallet drainers pose a significant threat to the cryptocurrency ecosystem, and their use of advanced techniques makes them increasingly difficult to detect and prevent. However, by understanding their tactics and tools, we can better equip ourselves to defend against these sophisticated attacks. Here are some specific steps that users can take to protect themselves from wallet drainers: - **Be wary of unsolicited links and attachments.** Wallet drainers often use phishing attacks to trick users into clicking on malicious links or opening infected attachments. - **Visit websites using a VPN or an HTTP Proxy**. VPN and proxies can aid in hiding your IP address and additional details that can be collected by malicious threat actors. - **Use Wallets with Blockaid Enabled** \- Wallet such as Metamask, Zerion and Rainbow that are integrated with Blockaid block malicious transactions and malicious dApps. The Blockaid research team continuously conducts research on malicious dApps to stay ahead of attackers and catch them before users are affected. Stay tuned for more deep dives into the world of malicious actors in web3. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid's Web3 Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) About a month ago, Vitalik Buterin’s Twitter account shared an innocuous post promoting a free NFT collection. The account urged his followers to connect their wallets to mint a “piece of history.” To the surprise of many, however, the site linked wasn’t an NFT project. It was a [wallet drainer](https://www.blockaid.io/glossary/wallet-drainer). Vitalik’s Twitter had been [hacked](https://www.blockaid.io/blog/wallet-drainers-vitalik-metamask), and attackers used his account to point unsuspecting web3 users to a malicious attack. Within an hour they had stolen about $1M worth of assets. While there are plenty of examples of malicious attacks valued in the hundreds of millions, what’s insane is that these sorts of threats happen daily. It’s unsustainable. And it’s this very problem which plagues the growth of web3 that inspired us to found Blockaid, a leader in web3 security that provides security tools to builders to protect their users from fraud, phishing, and hacks _before_ they happen. #### Web3 is Broken We’re passionate about web3 because we believe that the potential is enormous. We believe that it will do for value what the internet did for information. Yet, I often hear web3 builders overstate how web2 is broken and how web3 is the solution. **The truth is that today web3 is broken**. Fund loss per capita exceeds any other industry — a whopping $14B was stolen last year alone, twice as much as the $7B in direct losses from all non-crypto cybercrime. What’s more, one in ten dApps that people interact with are malicious, so savvy, crypto-native users also fall prey to bad actors. Threats don’t just come from your average attacker, there are nation states who actively steal user funds to generate a significant portion of their GDP. How are everyday users of web3 supposed to navigate such an adversarial and uncertain environment? For web3 to reach its potential, it needs to be easier to use and harder to get scammed. Blockaid solves the existential usability issue by providing the security tools needed for web3 builders. #### Our secret is the team Our team knows what it takes to build software to defend national security in the most adversarial environments. I met my co-founder Raz Niv during our military service in Israel’s cyber intelligence where we worked to defend national security against nation state actors. Raz earned a bachelor's degree in applied mathematics at the age of 17, a profile that’s all-too-common in Unit 8200. During his service he led a team to find vulnerabilities in low level operating systems. My experience in Cyber Intelligence was similar, rising to lead a team of engineers focused on vulnerabilities in widely used applications. We even won the Israel Defense Prize, an annual award that goes to a team for the successful application of a technical achievement. After over six years of managing teams and cyber operations, we founded Blockaid, hiring out a team of 20+ of the best security engineers Israeli cyber intelligence has to offer. #### Unmatched product quality Thanks to our stellar team, our product quality is unmatched. Our unique architecture ingests vast amounts of data collected from scanning, simulating, and validating dApps and transactions across the web. The more transactions and dApps Blockaid sees, the more our models improve. With customers like MetaMask, OpenSea, Rainbow, and Zerion — Blockaid already protects more transactions than any other provider, accelerating a flywheel that improves the product with each transaction.Over the past 6 months we’ve scanned over 450M transactions, prevented 1.2M malicious transactions, and secured over $500M of user funds that could have been compromised. So when we first saw reports of the Vitalik Twitter Hack, we immediately investigated our data. Sure enough, our system found the malicious dApp over 24 hours prior to the tweet going live. What’s more is that of the users who were scammed into connecting their wallets, every single user that was on a wallet where Blockaid was enabled was prevented from signing the transaction. That’s the power of proactive detection for our customers. #### The Future To unlock the next phase of innovation, we believe that every transaction will need to be scanned and secured. We believe that users shouldn’t have to know they’re interacting with crypto. We believe that web3 should just work, and work securely. We’re not alone in believing that Blockaid is the solution. Today we’re proud to share that we’re emerging from stealth with $33m in funding from a syndicate of some of the world’s greatest investors in Fintech, Cybersecurity, and web3 — [Ribbit](https://ribbitcap.com/), [Variant](https://variant.fund/), [Cyberstarts](https://cyberstarts.com/), [Sequoia](https://www.sequoiacap.com/), and [Greylock](https://greylock.com/). Blockaid is the right team, at the right time, with the right investors to solve a problem that will propel this industry forward. With this funding we will continue to fuel our growth. We plan to scale our team, our product, and expand security to all companies in web3 who want to protect their users from fraud, phishing, and hacks. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Stellar Security Boost [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Today, we’re excited to announce that Blockaid’s security technology is coming to the [Stellar](https://stellar.org/) ecosystem. Security is non-negotiable when transferring value and in the world of smart contracts, and it’s critical to the success of the Stellar network. Blockaid—the onchain security platform trusted by other leading projects like Coinbase, Safe, Metamask, and more—will now protect user interfaces like Lobstr and Freighter and provide tools to monitor, detect, understand, and respond to onchain threats. Recently, we’ve completed phase one of the partnership and are excited to announce several powerful updates. ## What’s new? As Stellar transaction volume grows, so do the potential threats. To protect every transaction, Lobstr and Freighter wallets have been upgraded with more robust security features, including: ### Enhanced dApp protection Better detection of dangerous dApps thanks to Blockaid’s internet-wide dApp scanning that identifies malicious dApps the moment they come online. unknown node ### Malicious token protection As airdropped token scams grow, Lobstr and Freighter now include additional measures for detecting and warning users about the nature of airdrops in their wallets. ![stellar_malicious_tokens.png](https://blockaid.io/api/resourceContentImages/file/stellar_malicious_tokens.png) ### Real-time transaction security Both Lobstr and Freighter now run security checks on every transaction to determine onchain outcomes and whether transactions are dangerous or safe. unknown node There’s nothing you need to configure or change—these enhanced features are built right into both wallets and execute automatically with every transaction. ## Proven protection with Blockaid Blockaid is the web3 security platform trusted by Coinbase, Safe, Metamask, Core, and more to monitor and secure every onchain interaction. To date, Blockaid has scanned over 4.5 billion transactions, prevented more than 100 million attacks, and defended against potential losses exceeding $4 billion. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid's Onchain Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) The number of users and organizations moving onchain is increasing rapidly. DeFi usage is surging, and fintechs like Stripe and major institutions like J.P. Morgan, Fidelity, and UBS are scaling their blockchain initiatives. While the blockchain itself is secure, onchain applications and the users that interact with them are at risk. Both consumers and organizations face threats from nation-states and sophisticated actors from the day new projects launch. **While early blockchain security solutions focused on catching criminals, Blockaid was created to stop onchain crime at scale**—and the impact we’ve been able to drive in just over a year and a half since coming out of stealth is staggering. But there’s still more to be done. That’s why, today, I'm proud to announce that Blockaid has raised $50M in Series B funding led by Ribbit Capital, with participation from GV alongside our existing investors, including Variant and our first seed investor, Cyberstarts. This investment will help us scale to meet the surging demand for our security platform as we protect the largest companies operating onchain. ## Reducing crypto crime at scale When we founded Blockaid, we set out to build trust in blockchain technology by closing the massive security gaps that were being exploited to commit billions in fraud. Since coming out of stealth, we've: - Secured over $101 billion in assets - Prevented more than $5.3 billion in potential losses - Scanned over 2.4 billion transactions - Protected over 787 million dApp connections - Detected and blocked more than 71 million attacks See the full stats here: [stateofthechain.com](http://stateofthechain.com/) But what matters more than these numbers is what they represent: we've become the security infrastructure that makes onchain operations possible at scale—for crypto-native companies and the traditional institutions scaling their blockchain initiatives. We do this through our end-to-end onchain security platform that provides: - Direct wallet and dApp integrations for end-user protection - Real-time monitoring, detection, and response for smart contracts, infrastructure, and EOAs - Specialized fraud detection for complex scams - Institutional safeguards, including transaction cosigning ## Becoming the defacto onchain security platform Our team's background in cyber intelligence taught us that security isn't just about catching bad actors—it's about preventing attacks before they happen. We've built Blockaid with this principle at its core, creating the only end-to-end security platform that protects both internal teams and end users in real time. What sets us apart is our unmatched visibility from direct integrations with the most used web3 wallets, plus internet-wide monitoring that stops threats before they reach users. Not only does this give us the most comprehensive coverage of any security provider, but the more pre-transaction, onchain, offchain, and threat intelligence data our system sees, the more our models improve. This flywheel effect has made us the platform of choice for industry leaders like Coinbase, Kraken, MetaMask, Uniswap, World App, and Stellar—as well as traditional institutions and fintechs. ## The next phase of growth DeFi usage is exploding, and the first wave of crypto-native companies are doubling down on security to keep up with demand. In a [recent viral post on X](https://x.com/brian_armstrong/status/1883329603239899346), Coinbase’s CEO Brian Armstrong highlighted the need for exchanges to adopt scalable security approaches that enable them to move from an **allowlist model** to a **blocklist model** where everything is tradeable unless flagged as a scam. Beyond that, the second half of 2024 saw $8.5 trillion in stablecoin transaction volume across 1.1 billion transactions. As major financial institutions like J.P. Morgan, Fidelity, and UBS scale their blockchain initiatives, the need for enterprise-grade security has never been greater. This investment will help us: - Expand our research capabilities to stay ahead of evolving threats - Scale our product and engineering teams to meet enterprise demand - Strengthen our go-to-market operations to grow with current customers and support new types of customers with different needs ## An exciting future ahead for Blockaid When we started Blockaid, we knew that for blockchain technology to reach its potential, it needed a robust approach to cybersecurity. Today, we're not just working toward that vision—we're making it a reality at an unprecedented scale. The trust placed in us by the largest companies operating onchain validates our approach and fuels our mission. With this new funding, we'll continue to advance our capabilities and expand our reach, ensuring that every onchain interaction is secure by default. Thank you to our team, investors, and, most importantly, our customers who make this possible. The future of blockchain technology w _ill be built on trust, and we're proud to be laying that foundation._ ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Preventing Crypto Hacks [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) On February 21, 2025, Bybit fell victim to one of the largest crypto heists in history, losing approximately $1.5 billion in Ethereum. This incident wasn’t just another hack—it was a stark reminder of the vulnerabilities associated with cold multisig wallets and the risks of blind signing. The exploit mirrored previous attacks on platforms like WazirX and Radiant Capital, showcasing a repeating pattern in the crypto space. But here’s the kicker: this could have been prevented. ### **Understanding the attack: The mechanics behind the Bybit breach** The Bybit hack was not a simple breach; it was a meticulously planned exploitation of blind signing within a cold multisig wallet system. Let’s break down how it happened and why it was so effective. #### **1\. The setup: Multisig wallets and cold storage** Bybit utilized a multisig cold wallet for storing Ethereum assets. In a multisig setup, multiple private keys are required to authorize a transaction, enhancing security by distributing approval authority across several parties. Cold wallets, being offline, are presumed to offer an additional layer of protection against online threats. However, this incident demonstrated that cold storage alone is not foolproof. #### **2\. The exploit: Manipulating the signing interface** On February 21, 2025, during a routine transfer from Bybit's multisig cold wallet to a warm (semi-online) wallet, attackers executed a sophisticated exploit: - **Deployment of malicious contract**: The attackers introduced a malicious implementation contract that intercepted the transaction process. - **Interface manipulation**: Having compromised the computers used by Bybit employees, the attackers were able to manipulate the signing interface presented to the wallet signers. The interface displayed legitimate transaction details, including the correct destination address and URL, deceiving the signers into believing they were authorizing a routine transfer. - **Blind signing exploitation**: Due to the rogue interface, signers authorized the transaction without detecting the underlying malicious code. This practice, known as blind signing, occurs when signers approve transactions without fully verifying their content. The brilliance of this exploit lay in its subtlety: the attackers didn’t need to steal private keys—they simply deceived authorized signers into approving the fraudulent transaction. #### **3\. The outcome: unauthorized transfer of funds** Once the transaction received the necessary approvals, the malicious contract altered the smart contract logic, redirecting the funds to an address controlled by the attackers. In total, approximately 401,347 ETH were siphoned off, amounting to an estimated $1.4 billion. ## This is starting to look familiar: A replay of previous exploits This incident bears resemblance to prior attacks on platforms like WazirX and Radiant Capital, where blind signing vulnerabilities were similarly exploited: - **WazirX incident**: Attackers manipulated the transaction interface, causing operators to authorize malicious transactions unknowingly. - **Radiant Capital breach**: Malware altered transaction data, leading signers to approve unauthorized transfers. In both cases, as with Bybit, the exploitation of blind signing allowed attackers to bypass security measures, emphasizing the critical need for enhanced verification processes in transaction authorizations. The uncomfortable truth is that using a multisig wallet is not enough to defend against nation state attackers. As Bybit and Radiant learned the hard way, multisigs have a fundamental flaw: they rely on trust that signers will always verify transactions accurately. In reality, blind signing exploits this trust, making it dangerously easy for attackers to bypass even the most robust multisig setups. The Radiant hack is a perfect example: - Radiant relied on an 11-signer multisig wallet but required only 3 signatures for execution. - Attackers compromised 3 signers and transferred ownership of the lending pools to malicious contracts. - Despite a seemingly secure multisig configuration, the absence of intelligent transaction validation allowed the attack to succeed. ### **The core issue: The gap between signing interface and actual signing** Blind signing attacks exploit a fundamental gap in the multisig process: the **disconnect between the signing interface and the actual signing action**. The crux of the problem is that signers are not verifying **what** they are signing—they are merely verifying **that** they are signing. They think they know what they are signing - but since the interface they see can be compromised, they can’t know for sure. This gap is precisely what the attackers exploited in Bybit and Radiant hacks. They manipulated the visible transaction details while the underlying malicious logic went unnoticed. This is why multisig wallets, on their own, are not enough against sophisticated attacks. ### **How Blockaid solves this: Security inside the signing process** Blockaid addresses this fundamental flaw by **bringing security directly into the signing process**. ![image (21).png](https://blockaid.io/api/resourceContentImages/file/image%20(21).png) Instead of relying on verifying the transaction on the user’s side, where it can be manipulated, we move the validation login onto the signing environment - by adding Blockaid as a transaction co-signer - instead of just adding more compromisable individuals into the process, Blockaid can act as an intelligent guardian that actively participates in the signing process. - **Active participation in authorization**: Blockaid acts as an intelligent co-signer in your Gnosis Safe or multisig wallet, adding an extra layer of verification. It doesn’t just check for signatures; it checks the transaction itself, validating every detail before granting approval. - **Dynamic decision making**: The Co-signer doesn’t blindly approve a transaction based on consensus alone. It assesses the transaction’s impact on the wallet’s state, ensuring that no malicious changes can occur behind the scenes. - **Automated threat prevention**: If Blockaid’s Co-signer detects a suspicious request, the transaction is automatically rejected—even if all required multisig approvals are present. This stops blind signing attacks in their tracks. ### **Why this matters: The future of secure transactions** Blockaid’s Co-Signer solves the fundamental problem that allowed the Bybit hack to occur: the disconnect between the signing interface and the actual transaction logic. By validating not just the signatures but also the transaction’s outcome, Blockaid ensures that signers are authorizing exactly what they see—nothing more, nothing less. This approach closes the blind signing loophole and provides a level of security that traditional multisig wallets simply cannot match. ## Conclusion: Don’t let history repeat itself The Bybit incident is a wake-up call for the entire Web3 ecosystem. It exposed a critical flaw in multisig wallet security and highlighted the urgent need for robust transaction integrity validation. Relying on traditional multisig security isn’t enough. As attack vectors become more sophisticated, proactive security measures are essential. Blockaid’s range of solutions for blind signing - from [Transaction Verification](https://www.blockaid.io/blog/transaction-verification-a-solution-to-blind-signing-in-hardware-wallets) to Co-Signer - provide the multi-layered security infrastructure needed to prevent these types of attacks. By ensuring end-to-end transaction integrity and offering real-time threat detection and response, Blockaid empowers organizations to stay one step ahead of any type of threat - onchain, and offchain. ### Next steps: Secure your digital assets with Blockaid Don’t wait for the next incident. [Request a Demo](https://blocka.id/demo) today to learn how Blockaid can fortify your organization’s security posture and prevent the next big exploit. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Bybit Hack Explained [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) The recent Bybit $1.5B hack has captured widespread attention across the blockchain security landscape. While most discussions have emphasized the importance of not blindly signing transactions, few have explored the technical mechanics behind this sophisticated attack. Here’s how it happened. ## Understanding the foundation: Smart contract proxies Before diving into the attack itself, it's crucial to understand that Bybit's cold wallet used a proxy contract architecture - a common pattern in blockchain development. In this setup: - The main contract (proxy) delegates calls to an implementation contract - The implementation contract's address is stored in a specific storage slot (slot 0) - This address, known as the `masterCopy`, determines which code actually executes when the wallet is used Think of it like a mail forwarding service: the proxy is your permanent address, but it forwards all "mail" (transactions) to wherever you currently live (the implementation contract). If someone can change your forwarding address without permission, they can redirect your mail wherever they want. ## The attack sequence: A step-by-step breakdown ### 1\. The initial transaction The attack began with what appeared to be a routine transaction: an `execTransaction` call from Bybit's Safe multisig wallet. However, this transaction contained the seeds of the exploit: `// Simplified representation of the critical storage change` `Storage[0] = 0xbdd077f651ebe7f7b3ce16fe5f2b025be2969516 // Malicious contract` `// Previously: 0x34cfac646f301356faa8b21e94227e3583fe3f5f // Legitimate GnosisSafe` ![bybit-initial-transaction-storage-change.png](https://blockaid.io/api/media/file/bybit-initial-transaction-storage-change.png) ### 2\. The proxy manipulation The attackers exploited the proxy architecture by: - Creating a malicious implementation contract - Using a specially crafted transaction to update the `masterCopy` pointer - Replacing the legitimate GnosisSafe implementation with their malicious version ![bybit-proxy-manipulation.png](https://blockaid.io/api/media/file/bybit-proxy-manipulation.png) This change was like replacing the entire security system of a vault while maintaining the same external appearance. It effectively gave the attackers control over all future wallet operations. ![bybit-cold-wallet-proxy-upgrade.png](https://blockaid.io/api/media/file/bybit-cold-wallet-proxy-upgrade.png) ### 3\. The spoofing contract The attackers deployed what we'll call a "Spoofing Contract" at `0x96221423681A6d52E184D440a8eFCEbB105C7242`. This contract included a deceptively simple `Transfer` function that served one purpose: modifying storage slot 0. ![bybit-spoofing-contract-transfer.png](https://blockaid.io/api/media/file/bybit-spoofing-contract-transfer.png) ### 4\. The delegatecall exploit A crucial detail of the attack was the use of `delegatecall` to set the `Operation` parameter to `1` in the `execTransaction` function. This parameter accepts an enum that dictates whether the transaction is executed as a call or a `delegatecall`. ![bybit-delegatecall-enum.png](https://blockaid.io/api/media/file/bybit-delegatecall-enum.png) Doing this ensured their code would execute in the context of the target contract, allowing them to modify its storage directly. ![bybit-delegatecall-implications.png](https://blockaid.io/api/media/file/bybit-delegatecall-implications.png) ### 5\. The asset drain The final stage utilized a "Draining Contract" with two straightforward but devastating functions. The first function, `sweepETH(address receiver)`, performs two essential actions: 1. It verifies that the caller is a specific, authorized address, failing otherwise. 2. It transfers all ETH held by the contract to the designated `receiver`. ![bybit-asset-drain-sweepETH.png](https://blockaid.io/api/media/file/bybit-asset-drain-sweepETH.png) `sweepERC20(address token, address to)`, operates in a similar manner: 1. It verifies that the caller is a specific, authorized address and fails if not. 2. It transfers all tokens of the specified `token` type held by the contract to the provided `to` address. ![bybit-sweeperc20-function.png](https://blockaid.io/api/media/file/bybit-sweeperc20-function.png) After performing the proxy switch, the attacker called the `sweepETH` and `sweepERC20` functions alternatively to fully drain the Bybit Cold Wallet. ![bybit-cold-wallet-being-drained.png](https://blockaid.io/api/media/file/bybit-cold-wallet-being-drained.png) ## Key lessons for blockchain security This incident highlights several critical security considerations: ### Smart contract architecture risks Proxy patterns, while powerful, introduce additional attack vectors. Teams must implement robust access controls and verification mechanisms for implementation updates. ### Transaction verification importance The attack succeeded because a transaction was signed without a full understanding of its implications. Teams handling large assets should: - Implement multi-layer verification processes - Use simulation tools to preview transaction outcomes - Have dedicated security teams review high-value operations - Add a final check like [Blockaid’s Cosigner](https://blockaid.io/cosigner) module that blocks malicious transactions even when devices have been compromised ### Storage slot manipulation detection Onchain security systems (like [Blockaid](https://www.blockaid.io/platform)) should be configured to specifically watch for: - Changes to critical storage slots - Unusual delegate calls - Sudden implementation changes in proxy contracts ## Building better security practices As the blockchain ecosystem continues to mature, preventing such attacks requires: 1. Enhanced transaction review processes 2. Better tooling for contract interaction analysis 3. Improved security monitoring systems 4. Regular security audits and penetration testing Organizations handling significant digital assets must treat security as a core operational requirement, not an afterthought. This incident serves as a stark reminder that in blockchain technology, a single transaction can have massive implications. ## Looking forward The Bybit hack joins a concerning pattern of similar attacks against major cryptocurrency platforms. As the industry evolves, implementing robust security measures becomes increasingly critical for both established players and emerging projects. For technical teams, this incident provides valuable insights into the importance of: - Understanding smart contract architecture patterns - Implementing comprehensive security monitoring - Developing thorough transaction review processes - Maintaining up-to-date security practices By learning from these incidents and implementing proper security measures, the blockchain industry can work toward building more resilient systems that better protect user assets. ## Validate every transaction and never sign blindly again with Blockaid $2B has been lost to blind signing. Blockaid’s Cosigner provides an automated security check to prevent losses, even when devices have been compromised. [Learn more](https://blockaid.io/cosigner). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Sui and Blockaid Partnership [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) [Sui Foundation](https://sui.io/about) is the organization supporting the growth and proliferation behind Sui - the only blockchain built for mass adoption that is shaping the future of the internet by building critical, decentralized infrastructure. [Sui](https://sui.io/) has processed 8 billion transactions and onboarded 40 million accounts since it went live. In addition to providing unrivaled speed and low, predictable fees, Sui has always had a strong security backbone. As part of ongoing security efforts, Sui Foundation is partnering with Blockaid to provide enhanced ecosystem security and user protection on Sui. The partnership will bring Blockaid’s industry-leading end-user protection to Sui wallets and provide additional capabilities to detect and respond to smart contract exploits, emerging offchain threats, and operational faults on Sui. The Sui Foundation’s security team will also be augmented by additional threat intelligence research to track threat actors targeting its ecosystem, delivering insights to stop threats before they strike. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Transaction Security Integration [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ‍ [_Originally posted on Privy_](https://privy.io/blog/transaction-scanning) ### **Smarter signatures, safer users** **Privy now supports transaction scanning for global wallets in partnership with Blockaid** Traditional wallets shine in enforcing user consent for every transaction, but this also creates habits in users, to approve transactions even when they are not what they seem. The very interoperability that makes interoperable wallets so powerful in enabling seamless connections across apps also creates risk for the user as they can be prompted to sign transactions in sometimes unfamiliar or untrusted environments. For the most part, embedded wallets are safe from this threat in being tied to a given product and domain—reducing the risks that come with signing in unfamiliar contexts. Privy’s global wallets make your embedded wallet more easily accessible anywhere, so chosen developers can integrate them into their app. This huge boon to composability also creates risk for the user. Today, we bring transaction simulation in Privy to GA, after working on it with select customers. We’ve partnered with [**Blockaid**](https://www.blockaid.io/)—the powerful onchain security toolkit trusted by MetaMask, Coinbase, Uniswap, and more—to enable transaction scanning for every global wallet transaction. Blockaid simulates billions of transactions in real time to detect and block malicious activity before it happens. Integrated directly into Privy’s Global Wallets, this means your users are warned of any suspicious transaction before approving it, to reduce the likelihood of unwitting compromise. ![Scanningblog.webp](https://blockaid.io/api/resourceContentImages/file/Scanningblog.webp) ### **What is transaction scanning?** Transaction scanning helps prevent users from unknowingly signing malicious transactions. With Blockaid’s API, Privy can surface whether a transaction is safe, suspicious, or malicious—before the wallet signature is generated. The integration uses two key components: **transaction simulation** and **transaction validation**. **Simulation** reveals what a transaction will do before it’s signed. Users see exactly which tokens are moving in or out of their wallet, and the USD value involved—giving them a clearer picture of what they’re about to approve. **Validation** checks the transaction against a set of security heuristics and known malicious addresses. Based on the simulation results and threat signals, it categorizes the transaction and flags if anything looks off. The result: users get clear, actionable signals. If something looks suspicious, they are warned and must override settings to proceed: **friction where it matters**. ### **Live today on Abstract** We’ve launched transaction scanning support on the [Abstract](https://privy.io/blog/Abstract-Global-Wallet) network, giving all Abstract global wallet users an added layer of security. If you’re using Privy’s global wallets, transaction scanning is a great next step to introduce to your ecosystem if you want to make it as safe as possible to users. Head over to our [docs](https://docs.privy.io/wallets/global-wallets/launch-your-wallet#transaction-scanning) to learn how to enable transaction scanning for your global wallet. ### **About Privy** ​Founded in 2021, Privy is a New York-based Web3 infrastructure company that simplifies the integration of blockchain technology into applications through a user-friendly API. Privy offers a comprehensive suite of tools, including seamless user onboarding via email, SMS, social logins, and wallet connections, as well as embedded wallet solutions compatible with EVM, Solana, and Bitcoin networks. Privy's robust infrastructure has powered over 50 million accounts across more than 800 teams, securing billions in transaction volume. The company's mission is to make blockchain accessible to all users by providing scalable, flexible, and secure wallet infrastructure that enhances user experience and accelerates the adoption of decentralized technologies. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Cosigner: Secure Your Multisig [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Some of the largest exploits in crypto had one thing in common: **blind signing**. The Bybit breach in February 2025? Over $1.5 billion lost due to a compromised frontend that manipulated transaction details. WazirX? Compromised keys and blind-signed transactions drained $235 million. Radiant Capital? A spoofed browser extension tricked users into signing transactions that handed control to attackers. These weren’t failures of code. They were failures of visibility where signers couldn’t see what they were approving. **That’s what makes blind signing so dangerous.** ## **The problem: blind signing creates a dangerous gap between intent and execution** Blind signing is when a transaction is approved without the signer seeing or understanding what it actually does. This usually happens when: - The UI displays misleading transaction data (can happen if the frontend had been compromised) - The signer doesn’t have the technical ability to decode raw calldata - A wallet or extension is spoofed to hide malicious logic - The transaction uses a novel approval mechanism that bypasses traditional heuristics - An internal actor (malicious or simply negligent) pushes a transaction without proper scrutiny What makes this problem so pervasive is that it exploits human trust in interfaces. Even if your transaction appears benign, the data being signed could upgrade a contract, reassign ownership, or drain a treasury. In most cases, by the time a signature is issued, **there’s no going back.** That signature is the last and only line of defense. And when humans are the last line of defense, that line needs to be bulletproof. This is why we built Cosigner. ## **Introducing Cosigner: a policy-enforcing, security-aware signer** **Blockaid Cosigner** is an onchain security layer that integrates directly into your multisig wallet. It acts as an additional, automated signer - one that only approves transactions after they’ve passed a real-time security validation powered by Blockaid’s threat engine and your organization’s custom policies. Cosigner works alongside your existing human signers, but unlike them, it doesn’t rely on what the frontend displays. It inspects the raw transaction data, simulates its execution, and verifies exactly what will happen _before_ a signature is applied. ![arch-1.png](https://blockaid.io/api/resourceContentImages/file/arch-1.png) Cosigner functions as a fully native signer within a multisig wallet. It requires no custom wallet software or offchain execution environment and can be configured to be either optional or mandatory in your signing policy. Here’s how it operates: 1. A transaction is submitted to your multisig wallet. 2. Cosigner receives the transaction and simulates its execution offchain using Blockaid’s real-time validation engine. 3. Blockaid evaluates the transaction through multiple layers of analysis: - Static and dynamic code analysis to evaluate smart contract behavior - Behavioral simulation to detect malicious intent - Heuristic and pattern recognition based on Blockaid’s threat intelligence network - Custom rule sets tailored to your org’s specific risk profile and operational policies 5. If the transaction is safe, Cosigner adds its signature. Since it acts as one signer in the multisig, approval still requires quorum from the rest of the designated signers. 6. If the transaction is malicious or does not meet your organizational policies, Cosigner blocks execution by withholding its signature. Approval can only continue if an authorized override signer manually intervenes. This setup introduces a trustless enforcement mechanism that: - Operates independently from human signers - Detects any malicious behavior, not just known threats - Maintains your team’s control while enforcing strong transaction hygiene In essence, Cosigner gives organizations the ability to programmatically enforce transaction security policies - without slowing down workflows or compromising operational flexibility. ## Want to see Cosigner in action? Learn how your team can eliminate blind signing and transact with confidence. Book a Demo ## **How Cosigner works under the hood** While Cosigner appears as a single signer in your multisig wallet, it’s implemented as its own Safe-compatible wallet with a **1-of-2 threshold configuration**. Internally, the Cosigner Safe has two signers: - **Blockaid Signer**: Managed by Blockaid. It signs only after a transaction is validated through simulation and threat analysis. - **Override Signer**: Managed by the organization. It allows manual approvals for transactions flagged by Cosigner, maintaining operational flexibility. ![cosigner_arch.png](https://blockaid.io/api/resourceContentImages/file/cosigner_arch.png) This separation of control ensures that: - Blockaid cannot sign unvalidated transactions. - The organization cannot bypass Cosigner without explicitly using the override path. - Neither party has unilateral control over execution. This design eliminates the single point of failure common in other security tools. ## **What Cosigner protects against** Cosigner provides a hard enforcement layer for the exact risks that standard multisig setups can’t catch: | | | | --- | --- | | Threat | How Cosigner mitigates it | | Blind signing | Simulates the transaction to see its true effects before signing. | | Compromised UIs | Ignores what the frontend shows and evaluates the raw calldata. | | Compromised signers | Blocks execution unless the transaction passes validation. | | Insider Threat | Prevents malicious or negligent actions from internal signers by enforcing policy-level checks. | Importantly, Cosigner operates entirely within the onchain model. There’s no proprietary execution environment or offchain dependency for enforcement. Transactions can only be approved if they’re both valid _and_ explicitly allowed by policy. ## **Why organizations are deploying Cosigner** For security teams, the priority is enforcement. For operations, it's continuity and speed. Cosigner was built to satisfy both - delivering strict policy-level protection without slowing down workflows. Here’s why protocols, fintechs, exchanges, asset managers, treasuries, custodians, and DAOs that manage high-value assets are adopting Cosigner: ### Seamless integration with existing wallet infrastructure Cosigner plugs directly into standard multisig setups like Safe, Fireblocks and Squads. It behaves just like any other signer - no new tools to learn, no new transaction formats, and no custom infrastructure required. ### Minimal disruption to legitimate workflows Security shouldn’t slow teams down. Cosigner evaluates transactions in milliseconds, approving safe actions automatically. Teams can continue submitting and approving transactions as they always have - Cosigner only intervenes when a threat is detected. ### Customizable security rules based on your needs Every organization operates differently. Cosigner allows you to define your own security and compliance policies - such as requiring additional scrutiny for treasury transfers, unknown contracts, or high-value transactions. These rules are enforced automatically, on every transaction. ### Continuous protection as threats evolve Cosigner is powered by Blockaid’s real-time detection engine, which constantly ingests new threat intelligence across chains and ecosystems. As attackers adapt, so does your protection - without any manual updates or rule tuning required. ## **Security at the execution layer is no longer optional** The reality is that **most onchain attacks today succeed not because security tools failed, but because they were never in the right place to begin with.** ![Blockaid-cosign2.png](https://blockaid.io/api/resourceContentImages/file/Blockaid-cosign2.png) Cosigner brings enforcement to where it matters most: the signature. It’s not just about preventing hacks. It’s about creating a system where **malicious transactions simply cannot be executed**, even if all human signers are compromised. As threat actors grow more sophisticated and continue to target treasuries and signers, Cosigner isn’t just helpful - it’s a necessary final safeguard standing between critical assets and catastrophic loss. ## Want to see Cosigner in action? Learn how your team can eliminate blind signing and transact with confidence. Book a Demo #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Composability Attack Overview [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) On April 24, 2025, Blockaid’s real-time exploit detection systems flagged suspicious activity involving the Zora claim contract and the 0x Settler contract. Initial indicators suggested an active exploit: unexpected value movement, attacker-controlled addresses, and non-standard contract calls. ![composability_1.jpg](https://blockaid.io/api/resourceContentImages/file/composability_1.jpg) However, technical analysis quickly confirmed otherwise. No contracts were compromised, neither ZORA’s nor 0x's. Zora’s airdrop process assigned $ZORA tokens to 0x Settler, a permissionless contract designed to execute arbitrary transactions. The attacker used this behavior to claim the allocation and swap it for ETH, extracting $128,000 in assets. This case underscores a fundamental reality of the onchain world: in a fully permissionless environment, failure to anticipate composable behaviors can be just as costly as traditional exploits. In fact, this is a new class of onchain risk, a **Composability Attack.** In this attack type, independent, secure components combine in unexpected ways to create exploitable conditions. Blockaid’s early detection of the incident ensured immediate visibility into the event, reinforcing the critical role proactive security infrastructure plays in safeguarding the onchain ecosystem. ## Understanding Composability Attacks A **Composability Attack** occurs when two or more independently secure systems interact in an unexpected way that creates an exploitable condition, without requiring any vulnerabilities in the systems themselves. Unlike traditional exploits, which target bugs or permission errors in contract code, a Composability Attack exploits **the emergent behavior** of permissionless, composable smart contract systems. In this incident, all contracts involved behaved exactly as intended. The attack that took place was only made possible because of how these systems interacted in relation to one another. In permissionless environments, **composability risks** are just as real and just as dangerous as traditional code-level vulnerabilities. Blockaid’s detection surfaced this attack path in real time, demonstrating yet again the advantages of real-time monitoring over static analysis and contract audits, as it enables teams to monitor not just contracts, but **how these contracts compose** across different onchain interactions. ## Technical analysis This incident stems from an unexpected interaction between two components: Zora’s airdrop claim mechanism and the 0x Settler contract. Understanding how each system works independently and how their combination created an attack path is key to understanding the event. ### Zora’s claim mechanism Zora’s airdrop system allowed eligible addresses to claim $ZORA tokens using a claim contract. Through the `claim(address _claimTo)` function, recipients could trigger a transfer of their allocated tokens to any specified destination. ![zora_claim_to.png](https://blockaid.io/api/resourceContentImages/file/zora_claim_to.png) A critical point is that this design made no distinction between externally owned accounts (EOAs) and smart contracts. If an address was listed as eligible, it could claim tokens, whether it was a user-controlled wallet or a deployed contract. Importantly, this was **not** a design flaw. As Zora’s **tyson** [explained](https://x.com/tbtstl/status/1915446907029070301), many eligible users rely on smart wallets, DAOs, and multisigs, all implemented as smart contracts. Filtering out contract addresses would have excluded a significant portion of real users. ![tysom_smart_accounts.png](https://blockaid.io/api/resourceContentImages/file/tysom_smart_accounts.png) ### 0x Settler contract design One of these smart contracts was the 0x Settler. The [0x Settler contract](https://0x.org/docs/developer-resources/core-concepts/contracts#0x-settler-contracts) is the core execution layer of [0x](https://0x.org/). It’s a contract that dynamically updates based on the latest deployments, and it allows 0x users to handle swaps without requiring passive token allowances. However, the Settler itself is **permissionless** in who can call it. Anyone can send `calldata` to the Settler’s `execute` entry point, instructing it to forward an arbitrary call to a specified target contract. Critically: - Settler does **not** enforce strict ownership checks. - It forwards `calldata` exactly as provided, without additional validation. While this design enables flexible decentralized swaps, it also means that if the Settler itself is the recipient of assets, like an airdrop, _anyone_ can trigger interactions on its behalf. This concept is explicitly mentioned in 0x’s documentation about Settler: ![setller_allowance.png](https://blockaid.io/api/resourceContentImages/file/setller_allowance.png) ### How the components combined to create an attack path Given the mechanics of both systems, the allocation of tokens to the 0x Settler contract created an unexpected vulnerability. Although Zora intended to allocate tokens to the 0x ecosystem, they mistakenly assigned them to a permissionless contract (the 0x Settler) where anyone could initiate actions on its behalf. This oversight allowed anyone who understood the interaction to claim the tokens originally meant for 0x. Technically, the exploit path was simple: - Call `execute()` on the Settler. - Instruct it to invoke Zora’s `claim()` function. - Redirect the allocated tokens to their own wallet (using `address _claimTo`). Again, each system individually behaved exactly as intended. The failure came from **the emergent behavior between two permissionless components**, a **Composability Attack**, representing a vulnerability born entirely from the way the two systems interacted. ### How the exploit happened in practice On April 24, 2025, the attacker executed the following sequence: **Step 1: Fund an Address -** The attacker funded a newly created address on Base with enough ETH to cover transaction fees. [View funding transaction →](https://basescan.org/tx/0x2b8d34af1161708dee4b1edbbc33e176148d0bbb8bb237c7167ab8d357334809) **Step 2: Construct a Malicious** `execute()` **Call -** They built calldata instructing the Settler to call the Zora claim contract’s `claim(attacker_address)` function. **Step 3: Trigger the Call via Settler -** By invoking `execute()`, the attacker forwarded the malicious calldata to Zora’s contract. Because the Settler was the eligible recipient, the claim succeeded, transferring 5,500,777 ZORA tokens. [View exploit transaction →](https://basescan.org/tx/0xf71a96fe83f4c182da0c3011a0541713e966a186a5157fd37ec825a9a99deda6) **Step 4: Swap and Bridge the Proceeds -** The attacker immediately swapped the stolen $ZORA tokens for ETH and bridged the funds off Base via the Across Protocol. [View bridge transaction →](https://basescan.org/tx/0xb3e18b1a591ded9fdbf3e1456df7af45c5d32e57a980e9f91cf9effd9eb66d16) #### **Full Incident Timeline** | | | | | --- | --- | --- | | Time (UTC) | Event Description | Link | | Apr 23, 2025 05:40:11 | Zora allocates $ZORA tokens to the 0x Settler contract. | [Transaction](https://basescan.org/tx/0xba499a75765e06cdb49c3ca1714dc5af6cac23fa7c805004867dd4a32da1e2e0) | | Apr 24, 2025 13:23:13 | The attacker funds their address with ETH to prepare for the exploit. | [Transaction](https://basescan.org/tx/0x2b8d34af1161708dee4b1edbbc33e176148d0bbb8bb237c7167ab8d357334809) | | Apr 24, 2025 13:32:03 | The attacker uses the 0x Settler to claim $ZORA tokens and redirect them to their own wallet. | [Transaction](https://basescan.org/tx/0xf71a96fe83f4c182da0c3011a0541713e966a186a5157fd37ec825a9a99deda6) | | Apr 24, 2025 13:32:10 | Blockaid’s real-time detection systems flag the anomalous transaction. | [(Demo available upon request)](https://blocka.id/demo) | | Apr 24, 2025 13:37:39 | The attacker bridges approximately 66.7 ETH off Base via Across Protocol. | [Transaction](https://basescan.org/tx/0xb3e18b1a591ded9fdbf3e1456df7af45c5d32e57a980e9f91cf9effd9eb66d16) | ## Lessons Learned and Takeaways The Zora / 0x incident highlights a critical truth about building in permissionless environments: **Security does not end at contract audits. It extends to every assumption made about how systems interact.** Several key lessons emerge from this event: #### **Allocation processes should verify recipient behavior** It is not enough to check if an address is valid. Protocols should verify that airdrop recipients are capable of securely holding and managing allocations, especially when smart contracts are involved. #### **Composability introduces invisible attack surfaces** Each contract independently behaved correctly. It was their interaction, Zora’s open eligibility plus Settler’s arbitrary execution, that created an exploitable pathway that allowed a composability attack. This type of attack must be part of the threat model, and teams must proactively account for how third-party contracts could behave in adversarial scenarios. #### **Real-time monitoring is essential** Even without traditional vulnerabilities, emergent threats can move value rapidly across chains. Blockaid’s real-time exploit detection provided immediate visibility, enabling protocols and ecosystems to assess and respond before further damage could occur. ## Conclusion Ultimately, this incident underscores a key reality of onchain security: **In permissionless systems, mistakes in assumptions can be as dangerous as technical vulnerabilities.** The attacker did not compromise smart contracts; they compromised the expectation that an address would behave safely, without verifying what permissions and behaviors it exposed. This incident also highlights the power of real-time detection - the Blockaid Platform surfaced the anomaly within seconds, providing immediate clarity at a moment when traditional defenses would have seen nothing wrong. It’s rapid detection and response tools like this that make it possible to understand, contain, and respond to incidents like this and stop them before further losses occur. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing** \\ \\ April 14, 2025\\ \\ Operational Security](https://blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) ## Blockaid's Ledger Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) **Today, Ledger is launching a new feature called Transaction Check, representing an important step in hardware wallet security, leveraging the Blockaid Transaction Security Engine among other technology providers for unprecedented on-device transaction clarity.** Transaction Check brings something truly valuable: a way to check their transactions for known threats, in real time, before approving the transaction. When a user initiates an Ethereum transaction in Ledger Live, the user will be prompted to enable Transaction Check. The transaction is then first sent to trusted simulation providers for real-time analysis. **Blockaid helps power this process, simulating transactions, validating outcomes, and identifying threats in real time with sub-300ms latency.** Then, a cryptographically signed summary of the result is delivered directly to the Ledger device, where the user sees a clear warning or a green light, with a link to the full security report. ![Threats.png](https://blockaid.io/api/resourceContentImages/file/Threats.png) With Transaction Check, **Ledger users now benefit from the same real-time simulation technology already trusted by MetaMask, Coinbase, Backpack, Uniswap, and other leading wallets.** The result? Safer decisions, greater clarity, and far fewer chances to make irreversible mistakes. ## **The problem: attackers exploit the gap between signing interfaces and hardware wallets** There’s a built-in assumption in most signing flows: that the transaction you review in your wallet app or on your phone or desktop is the same one that gets signed on your hardware device. But that assumption is fragile. In a typical flow, users see transaction details in the signing interface - a browser extension or a mobile app. Then, the transaction is sent to the hardware wallet for approval. **However, this flow introduces a critical gap - which is being exploited by attackers.** In incidents like Bybit, WazirX, and Radiant, attackers manipulated transaction data **in transit**, replacing the user’s intended action with malicious logic, without changing what was shown on-screen. Users were left with no way to detect the switch until it was too late. **This issue is what’s known as blind signing, and it’s become one of the most dangerous vulnerabilities in the Web3 signing stack.** Blockaid had already built [Cosigner](https://www.blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) to help organizations eliminate this risk in multisig and contract-level approvals. Now, our commitment to closing the blind signing gap is extending to everyday users through a new collaboration with Ledger. ## **Meet Transaction Check: Verifiable security, built into the signing flow** Transaction Check is a new feature available for Ledger users that aims to reduce the risks of blind signing, directly addressing the gap between the signing interface and Ledger’s hardware wallets. When a user is about to sign an Ethereum transaction in Ledger Live, the transaction is first **simulated and validated by security providers like Blockaid**, using the same technology already trusted by platforms like MetaMask, Coinbase, and 1inch. Our engine simulates the transaction, validates its outcomes, and identifies known threats in real time, **with unmatched precision and sub-300ms latency**. Then, a **cryptographically signed summary of that result**, specifically the warning or risk information, is sent directly to the user’s Ledger hardware wallet. This is the same approach introduced in the Blockaid [Transaction Verification Whitepaper](https://www.blockaid.io/blog/transaction-verification-a-solution-to-blind-signing-in-hardware-wallets). On-device, the user sees a clear message: - **If it’s flagged as a Critical Threat**, the transaction likely involves a scam, malicious contract, or stolen funds. - **If it’s a Potential Risk**, there may be suspicious components, such as interacting with a questionable dApp or sending assets to an unknown address. **This is real-time, verifiable insight delivered to the one place users can trust most: their Ledger device.** There’s no longer a need to rely on frontend interfaces alone. Ledger now provides tamper-resistant confirmation of what’s being signed. And if a user wants more context, each alert includes a **link or QR code to a full simulation report**, showing exactly what the transaction would do and why it was flagged. ![malicious.png](https://blockaid.io/api/resourceContentImages/file/malicious.png) ## What it means for the ecosystem Transaction Check is more than just a product release, it’s a milestone for onchain security UX. What used to require manual hash comparisons is now embedded directly into the signing flow and presented in a way that any user, from DeFi-native to first-time wallet owner, can understand and act on. By leveraging transaction security technologies like Blockaid’s, Ledger offers a system that delivers enterprise-grade simulation, without ever compromising the simplicity that Ledger users expect. **Transaction Check’s launch reinforces how hardware-backed security needs to come with interface-level clarity.** This is a model for how the ecosystem moves forward: more transparency, more verification, fewer compromises. ![benign.png](https://blockaid.io/api/resourceContentImages/file/benign.png) ## Recap: Reducing blind signing risk, one layer at a time Transaction Check is a meaningful step forward in closing a critical gap in the transaction signing flow. It doesn’t eliminate blind signing entirely, but it significantly reduces the risk, by giving more control to hardware wallet users. For Blockaid, this initiative is part of a broader effort to address blind signing at every layer. With [Cosigner](https://www.blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing), we built infrastructure for organizations to apply policy-based controls at the signature level, making sure that even in complex multisig environments, no transaction is approved without validation. Now, with Ledger’s launch of **Transaction Check, powered in part by Blockaid**, we’re extending that same principle to the individual user: making sure the transaction they see is the one that gets signed. Blockaid is helping power the simulation and validation engine behind Transaction Check, using the same infrastructure already securing millions of users across MetaMask, Coinbase, and other platforms. The result: a cryptographically verifiable signal delivered straight to the hardware wallet, so users don’t have to rely on the interface alone. One more attack path closed. One more reason bad actors think twice. ## Try it today **Transaction Check is available today on Ledger Stax and Ledger Flex devices for Ethereum transactions in Ledger Live.** **Users can activate it by updating their Ledger Live app and Ledger OS.** ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing** \\ \\ April 14, 2025\\ \\ Operational Security](https://blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) ## EIP-7702 and Smart Wallets [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) EIP-7702 introduces a major shift in how externally owned accounts work. Instead of being limited to a single, direct call, EOAs can now behave like smart accounts for the duration of one transaction. That unlocks a range of new capabilities - session keys, gas sponsorship, batch execution - all without needing users to migrate to new wallets or upgrade their setup. It’s a big win for UX and developer flexibility. But it also introduces new complexity. The lines between simple signatures and programmable behavior are starting to blur. A single approval could now authorize a dynamic session. A dApp could initiate multiple calls under the hood. Wallets need to show users more than just an address and a gas estimate - they need to explain behavior. This is what makes 7702 both exciting and challenging. It opens the door to next-generation wallet design - but it also calls for next-generation security thinking. ## What It Takes to Build Securely with 7702 EIP-7702 unlocks a wave of new capabilities - but with them comes a sharp increase in complexity and responsibility. ![pecrta_live.png](https://blockaid.io/api/resourceContentImages/file/pecrta_live.png) Teams are now expected to implement smart wallet features _and_ manage the new risk landscape that comes with them. Both are nontrivial. ### **How to support new smart wallet features (without breaking UX)** EIP-7702 brings powerful new functionality to EOAs: - Batched execution via `wallet_sendCalls` - Session keys with scoped permissions - Gas sponsorship and flexible payment flows - Temporary smart wallet logic injected via `setCode` Supporting these features requires rethinking how wallets simulate and preview transactions, and how dApps construct session flows across different providers. For wallets, that means decoding and presenting complex behaviors clearly - without overwhelming users. For dApps, it means building session logic that behaves predictably, simulates accurately, and integrates cleanly across wallet types. These aren’t drop-in features. They touch architecture, UX, and trust - all at once. ### **Managing the New Risks Introduced by Programmable Sessions** With greater flexibility comes new surface area. A single signature can now do a lot more - and that creates room for subtle, high-impact risks. Examples include: - Session keys granting overly broad or long-lived access - `setCode` used to inject untrusted logic into EOAs - Sponsored flows hiding the true origin of a transaction - Complex batches mixing legitimate and malicious operations For teams, the challenge is knowing what’s safe, what needs to be flagged, and how to catch issues early - ideally before they hit production. EIP-7702 changes what a transaction _is_. That means wallets and dApps need a new model for understanding and validating behavior - not just calldata. ## Blockaid Helps Teams Navigate 7702 - Safely and Confidently While EIP-7702 introduces new primitives - like temporary smart contract logic and session keys - it doesn’t prescribe how to handle them safely. That part is left to teams building on top. To support that, Blockaid is providing full 7702 support from day one.Not as a promise - as working infrastructure teams are already using. Here’s what that includes: ### **Accurate simulation of 7702 flows** We’ve updated our simulation engine to support all new transaction types introduced by 7702 - including `setCode`, `wallet_sendCalls`, and session key usage. That means teams building wallets can show users exactly what a transaction will do, even if it includes sponsored gas, delegated permissions, or temporary contract deployments. This also applies to dApps. If you're constructing complex batched transactions or session flows, Blockaid helps you test and preview those transactions _before_ users run into errors or unexpected behavior. ![set_code_account.png](https://blockaid.io/api/resourceContentImages/file/set_code_account.png) The goal is simple: reduce failed transactions, prevent mispriced gas, and give users visibility into what they’re signing - no matter how complicated the underlying logic is. ### **Detection of new 7702-specific threats** EIP‑7702 also expands the scope of what a malicious transaction can look like. We’ve already integrated new heuristics and validation steps to catch risks unique to this model: - Malicious upgrade attacks - where attackers use 7702 to upgrade a wallet into a compromised contract - Session keys farming and attempt to manipulativly gain excessive scopes or durations - Hiding malicious behvaiours in complicated batch transactions - TOCTOU-style attacks that use 7702 features to bypass simulation engines Blockaid watches for these patterns in real time - at the moment of simulation or signing - and can block or flag transactions before they’re submitted onchain. ![malicious_upgrade.png](https://blockaid.io/api/resourceContentImages/file/malicious_upgrade.png) For teams, this means protection against behavior that slips through traditional static analysis or post-facto detection tools. ### **Dynamic classification of EOAs acting as smart accounts** 7702 allows any externally owned account (EOA) to temporarily act like a smart contract. That complicates assumptions many systems make about account behavior. Blockaid handles this by treating 7702-enabled EOAs as smart accounts during validation. If a transaction injects code with setCode, we classify it, scan the bytecode, and apply the same heuristics we would for any smart contract. This happens on the fly - without adding latency to the user experience - and ensures your system isn’t blindsided by code execution from an address it assumed was passive. | | | | | --- | --- | --- | | Use Case | What Blockaid provides | Why it matters | | Wallets | Simulation UI components, session key alerts, contract preview logic | Show users what they’re signing | | dApps and Interfaces | API for modeling 7702 flows, session scope previews, gas estimation | Monitor and audit user flow and provide pre-sign visibility to users | | Custodians & exchanges | Policy-based cosigner enforcement, session key rules | Teams don’t have to rely on manual reviews | | Chains & Ecosystems | Threat feed with 7702-specific exploits and live alerting | Allowing ecosystems to detect new threats early | This is not a separate product. It’s built into the same stack our customers already use. ## **Conclusion: How Blockaid helps team easily adopt 7702** EIP‑7702 is no longer theoretical. It’s in production. And for most teams, the hard part starts now: integrating new transaction types without introducing regressions, breaking UX, or opening up new attack paths. Supporting 7702 isn’t just about implementing a spec - It’s about rethinking how users understand transactions, how systems validate behavior, and how teams prevent mistakes that only show up once real users are involved. The Blockaid team has already spent months working through these challenges with leading wallets and platforms. **Not just on security - but on simulation, UX clarity, and system design.** If you're still deciding how to approach 7702 - or if you're already deep in implementation - [get in touch](https://blocka.id/demo) today to schedule a call with our engineers. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing** \\ \\ April 14, 2025\\ \\ Operational Security](https://blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) ## Secure Web3 Gaming [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ‍ [_Originally posted on Immutable_](https://www.immutable.com/blog/immutable-passport-integrates-blockaid-to-provide-invisible-security-for-web3-gaming) We’re excited to announce that Immutable Passport, the onboarding and wallet solution for over 380 Web3 games, is now secured by Blockaid’s advanced security platform. With this integration, Immutable delivers seamless protection for every in-game transaction, asset exchange, and marketplace interaction—empowering players to enjoy a trusted gaming experience without interruptions. ### **What’s new?** **Enhanced smart contract protection** Every smart contract interaction is validated against Blockaid’s extensive threat database. If players interact with a suspicious contract, Immutable Passport will flag the risk, protecting assets before they’re compromised. **Real-time transaction monitoring** Transactions are now continuously monitored to catch unauthorized actions, from token approvals to suspicious asset transfers, stopping threats instantly. **Precision alerts only when needed** Players will receive clear alerts only when a real risk is detected, ensuring smooth gameplay with minimal interruptions. ![passport.png](https://blockaid.io/api/resourceContentImages/file/passport.png) ### **About Immutable** Founded in 2018, Immutable is a Sydney-based Web3 platform designed to make blockchain gaming accessible and scalable. The platform features Immutable X and Immutable zkEVM, two layer-2 solutions that offer zero-knowledge (ZK) scalability for developers seeking low fees and high performance on Ethereum. With games like _Gods Unchained_ and _Guild of Guardians_, Immutable has grown into one of the largest ecosystems in Web3 gaming, attracting funding from industry giants like Bitkraft Ventures, Temasek, and Coinbase. Immutable’s mission is to empower digital ownership and provide a seamless toolkit for creating, launching, and scaling blockchain games. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Securing Stablecoin Ecosystem [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) 65% of all crypto scam transactions now involve stablecoins. As a stablecoin issuer, the risks to your business extend far beyond technical vulnerabilities—they threaten reserves, reputation, and the trust that underpins your entire operation. ## **Why stablecoins issuers face unique challenges** ### Fraud and asset misuse Scammers exploit stablecoins' liquidity for financial crimes by leveraging their instant transferability and widespread acceptance across platforms. Criminals exploit these features to orchestrate large-scale fraud schemes, taking advantage of the difficulty in reversing transactions and the challenge of tracking funds across multiple chains. They often combine legitimate-looking front operations with complex transaction patterns to obscure their activities, making detection particularly challenging for traditional monitoring systems. Common scams include: - **Investment scams:** Fake token sales and Ponzi schemes - **Elder and romance fraud:** Financial exploitation targeting vulnerable users - **Money laundering:** Using stablecoins for rapid cross-chain laundering of dirty money ### Treasury and reserve vulnerability Because stablecoin stability relies on fully backed reserves, poor treasury security can lead to: - **Theft of backing assets:** Compromised reserve wallets leading to large-scale losses - **Weak access controls:** Poorly secured multisignature wallets or admin key leaks - **Reserve mismanagement:** Errors or misreporting of collateral assets - **Smart contract exploits:** Attackers manipulating the mint/burn mechanisms ### Regulatory compliance pressure Issuers must maintain **full visibility and control** over their ecosystems to meet increasing compliance demands, including: - **Anti-money laundering (AML) obligations:** Detecting and reporting suspicious activity - **Proof of reserves:** Ensuring tokens remain fully backed and verifiable - **Legal liability:** Issuers must justify enforcement actions with evidence-backed reporting ### Ecosystem-wide exposure and cross-chain complexity Because stablecoins often integrate with multiple DeFi protocols and exchanges, the attack surface area is massive and opens you up to: - **Third-party smart contract vulnerabilities:** Exploits in external protocols using the stablecoin - **Cross-chain risks:** Bridge vulnerabilities and token duplication issues - **Inconsistent security standards:** Varying levels of protection across platform ## **How Blockaid addresses these challenges** ![platform_overview.png](https://blockaid.io/api/resourceContentImages/file/platform_overview.png) Blockaid’s ODR platform enables stablecoin issuers to **monitor, detect, investigate, and respond** to threats across their entire token ecosystem, from token activity to protocol infrastructure. The platform ensures reserves are protected, fraud is prevented, and compliance requirements are met, giving issuers the confidence to operate securely while safeguarding user trust. By combining real-time monitoring, proactive threat detection, and automated incident response, Blockaid enables issuers to detect and mitigate threats before they escalate. ### Monitor token flow and ecosystem activity Gain full visibility across your entire ecosystem with: - Real-time tracking of token movements across chains, exchanges, and dApps - Treasury and reserve monitoring to detect unauthorized outflows - Surveillance of third-party platforms using the stablecoin for suspicious patterns ### Detect threats and malicious activity Identify risks both **within your protocol** and **across third-party protocols** through: - Identification of malicious entities receiving stablecoins linked to scams - Suspicious transaction pattern detection, like address poisoning and rapid fund cycling - Threat intelligence to monitor external threats, like phishing campaigns and malicious dApps ![incident_report.png](https://blockaid.io/api/resourceContentImages/file/incident_report.png) ### Investigate with actionable evidence Gain actionable insights and evidence to respond effectively and comply with regulatory needs: - **Comprehensive incident context:** Visualize transaction flows, token approvals, and connections to onchain and offchain entities for a complete picture. - **Compliance-ready evidence:** Clear records of malicious wallets, exploited vulnerabilities, and associated activity for law enforcement or regulatory audits. - **Integrated workflows:** Analyze incidents seamlessly and generate actionable insights to prevent future threats. ### Automatically respond to critical incidents Provide instant, automated protection without requiring manual intervention, by: - Automatically freezing funds linked to fraudulent activity (when permissions allow) - Revoking token approvals somalicious wallets can’t interact with your contracts - Pausing minting and burning contracts to halt token issuance when exploits are detected ### Secure protocol contracts and onchain infrastructure Secure your protocol contracts and infrastructure with: - Continuous smart contract monitoring for vulnerabilities - Detection of unauthorized function calls and contract modifications - Protection for cross-chain bridges and validators from exploitation attempts ### Strengthen compliance and regulatory oversight When incidents and audits happen, make regulatory enforcement less of a headache with: - Evidence-backed reporting that shows flagged addresses, transaction histories, and security logs - Automated enforcement for AML standards and high-risk transaction detection - Alerts for partner exchanges and custodians to monitor for financial crimes ## **Protect your stablecoin ecosystem with Blockaid** **‍** Stablecoin issuers face unique security challenges that demand a proactive, real-time defense strategy. Blockaid has the tools needed to tackle these challenges. By combining **real-time monitoring, proactive threat detection, and automated mitigation**, Blockaid empowers stablecoin issuers to secure their entire ecosystem—from circulating token flows to protocol contracts—while simplifying compliance and protecting user trust. ✅ **Ready to secure your stablecoin?** [Book a demo today](https://blocka.id/demo) to discover how Blockaid can help you monitor, detect, and respond to threats across your entire ecosystem. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Incident Response Plan Guide [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Onchain protocols are under constant threat from hacks, scams, and exploits. Even with strong security measures, **no system is completely immune**—a determined attacker can still find a way in. That’s why, beyond defense, **being prepared for a successful attack is critical**. The best way to prepare is by creating a **structured incident response plan**—a framework that ensures your team can detect, contain, and respond to threats effectively while minimizing damage. Here’s how. ### Why every protocol needs an incident response plan Security isn’t just about preventing attacks—it's about being ready when one happens. An **incident response plan** ensures your team can act quickly and decisively when a breach occurs, so you can: - **Reduce financial loses** - **Minimize downtime** - **Preserve user trust** - **Ensure compliance** Without a plan, response efforts can become chaotic, leading to delayed reactions, greater damage, and long-term reputational harm. ### Key components of an effective incident response plan #### 1\. Preparation **Goal:** Ensure visibility into key areas of risk and be ready to act. Start by mapping out your critical assets, including things like smart contracts, multisig wallets, and dApp infrastructure. ![response_plan.png](https://blockaid.io/api/resourceContentImages/file/response_plan.png) Once you know what assets matter, determine what components to monitor for each asset type. For DeFi protocols, monitor liquidity pools, oracle feeds, and token approvals. For wallets and user interfaces, monitor transactions, dApp connections, and transaction patterns. For bridges and cross-chain tools, monitor asset flows, validator activity, and cross-chain token movements to detect anomalies effectively. Finally, **define clear incident response roles within your team** by assigning responsibilities for: 1. Security analysis 2. Pausing compromised contracts 3. Managing internal and external communications. This structured approach ensures everyone knows their role during critical moments, minimizing chaos and enabling swift, decisive actions. #### 2\. Monitoring and detection **Goal:** Alert the **incident response team** as early as possible and provide actionable insights to act on. ![incidents_screen.png](https://blockaid.io/api/resourceContentImages/file/incidents_screen.png) This stage is about **understanding what activities to monitor** in order to detect potential issues. ##### What activities to monitor: - **DeFi platforms:** Smart contract exploitation attempts, unauthorized multisig approvals, and liquidity pool draining - **Wallets and dApps:** Suspicious token approvals, malicious dApp connections, and phishing signatures - **Cross-chain protocols:** Bridge anomalies, front-running attempts, and unauthorized validator activity ##### What changes to detect: - **Transaction volume anomalies:** Sudden spikes in transaction activity - **Multiple token approvals:** Unusual patterns indicating possible attack setups - **Smart contract state changes:** Modifications to contract parameters that could indicate tampering - **User behavior patterns:** Unusual signing activity from privileged accounts #### 3\. Response **Goal:** Minimize damage, stop unauthorized actions, and give the **response team** time to investigate. ![response_workflow.png](https://blockaid.io/api/resourceContentImages/file/response_workflow.png) Swift and decisive actions are critical during an active incident to limit damage and maintain control. By focusing on containment and immediate action, your team can prevent further escalation while investigating the root cause. **Key Steps:** - **Pause affected contracts:** Halt compromised contracts to stop active exploits. - **Revoke token approvals:** Cancel risky token permissions to prevent further asset movement. - **Deny multisig signatures:** Prevent unauthorized multisig actions by blocking compromised signers. **Automated Workflows:** - Trigger **instant alerts** to the security team. - Automate containment steps like **freezing withdrawals** and blocking further interactions. #### 4\. Eradication **Goal:** Completely eliminate the vulnerability and ensure all compromised assets are neutralized, preventing further exploitation. During and after an attack, there are several key assets to review and harden, including: **Private keys or wallets** - **Revoke existing permissions:** Cancel all token approvals and access granted to third-party contracts. - **Rotate private keys:** Migrate funds to a new, secure wallet and deprecate the compromised key. - **Strengthen access controls:** Implement hardware security modules (HSMs) or multisig wallets for key management. **Smart contracts** - **Pause the affected contract:** If possible, halt the contract to stop further interactions. - **Patch vulnerabilities:** Deploy a **new contract version** if the existing one cannot be patched directly. - **Migrate funds securely:** Transfer assets from compromised contracts to secure alternatives. **Governance and multisig accounts** - **Deny further signatures:** Revoke access for compromised signers and freeze governance actions. - **Reset signer access:** Rotate multisig keys and reassign roles based on secure verification. - **Implement enhanced security checks:** Require additional layers of approval for critical transactions. #### 5\. Post-mortem and Continuous Improvement **Goal**: Turn the incident into a **learning opportunity** to strengthen defenses, reduce future risks, and improve team readiness. When incidents occur, they provide a rare chance to identify vulnerabilities and refine your approach to security. By thoroughly **analyzing the timeline of events**, **uncovering root causes**, and **evaluating the response plan’s performance**, your team can learn from the experience and make meaningful improvements. ![post_mortem.png](https://blockaid.io/api/resourceContentImages/file/post_mortem.png) To guide your efforts, focus on these key steps: **Reconstruct the timeline**: Document the complete sequence of events during the incident, highlighting key actions and timestamps. This provides clarity and a detailed account for analysis. **Determine the root cause**: Determine the underlying reasons behind the breach, whether stemming from technical flaws, human error, or process gaps. Identifying these root causes is critical for addressing vulnerabilities. **Assess response**: Evaluate how effectively the incident response plan was executed. Identify what worked well and areas that require improvement to enhance readiness for future incidents. **Improve processes**: Revise and update response procedures based on lessons learned. Implement stronger monitoring capabilities with granular threat alerts and validate response plans regularly with tabletop simulations and stress tests. **Share findings**: Develop internal reports to maintain a clear record of the incident and the response. If appropriate, share summaries with the community to build trust and demonstrate transparency and accountability. ### Best practices for a resilient incident response strategy To keep your protocol secure long-term, the plan must be regularly refined and stress-tested. Here are key best practices to ensure your strategy remains effective: **1\. Automate where possible** Manual responses are often too slow in Web3’s fast-paced environment. Automate critical steps like: - Real-time threat detection. - Instant alerts to incident response teams. - Automated containment actions (e.g., pausing contracts, freezing wallets). **2\. Define clear roles and responsibilities** A strong response plan clearly defines **who handles what** during an incident: - **Technical lead:** Identifies the threat and recommends technical containment steps. - **Communications lead:** Manages public and internal messaging. - **Decision-makers:** Ensure rapid approvals for actions like contract pausing or fund freezing. **3\. Simulate real-world scenarios** Test your plan through **tabletop exercises** and **live simulations** to: - Identify gaps in response timing. - Ensure the team knows how to escalate threats. - Improve collaboration across technical and leadership roles. **4\. Continuously update and improve** - **After each security event:** Review the effectiveness of your response and adjust the plan. - **Track emerging threats:** Stay informed about new Web3 attack patterns and update detection criteria. - **Maintain current contact lists:** Ensure key personnel are reachable at all times. **5\. Transparent communication matters** - **During an incident:** Provide clear, factual updates to your community. - **After resolution:** Share a post-mortem (if appropriate) outlining how the threat was handled and steps taken to prevent recurrence. ### **Recap** While no protocol can be entirely immune to threats, having a well-defined strategy for **monitoring, detection, and response** minimizes damage and ensures your team is prepared to act quickly when incidents arise. By implementing a structured approach, regularly testing your response plan, and automating detection and containment, you can create a more resilient security posture. The goal is simple: **protect your users, assets, and reputation.** ### **Automate your incident response plan with Blockaid** Blockaid offers tools designed to **automate key stages** of your incident response plan, ensuring faster, more effective reactions to threats across all your assets. ![incident_response_image.png](https://blockaid.io/api/resourceContentImages/file/incident_response_image.png) **Comprehensive detection and monitoring** Blockaid continuously monitors **smart contracts, wallets, liquidity pools, cross-chain bridges, and treasury assets** for suspicious activity. Its detection engine scans onchain activity in real time, identifying risks such as unauthorized token approvals, compromised validators, and abnormal transaction patterns before they escalate. **Automated containment and response** Once a threat is detected, Blockaid can trigger **automated response actions** based on pre-configured rules. These include: - **Pausing smart contracts** to stop further interaction with vulnerable code. - **Revoking token approvals** to prevent unauthorized asset transfers. - **Freezing liquidity pools** and **blocking malicious addresses** to limit the spread of an attack. **Seamless alerts and team integration** The platform provides **immediate alerts** to your security team through channels like Slack, PagerDuty, or custom integrations. This ensures your team stays informed while key containment steps are automatically executed. **Simplifying post-incident analysis** Blockaid also assists with **post-incident reporting** by tracking all security events, making it easier to conduct detailed post-mortem and continuously improve your response strategy. ![blockaid_network.png](https://blockaid.io/api/resourceContentImages/file/blockaid_network.png) By integrating Blockaid, protocols can strengthen their security posture with **proactive detection, automated threat responses, and continuous protection** across all asset types. Want to see how Blockaid can help your protocol? Schedule a demo [here](https://blocka.id/demo). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 29, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Scammers Exploit $TRUMP Launch [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) The [launch](https://x.com/realDonaldTrump/status/1880446012168249386) of the $TRUMP token on January 17, 2025, brought a media frenzy and a wave of excitement to the crypto world. Backed by the Trump family, the token quickly captured public attention, reaching a market cap of $72 billion in just 48 hours. Yet, as with many high-profile launches, it also became fertile ground for scammers, who wasted no time exploiting the buzz. Blockaid’s latest analysis reveals the dark underbelly of this hype: a rapid proliferation of malicious tokens, fake dApps, and scams using the Trump name and branding. This surge highlights a pattern we’ve seen before—where scammers leverage major news events in crypto to deploy schemes aimed at unsuspecting users. ## How Scammers Exploited the $TRUMP Token Launch The $TRUMP token’s launch created a perfect storm for fraud. Public interest, combined with the controversial figure behind the brand, meant that people rushed to buy in—often without proper due diligence. Scammers capitalized on this frenzy by: **Flooding the Market with Malicious Tokens:** Tokens bearing the "Trump" name **increased by 206%** on the launch day, with scammers deploying 6,800 tokens—up from the usual 3,300. Many of these tokens used misleading branding to lure investors. ![malicious_trump_tokens.png](https://blockaid.io/api/resourceContentImages/file/malicious_trump_tokens.png) **Deploying Fake dApps at Record Rates:** Impersonator dApps (malicious dApps that use President Trump's name) saw a **14x increase** the day after launch, with 91 fake applications deployed in just 24 hours. These dApps often trick users into connecting their wallets, allowing scammers to drain funds. ![malicious_trump_dapps.png](https://blockaid.io/api/resourceContentImages/file/malicious_trump_dapps.png) **Broadening the Scam Scope:** Scammers didn’t stop with $TRUMP. Tokens with metadata referencing the Trump family—such as “Melania” and “Barron”— **surged by 592%**, creating the illusion of an interconnected ecosystem. ![malicious_trump_family.png](https://blockaid.io/api/resourceContentImages/file/malicious_trump_family.png) ## The Bigger Picture: Highlight Crypto’s Security Gap The $TRUMP token launch wasn’t just a magnet for investors—it was a beacon for scammers. This event highlights a core truth about Web3: rapid innovation brings opportunity but also significant risk. The decentralized nature of crypto, while empowering, also leaves users vulnerable to malicious tokens, fake dApps, and scams that exploit FOMO. ### Systemic Solutions, Not Just User Vigilance Relying solely on users to spot scams isn’t realistic. That’s where Blockaid steps in. Since the $TRUMP token launch, our technology has blocked hundreds of users from interacting with scam tokens and malicious dApps. ![saved_by_blockaid.png](https://blockaid.io/api/resourceContentImages/file/saved_by_blockaid.png) That’s why partnerships like Blockaid’s collaboration with wallet providers like [Coinbase](https://www.blockaid.io/blog/coinbase-wallet-powered-by-blockaid) or [Metamask](https://www.blockaid.io/blog/blockaid-metamask-securing-web3-users-while-preserving-privacy) and our integration into token interfaces like [DEX Screener](https://www.blockaid.io/case-studies/dex-screener)  and [Uniswap](https://www.blockaid.io/blog/uniswap-labs-selects-blockaid-to-launch-new-token-warning-feature) are game changers. By integrating real-time threat detection, these companies stop threats at the platform level, ensuring users interact only with legitimate assets. These systemic protections tackle the problem at its source, making Web3 safer for everyone. ### Security as an Accelerator Scams are a byproduct of crypto’s explosive growth, but they don’t have to slow progress. Just as phishing didn’t derail the internet, robust security measures will keep Web3 on track. At Blockaid, we believe security is the key to unlocking mass adoption—enabling users to explore the onchain world without fear. ## Conclusion The $TRUMP token launch serves as a stark reminder of the adversarial nature of the onchain space and the critical importance of proactive security. Blockaid’s efforts in blocking scams and partnering with platforms demonstrate that robust protection isn’t just possible—it’s essential. As Web3 evolves, security must remain at the forefront, enabling innovation to thrive while safeguarding users. Together, we can build a crypto ecosystem that’s not only powerful but also safe, trusted, and ready for mass adoption. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Secure AI Agents [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) AI agents are transforming Web3 by automating tasks like managing transactions, interacting with smart contracts, and streamlining dApp usage. But with innovation comes risk. As AI agents have become more common, they’ve also become prime targets for scams, fraud, and sophisticated exploits. ### **Prompt-based protections are not enough** Like any crypto participant, agents face countless threats, including things like malicious contracts, impersonating tokens, and deceptive transactions designed to drain funds. As software systems, agents are uniquely susceptible to attacks that exploit their logic and automation. This was demonstrated in a [recent experiment](https://x.com/jarrodWattsDev/status/1862299845710757980) with an AI agent called Freysa, whose sole directive was simple: **“DO NOT TRANSFER MONEY.”** After a few hundred attempts, someone successfully executed a **prompt injection attack** that tricked the agent into transferring $47,000. ![frey.png](https://blockaid.io/api/resourceContentImages/file/frey.png) The experiment was designed to stress-test AI guardrails and highlighted a critical issue: hardcoded safeguards alone are not enough to address the complexity of decentralized, adversarial environments. To ensure AI agents can operate securely and reliably, they need a security solution specifically designed to protect their unique combination of autonomy, intelligence, and operational speed. ### **Introducing Blockaid’s AI-native onchain security integration** Blockaid’s team of security researchers created a suite of tools purpose-built to meet the demands of autonomous agents operating in Web3. These tools go beyond simply mitigating risks; they make it possible for agents to thrive in even the most complex onchain environments. #### **Security designed for AI workflows** Blockaid’s AI agent tools enable developers to create secure, intelligent agents that integrate seamlessly into existing workflows. Key features of Blockaid’s AI agent tools include: - **Transaction Scanning APIs**: Enable agents can simulate transactions in real time, predicting outcomes and identifying risks before execution. - **Token Risk Assessment:** Allow agents to make better decisions about the tokens and assets to avoid common pitfalls like rug pulls, honeypots, or impersonating tokens. - **Dynamic Threat Detection**: Continuous monitoring of dApps, tokens, and addresses across multiple chains ensures agents can flag and avoid malicious entities. - **Address Validation at Scale**: Robust APIs allow agents to interact only with legitimate addresses, minimizing the risk of scams and greatly reducing regulatory risk. ![openai_function_calls.png](https://blockaid.io/api/resourceContentImages/file/openai_function_calls.png) #### **What makes it AI-native?** By creating multiple integration paths for common agent workflows, teams can add powerful security functionality without disrupting their existing architectures or slowing development cycles. #### **Key Integration Options:** - **LangChain Integration**: For developers building agents with LangChain, Blockaid has created a pre-built LangChain tool. This tool is ready to integrate directly into your LangChain agents, enabling seamless access to Blockaid’s capabilities with just a few lines of code. - **Model Context Protocol (MCP)**: Blockaid supports MCP-based integrations, allowing developers to use Blockaid’s lightweight MCP server implementation to provide agents with secure, standardized access to transaction simulations and threat data. - **OpenAI Function Calling**: Through Function Calling, developers can seamlessly connect their OpenAI-based agents to Blockaid’s APIs, enabling real-time validation and security assessments during the agent’s decision-making process. - **Crypto-native Agent frameworks:** On top of the AI-native tools, our team had also created integration guides for leading crypto-native AI agents frameworks (like [eliza](https://elizaos.github.io/eliza/) and [Virtuals’ G.A.M.E](https://game-lite.virtuals.io/)). - **Custom SDKs and APIs**: For ultimate flexibility, Blockaid offers developer-friendly SDKs and APIs, ensuring our security features fit effortlessly into any agent architecture. Whether you’re working with Anthropic, OpenAI, or custom-built platforms, Blockaid’s solutions are built to fit seamlessly into your stack—empowering your agents to operate smarter, safer, and faster with minimal setup. ### **Available now in private beta** At Blockaid, we’re committed to securing every onchain interaction—whether it’s an AI agent managing transactions or a user exploring a DeFi protocol. Our AI agent tools are a natural extension of this mission, providing developers with the resources they need to innovate without compromise. Now rolling out in private beta, these tools seamlessly integrate into agent workflows, enabling real-time transaction simulation, dynamic validation, and proactive threat detection. If you’re a company building in this space and you are interested in joining the beta, [get in touch with our team today to learn more](https://blocka.id/demo). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Uniswap Token Warning Feature [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) [Uniswap Labs](https://uniswap.org/), the company behind one of the world’s most popular DeFi apps, is committed to providing users with safe, secure, permissionless tools for accessing DeFi. To help users navigate a diverse token landscape with confidence, Uniswap Labs’ latest Token Warning feature displays information to users when they swap on the web and wallet apps when they are engaging with potentially malicious tokens. ## What’s new A new warning will appear when users interact with tokens that Blockaid has determined to have malicious properties or patterns—for example, high buy or sell fees or tokens linked to addresses connected to scams. ![67644852a299a1c03aefab19_6764477f93104530ab79b6fe_uniswap-warning-1.png](https://blockaid.io/api/resourceContentImages/file/67644852a299a1c03aefab19_6764477f93104530ab79b6fe_uniswap-warning-1.png) Malicious token warning ![67644852a299a1c03aefab1f_6764480613ca3584ae20ee60_uniswap-warning-5.png](https://blockaid.io/api/resourceContentImages/file/67644852a299a1c03aefab1f_6764480613ca3584ae20ee60_uniswap-warning-5.png) High sell fee warning There’s nothing users need to configure or change—these features are already live on Uniswap’s web and wallet apps. You can [learn more about Uniswap here](http://uniswap.org/). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid's State of the Chain [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) _**TL;DR:**_ _Blockaid processes more Web3 activity and threats than anyone else. Now, we’re sharing this unprecedented visibility with the community through the_ _**State of the Chain Dashboard**_ _—a tool that reveals onchain trends, threat actor activity, and the evolving Web3 security landscape._ _**Explore the data now**_ **at** [_stateofthechain.com_](https://stateofthechain.com/) * * * Blockaid protects billions of transactions for the largest players in the space— **Coinbase, MetaMask, OpenSea, Stellar**, and more—giving us **a front-row seat to all onchain activity and emerging threats**. This visibility is what powers our **threat hunting team**—a group of world-class security researchers dedicated to identifying and mitigating the latest scams, attacks, and malicious actors. Now, for the first time, we’re sharing this data-driven perspective with the entire Web3 community through the **State of the Chain Dashboard**. ![6764095541be4956f3d39c1d_AD_4nXeKyCHekyxR8thTmz4iqiXGOFcYcojN5tjZYoC9QvWuZ-adfxzV4Bc0VdbubYzcBSVCLH_Hv5lnx1tDLpjmrvHCCWjUmH5mVmUiuoUdI2e_i6zS4gKgFSXVOmKmdXQro-lw1OZf.png](https://blockaid.io/api/resourceContentImages/file/6764095541be4956f3d39c1d_AD_4nXeKyCHekyxR8thTmz4iqiXGOFcYcojN5tjZYoC9QvWuZ-adfxzV4Bc0VdbubYzcBSVCLH_Hv5lnx1tDLpjmrvHCCWjUmH5mVmUiuoUdI2e_i6zS4gKgFSXVOmKmdXQro-lw1OZf.png) ### **See the Full Threat Landscape Like Never Before** The **State of the Chain Dashboard** doesn’t just highlight trends and activity—it provides a **comprehensive overview of the Web3 threat landscape**, including: - **Top Threat Actors**: Identify the most active groups draining user funds. - **Attack Trends**: Track the rise of techniques like **address poisoning** and **malicious airdrops**. - **Funds Lost**: Get a clear picture of the staggering impact, including **$1.7 billion in user losses** to scams and fraud in 2024 alone. - **Attack Dynamics**: Learn how new vectors emerge and evolve, and which threat actors are the most active. Some highlights from the dashboard include: - **71M attacks** prevented by Blockaid’s onchain detection and response platform - In 2024, cryptocurrency scams and fraud resulted in massive financial damages, totaling **$1.4 billion in user losses**. - Security analysis reveals that **59.3% of new tokens launched in 2024 were malicious in nature**, indicating a severe problem with token legitimacy. - **Rug pull scams** remain a prevalent threat, making up 27% of all malicious tokens. The dashboard currently reflects data for 2024, with plans to release updated data each quarter. ‍ **Ready to see what we see?** Explore State of the Chain now at [https://stateofthechain.com](https://stateofthechain.com/) ![67640f50656690fc3c03754d_67640f4153a24811f6af69e6_662_1x_shots_so.png](https://blockaid.io/api/resourceContentImages/file/67640f50656690fc3c03754d_67640f4153a24811f6af69e6_662_1x_shots_so.png) ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## World App Security Boost [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) [World App](https://world.org/blog/announcements/introducing-world-app-3-super-app-humans) is seeing explosive growth and is the third-largest crypto wallet in web3. The wallet is designed to be easy to use and accessible to everyone, even those with no prior crypto experience. Transaction volume and the ecosystem of Mini Apps, the new platform that enables third-party apps to run right inside World App, is on the rise. World App is collaborating with Blockaid, the recognized leader in onchain security, to further bolster security for users and third-party developers as it scales its Mini App platform and has just rolled out its [first updates](https://world.org/blog/announcements/introducing-world-app-3-super-app-humans). ## What’s new World App now provides transaction previews on every transaction to show users what will happen if they sign a transaction. Behind the scenes, Blockaid simulates the user's intended transaction within its custom internal node in order to predict the state changes and outcomes that would result if the transaction was executed on the actual blockchain. ![uno.png](https://blockaid.io/api/resourceContentImages/file/uno.png)![oro.png](https://blockaid.io/api/resourceContentImages/file/oro.png) Beyond transaction previews, World App now also alerts users when initiating transactions that could be harmful, e.g. transactions involving wallet addresses that have been flagged for suspicious activity. ![67450b48f6717b50382deaad_AD_4nXeHLS4aawJ5BQYyEWCFSOhXhIgK7mhmV4Losmc61J6HD6uKlpDY1QJcCOqUKgc3boIwGovdG7ZGYKdQNcfXQj31KR30WCVf8YCOsVLisI2PMh-PhnQiSVde4s6OI0UhQ3CbwGqxTQ.png](https://blockaid.io/api/resourceContentImages/file/67450b48f6717b50382deaad_AD_4nXeHLS4aawJ5BQYyEWCFSOhXhIgK7mhmV4Losmc61J6HD6uKlpDY1QJcCOqUKgc3boIwGovdG7ZGYKdQNcfXQj31KR30WCVf8YCOsVLisI2PMh-PhnQiSVde4s6OI0UhQ3CbwGqxTQ.png) In addition to front-end security updates, Blockaid is also monitoring onchain threats related to phishing, hacks, and smart contract exploits to keep the World App ecosystem safe. There’s nothing users need to configure or change—these enhanced features are built right into the World App wallet and execute automatically with every transaction. Mini Apps built by third-party developers also benefit from this built-in protection. You can [learn more about World App here](https://world.org/world-app) or experience it for yourself on [Apple](https://apps.apple.com/no/app/worldcoin-claim-send/id1560859847) or [Android](https://play.google.com/store/apps/details?id=com.worldcoin). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## DeFi Security Enhancement [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) [_Originally published on Coinmarketcap_](https://coinmarketcap.com/community/articles/6735d8c712534962185796bf/) [io.finnet](https://www.iofinnet.com/), a leader in digital asset infrastructure and security, has announced a strategic enhancement to its platform through an integration with [Blockaid’](https://www.blockaid.io/) s real-time security technology, a move aimed at fortifying security for institutional DeFi users. Known for its innovative solutions in self-custody, instant settlement, and access to payment rails, io.finnet empowers organizations with secure and efficient tools for managing digital assets. The integration of Blockaid provides io.finnet users with real-time transaction simulation, validation, and risk detection, allowing institutions to view potential transaction impacts and risks before they occur. This added layer of insight equips institutions to make data-driven, informed decisions, amplifying security in an environment where trust and clarity are essential. "Our commitment to providing secure and transparent solutions for institutional DeFi users is paramount," said Jacob Plaster, CTO at io.finnet. "This integration with Blockaid marks a significant milestone, enabling our users to engage with digital assets confidently. “ Blockaid’s technology, trusted by prominent blockchain organizations like Coinbase, and MetaMask, is specifically designed to meet the rigorous demands of institutional DeFi participants. Blockaid’s simulation tools analyze transaction behavior and potential risks, including exposure to malicious entities, irregular asset transfers, and risky approvals. Ido Ben Natan, CEO of Blockaid said,  "To truly deliver on the promises of the blockchain, enterprises need solutions like io.finnet and they need to be able to trust the technology. We’re proud to work with io.finnet to provide the security tools its users need to transact with confidence." Blockaid’s simulation engine provides users with a preview of each transaction’s impact, covering asset transfers, SWAPs, and smart contract interactions across Ethereum-compatible chains. Institutions now have the tools to manage assets across multiple chains with confidence, knowing that each transaction is carefully analyzed and validated. Each transaction preview offers insights into asset flows, including incoming and outgoing tokens, USD value changes, and potential risk indicators, empowering io.finnet’s institutional users to preemptively identify threats. With io.finnet’s focus on transparency and control, this partnership adds a significant layer of protection to prevent fraudulent activity and reduce exposure to security threats. In an era where digital assets and DeFi protocols are rapidly evolving, io.finnet’s partnership with Blockaid positions it as a forward-looking solution for institutional clients navigating the DeFi landscape. By implementing Blockaid’s technology, io.finnet affirms its commitment to preemptive security, helping institutions operate in decentralized finance with enhanced confidence and reduced risk. ### **About io.finnet** At io.finnet, we believe that secure and seamless access to digital assets is paramount. We provide innovative digital asset infrastructure solutions for various industries, including finance. Our expertise spans enterprise blockchain, cryptographic security, multi-party computation (MPC), and lightning-fast secure APIs. Our comprehensive product portfolio includes: - **io.network:** A 24/7 instant settlement platform leveraging private blockchain technology. - **io.vault:** A self-custody solution enabling businesses to securely manage their digital assets. - **io.flow:** A network of payment providers for processing multi-currency transactions through local and cross-border payment rails. - **io.ID:** A self-owned digital identity solution that empowers users to secure their online presence with unparalleled security and convenience. Learn more on [www.iofinnet.com](https://www.iofinnet.com/) ### **About Blockaid** Blockaid is the leading onchain security platform trusted by organizations like Metamaks, Coinbase, Stellar, and more. The Blockaid platform provides insight into onchain activity, detects malicious transactions, smart contracts, tokens, and dApps, and enables organizations to prevent and mitigate threats in real time. To date, Blockaid has scanned $5.4+ billion transactions, 630+ million dApps, and 220+ million tokens, and defended against $5.3+ billion in potential losses. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Lottie Player Attack [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) On October 30th, at 8:19 PM UTC, Blockaid systems detected a supply chain attack affecting dApps and websites that used the `lottie-player` npm package. ![tweet.png](https://blockaid.io/api/resourceContentImages/file/tweet.png) After a couple of hours, the incident was resolved by Lottie, with the malicious versions removed from NPM and a new, clean version deployed to ensure that all sites using the latest version were secured. We detected approximately 400 websites that were affected by this attack but estimated that many more were impacted. Within minutes of the latest package version release, our monitoring systems identified malicious transactions originating from multiple dApps incorporating this dependency. After a couple of hours, the incident was [resolved](https://github.com/LottieFiles/lottie-player/issues/254#issuecomment-2448643837) by Lottie, with the malicious versions removed from NPM and a new, clean version deployed to ensure that all sites using latest as their version were secured. During the attack, Blockaid had detected 400~ websites that were affected by this attack, but our estimation is that many more were impacted. Not all of them were web3-related – our detection identified websites by companies like TOSHIBA, Dream11, Ingenico, and more. However, since the malicious payload was a wallet drainer and not any other form of malware, we believed that only crypto users were at risk. ## Timeline Here are the key moments from the start of the attack to the patch/fix deployed: `8:12 PM GMT, 30 Oct 2024` \- a new version (2.0.5) of @lottiefiles/lottie-player was deployed by an attacker. This version contains a wallet drainer (using Ace Drainer SDK). `8:19 PM GMT, 30 Oct 2024` \- Blockaid frontend attack alerts were triggered by a dApp scan. In the following minutes, additional dApps were detected as malicious and automatically flagged. ![datadog.png](https://blockaid.io/api/resourceContentImages/file/datadog.png) Due to the large volume of dApps, an on-call procedure triggered a team of engineers to investigate. They confirmed that the dApps were under attack, and conducted a payload analysis - correctly identifying `lottie-player.js` as the culprit. ![lottie_js.png](https://blockaid.io/api/resourceContentImages/file/lottie_js.png) After checking npm, they have observed that a new, malicious version was published just 10 minutes earlier - raising the suspicion that this is another supply chain attack, like the one that impacted [Ledger Connect Kit](http://blockaid.io/blog/attack-report-ledger-connect-kit). ![npm.png](https://blockaid.io/api/resourceContentImages/file/npm.png) `8:54 PM GMT, 30 Oct 2024` \- After confirming that the package contains malicious code, Blockaid issued a community alert via [X](https://x.com/blockaid_/status/1851729469142372711). We have also started contacting affected projects, like 1inch, and reached out to LottieFiles via their socials. `10:18 PM GMT, 30 Oct 2024` \- Lottie VP of Engineering @jawish [confirmed](https://github.com/LottieFiles/lottie-player/issues/254#issuecomment-2448564488) on GitHub that they were aware of the issue and were working to resolve it. `11:13 PM GMT, 30 Oct 2024` \- @jawish [confirmed](https://github.com/LottieFiles/lottie-player/issues/254#issuecomment-2448643837) that they’d removed the compromised account and had pushed a new, clean version (2.0.8). `11:47 PM GMT, 30 Oct 2024` \- Affected versions were [removed](https://github.com/LottieFiles/lottie-player/issues/254#issuecomment-2448685876) from npm. ## Details ### What’s a supply chain attack? Supply chain attacks target a fundamental vulnerability in software: our shared reliance on common code and libraries. Rather than attacking a single application, attackers inject malicious code directly into widely used dependencies—the core tools, libraries, and frameworks that countless applications depend on. This type of attack can be thought of as poisoning a well that supplies water to an entire town – rather than targeting individual endpoints, the attacker compromises a central resource that everything depends on. ![supply_chain.png](https://blockaid.io/api/resourceContentImages/file/supply_chain.png) The scope of a supply chain attack is vast—a “one hit to rule them all” event. When a trusted package or library is compromised, every application that relies on it becomes vulnerable. This means that a single attack can propagate across hundreds or even thousands of sites, pushing malicious code to users across the web3 ecosystem - or even outside of it - in one sweeping strike. ## Attack overview The malicious payload was pushed to `npm` using compromised tokens belonging to Lottie maintainer [@Aidosmf](https://github.com/Aidosmf). The malicious version of the package retained the original functionality, but had introduced a large blob of web3-related code. ![code.png](https://blockaid.io/api/resourceContentImages/file/code.png) Based on Blockaid threat intelligence, we were able to confirm that this payload is a version of the Ace Drainer DaaS ( [Drainer-as-a-Service](https://www.blockaid.io/glossary/wallet-drainer)). This attribution was made possible due to Blockaid Threat Hunting efforts, which found unique code and communication patterns matching methods used by Ace. ## Potential impact Supply chain attacks of this nature presented a widespread risk due to their propagation through trusted dependencies. Fortunately, Blockaid detected this incident within minutes, meaning that many users were never in interaction with the affected websites. For the few who proceeded to connect their wallets despite Blockaid’s warnings, our transaction scanning feature saved assets worth around 750,000 USD from being stolen. ## Conclusion This incident is a stark reminder: in web3, even trusted tools can be exploited within minutes. As attackers turn to supply chains to reach end users, fast detection and response are critical for mitigating impact. Moving forward, proactive security measures across every layer of the ecosystem aren’t just protective—they’re essential to building the trust needed for web3 to thrive. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Transaction Verification Solution [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) **Transaction simulations** have greatly improved software wallet security by allowing users to review transaction details before signing. However, this improvement has not fully extended to **hardware wallets**. Due to various limitations of hardware wallets, many of them fail to show meaningful transaction details at the point of signing. Instead, users often rely on the information shown in the software counterpart of the hardware wallet, while relying on the assumption that the transaction they are about to sign on their hardware wallet is the same as the one they reviewed. This whitepaper explores the problem of blind signing and a solution for ensuring secure, end-to-end transaction integrity. ## Problem statement: Blind signing and the limitations of hardware wallets **Hardware wallets** are designed to securely manage private keys offline and protect them from potential threats. However, they **are not built to manage transaction security**. Instead, they rely on **signing interfaces**—applications on users’ devices that interact with dApps and handle transaction details. Once a transaction is initiated, the signing interface sends the transaction data to the hardware wallet for signing. While the wallet confirms the request, it doesn't verify the transaction details. This creates a gap in **transaction integrity and security**, as their role is limited to signing what’s passed from the interface without fully understanding or validating the specifics. This weakness was highlighted in the **Radiant Capital breach**, where attackers compromised the device running the signing interface. They displayed a legitimate transaction in the interface for users to review, but secretly sent a different, malicious transaction to the hardware wallet for signing. ‍ ![post_mortem-1.png](https://blockaid.io/api/resourceContentImages/file/post_mortem-1.png) _From_ [_Radiant’s Post-Mortem_](https://medium.com/@RadiantCapital/radiant-post-mortem-fecd6cd38081) ‍ As a result, the Radiant team unknowingly approved fraudulent transactions, leading to the loss of over $50 million. This type of attack underscores the fundamental limitation of current hardware wallets: **they do not independently verify a transaction's integrity or intent**. Relying on external interfaces leaves users vulnerable to [**man-in-the-middle attacks**](https://www.blockaid.io/glossary/man-in-the-middle-attack), where transaction data is manipulated after it’s displayed to the user but before it reaches the hardware wallet. Although some progress has been made—such as **Ledger’s Clear Signing** initiative, which displays more detailed transaction information— **the core issue remains**. Hardware wallets still lack the ability to fully validate the transaction being signed, leaving users at risk of blindly approving malicious transactions. ## Solution: Transaction verification **Transaction verification** is a proposed solution that addresses the vulnerability of blind signing by establishing a **cryptographically verified connection** between the **transaction simulation** and the **transaction being signed**. It does so by introducing a new entity, called a **verification provider,** as an intermediary between the signing interface and the hardware wallet, ensuring that the transaction remains secure and unaltered from the time it’s reviewed by the user to when it is signed. ![verification.gif](https://blockaid.io/api/resourceContentImages/file/verification.gif) ### How transaction verification works At the core of **transaction verification** is the **verifiable transaction payload (VTX)**, which is generated by the verification provider. The **VTX** bundles the transaction, its simulation, and validation results into a single cryptographically signed payload that guarantees the integrity of the transaction and provides verifiable security to the hardware wallet. ![vtx.png](https://blockaid.io/api/resourceContentImages/file/vtx.png) Here’s how it works: 01. **The signing interface sends the transaction to the verification provider**: - When the user initiates a transaction, the signing interface sends the transaction data to the **verification provider** for further processing. 03. **Simulation and validation by the verification provider**: - The **verification provider** runs a **simulation** of the transaction to predict its behavior and ensure it matches the user’s intent. This simulation highlights any unexpected outcomes or risks. - Next, the provider performs **validation**, analyzing the transaction to assess if it is potentially malicious or harmful to the user. - The **verification provider** then generates a **verifiable transaction payload (VTX)**, which contains all three pieces - the transaction, the simulation result, and the validation result. **‍** 05. **Cryptographic signing of the VTX**: - With the **VTX** ready, the verification provider cryptographically signs the payload. This signature ensures that the transaction, simulation, and validation results have not been altered and remain secure from tampering. - The signed **VTX** is then sent back to the signing interface, where the user reviews and details (based on the simulation and validation result) - Once the user accepts the transaction, it is sent to the hardware wallet for final verification and signing. **‍** 07. **Hardware wallet verifies the VTX**: - Upon receiving the **VTX**, the hardware wallet verifies its integrity by checking the cryptographic signature using the **public key of the verification provider**. - This verification ensures that the transaction has not been tampered with during transmission. - If the signature does not match, the hardware wallet alerts the user and marks the transaction as untrustworthy. **‍** 09. **Final transaction signing**: - Once the signature is verified, the hardware wallet has complete confidence that the transaction matches the simulation and validation results. It can now:some text - Present an accurate preview of the transaction to the user, knowing that the simulation accurately reflects the transaction. - Reference the validation result to detect whether the transaction is malicious, warning the user if necessary. - These capabilities allow the user to make sure that the transaction they sign is the same one they’ve seen in the signing interface - and that it is benign and favorable. - The user can then sign the transaction, fully assured that it has not been altered and has been validated for safety. ![arch.png](https://blockaid.io/api/resourceContentImages/file/arch.png) Overview of the transaction verification architecture ### How transaction verification protects against a compromised signing interface The **VTX** plays a crucial role in protecting against attacks where the signing interface is compromised. Even if the signing interface displays a legitimate transaction while secretly sending a different, malicious transaction to the hardware wallet, the cryptographically signed VTX ensures security. Because the hardware wallet verifies the **VTX** on its own, it no longer needs to rely entirely on the signing interface for security. The wallet can independently validate that the transaction matches the simulation and that the validation results confirm the transaction is safe. If any part of the transaction has been altered, the signature verification will fail, alerting the hardware wallet and preventing a malicious transaction from being signed. This independence ensures that even in the event of a compromised signing interface, users are protected from blindly signing a harmful transaction. ### Key benefits of transaction verification - **End-to-end security**: By cryptographically verifying the transaction from simulation to signing, **transaction verification** ensures that no tampering occurs at any stage of the process. - **Accurate transaction preview**: The hardware wallet can confidently present an accurate transaction preview, knowing that the simulation matches the real transaction without needing to perform its own simulations. - **Tamper detection**: If any part of the transaction is modified between the signing interface and the hardware wallet, the cryptographic signature verification will fail, alerting the user to the potential risk. - **No additional computational burden**: The hardware wallet can perform verification without needing extra computational resources or network access, preserving its security guarantees. ## Implementation of transaction verification Integrating **transaction verification** into the current transaction signing ecosystem requires a seamless approach that preserves the core security principles of hardware wallets while adding an essential layer of cryptographic verification. The implementation focuses on minimal overhead, high compatibility with existing hardware wallets, and ease of integration with signing interfaces. ### Integration with signing interfaces The first step in implementing **transaction verification** is adapting the **signing interfaces**—software wallets, dApps, or other transaction-signing platforms—to work with the **verification provider**. 1. **Transaction submission**: - When a user initiates a transaction, the signing interface sends the transaction data to the **verification provider** instead of directly communicating with the hardware wallet. 3. **Verification process**: - The verification provider then performs the **simulation** and **validation** of the transaction as described earlier, bundling the results into a **Verifiable Transaction Payload (VTX)**. 5. **VTX delivery to the hardware wallet**: - Once the VTX is generated and cryptographically signed, the signing interface forwards the VTX to the hardware wallet for verification and final signing. The signing interface itself doesn’t require heavy modifications beyond routing transaction data through the verification provider. This ensures that users can continue using their familiar signing workflows, with added security in the background. ### Creating verification providers To implement **transaction verification**, building **verification providers** is essential. These providers will handle the core processes of simulating, validating, and signing transactions before they reach hardware wallets. Here’s what needs to be considered when creating these providers: 1. **Fast and accurate simulation and validation**: The provider must process transaction simulations and validations quickly and accurately to ensure a smooth user experience. Handling large volumes of transactions in real time is crucial to avoid adding friction to the signing process. 2. **Security-first architecture**: The verification provider must be built with a **security-first mindset**, ensuring the protection of cryptographic keys and sensitive transaction data. Teams creating these providers need expertise in cybersecurity and Web3 security to anticipate threats from both traditional and decentralized systems. This means implementing strong encryption, secure key management, and a robust infrastructure that prevents tampering and unauthorized access. 3. **Seamless integration with ecosystems**: The verification provider should integrate easily into existing hardware wallets and signing interfaces, requiring minimal changes. Simple firmware updates should allow hardware wallets to verify the cryptographic signatures, and signing interfaces should be able to route transactions to the provider with minor adjustments. This ensures the provider can be widely adopted without causing disruptions to existing workflows. By focusing on these three areas—speed, security, and integration—creating verification providers becomes a critical step in rolling out **transaction verification** successfully. These providers enable users to trust that their transactions are properly simulated, validated, and securely signed before finalizing them on the hardware wallet. ### Hardware wallet adaptation Hardware wallets will need a lightweight firmware update to handle the verification and processing of the **VTX**, with minimal impact on existing functionality. 1. **Signature verification**: - The hardware wallet must be able to verify the cryptographic signature of the **VTX** using the public key of the **verification provider**. This ensures that the VTX has not been tampered with during transmission from the signing interface to the hardware wallet. - Since hardware wallets, by their very nature, include both the hardware and software components required for cryptographic operations, adding this step will not require any new library code or hardware. 3. **Transaction parsing and display**: - Once the signature is validated, the hardware wallet parses the **VTX** to extract the transaction, simulation results, and validation. The wallet can then display the verified transaction details to the user, offering an accurate preview of what they are about to sign. 5. **Validation result handling**: - The hardware wallet uses the **validation result** within the VTX to determine if the transaction is safe or malicious. If the validation result indicates malicious activity, the wallet will alert the user, preventing the signing of harmful transactions. 7. **Final transaction signing**: - After verifying the VTX and confirming the transaction’s safety, the hardware wallet enables the user to sign the transaction, ensuring it matches the simulation and validation results. ## Recap As the Web3 ecosystem continues to grow, so do the complexities and risks associated with transaction security. **Hardware wallets** have traditionally focused on **key management**, leaving the verification of transaction details to **signing interfaces**. This creates a critical gap, where users often approve transactions without being certain of what they are signing—a vulnerability exploited by attackers in incidents like the **Radiant Capital breach**. **Transaction verification** solves this problem by introducing an additional layer of security that ensures users are signing exactly what they intend. - Through the use of **verification providers**, transactions are simulated and validated before being sent to the hardware wallet. - The result of this process is a **verifiable transaction payload (VTX)**—a cryptographically signed bundle that contains the transaction, its simulation, and validation results. - The **VTX** enables hardware wallets to independently verify the transaction’s integrity without relying solely on the signing interface, which can be compromised. - By checking the **VTX’s cryptographic signature**, the hardware wallet confirms that the transaction has not been tampered with and that the user is signing what was originally validated. This solution prevents blind signing, and helps ensure that the user sees and approves a fully validated and verified transaction before it is signed. ## About Blockaid As the leading onchain security platform, **Blockaid** is committed to solving these transaction security challenges. This is why we are working to create a **verification provider** that checks all the critical requirements: - **Fast and accurate simulations and validations**, the same ones powering the leading software wallets, like Coinbase Wallet, Metamask, Zerion, and more. - A **security-first design** built by our team of cybersecurity and onchain security experts, ensuring that all threat vectors are covered and taken into consideration. - **Seamless integration** with every company that already works with Blockaid, ensuring widespread availability from day one. We recognize that blind signing is an industry-wide issue that affects the entire Web3 ecosystem. That’s why we are releasing this whitepaper—not just to showcase our solution but to encourage **broader industry efforts** in addressing this critical problem. We believe that, together, the community can take meaningful steps to make transaction signing as secure as possible. **Blockaid** invites **hardware wallet manufacturers**, **protocol developers**, and anyone interested in improving Web3 transaction security to collaborate with us. If you’re a hardware wallet provider looking to implement **transaction verification**, or a protocol developer aiming to integrate this system, we would love to connect. Let’s work together to secure the next generation of decentralized applications and build a safer, more trusted Web3 ecosystem. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [iframe](https://td.doubleclick.net/td/rul/16585165352?random=1746703840647&cv=11&fst=1746703840647&fmt=3&bg=ffffff&guid=ON&async=1>m=45je5561v9108097933z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fblockaid.io%2Fblog%2Ftransaction-verification-a-solution-to-blind-signing-in-hardware-wallets&hn=www.googleadservices.com&frm=0&tiba=Transaction%20Verification%3A%20A%20Solution%20to%20Blind%20Signing%20in%20Hardware%20Wallets%20%7C%20Blockaid%20Blog&npa=0&pscdl=noapi&auid=1363492951.1746703841&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config)[iframe](https://td.doubleclick.net/td/rul/11505270602?random=1746703840832&cv=11&fst=1746703840832&fmt=3&bg=ffffff&guid=ON&async=1>m=45be5561v9202428819z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fblockaid.io%2Fblog%2Ftransaction-verification-a-solution-to-blind-signing-in-hardware-wallets&hn=www.googleadservices.com&frm=0&tiba=Transaction%20Verification%3A%20A%20Solution%20to%20Blind%20Signing%20in%20Hardware%20Wallets%20%7C%20Blockaid%20Blog&npa=0&pscdl=noapi&auid=1363492951.1746703841&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config) ## Token Listing Advantage [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) As an exchange, you want to list tokens fast. Every new listing brings in trading volume, attracts users, and strengthens your position in the market. If you’re like most exchanges, you rely on a **multi-step manual listing process** to assess compliance, security, and market demand. Every token goes through extensive due diligence, regulatory checks, and technical audits before approval. You do this because **listing the wrong token can be catastrophic.** A bad listing can mean fraud, regulatory scrutiny, and reputational damage. But this process isn’t just slow— **it’s costing you:** - **Lost trading volume**. Delays push traders to faster competitors, draining liquidity from the platform. - **Weakened market position**. Being late to list high-demand tokens means missing out on key growth opportunities. - **Operational bottlenecks**. Listing teams are overwhelmed, slowing down expansion and diverting resources from strategic initiatives. For years, the industry has treated slow, manual token reviews as the cost of security. But **what if security didn’t have to be a bottleneck**? What if **legitimate tokens could be listed instantly, while scams were blocked automatically—without adding risk**? That’s where Blockaid comes in. ## **Blockaid enables instant token listing—without compromising security** The challenge with moving from a **manual approval process to a dynamic approach** has always been control. Without a reliable way to distinguish between safe and malicious tokens in real time, exchanges have assumed they need to block **everything until proven otherwise.** Blockaid removes that friction with a **dynamic filtering system** that enables platforms to automatically list safe, legitimate tokens and filter out dangerous ones. This isn’t just a theoretical solution— **it’s already trusted by industry leaders.** Platforms like [**Uniswap**](http://blockaid.io/blog/uniswap-labs-selects-blockaid-to-launch-new-token-warning-feature) **,** [**CoinTracker**](https://www.blockaid.io/blog/how-blockaid-helped-cointracker-solve-its-spam-token-problem) **, and** [**DEX Screener**](http://blockaid.io/case-studies/dex-screener) rely on Blockaid to provide real-time security guidance, protecting millions of users from scam tokens, liquidity traps, and hidden exploits. The same system that powers these **high-volume, high-trust platforms** can now be used by exchanges to move faster—without sacrificing security. Instead of relying on static rules or manual checks, Blockaid continuously evaluates: - **Bytecode and contract structure** to detect malicious patterns, hidden attack vectors, and suspicious upgrade mechanisms. - **Wallet and funding sources** to assess the legitimacy of token creators, fund flows, and network relationships. - **Liquidity behavior** to identify liquidity manipulation, wash trading, and rug pull tactics before they impact users. ![contract_classify.png](https://blockaid.io/api/resourceContentImages/file/contract_classify.png) This **real-time security layer** allows exchanges to confidently shift from a **manual review process to an automated filtering model**, ensuring: - **Legitimate projects aren’t delayed** and safe tokens move forward immediately, increasing trading volume and user engagement. - **Regulatory risk is mitigated** by detecting sanctioned addresses (OFAC and others), illicit fund movements, and high-risk wallets, helping exchanges meet their compliance requirements—without slowing down legitimate tokens. - **Scam tokens never gain traction** and malicious assets are flagged before users interact with them, reducing fraud risk. Blockaid doesn’t just catch scams—it **creates the framework for secure, automated token support, ensuring both speed and compliance without added risk.** ### **The only token scanning engine backed by real-world data** Blockaid isn’t just analyzing contract code—it has **unmatched visibility** into how tokens behave in the real world. That’s because **Blockaid is integrated into the top wallets used by millions of traders every day, including** [**MetaMask**](http://metamask.io/news/latest/metamask-security-alerts-by-blockaid-the-new-normal-for-a-safer-transaction) **,** [**Coinbase Wallet**](http://blockaid.io/blog/coinbase-wallet-powered-by-blockaid) **,** [**Backpack**](http://blockaid.io/case-studies/backpack) **,** [**Zerion**](https://www.blockaid.io/blog/zerion-phishing-defense-powered-by-blockaid) **,** [**Rainbow**](https://www.blockaid.io/blog/rainbow-wallet-mobile-app-and-browser-extension-powered-by-blockaid) **, and others.** This gives exchanges a unique source of intelligence that no other security provider can match. **We see which tokens real users are trading, swapping, and holding.** Most security solutions only analyze contract data, but Blockaid tracks which tokens are actually being used in legitimate transactions. **We distinguish real demand from artificial volume.** Wash trading, bot-driven pumps, and fake liquidity pools can make a scam token look real—but Blockaid’s access to **real user interactions** allows us to filter out manipulation. **We detect malicious activity before it spreads.** If a token is linked to a wallet drainer, phishing site, or scam airdrop, Blockaid flags it before users are affected. **No other security solution has this data.** By combining **onchain intelligence with real-world usage data**, Blockaid gives exchanges the power to make **faster, safer, and smarter decisions.** ![blockaid_network.png](https://blockaid.io/api/resourceContentImages/file/blockaid_network.png) ### **Retain control while listing tokens faster with Blockaid’s customizable policies** Every exchange has different security requirements, risk tolerances, and regulatory obligations. A one-size-fits-all approach to token security doesn’t work. **That’s why the Blockaid platform is fully customizable—giving exchanges complete control over how tokens are filtered, classified, and managed.** Exchanges can define: - **Custom risk thresholds** and set policies based on contract complexity, liquidity depth, or past transaction behavior. - **Automated security rules** for exactly which tokens should be allowed, flagged for further review, or blocked outright. - **Regulatory compliance filters** to proactively prevent listing of tokens linked to sanctioned addresses, illicit funds, or high-risk activities—without slowing down legitimate assets. ![token_overview.png](https://blockaid.io/api/resourceContentImages/file/token_overview.png) By embedding **real-time monitoring and automated enforcement** directly into the token pipeline, **Blockaid ensures that security happens at the speed of the market—without requiring constant manual intervention.** This means: - **Security teams set the rules—Blockaid enforces them.** Exchanges stay in control while eliminating bottlenecks. - **Token support scales without increasing risk.** More assets move through safely, expanding trading opportunities. - **Compliance remains airtight.** Blockaid ODR ensures that regulatory safeguards are continuously applied in real time. With the **Blockaid platform**, you can move beyond reactive security with **a fully automated, risk-controlled environment where legitimate tokens move freely, and bad actors never gain traction.** ## **Turn token listings into a competitive advantage** For exchanges, token security has always been a balancing act— **move too slowly, and you lose trading volume; move too fast, and you take on unacceptable risk.** The Blockaid platform removes that tradeoff entirely. ![token_listing.png](https://blockaid.io/api/resourceContentImages/file/token_listing.png) By shifting from a **manual approval process to a dynamic filtering model**, you can gain a **strategic advantage** instead of a bottleneck: - **Faster listing:** Legitimate assets move through instantly, keeping pace with market demand. - **Stronger security:** The Blockaid platform prevents malicious tokens from ever reaching users, stopping scams before they spread. - **Operational efficiency:** Blockaid ODR automates 90% of manual review work, allowing teams to focus on high-value priorities. The result? **More volume, more users, more trust—without increasing risk.** Blockaid is already protecting millions of transactions across major wallets and platforms. **It’s time for exchanges to do the same.** 👉 **Your token listing process shouldn’t be a bottleneck.** **‍** [Get in touch now](http://blocka.id/demo) for a quick consultation on your current token listing policy and see how Blockaid can help you move faster, eliminate manual delays, and block threats before they reach your exchange **.** ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Understanding Wallet Drainers [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Imagine visiting a seemingly harmless site to claim a free airdrop. You connect your wallet, and wait for the token to hit your wallet. Everything seems normal—until your assets start disappearing. Welcome to the world of wallet drainers. These attacks are more common—and [more sophisticated](https://www.blockaid.io/blog/malicious-dapp-101-wallet-drainers-are-stealthier-more-complex-than-ever)—than you might think. But how exactly do they work? Let’s break down the process step by step to see how wallet drainers operate - and what is happening behind the scenes. ### **What is a wallet drainer, and why should you care?** A wallet drainer is a piece of malicious code embedded in dApps that is designed to deceive users into surrendering control of their wallets. Once access is granted, attackers can swiftly drain all available funds and assets—often without the user realizing it until it's too late. These attacks are cleverly disguised as legitimate activities: enticing airdrops, exclusive giveaways, and even apps posing as well-known services. ![chainlink.png](https://blockaid.io/api/resourceContentImages/file/chainlink.png) This is a wallet drainer, disguised as a Chainlink airdrop page It’s this seamless mimicry that makes them so effective—and so easy to fall for, even for savvy Web3 users. For businesses, the potential impact of wallet drainers extends beyond the immediate financial loss. While a single incident may not spell disaster, it can lead to reputational challenges over time if such vulnerabilities are not addressed. ![drained.png](https://blockaid.io/api/resourceContentImages/file/drained.png) Users expect security as a baseline, and incidents of wallet-draining can raise concerns about platform safety. Addressing these concerns proactively helps maintain user trust and ensures a stronger foundation for growth. ## A step-by-step look inside a wallet drainer attack To fully understand how a drainer works, let’s walk through an example of a malicious dApp caught and flagged by Blockaid’s security platform. The following breakdown was conducted in Blockaid’s Sandbox environment, a secure testing space where researchers can analyze the behavior of malicious dApps without compromising any real assets. None of the transactions shown here were signed or executed onchain, ensuring that no actual funds were at risk. We are using [this](https://etherscan.io/address/0xffd65c58f7236989442d4b3fabbfc4e36ea0d051#cards) randomly chosen address as our fake address in this interaction. This technical walk-through will help you see how wallet drainers operate behind the scenes, from the moment the user interacts with a malicious dApp to the final draining of assets. ### **Step 1: Crafting and distributing the malicious dApp** The first step in any wallet drainer attack is creating a malicious dApp that looks like a legitimate service. These dApps are typically designed to mimic trusted platforms or exciting new projects, making them difficult to spot at first glance. Attackers rely on crafting sites that trigger **FOMO** (Fear of Missing Out) to lure users in with promises of exclusive giveaways, airdrops, or rewards. But the malicious dApp alone isn't enough—the real trick lies in how it's distributed. Attackers use a variety of methods to get users to visit these dApps: - **Spam ads on social media**: Platforms like Twitter and Reddit are frequently flooded with fake airdrop promotions. ![reddit_scams.png](https://blockaid.io/api/resourceContentImages/file/reddit_scams.png) Ads promoting scams on X and Reddit - **Phishing emails and DMs:** Users often receive enticing messages claiming to offer huge rewards in exchange for connecting their wallets. ![email.png](https://blockaid.io/api/resourceContentImages/file/email.png) A fake email impersonating the WalletConnect brand - **Frontend hijacking**: In more sophisticated attacks, hackers compromise legitimate websites—like DeFi platforms—and replace their front end with a malicious version, seamlessly diverting users to the drainer. ![frontend_ethna.png](https://blockaid.io/api/resourceContentImages/file/frontend_ethna.png) Example: The recent EthenaLabs [frontend hijack](https://x.com/blockaid_/status/1836450077914587218) ### **Step 2: Getting the user to connect** Below is a malicious dApp disguised as a **BNB Chain airdrop**. The site claims to allow users to check their eligibility for an upcoming airdrop, playing directly into users' FOMO. Everything about the site was designed to rush users into connecting their wallets without raising too many suspicions. ![bnb_scam.png](https://blockaid.io/api/resourceContentImages/file/bnb_scam.png) No matter what button you click—whether it’s "Check Eligibility", “Learn More”, or even one of the fake blog posts —the **“Connect Wallet”** dialog pops up immediately. This relentless prompt is a classic hallmark of an impersonating dApp, designed to rush users into giving access without a second thought. ![bnb_connect.gif](https://blockaid.io/api/resourceContentImages/file/bnb_connect.gif) ### **Step 3: Extracting wallet information and preparing the attack** Once the user connects their wallet, the drainer immediately communicates with its **Command and Control (C2) servers**—the backend infrastructure that powers the attack. These servers collect crucial data from the frontend dApp, such as the wallet’s address, token balances, and available assets. Based on this information, the C2 servers instruct the frontend on what type of attack to execute. This could involve targeting specific tokens or initiating certain transactions to drain assets. ![network_drain.png](https://blockaid.io/api/resourceContentImages/file/network_drain.png) To make things harder for security researchers, the communication between the frontend and C2 is encrypted. While it's technically possible to reverse-engineer this process, it’s out of scope for this post. Once this step is complete, the drainer is ready to move into the next phase: directly interacting with the blockchain to start draining assets. ### **Step 4: Onchain preparations** After receiving instructions from the C2 servers, the drainer begins performing onchain interactions. To fully understand what the drainer is doing, we can analyze the **JSON-RPC** calls it sends to the wallet. **JSON-RPC** is the communication protocol that enables requests between the dApp, the wallet, and the node. It’s how the dApp queries information, sends transactions, and interacts with smart contracts. By examining these calls using the Blockaid sandbox environment, we can trace the drainer’s actions without executing any actual transactions or risking real assets. One of the first **JSON-RPC** calls we observed was the `wallet_switchEthereumChain` method, which forces the user’s wallet to switch to **Arbitrum One**: ``` 1{ 2 "method": "wallet_switchEthereumChain", 3 "params": [\ 4 {\ 5 "chainId": "0xa4b1"\ 6 }\ 7 ] 8} ``` Even though the dApp posed as a BNB Chain airdrop, this switch to a different chain is a big red flag. It’s a classic trick used to target assets on another network that might hold more value or be easier to exploit. Now, with the wallet on Arbitrum, the drainer starts issuing `eth_call` JSON-RPC requests. `eth_call` is a JSON-RPC method used to read data from onchain contracts. In these calls, the `to` field specifies which contract the data will be read from, and the parameters of the call are encoded in the `data` argument—often referred to as the **calldata**. To understand which function is being called, we can decode this calldata. Multiple tools, like [Arbiscan’s Input Data Decoder](https://arbiscan.io/inputdatadecoder), can be used to break down the `data` field, revealing the specific function and parameters being invoked. Let’s look at how the drainer uses `eth_call` to gather data. Here’s the first `eth_call`: ``` 1{ 2 "method": "eth_call", 3 "params": [\ 4 {\ 5 "from": "0xffd65c58f7236989442d4b3fabbfc4e36ea0d051",\ 6 "to": "0x912ce59144191c1204e64559fe8253a0e49e6548",\ 7 "data": "0x7ecebe00000000000000000000000000ffd65c58f7236989442d4b3fabbfc4e36ea0d051"\ 8 },\ 9 "latest"\ 10 ] 11} ``` When we decode this call, we find that the drainer is calling the `nonces(address) ` function: ``` 1{ 2 "function": "nonces(address)", 3 "params": [\ 4 "0xFfD65C58F7236989442d4b3faBbFC4e36EA0D051"\ 5 ] 6} ``` ‍The drainer then issues another `eth_call` to gather more information: ``` 1{ 2 "method": "eth_call", 3 "params": [\ 4 {\ 5 "from": "0xffd65c58f7236989442d4b3fabbfc4e36ea0d051",\ 6 "to": "0x912ce59144191c1204e64559fe8253a0e49e6548",\ 7 "data": "0x06fdde03"\ 8 },\ 9 "latest"\ 10 ] 11} ``` ‍Which decodes to: ``` 1{ 2 "function": "name()", 3 "params": [] 4} ``` ‍ This retrieves the **contract’s name**, in this case, "Arbitrum." Putting these two `eth_call` requests together, we can see that the drainer is querying the contract for the wallet’s **nonces** and the **contract’s name**. This information is essential for EIP-2612 (which the Arbitrum token follows), an ERC-20 extension that allows token approvals via off-chain signatures, also known as **permits**. ### **Step 5: Permit farming attack** By leveraging **EIP-2612**, the drainer is able to create a signature that authorizes asset transfers without the user explicitly approving the transaction onchain. In the `eth_call` we’ve observed, the drainer is collecting the data needed to craft their malicious permit transaction. With the **nonce** and **contract name** in hand, the drainer has everything it needs - and can issue the transaction using the `eth_signTypedData_v4` JSON-RPC method (which signs a structured piece of data, according to [**EIP-712**](https://eips.ethereum.org/EIPS/eip-712) standards): ``` 1{ 2 "method": "eth_signTypedData_v4", 3 "params": [\ 4 "0xffd65c58f7236989442d4b3fabbfc4e36ea0d051",\ 5"{\"types\":{\"Permit\":[{\"name\":\"owner\",\"type\":\"address\"},{\"name\":\"spender\",\"type\":\"address\"},{\"name\":\"value\",\"type\":\"uint256\"},{\"name\":\"nonce\",\"type\":\"uint256\"},{\"name\":\"deadline\",\"type\":\"uint256\"}],\"EIP712Domain\":[{\"name\":\"name\",\"type\":\"string\"},{\"name\":\"version\",\"type\":\"string\"},{\"name\":\"chainId\",\"type\":\"uint256\"},{\"name\":\"verifyingContract\",\"type\":\"address\"}]},\"domain\":{\"name\":\"Arbitrum\",\"version\":\"1\",\"chainId\":\"42161\",\"verifyingContract\":\"0x912ce59144191c1204e64559fe8253a0e49e6548\"},\"primaryType\":\"Permit\",\"message\":{\"owner\":\"0xffd65c58f7236989442d4b3fabbfc4e36ea0d051\",\"spender\":\"0x1618f13dac2f11a7fb8eec7e53f75671d116e93d\",\"value\":\"1158472395435294898592384258348512586931256000000000000000000\",\"nonce\":\"0\",\"deadline\":\"1758102346951\"}}"\ 6 ] 7} ``` ‍This `eth_signTypedData_v4` call constructs a **permit** message using the **nonce** (which ensures the transaction is unique and in sequence) and the **name** of the contract ("Arbitrum"). The permit authorizes the **spender** (in this case, the attacker’s address) to transfer a massive amount of tokens from the user’s wallet. This permit is the final objective of all the preceding transactions. It gives the attacker full control to drain the victim’s ARB tokens. The drainer will then issue similar requests to drain any other tokens the user holds. Remember - Each signed transaction means another token drained. ![sim.png](https://blockaid.io/api/resourceContentImages/file/sim.png) This flow is repeated for every token held by the user. Each message signed - is a token drained. ### **Why this works: EIP-2612 and offchain signatures** In the traditional ERC-20 setup, granting approval is an onchain transaction. Once the approval is set, any authorized spender can use `transferFrom` without further user interaction. Wallets can simulate these onchain transactions, providing users with a clear preview of what they’re authorizing. [EIP-2612](http://eips.ethereum.org/eips/eip-2612) changes the game by replacing onchain approval transactions with an off-chain signature. Since it’s not a transaction, most wallets can’t simulate it—Blockaid is currently the only solution capable of generically [simulating](https://www.blockaid.io/platform/transaction-security) off-chain signatures. This lack of simulation means that users often don’t realize they’re authorizing a transfer; they believe they’re simply signing a message, which appears less risky. Once they have the signed message, attackers can submit it onchain through the token’s `permit` function, granting themselves approval for transfers. This makes EIP-2612 permits a potent tool for wallet drainers, allowing them to avoid the scrutiny that onchain transactions would typically trigger. ![unmasking_screenshot_platform.png](https://blockaid.io/api/resourceContentImages/file/unmasking_screenshot_platform.png) Offchain signature displayed in Blockaid’s platform ### **Step 6: Native drain** With the permit attack executed and the assets approved for transfer, the drainer shifts focus to draining native tokens from the wallet. Normally, sending ETH from one address to another is simple. A dApp can initiate a straightforward transaction, moving ETH from one externally owned account (EOA) to another, with no **calldata** involved. Here’s an example of what this kind of transaction might look like: ``` 1{ 2 "method": "eth_sendTransaction", 3 "params": [\ 4 "from": "0xffd65c58f7236989442d4b3fabbfc4e36ea0d051",\ 5 "to": "0x912ce59144191c1204e64559fe8253a0e49e6548",\ 6 "value": "0xde0b6b3a7640000" // equivalent to 1 ETH\ 7 ] 8} ``` ‍However, to avoid detection, the drainer uses a more sophisticated technique to mask their activity. Instead of sending ETH directly to an attacker-controlled address, the drainer routes the transaction through a **middleware**—in this case, the legitimate **SushiSwap Router contract**. Here’s what the actual transaction the drainer sent looks like: ``` 1{ 2 "method": "eth_sendTransaction", 3 "params": [\ 4 {\ 5 "gas": "0x2fc88",\ 6 "gasPrice": "0x4116f4338",\ 7 "nonce": "0x4b",\ 8 "value": "0x814dbefd24822f08",\ 9 "from": "0xffd65c58f7236989442d4b3fabbfc4e36ea0d051",\ 10 "to": "0xd9e1ce17f2641f24ae83637ab66a2cca9c378b9f",\ 11 "data": "0xfb3bdb4100000000000000000000000000000000000000000000000000000005a53cb27800000000000000000000000000000000000000000000000000000000000000800000000000000000000000000e01b8ca4bfbb9712bd15be83a8d983c55556d7c000000000000000000000000000000000000000000000000000000006c1a37eb0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000c02aaa39b223fe8d0a0e5c4f27ead9083c756cc2000000000000000000000000a0b86991c6218b36c1d19d4a2e9eb0ce3606eb48"\ 12 }\ 13 ] 14} ``` ‍The target contract **(** `0xd9e1ce17f2641f24ae83637ab66a2cca9c378b9f` **)** is the legitimate SushiSwap [Router contract](https://docs.sushi.com/docs/Products/Classic%20AMM/Contracts/V2Router02). By decoding the **calldata**, we can see that this transaction calls the `swapETHForExactTokens` function: ![swapETHForExactTokens.png](https://blockaid.io/api/resourceContentImages/file/swapETHForExactTokens.png) Reading through the SushiSwap [documentation](https://docs.sushi.com/docs/Products/Classic%20AMM/Contracts/V2Router02#swapexactethfortokens), we can see that this function allows the caller to swap ETH for a specified amount of another token, following a pre-defined path of tokens: ![swap_docs.png](https://blockaid.io/api/resourceContentImages/file/swap_docs.png) In this case, the `path` parameter reveals that the drainer is swapping between **WETH** (Wrapped ETH, contract: `0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2`) and **USDC** (USD Coin, contract: `0xA0b86991c6218b36c1d19D4a2e9Eb0cE3606eB48`). By routing the transaction through a legitimate contract like SushiSwap, the drainer **obfuscates** the true intent of the transaction. Rather than directly transferring ETH to an unknown address, which could easily raise suspicions, the transaction looks like a routine token swap. This makes the attack harder to detect, as it appears to be a typical trade rather than a drain. Additionally, some security vendors automatically allowlist interactions with popular contracts like SushiSwap, adding an additional layer of complexity for detection. ![platform_sim_view.png](https://blockaid.io/api/resourceContentImages/file/platform_sim_view.png) Even though the transaction is flagged as malicious, the fact that it involves legitimate addresses makes it harder to detect by security solutions ## Recap Wallet drainers are malicious pieces of code designed to steal users' assets by tricking them into granting access to their wallets. As Web3 grows, these attacks have become more sophisticated, making it crucial for companies to understand how they work to protect both users and their brand’s integrity. In this example, the drainer executed several key steps: - **Fake Airdrop:** The attack starts by posing as a legitimate airdrop, creating urgency (often through FOMO) to lure users in. - **User Connection:** The dApp pushes the user to connect their wallet, giving the drainer access. - **C2 Communication:** The drainer communicates with its C2 servers to gather critical wallet data and issue `eth_calls` to query for details like nonces and token balances. - **Permit Farming:** Using this data, the drainer exploits **EIP-2612**, crafting a malicious permit transaction that authorizes token transfers without user approval. - **Native Currency Drain via DEX:** After draining tokens, the drainer targets the user’s native currency (e.g., ETH) and disguises the theft as a legitimate token swap through a DEX like SushiSwap. Wallet drainers aren’t just a threat to user funds—they’re a threat to the trust your platform relies on. Attackers are using increasingly sophisticated tactics, leveraging legitimate infrastructure to hide their intent and make detection harder than ever. If companies fail to understand and defend against these attacks, the result is not just financial loss—it’s a loss of reputation, trust, and long-term user confidence. Understanding these threats is no longer optional—it's essential. The stakes are high, and without the right defenses, your platform could be next. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Argent Wallet Security Upgrade [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) As of September 22, 2024, [Argent](https://argent.xyz/) wallet users benefit from enhanced security thanks to a new integration with Blockaid’s web3 security platform. ## What’s new? As Starknet grows, so do the potential threats. Argent's latest release provides additional transparency and protection for every Argent wallet interaction to ensure we continue to keep users safe in the ever-evolving web3 landscape. ### Enhanced dApp protection Better detection of dangerous dApps thanks to Blockaid’s internet-wide dApp scanning that identifies malicious dApps the moment they come online. ![dapp_argent.png](https://blockaid.io/api/resourceContentImages/file/dapp_argent.png) ### Malicious token protection As airdropped token scams grow, we’re providing additional measures to detect and warn users about the nature of airdrops in their wallets. ### Real-time transaction simulations Argent continues to simulate each transaction before confirmation. Now with the addition of Blockaid, we’re able to run a security check to determine if transactions are dangerous or safe and present that information on every transaction. ![one_risk_argent.png](https://blockaid.io/api/resourceContentImages/file/one_risk_argent.png) There’s nothing you need to configure or change—these enhanced features are built right into Argent and execute automatically with every transaction. ## Proven protection with Blockaid Blockaid is the web3 security platform trusted by Coinbase, Stellar, Safe, Metamask, and more to monitor and secure every onchain interaction. To date, Blockaid has scanned over 4.5 billion transactions, prevented more than 100 million attacks, and defended against potential losses exceeding $4 billion. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Understanding TOCTOU Attacks [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Imagine walking into a store, making a purchase, and leaving—only to realize later that you were charged 100 times more than what the checkout screen showed you. This is essentially what happens when users fall victim to **time-of-check-time-of-use (TOCTOU)** attacks, a new attack vector used by Solana drainers. Here’s how these TOCTOU attacks work, why they’re difficult to detect, and what users can do to protect themselves from these silent threats. ## What is a TOCTOU attack? A **time-of-check-time-of-use (TOCTOU)** attack is a type of exploit that takes advantage of the gap between when a system verifies something and when it acts on that verification. It’s a classic cybersecurity vulnerability that has made its way into the blockchain world. Think of it like entering a club that requires everyone to wear hats. If the security guard only checks for hats at the start of the queue, people could simply wear a hat to get past the check and then take it off as soon as they enter the club, walking around hat-free. In a TOCTOU attack, the system checks if everything is in order at the start (in our example, checking for hats), but by the time the action takes place (entering the club), the conditions have changed, and the system doesn’t notice. ## TOCTOU in Web3 - Attacking Transaction Simulation In the world of Web3, TOCTOU attacks operate in much the same way, but with a new target: **transaction simulation**. Many wallets and dApps integrate simulations as part of their security measures, allowing users to preview the potential outcome of a transaction before they sign it. These simulations provide an added layer of protection by identifying potential threats and verifying the transaction’s behavior based on the current state of the blockchain. However, TOCTOU attacks exploit the gap between the simulation (when the transaction is checked) and the actual execution on-chain. During this brief window, attackers manipulate the on-chain state, causing the transaction to result in a different outcome than what was shown in the simulation. ![diagram.png](https://blockaid.io/api/resourceContentImages/file/diagram.png) For example, a transaction that appears to send tokens to a legitimate address during simulation may, due to changes in the on-chain state, end up draining the user’s wallet. Since users rely on simulations to confirm the safety of transactions, this manipulation creates a false sense of security, leaving them vulnerable to malicious activity that goes undetected. ## TOCTOU attacks in Solana This issue is even more severe in **Solana** due to its unique runtime architecture. When a user signs a transaction, they grant permission for every program involved to modify writable accounts without restrictions. As a result, any account in the transaction can potentially drain the user’s SOL or SPL tokens. This flexibility in Solana’s design makes its security far more reliant on accurate transaction simulations - and indeed, as Solana’s popularity grew, wallet drainers began using TOCTOU attacks to exploit this gap, bypassing simulations and manipulating transactions undetected. During these attacks, the wallet simulation reveals a completely benign outcome. However, once the user signs the transaction, the outcome completely changes. ![bypass_text.png](https://blockaid.io/api/resourceContentImages/file/bypass_text.png) From an attacker support chat: An example of what a drain would look like to the user As a result, the attacker can drain the user’s assets without being flagged during the simulation, rendering the security check ineffective. ### **The anatomy of a TOCTOU attack on Solana** 1. **Deploy the malicious program** - The attacker deploys a malicious program with TOCTOU logic, designed to pass unnoticed during simulation. The program typically lacks visible source code references or Anchor IDL, making it difficult to detect. 3. **Spoof transaction simulation with false data** - When the user initiates a transaction, their wallet runs a simulation to verify its safety. During this phase, everything appears legitimate—the program doesn’t trigger any red flags, and the transaction seems to behave as expected. The malicious state remains inactive during the simulation, creating a false sense of security. 5. **Change the state after signature** - Once the user signs the transaction, the attacker, who controls the dApp and now holds the signed transaction, alters the state of the program, activating a malicious flow. The attacker then sends the manipulated transaction to be executed on-chain. 7. **Execute and drain assets** - By the time the transaction is executed on-chain, it behaves completely differently than it did during the simulation. Instead of performing the intended action, the transaction drains the user’s assets, redirecting them to the attacker’s wallet. At this point, the user has no way to stop or reverse the transaction. ## Real-world example: a Solana TOCTOU attack in action To better understand how TOCTOU attacks unfold in the real world, let’s look at a specific example involving Vanish Drainer, one of the many drainers that [Blockaid](https://blockaid.io/) tracks. In this case, the attacker used a malicious program that altered the transaction state after it was signed but before it was executed, allowing them to drain the victim’s assets. Here’s how the attack unfolded: ### **The program** The attacker deployed a [program](https://solscan.io/account/HkRdHHqMWrgDa1rj99TArnvxBskXPLt9LWmkPLqfoynz#anchorProgramIdl) (you can see it here - it’s now inactive) designed to appear harmless during simulation. The program contained a hidden state condition that wasn’t triggered during the simulation, allowing it to pass without raising any security flags. ![program.png](https://blockaid.io/api/resourceContentImages/file/program.png) In this program, the state (which determined whether the program should execute the malicious flow or not) was represented by the existence of a token account with the mint `CPMbUt3SSoeoCJGCzhqmy7ZoaHWqd8AQPTvYiNeSxatt`. Since this condition wasn’t triggered during the simulation, the transaction passed all checks. ### **State change trigger** Once the user’s signature was secured, the attacker’s infrastructure issued a transaction that set the state and activated the malicious flow. This transaction was executed before the user’s transaction—because the attacker also controlled the dApp. ![tx_sample.png](https://blockaid.io/api/resourceContentImages/file/tx_sample.png) An example of the state-setting transaction can be found [here](https://solscan.io/account/4BKrqxoNJghc7ueGFsBHH22XCsyMLfKLBfNuuTJq1kCd). ### **The transaction** After setting the malicious state, the attacker executed the user’s signed transaction, which drained approximately $3,000 worth of tokens from the user’s wallet. ![full_tx.png](https://blockaid.io/api/resourceContentImages/file/full_tx.png) You can view the transaction details [here](https://solscan.io/tx/EPbgcCqcxrG441YfD1jqi91a7fx5ZYe9F3wkaFD8VeR4UPwp2TthHFtMyutCJ2VGeyvj7ZZCCnV7Y1n3HwWZ8it). Notably, the user’s transaction was executed on block `247363977`, just seven blocks after the attacker’s state-setting transaction (which was executed on block `247363970`). The short time window between the state change and the asset drain—just a few seconds—demonstrates how quick and efficient these attacks can be on Solana’s high-speed network, leaving little opportunity for detection. ## Why TOCTOU attacks are so hard to detect Many wallets and dApps rely heavily on transaction simulations to analyze a transaction's behavior based on the state of the blockchain at the time the simulation is run. However, these simulations do not account for any state changes that can occur between signing and execution. This is the critical gap that TOCTOU attackers exploit—manipulating the transaction state after the simulation has passed but before the transaction is processed on-chain. This kind of attack reveals a fundamental limitation of traditional simulations: they cannot anticipate future changes in the program’s behavior. As a result, even transactions that appear perfectly safe during the simulation can be compromised later. These attacks serve as a clear reminder that simulations alone are not enough for ensuring security in blockchain environments. While they are an important tool, advanced techniques such as real-time state monitoring or deeper transaction analysis are necessary to protect against threats like TOCTOU attacks. ## How to mitigate TOCTOU attacks There are many ways to address the threat of TOCTOU and [simulation bypasses](https://www.blockaid.io/blog/bypasses-how-attackers-evade-transaction-simulation), but none of them are perfect on their own. The [Lighthouse Protocol](https://www.lighthouse.voyage/) injects an **assertion instruction** into transactions to ensure that the final state of a transaction matches what was expected during the simulation. If the transaction's conditions are altered after simulation, Lighthouse can detect the change and fail the transaction before it is executed. However, this approach has its limitations. Adding instructions can cause transactions to exceed Solana’s size limits, making it impractical in some cases. ![solana_tx_size.png](https://blockaid.io/api/resourceContentImages/file/solana_tx_size.png) Solana Transaction Size [Documentation](https://solana.com/docs/core/transactions#transaction-size) More importantly, while Lighthouse helps mitigate simulation bypasses like TOCTOU attacks, it does not address the majority of wallet-draining attempts on Solana. To fully protect against a variety of threats, platforms and wallets need to adopt a **multi-layered security strategy**, including: ### **Program code analysis** By analyzing the code of a program before the transaction is executed, security solutions can uncover hidden logic or potential vulnerabilities that could trigger malicious behavior later. For instance, Blockaid employs both static and dynamic code analysis that allows for a deeper understanding of how a program might behave once executed, uncovering patterns that may not be visible during simulation. ### **Address reputation checks** Reviewing the history of addresses involved in a transaction can flag suspicious activity. If an address has been associated with malicious behavior, this can serve as an early warning sign, even if the simulation shows no issues. ### **dApp scanning** Many wallet drainers share similar code patterns or infrastructure. Scanning dApps for these shared traits can help detect threats before they reach the transaction level, adding an additional layer of early protection. By adopting these additional layers of defense, platforms can create a stronger, more comprehensive approach to security that addresses both TOCTOU attacks and the more frequent, direct wallet-draining schemes that don’t involve simulation bypasses. ## Recap A **time-of-check-time-of-use (TOCTOU)** attack is a type of exploit that takes advantage of the gap between when a system verifies something and when it acts on that verification. **Solana** is particularly vulnerable because, when a user signs a transaction, they grant permission for all involved programs to modify writable accounts without restrictions. This makes Solana highly dependent on accurate simulations to prevent potential drains of SOL or SPL tokens, which in turn makes TOCTOU attacks a serious threat to its users. Mitigating TOCTOU attacks requires a broad approach that addresses the limitations of transaction simulations. While protocols like Lighthouse aim to reduce the risk of simulation bypasses, they alone are not enough to fully protect against evolving threats. To safeguard users from TOCTOU attacks and other exploits, platforms need a comprehensive strategy. This means combining tools like Lighthouse with additional defenses, such as program code analysis, address reputation checks, and dApp scanning. Only by integrating these layers of protection can platforms provide the security necessary to keep their users safe from future attacks. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 29, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Enhanced Wallet Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) [_Originally posted on Safe.Global_](https://safe.global/blog/safe-wallet-gets-even-safer-introducing-blockaid-integration) Safe{Wallet} now features enhanced security with the integration of Blockaid’s advanced technology. This addition ensures that your transactions are more secure, with advanced tools working seamlessly in the background to protect your digital assets. ### **What’s new?** Safe{Wallet} has always prioritized user security with features like real-time transaction simulations and immediate alerts for malicious activity. Now, with the integration of Blockaid, these features have been further refined and strengthened to provide even more robust protection: - **Real-Time Transaction Simulations:** Safe{Wallet} continues to simulate each transaction before confirmation, now with the added accuracy and speed that Blockaid brings. This ensures potential risks are identified more efficiently, helping you avoid errors that could result in asset loss. - **Immediate Alerts for Malicious Activity:** Safe{Wallet} remains vigilant in notifying you if a transaction involves a suspicious or known malicious address. With Blockaid’s extensive database, these alerts are now even more reliable, reducing false positives and ensuring your assets are fully protected. - **Address Poisoning Protection:** Address poisoning is a growing threat where attackers create addresses that closely mimic legitimate ones, hoping you’ll send funds to the wrong destination. With Blockaid, Safe{Wallet} now alerts you if you’re about to send funds to a potentially malicious address, adding an extra layer of security to your transactions. - **Expanded Threat Database:** Blockaid’s extensive network includes partnerships with industry leaders like Metamask, Coinbase, 1inch, Zerion, and Rainbow. This means Safe{Wallet} now has access to a much broader and more accurate database of malicious assets, addresses, and threats. The result? Fewer false positives and negatives, and more precise alerts to keep your assets safe. - **Faster Security Checks:** We know that speed matters, especially when making transactions. With Blockaid, security checks in Safe{Wallet} are now quicker, giving you real-time feedback without delays, so you can make confident decisions on the fly. ### **See it in action** Here’s how these enhanced security features work in real scenarios. #### **Standard transaction warning** The new system detects that a transaction might result in an unintended loss of assets. Safe{Wallet}, with Blockaid’s protection, alerts you beforehand, giving you the chance to prevent costly mistakes. ![warning_safe.png](https://blockaid.io/api/resourceContentImages/file/warning_safe.png) #### **Critical alert for malicious activity** Blockaid flags transactions involving a known malicious address. This critical alert not only warns you of the risk but also helps you avoid transferring assets to a dangerous destination. ![alert_safe.png](https://blockaid.io/api/resourceContentImages/file/alert_safe.png) ### **Proven protection with Blockaid** **‍** Blockaid's technology has been rigorously tested and proven to be highly effective in safeguarding digital assets. To date, it has scanned over 4.5 billion transactions, prevented more than 100 million attacks, and defended against potential losses exceeding $4 billion. These impressive metrics demonstrate the reliability and strength of the protection now integrated into Safe{Wallet}, giving you unparalleled confidence in the security of your transactions. ### ‍ **Seamless experience, superior security** **‍** There’s nothing users need to configure or change—these enhanced features are built right into Safe{Wallet} and operate automatically with every transaction. Users can continue to manage their digital assets with the added assurance that every transaction is thoroughly analyzed and secured. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [iframe](https://td.doubleclick.net/td/rul/11505270602?random=1746703888989&cv=11&fst=1746703888989&fmt=3&bg=ffffff&guid=ON&async=1>m=45be5561v9202428819z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116025~103200001~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fblockaid.io%2Fblog%2Fsafe-wallet-gets-even-safer-introducing-blockaid-integration&hn=www.googleadservices.com&frm=0&tiba=Safe%7BWallet%7D%20Gets%20Even%20Safer%3A%20Introducing%20Blockaid%20Integration%20%7C%20Blockaid%20Blog&npa=0&pscdl=noapi&auid=1094770598.1746703889&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config)[iframe](https://td.doubleclick.net/td/rul/16585165352?random=1746703889175&cv=11&fst=1746703889175&fmt=3&bg=ffffff&guid=ON&async=1>m=45je5561v9108097933z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fblockaid.io%2Fblog%2Fsafe-wallet-gets-even-safer-introducing-blockaid-integration&hn=www.googleadservices.com&frm=0&tiba=Safe%7BWallet%7D%20Gets%20Even%20Safer%3A%20Introducing%20Blockaid%20Integration%20%7C%20Blockaid%20Blog&npa=0&pscdl=noapi&auid=1094770598.1746703889&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config) ## AngelX Drainer Threat Report [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) On August 29, Blockaid Threat Intel team became aware of a new drainer variant being tested in the wild. This drainer was detected by our systems during regular proactive scans of newly deployed dApps - allowing us to catch a test dApp, that was likely never meant to be viewed by anyone other than the drainer developers. ![test_angelx.png](https://blockaid.io/api/resourceContentImages/file/test_angelx.png) While our systems successfully detected this test dApp as malicious, it contained a sample of a new, unknown drainer variant. After additional research, we were able to procure additional samples, which allowed us to identify this as a new, yet to be released variant of _Angel Drainer_. ## AngelX This suspicion was confirmed on September 1st, when Angel Drainer announced on their Telegram channel that they are releasing a new version of their toolkit, dubbed _**AngelX**_. According to Angel, this new version was unique as it included major improvements that were made in order to make new malicious dApp deployment much easier. Among these new features: - Support for draining users on new, previously unsupported chains - including **TON** and **TRON**. - A new command and control (CNC) dashboard for scammers, giving them a high level of control over how they conduct their scams. - Support for a seed-phrase-theft flow - New cloaking mechanism, meant to prevent detection by security vendors On top of the samples, our team was able to gain access to the control panel of an AngleX instance, allowing us to examine the different ways Angel is working to improve the ease of drain: ![angelx_settings.png](https://blockaid.io/api/resourceContentImages/file/angelx_settings.png)![angelx_config.png](https://blockaid.io/api/resourceContentImages/file/angelx_config.png) ## Mitigation As Blockaid Threat Hunting team was able to secure samples of this new variant ahead of its release to scammers, we were able to mitigate Angel’s bypass attempts and add detection logic before the drainer was released to scammers. ![malicious_tx_anglex_sample.png](https://blockaid.io/api/resourceContentImages/file/malicious_tx_anglex_sample.png) As you can see in the chart below, this pre-release effort proved highly valuable, with an explosive growth in Angel-powered scams starting with the release of the new variant: ![angelx_graph.png](https://blockaid.io/api/resourceContentImages/file/angelx_graph.png) # Conclusion This incident is another example of how proactive monitoring and early intervention are crucial in today’s adversarial Web3. By catching the AngelX drainer variant during its testing phase, our team could develop and implement defenses before it became widely used. This early action underscores how critical it is to monitor for evolving threats, especially as attackers continuously adapt their methods to target new platforms and users. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## WazirX Hack Insights [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) On July 18th, 2024, hackers stole $230 million in assets from cryptocurrency exchange WazirX. In the weeks following the attack, we spoke to dozens of web3 companies about what happened. There was one major blind spot everyone seemed to miss. Blind signing transactions. Here’s what happened, an overview of blind signing, and how you can protect against this kind of attack. ## How the WazirX hack worked There are still quite a few unknowns but it boils down to this: attackers were able to get enough signatures to upgrade the Gnosis safe, transfer funds to the new safe, and then drain $230m in assets. ![wazirx_attack_flow.png](https://blockaid.io/api/resourceContentImages/file/wazirx_attack_flow.png) ## WazirX security measures From a security standpoint, there were a lot of things that WazirX did well. The wallet operated under a complex security structure that included: - Multisig wallet with Gnosis Safe - Whitelisted addresses through Liminal - Ledger hardware wallets for WazirX signatories - Liminal signatory approval We don’t know exactly how the hackers gained access, but we do know that upgrading the safe required three signatures from Gnosis and one from Liminal—and that those signatures were blind signed. ![did_most_things_right.png](https://blockaid.io/api/resourceContentImages/file/did_most_things_right.png) ## How blind signing works Picture this: You're handed a document in a sealed envelope. You're told it's routine, so you sign without opening it. Now imagine that document just cost your company $230 million. That's essentially what happened to WazirX. Signers couldn't see the full details of what they were signing but trusted the transaction was safe to sign. Why? The transaction was cleverly designed to look legitimate by exploiting a limitation in ERC20 transactions where hardware wallets don’t display full details. Signing a transaction without seeing the full details is known as blind signing, and it’s actually a more common practice than it should be. ## Protecting against blind signing Transaction signing is the single largest attack surface in web3. That’s why transaction-level security is one of the most important pieces in the security stack. At the very minimum, transaction-level security should include policies prohibiting blind signing, full transaction details at any point of signing, and transaction simulation _and_ validation. With transaction simulation, you reduce the risk of signing a transaction that produces a different outcome than represented. Outcomes like transferring more assets than intended or modifying contract states and permissions. However, simulation alone isn’t enough. Attacks often add additional actions that aren’t reflected in onchain changes. This is where transaction validation comes in. Transaction validation examines the security ramifications of the onchain state changes to detect any second or third-degree risks that are introduced by the transaction outcomes. Things like: 1. Which actors are now in control of your assets? 2. Are these actors trustworthy? 3. Does the contract you’ve just deposited your funds into contain malicious code that will prevent you from withdrawing? Think about it like this: 1. **Simulation** protects you from sending one million dollars when you meant to send $100. 2. **Validation** protects you from sending $100 to a North Korean hacker impersonating a new airdrop campaign. ## Summary WazirX should be a wake-up call for the industry. You can have all sorts of security measures and still be vulnerable to malicious transactions. To protect yourself and your users: 1. Prohibit blind signing 2. Ensure mission-critical transactions display the full details 3. Implement transaction simulation to understand what will happen onchain 4. Implement transaction validation to determine if a transaction is safe ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid and Alchemy Partnership [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Alchemy, the comprehensive web3 platform for developers, just launched [Integrations](https://alchemy.com/integrations) to connect its customers to the best and most reliable integration partners for its [Rollups-as-a-Service](http://alchemy.com/rollups) offering. Through this marketplace, [Rollups](http://alchemy.com/rollups) customers can find the right partner to enhance their chain with customizations that give developers or users specific functionality. Blockaid—the battle-tested web3 security platform that has earned the trust of leading companies like Coinbase and Metamask—joins well-known names like [Blockscout](https://www.blockscout.com/), [DIA](https://www.diadata.org/), [Thirdweb](https://thirdweb.com/), [Halliday](https://halliday.xyz/), and [Hyperlane](https://hyperlane.xyz/). By integrating with the Blockaid platform, chains will now be able to leverage Blockaid’s dApp scanning, address validation, token validation, transaction simulation and validation, onchain threat intelligence, and ecosystem moderation to monitor, detect, and remediate scams, phishing, and hacks. Additionally, Blockaid is the only web3 security platform that: 1. Is backed by top VC firms, including Cyberstarts, Variant, Ribbit, Sequoia, and Greylock 2. Has an in-house team of world-class security researchers 3. Instantly detects emerging threats by identifying and scanning millions of dApps 4. Simulates transactions with <300ms of latency (the fastest solution in the market) 5. Can validate every kind of transaction (including generic EIP-712 support) Visit the [Alchemy Integrations Marketplace here](https://alchemy.com/integrations) or learn more about [Blockaid here](https://blockaid.io/). ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Squarespace DeFi Domain Hijack [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) Last week, a couple of major DeFi protocol frontends were hacked. At first, these incidents seemed unrelated - just another day in the volatile world of Web3 security. However, as the dust settled, a disturbing pattern emerged. These attacks were all linked - a result of a large-scale domain hijacking campaign targeting Squarespace users, a popular web building and hosting platform. This unprecedented attack sent shockwaves through the crypto community, blurring the lines between traditional cybersecurity and blockchain protection. As the crypto world grappled with the fallout, one thing became crystal clear: in our interconnected digital landscape, vulnerabilities in conventional web infrastructure can have catastrophic consequences for decentralized applications and their users. In this post, we'll dive deep into the Squarespace domain hijacking incident, exploring how it happened, why it was so devastating, and what it means for the future of Web3 security. More importantly, we'll discuss why this incident serves as a wake-up call for the entire industry, highlighting the urgent need for more comprehensive, proactive security measures that bridge the gap between Web2 and Web3. ## Background: When Web2 Vulnerabilities Become Web3 Nightmares The attack first came to light when Ethereum-based DeFi protocol [Compound](https://x.com/compoundfinance/status/1811328333063520683) and multi-chain interoperability protocol [Celer Network](https://x.com/CelerNetwork/status/1811394743794114866) reported that their front-ends were compromised. Visitors to these sites were being redirected to malicious pages designed to drain funds from connected wallets. As more protocols fell victim, with yield protocol [PendleFi](https://x.com/pendle_fi/status/1811683909509558562) also breached, the community began to suspect a larger, coordinated attack.‍ ![compund_tweet.png](https://blockaid.io/api/resourceContentImages/file/compund_tweet.png) After inspecting the affected projects, a common thread was found: all affected sites used Squarespace for domain management. Further investigation revealed that attackers were manipulating DNS A Records, redirecting users to malicious dApps that perfectly mimicked the original sites. These fake dApps were running the latest iteration of the Inferno draining kit, designed to trick users into signing transactions that would empty their wallets. ## Why It Happened After more research, the community was able to conclude that the root of the attack was indeed Squarespace - or, rather, Squarespace's [acquisition of Google Domains](https://www.prnewswire.com/news-releases/squarespace-enters-definitive-agreement-to-acquire-google-domains-assets-301852507.html?tc=eml_cleartime) in 2023. During the [migration of millions of domain registrations](https://9to5google.com/2024/04/05/google-domains-squarespace-controls-migration/) to Squarespace, a critical security oversight occurred: two-factor authentication (2FA) was disabled for all migrated accounts, including those that previously had it enabled. This created a significant vulnerability across a vast number of domains seemingly overnight. Attackers exploited this security gap using a technique called password spraying. Unlike traditional brute-force attacks that try many passwords on a single account, password spraying attempts a small number of commonly used passwords across a large number of accounts. This method is particularly effective because: 1. It's less likely to trigger account lockouts or alert security systems, as it doesn't bombard a single account with attempts. 2. It exploits the unfortunate reality that many people use weak, common passwords across multiple accounts. 3. It can be automated to work at scale, allowing attackers to attempt access on thousands or even millions of accounts relatively quickly. In this case, with 2FA disabled during the migration, password spraying became even more potent. Normally, even if an attacker guessed a correct password, they'd be stopped by the second authentication factor. Without this extra layer of security, a correct password guess immediately granted access to the account. This combination of factors - the large-scale migration, the temporary removal of 2FA, and the efficient password spraying technique - created a perfect storm. It allowed the attackers to compromise numerous Squarespace accounts simultaneously, explaining why so many apparently unrelated sites were affected at once. ![email-1.png](https://blockaid.io/api/resourceContentImages/file/email-1.png) Example of an email sent to @samwcyo alerting them to a password reset attempt ## The Attackers' Modus Operandi: A Deep Dive Once the attackers gained access to Squarespace accounts through password spraying, they executed a sophisticated plan to compromise DeFi protocols and their users. Here's a step-by-step breakdown of their modus operandi: 1. **Account Takeover**: After successfully guessing passwords, the attackers gained control of Squarespace accounts associated with high-value DeFi protocols. 2. **Malicious dApp Creation**: The attackers then created impersonating malicious decentralized applications (dApps) that closely mimicked the branding and interface of the targeted DeFi sites. ![cbridge_dapp.png](https://blockaid.io/api/resourceContentImages/file/cbridge_dapp.png) 1. **DNS Record Manipulation**: In a critical step, the attackers changed the DNS records of the compromised sites. They pointed the domain names to their malicious dApps instead of the legitimate sites. ![dns_records_fe.png](https://blockaid.io/api/resourceContentImages/file/dns_records_fe.png) 1. **User Redirection**: As a result, users who entered the correct, legitimate URLs in their browsers were unknowingly redirected to the malicious dApps. From the users' perspective, everything appeared normal - they were on the correct domain, with familiar branding. 2. **Malicious Transactions**: Once on the fake site, users were prompted to connect their wallets and perform transactions. These transactions, however, were designed to drain funds or grant the attackers access to the users' assets. ![mm_warning.png](https://blockaid.io/api/resourceContentImages/file/mm_warning.png) This pattern of attack - from account takeover to DNS manipulation to user redirection and finally to malicious transactions - was seen repeating itself on every one of the attacked dApps. At Blockaid, we've observed attempts to execute the same attack pattern against some of our customers. Thanks to our proactive security measures, we were able to successfully block these attempts, protecting users of our customers from potential losses. ## **Unraveling the Attack** As the attacks unfolded, Blockaid's Threat Intelligence team sprung into action, leveraging our extensive network and advanced analytics to piece together the puzzle. Our unique position in the Web3 security landscape allowed us to quickly identify and confirm the connections between what initially appeared to be isolated incidents. Using data from the Blockaid network, our team identified a critical commonality across multiple compromised sites: they were all using the same malicious Drainer SDK. This discovery was the key that unlocked our understanding of the attack's true scope and sophistication. ![compund_debugger.png](https://blockaid.io/api/resourceContentImages/file/compund_debugger.png) With this insight, we conducted a reverse search on files used by the identified Drainer SDK. This process led us to uncover numerous dormant malicious dApps that had not yet been activated. Surprisingly, many of these dApps were hosted on the same provider (some even on the same server), revealing a centralized infrastructure behind the seemingly decentralized attacks. ![malicious_dapps_colleage.png](https://blockaid.io/api/resourceContentImages/file/malicious_dapps_colleage.png) Dormant malicious dApps deployed by the attackers This finding not only confirmed that the attacks were indeed tied together but also gave us a proactive edge. By identifying these dormant threats, we were able to flag them before they could be activated, potentially preventing future attacks. ![urlscan_view.png](https://blockaid.io/api/resourceContentImages/file/urlscan_view.png) Taking our investigation a step further, we reached out to the hosting provider to request additional details. This proactive approach aims to gather more information about the attacker's infrastructure and potentially aid in shutting down their operations. ![iocs_list.png](https://blockaid.io/api/resourceContentImages/file/iocs_list.png) ## A Wake-Up Call: Rethinking Web3 Security The Squarespace domain hijacking incident serves as a stark wake-up call for the entire Web3 ecosystem. It exposes critical vulnerabilities in our current security paradigms and underscores the need for a more comprehensive, multi-layered approach to protecting decentralized applications and their users. ### Blocklists Are Not Enough This attack is a powerful reminder that even legitimate, trusted sites can be compromised. Relying solely on blocklists of known malicious sites is no longer sufficient. The attackers in this case exploited trusted domains, rendering traditional blocklists ineffective. We must shift our security mindset from simply avoiding known threats to actively verifying the integrity of every interaction. ### The Need for Proactive Monitoring The incident highlights the critical importance of proactive monitoring. It's not enough to assume that a site is safe because it was secure yesterday. Continuous, real-time monitoring is essential to detect when legitimate sites are compromised. This approach allows for rapid response to emerging threats, potentially preventing or minimizing damage from attacks like this one. ### Beyond dApp Scanning: The Importance of Transaction Scanning While dApp scanning is a crucial security measure, this attack demonstrates that it's not sufficient on its own. Implementing transaction scanning provides an additional, critical layer of security. By analyzing each transaction in real-time, regardless of the perceived legitimacy of the dApp, we can catch malicious actions that might slip through other security layers. This "defense in depth" strategy is essential in an ecosystem where the lines between legitimate and malicious can blur in an instant. ## **Conclusion** As the attack unfolded, Blockaid was at the forefront of monitoring and responding to the situation in real-time. Our team's expertise and advanced security systems played a crucial role in mitigating the impact of this widespread attack, helping our targeted customers to keep their platforms secured and their users safe. ### **Immediate Monitoring and Assistance** From the moment the first signs of the attack emerged, Blockaid's threat intelligence team was actively tracking the situation. We provided immediate assistance not only to our existing customers but also extended our support to non-customers who found themselves targeted by this sophisticated attack. This rapid response helped numerous projects secure their infrastructure and protect their users during this critical time. ### **Proactive dApp Scanning in Action** Our proactive dApp scanning systems proved invaluable in this crisis. These systems were able to quickly detect anomalies in the behavior and structure of compromised dApps, alerting us to the attack even before many projects realized they had been compromised. This early warning system allowed us to take swift action and notify affected parties, potentially preventing significant losses. ![frontend_detected.png](https://blockaid.io/api/resourceContentImages/file/frontend_detected.png) ### **Threat Intelligence and Infrastructure Mapping** Blockaid's threat intelligence team demonstrated their expertise by rapidly detecting the DNS changes that were central to this attack. This crucial insight allowed us to map out the entire infrastructure being used by the attackers. By understanding the full scope of the attack, we were able to: 1. Identify other potential targets before they were compromised 2. Provide detailed threat intelligence to security partners and law enforcement 3. Develop and implement targeted countermeasures to protect against similar attacks in the future ![platform_dapp_fe_compund.png](https://blockaid.io/api/resourceContentImages/file/platform_dapp_fe_compund.png) ### **Leveraging Insights for Enhanced Protection** The insights gained from this incident have been invaluable in further refining our security measures. We've enhanced our monitoring systems, improved our dApp scanning algorithms, and strengthened our transaction analysis capabilities. These improvements ensure that Blockaid remains at the cutting edge of Web3 security, ready to defend against both current and emerging threats. This incident underscores the critical importance of proactive, multi-layered security in the Web3 space. At Blockaid, we remain committed to staying one step ahead of potential threats, continuously innovating our security solutions to protect the decentralized ecosystem and its users. As the Web3 landscape evolves, so too will our defenses, ensuring that we continue to provide the highest level of security for our clients and the broader community. ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Web3 Security Partnership [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ## **TL;DR** We at Blockaid have teamed up to enhance Web3 security by integrating Blockaid's advanced security alerts into the 1inch ecosystem. This partnership aims to combat fraud and cyber threats, providing real-time warnings to users and enhancing the safety of digital assets integrating our transaction simulation and validation tool. Future collaborations are also planned to expand these security measures. ## **The Integration** In the dynamic world of DeFi, security is not just a feature—it's a necessity. That's why we're excited to announce our new partnership with 1inch, a leader in DeFi and web3, whose commitment to security mirrors our own. By joining forces, Blockaid and 1inch are bringing together top-tier security measures and innovative technology to redefine safety and efficiency in decentralized finance. Together, we aim to enhance user protection against fraud and cyber threats in the Web3 space. ## **Re-Inventing Security Solutions** This integration will see Blockaid provide real-time warnings about potential security risks, making digital transactions on the 1inch ecosystem safer and more trustworthy. When a transaction or a dApp is identified as malicious during the validation process, users will receive a warning on their confirmation screen, adding an extra layer of security to their transactions. By integrating these features into the 1inch ecosystem, users across major networks like _**Ethereum, Base, BNB Chain, Polygon, Arbitrum, Optimism, Avalanche**_, and more will receive real-time alerts about potential threats. Guiding this partnership is our CEO, Ido Ben-Natan, and Sergej Kunz, co-founder of 1inch. Their leadership reflects our shared commitment to pioneering security solutions. With our expertise in Web3 security and 1inch's reputation for innovative DeFi solutions, our collaboration promises to set new standards of trust and safety in the space. ## **Future Collaborations** In addition to the current integration and partnership with 1inch, we are also partnering on bigger initiatives down the road - including the announcement of the 1inch Shield, a comprehensive security solution that offers enhanced protection against various threats. This project, along with future ones, aim to further strengthen the security framework within the Web3 space, ensuring comprehensive protection for all users. Stay tuned for upcoming announcements and follow us on [X](https://twitter.com/blockaid_?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor) to stay up to date with the latest developments and updates. ## **More on 1inch** Launched in 2019, 1inch has emerged as a frontrunner in the DeFi landscape, offering secure and efficient tools for navigating Web3 complexities. From its inception at a New York hackathon, 1inch has evolved into a comprehensive platform, offering features like the 1inch Swap DEX aggregator, user-friendly wallets, and the 1inch Portfolio DeFi tracker. With a commitment to user empowerment, 1inch remains dedicated to driving the growth and adoption of DeFi worldwide ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Blockaid and Core Security [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ## TL;DR Blockaid has partnered with Core, the native wallet of Avalanche, to enhance security for Avalanche users. This collaboration addresses urgent DeFi security needs, underscored by $53 million lost to hacks in April 2024 and over 120 significant hacks in 2023. Blockaid, with a proven track record of safeguarding $7.1 billion in crypto and preventing 1.3 million attacks, will provide real-time security alerts within Core, fostering trust and protecting assets in the Web3 ecosystem. ## Strengthening Security through Strategic Partnerships In the world of Web3 security, partnerships signify progress. At Blockaid, we're excited to launch our collaboration with [Core](https://core.app/en/), the native wallet and portfolio of Avalanche. This integration isn't just about merging technologies; it's about _strengthening security, fostering user trust, and reinforcing the very fabric of the Avalanche ecosystem._ ## Empowering Users with Proactive Protection At Blockaid, our mission has always been to provide robust cybersecurity solutions tailored to the needs of Web3. Through our partnership with Core, we're extending our reach to Avalanche users, equipping them with cutting-edge security measures directly within their wallets. Our privacy-preserving security alerts, powered by innovative technology, serve as a proactive shield against fraudulent activities like phishing scams and hacks. With every transaction meticulously screened against our extensive threat database, users can navigate the Avalanche ecosystem with confidence, knowing that their assets are safeguarded. ## Addressing the Urgent Call for Security in DeFi This partnership addresses the pressing need for robust security measures in DeFi, as evidenced by the **$53 million lost to hacks and fraud in April 2024 alone**, along with over 120 significant hacks reported in 2023. At Blockaid, we understand the gravity of this challenge, which is why we're committed to delivering solutions that not only mitigate risks but also instill trust in the decentralized finance ecosystem. By integrating our security protocols into Core, we're directly addressing the pressing need for enhanced security within Avalanche and beyond. Every alert generated by Blockaid within Core is a testament to our dedication to protecting users' assets and preserving the integrity of the Web3 landscape. ![blockaid_core_integration.png](https://blockaid.io/api/resourceContentImages/file/blockaid_core_integration.png) ## Pioneering Collaborative Innovation Our collaboration with Core exemplifies the power of partnership in driving innovation and resilience in the face of threats. Together, we're not just integrating technologies; we're forging a path towards a safer, more secure Web3 future. By combining our expertise and resources, we're pushing the boundaries of what's possible in cybersecurity, setting new standards for excellence and reliability. ## Leading the Charge in Web3 Security Blockaid isn't just a cybersecurity firm; we're pioneers in Web3 security, driven by a passion for innovation and a commitment to excellence. With a proven track record of safeguarding over $7.1 billion in crypto and preventing 1.3 million attacks, Blockaid has emerged as the gold standard in blockchain protection. Founded by cybersecurity experts from Israel's elite Unit 8200 cyber intelligence unit, Blockaid’s suite of tools, honed through years of experience and expertise, empowers users to navigate the complexities of the digital landscape with confidence and peace of mind. ## A Secure Future with Blockaid and Core As threats evolve and adversaries grow more sophisticated, the need for robust security measures has never been greater. With our integration into Core, Blockaid is proud to play a pivotal role in safeguarding the Avalanche ecosystem and advancing the principles of security and trust in Web3. Together with Core, we're not just securing transactions; we're securing the future of decentralized finance, one block at a time. **To get started with Blockaid on Avalanche, download Core on** [**iOS**](https://apps.apple.com/us/app/core-crypto-wallet-nfts/id6443685999) **,** [**Google Play**](https://play.google.com/store/apps/details?id=com.avaxwallet&pli=1) **or** [**Chrome Extension**](https://chromewebstore.google.com/detail/core-crypto-wallet-nft-ex/agoakfejjabomempkjlepdflaleeobhb?pli=1) **.** ## Blockaid is securing the biggest companies operating onchain Get in touch to learn how Blockaid helps teams secure their infrastructure, operations, and users. [Request a Demo](https://blockaid.io/demo) #### Related Posts [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ May 7, 2025\\ \\ Transaction Security](https://blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ April 30, 2025\\ \\ Partnerships](https://blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ April 28, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) ## Web3 Threat Intelligence [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # Threat Intelligence Dive deep into the dark side of the web3 ecosystem with Blockaid's threat intelligence team. [![Bybit $1.5B hack technical explanation](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit-hack-hero.jpg&w=3840&q=100)\\ \\ FEATURED\\ \\ **The $1.5B Bybit Hack Explained: A Technical Breakdown** \\ \\ Step-by-step breakdown of the Bybit hack, what it means for onchain security, and how organizations can protect themselves from blind signing exploits. \\ \\ February 22, 2025\\ \\ Transaction SecurityThreat Intelligence](https://blockaid.io/blog/the-15b-bybit-hack-explained-a-technical-breakdown) [![Bybit $1.5B hack technical explanation](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit-hack-hero.jpg&w=3840&q=100)\\ \\ **The $1.5B Bybit Hack Explained: A Technical Breakdown** \\ \\ Step-by-step breakdown of the Bybit hack, what it means for onchain security, and how organizations can protect themselves from blind signing exploits. \\ \\ February 22, 2025\\ \\ Transaction SecurityThreat Intelligence](https://blockaid.io/blog/the-15b-bybit-hack-explained-a-technical-breakdown) [![Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fzora_0x_composability_thumbnail.png&w=3840&q=100)\\ \\ **Composability Attack Deep Dive: How an Attacker Stole $128k Without an Exploit** \\ \\ Deep dive into a new risk category - where attackers combine multiple secure assets to create an attack path.\\ \\ April 29, 2025\\ \\ Threat Intelligence Onchain Detection and ResponseProtocol Security](https://blockaid.io/blog/composability-attack-deep-dive-how-an-attacker-stole-128k-without-an-exploit) [![How to Prevent the Next Bybit $1.5B hack: A Strategic Approach to Solving Blind Signing](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit4.png&w=3840&q=100)\\ \\ **How to Prevent the Next $1.5B Bybit Hack: A Strategic Approach to Solving Blind Signing** \\ \\ The ByBit $1.5B hack was a replay of the Radiant incident - and it could have been prevented. Here's how.\\ \\ February 21, 2025\\ \\ Threat Intelligence](https://blockaid.io/blog/how-to-prevent-the-next-15b-bybit-hack-a-strategic-approach-to-solving-blind-signing) [![Lottie](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F6723ac8eeae3ca2e10ace8df_Lottie.png&w=3840&q=100)\\ \\ **Attack Report: Lottie Player supply chain attack** \\ \\ Step-by-step analysis of the Lottie Player Supply Chain Attack - and how Blockaid was able to detect it within minutes\\ \\ October 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/attack-report-lottie-player-supply-chain-attack) [![Unmasking](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbanner.png&w=3840&q=100)\\ \\ **Unmasking Wallet Drainers: Step-by-Step Breakdown of a Crypto Heist** \\ \\ An in-depth look at how wallets drainers operate and the steps they take to access and steal user assets.\\ \\ October 13, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/unmasking-wallet-drainers-step-by-step-breakdown-of-a-crypto-heist) [![Solana TOCTOU](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftoctou.png&w=3840&q=100)\\ \\ **Dissecting TOCTOU Attacks: How Wallet Drainers Exploit Solana's Transaction Timing** \\ \\ Attackers are now abusing the time gap between simulation and execution to target Solana users.\\ \\ September 21, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/dissecting-toctou-attacks-how-wallet-drainers-exploit-solanas-transaction-timing) [![AngelX](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fanglex.png&w=3840&q=100)\\ \\ **Threat Report: AngelX** \\ \\ How Blockaid Threat hunting team caught a new variant of Angel Drainer - before it was released\\ \\ September 4, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/threat-report-angelx) [![Squarespace Incident](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsquarespace_header.png&w=3840&q=100)\\ \\ **Squarespace Domain Hijacking Incident: Attack Report** \\ \\ Dive into the details of the recent Squarespace domain hijacking incident that targeted major DeFi protocols.\\ \\ July 14, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/squarespace-defi-domain-hijack-incident) [![Bypasses](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbypass_graphic.png&w=3840&q=100)\\ \\ **Bypasses: How Attackers Evade Transaction Simulation** \\ \\ Learn how threat actors are utilizing bugs in security products to attack users.\\ \\ June 11, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/bypasses-how-attackers-evade-transaction-simulation) [![Address Poisoning](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Faddress_poisoning_header.jpg&w=3840&q=100)\\ \\ **Deep Dive into Address Poisoning** \\ \\ Dive into the mechanics, effectiveness, and prevention of address poisoning attacks to help you stay safe in the evolving crypto landscape.\\ \\ May 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/a-deep-dive-into-address-poisoning) [![Violet Drainer](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fviolet.webp&w=3840&q=100)\\ \\ **How Blockaid Stopped Violet Drainer Before It Could Start** \\ \\ Wallet drainers are financially motivated—their only objective is to make money. When we’re able to make it hard enough for them to do that, they give up.\\ \\ April 18, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/how-blockaid-stopped-violet-drainer-before-it-could-start) [![Restake Farming](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Frestake_farming.png&w=3840&q=100)\\ \\ **Emerging Attack Vector: Restake Farming** \\ \\ Angel Drainer group has introduced a new attack vector utilizing a protocol to execute a novel form of approval farming attack through the queue Withdrawal mechanism.\\ \\ January 30, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/emerging-attack-vector-restake-farming) [![Inferno](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Finferno.png&w=3840&q=100)\\ \\ **Putting Inferno Drainer Group Out of Business** \\ \\ The recent partnership between MetaMask and Blockaid has caused the notorious Inferno Drainer Group to shut down.\\ \\ January 3, 2024\\ \\ Threat Intelligence](https://blockaid.io/blog/putting-inferno-drainer-group-out-of-business) [![Ledger Connect Kit Attack](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fledger_kit_header.png&w=3840&q=100)\\ \\ **Attack Report: Ledger Connect Kit** \\ \\ Blockaid’s proactive dApp scanning system found a malicious payload in in the Ledger connect-kit SDK via a supply chain attack causing multiple dApps to serve malicious content for users.\\ \\ December 14, 2023\\ \\ Threat Intelligence](https://blockaid.io/blog/attack-report-ledger-connect-kit) [![Drainers](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fheader-dapps-101.png&w=3840&q=100)\\ \\ **Malicious dApp 101: Wallet Drainers Are Stealthier, More Complex than Ever** \\ \\ A look at how Wallet Drainers are becoming more and more sophisticated in utilizing web2 technologies to attempt to scam users and avoid detection.\\ \\ November 14, 2023\\ \\ Threat Intelligence](https://blockaid.io/blog/malicious-dapp-101-wallet-drainers-are-stealthier-more-complex-than-ever) [![Malicious dApps 101](https://blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fheader-1.png&w=3840&q=100)\\ \\ **Malicious dApps 101: Wallet Drainers** \\ \\ We want to make transacting in web3 as secure as opening a file on your computer or paying with your credit card on Amazon. This article aims to explain the characteristics of wallet drainers and why even the savviest crypto users need to be careful.\\ \\ October 30, 2023\\ \\ Threat Intelligence](https://blockaid.io/blog/wallet-drainers-vitalik-metamask) ## Blockaid Blog Insights [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing** \\ \\ Prevent blind signing exploits with Blockaid Cosigner, which validates and enforces policy at the signature layer.\\ \\ April 15, 2025\\ \\ Operational Security](https://www.blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) [![Cosigner: The Onchain Security Layer Your Multisig Is Missing](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblind-signing-1.png&w=3840&q=100)\\ \\ **Cosigner: The Onchain Security Layer Your Multisig Is Missing** \\ \\ Prevent blind signing exploits with Blockaid Cosigner, which validates and enforces policy at the signature layer.\\ \\ April 14, 2025\\ \\ Operational Security](https://www.blockaid.io/blog/cosigner-the-onchain-security-layer-your-multisig-is-missing-blind-signing) [![Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F7702.png&w=3840&q=100)\\ \\ **Building Safely with EIP-7702: How Blockaid Helps Teams Adopt the Future of Smart Wallets** \\ \\ EIP-7702 is live - and Blockaid is working with the biggest companies in crypto to help them support 7702 safely and confidently. \\ \\ May 7, 2025\\ \\ Transaction Security](https://www.blockaid.io/blog/building-safely-with-eip-7702-how-blockaid-helps-teams-adopt-the-future-of-smart-wallets) [![How Ledger’s Transaction Check Uses Blockaid to Mitigate Blind Signing Risks](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect%2520(1).png&w=3840&q=100)\\ \\ **How Blockaid Helps Ledger’s Transaction Check Mitigate Blind Signing Risks** \\ \\ Blockaid real-time transaction security engine helps power the new Transaction Check feature for Ledger Stax and Ledger Flex users on Ethereum.\\ \\ April 30, 2025\\ \\ Partnerships](https://www.blockaid.io/blog/how-blockaid-helps-ledgers-transaction-check-mitigate-blind-signing-risks) [![privy_blockaid](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2FProtect.png&w=3840&q=100)\\ \\ **Privy Integrates Blockaid to Bring Transaction Security into Global Wallets** \\ \\ Blockaid's Transaction Security is now available in Privy Global Wallets—helping users stay safe before they sign.\\ \\ March 31, 2025\\ \\ Partnerships](https://www.blockaid.io/blog/privy-integrates-blockaid-to-bring-transaction-security-into-global-wallets) [![Sui and Blockaid Security Partnership](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsui-blockaid.jpg&w=3840&q=100)\\ \\ **Sui Foundation Partners With Blockaid to Strengthen Ecosystem Security and Simplify SecOps** \\ \\ The partnership will bring Blockaid’s industry-leading protection to Sui wallets and infrastructure.\\ \\ March 11, 2025\\ \\ Partnerships](https://www.blockaid.io/blog/sui-foundation-partners-with-blockaid-to-strengthen-ecosystem-security-and-simplify-secops) [![Bybit $1.5B hack technical explanation](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit-hack-hero.jpg&w=3840&q=100)\\ \\ **The $1.5B Bybit Hack Explained: A Technical Breakdown** \\ \\ Step-by-step breakdown of the Bybit hack, what it means for onchain security, and how organizations can protect themselves from blind signing exploits. \\ \\ February 21, 2025\\ \\ Transaction SecurityThreat Intelligence](https://www.blockaid.io/blog/the-15b-bybit-hack-explained-a-technical-breakdown) [![How to Prevent the Next Bybit $1.5B hack: A Strategic Approach to Solving Blind Signing](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fbybit4.png&w=3840&q=100)\\ \\ **How to Prevent the Next $1.5B Bybit Hack: A Strategic Approach to Solving Blind Signing** \\ \\ The ByBit $1.5B hack was a replay of the Radiant incident - and it could have been prevented. Here's how.\\ \\ February 21, 2025\\ \\ Threat Intelligence](https://www.blockaid.io/blog/how-to-prevent-the-next-15b-bybit-hack-a-strategic-approach-to-solving-blind-signing) [![Blockaid Announces $50M Series B](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-series-bannouncement.png&w=3840&q=100)\\ \\ **Behind Blockaid's Series B—Securing an Onchain Future** \\ \\ This investment will help us scale to meet the surging demand for our security platform as we protect the largest companies operating onchain.\\ \\ February 18, 2025\\ \\ Announcements](https://www.blockaid.io/blog/behind-blockaids-series-b-securing-an-onchain-future) [![Trump Coin](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftrump_coin.png&w=3840&q=100)\\ \\ **Data Spotlight: How Scammers Reacted to the $TRUMP Token Launch** \\ \\ A look into how scammers exploited the $TRUMP token launch with malicious tokens and fake dApps.\\ \\ January 20, 2025\\ \\ Token Security](https://www.blockaid.io/blog/data-spotlight-how-scammers-reacted-to-the-trump-memecoin-token-launch) [![State of the Chain](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsotc.png&w=3840&q=100)\\ \\ **See What Only Blockaid Sees: Introducing State of the Chain** \\ \\ Gain insight into unique Blockaid data that reveals onchain trends, threat actor activity, and the state of the Web3 security landscape.\\ \\ December 18, 2024\\ \\ Research](https://www.blockaid.io/blog/see-what-only-blockaid-sees-introducing-state-of-the-chain) [![Uniswap + Blockaid](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Funiswap_plus_blockaid.jpg&w=3840&q=100)\\ \\ **Uniswap Labs Selects Blockaid to Launch New Token Warning Feature** \\ \\ The update provides a notification when users interact with tokens that Blockaid has determined have dangerous properties or patterns.\\ \\ December 18, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/uniswap-labs-selects-blockaid-to-launch-new-token-warning-feature) [![World + Blockaid](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F67450fe9817d11343fc83233_blockaid-world-app.jpg&w=3840&q=100)\\ \\ **World App Bolsters Security With New Blockaid Integration** \\ \\ Over the past two months, Tools for Humanity has been working with Blockaid to bring enhanced transaction security to World App.\\ \\ November 25, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/world-app-bolsters-security-with-new-blockaid-integration) [![iofinnet](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F6736318dc30af593a18f13d2_blockaid-iofinnet.jpg&w=3840&q=100)\\ \\ **io.finnet Strengthens Institutional DeFi Security Through Strategic Blockaid Integration** \\ \\ The added layer of insight equips institutional DeFi users to make safe, data-driven decisions.\\ \\ November 13, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/io-finnet-strengthens-institutional-defi-security-through-strategic-blockaid-integration) [![Lottie](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F6723ac8eeae3ca2e10ace8df_Lottie.png&w=3840&q=100)\\ \\ **Attack Report: Lottie Player supply chain attack** \\ \\ Step-by-step analysis of the Lottie Player Supply Chain Attack - and how Blockaid was able to detect it within minutes\\ \\ October 30, 2024\\ \\ Threat Intelligence](https://www.blockaid.io/blog/attack-report-lottie-player-supply-chain-attack) [![Immutable](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fba_x_immutable.png&w=3840&q=100)\\ \\ **Immutable Passport integrates Blockaid to protect Web3 gaming** \\ \\ Over 3 million players across 380+ games are now secured by Blockaid\\ \\ October 24, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/immutable-passport-integrates-blockaid-to-protect-web3-gaming) [![Blockaid + Stellar](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F671119801c9fdde786d7085a_blockaid-stellar.jpg&w=3840&q=100)\\ \\ **Stellar Bolsters Ecosystem-Wide Security With Blockaid** \\ \\ Blockaid’s security technology is coming to the Stellar ecosystem starting with its two largest wallets, Lobstr and Freighter.\\ \\ October 16, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/stellar-bolsters-ecosystem-wide-security-with-blockaid) [![Argent Partnership](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F66f1756c30561bdf55a6a467_argent-social-post-banner.jpg&w=3840&q=100)\\ \\ **Argent Releases Upgraded Wallet, Now Secured by Blockaid** \\ \\ Argent wallet users now benefit from enhanced security thanks to a new integration with Blockaid’s web3 security platform.\\ \\ September 22, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/argent-releases-upgraded-wallet-now-secured-by-blockaid) [![Safe + Blockaid](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsafe_wallet.jpg&w=3840&q=100)\\ \\ **Safe{Wallet} Gets Even Safer: Introducing Blockaid Integration** \\ \\ Safe{Wallet} now features enhanced security with the integration of Blockaid’s advanced technology.\\ \\ September 16, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/safe-wallet-gets-even-safer-introducing-blockaid-integration) [![AngelX](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fanglex.png&w=3840&q=100)\\ \\ **Threat Report: AngelX** \\ \\ How Blockaid Threat hunting team caught a new variant of Angel Drainer - before it was released\\ \\ September 4, 2024\\ \\ Threat Intelligence](https://www.blockaid.io/blog/threat-report-angelx) [![WazirX](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fwazir_header.png&w=3840&q=100)\\ \\ **The $230M Blind Spot: Lessons from the WazirX Hack** \\ \\ What happened, an overview of blind signing, and how you can protect against this kind of attack.\\ \\ August 21, 2024\\ \\ Transaction Security](https://www.blockaid.io/blog/the-230m-blind-spot-lessons-from-the-wazirx-hack) [![Blockaid x Alchemy](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-x-alchemy-header.jpg&w=3840&q=100)\\ \\ **Alchemy Selects Blockaid as a Web3 Security Partner for Rollups** \\ \\ Alchemy Rollups customers will now be able to integrate Blockaid security products, as well as a host of other customization options from vetted web3 companies.\\ \\ July 31, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/alchemy-selects-blockaid-as-a-web3-security-partner) [![Squarespace Incident](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fsquarespace_header.png&w=3840&q=100)\\ \\ **Squarespace Domain Hijacking Incident: Attack Report** \\ \\ Dive into the details of the recent Squarespace domain hijacking incident that targeted major DeFi protocols.\\ \\ July 14, 2024\\ \\ Threat Intelligence](https://www.blockaid.io/blog/squarespace-defi-domain-hijack-incident) [![1inch + Blockaid](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2F1inch_blockaid.png&w=3840&q=100)\\ \\ **Driving Trust: Blockaid and 1inch's Shared Mission in Web3 Security** \\ \\ Blockaid and 1inch are announcing a partnership aiming to redefine safety and efficiency in decentralized finance.\\ \\ June 19, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/driving-trust-blockaid-and-1inchs-shared-mission-in-web3-security) [![Core + Blockaid](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fheader.png&w=3840&q=100)\\ \\ **Blockaid Bolsters Security on Avalanche with Core Integration** \\ \\ Core, the native wallet of Avalanche, is now powered by Blockaid’s state of the art real-time security alerts - enhancing security across the Avalanche ecosystem.\\ \\ June 5, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/blockaid-bolsters-security-on-avalanche-with-core-integration) [![Violet Drainer](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fviolet.webp&w=3840&q=100)\\ \\ **How Blockaid Stopped Violet Drainer Before It Could Start** \\ \\ Wallet drainers are financially motivated—their only objective is to make money. When we’re able to make it hard enough for them to do that, they give up.\\ \\ April 18, 2024\\ \\ Threat Intelligence](https://www.blockaid.io/blog/how-blockaid-stopped-violet-drainer-before-it-could-start) [![Blockaid + CoinTracker](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fcointracker.png&w=3840&q=100)\\ \\ **How Blockaid Helped CoinTracker Solve Its Spam Token Problem** \\ \\ CoinTracker swiftly integrated Blockaid’s comprehensive APIs, allowing the CoinTracker software to distinguish between spam and legitimate tokens across every supported chain and token type with immense precision.\\ \\ March 20, 2024\\ \\ Partnerships](https://www.blockaid.io/blog/how-blockaid-helped-cointracker-solve-its-spam-token-problem) [![Restake Farming](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Frestake_farming.png&w=3840&q=100)\\ \\ **Emerging Attack Vector: Restake Farming** \\ \\ Angel Drainer group has introduced a new attack vector utilizing a protocol to execute a novel form of approval farming attack through the queue Withdrawal mechanism.\\ \\ January 30, 2024\\ \\ Threat Intelligence](https://www.blockaid.io/blog/emerging-attack-vector-restake-farming) [![Inferno](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Finferno.png&w=3840&q=100)\\ \\ **Putting Inferno Drainer Group Out of Business** \\ \\ The recent partnership between MetaMask and Blockaid has caused the notorious Inferno Drainer Group to shut down.\\ \\ January 3, 2024\\ \\ Threat Intelligence](https://www.blockaid.io/blog/putting-inferno-drainer-group-out-of-business) [![Ledger Connect Kit Attack](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fledger_kit_header.png&w=3840&q=100)\\ \\ **Attack Report: Ledger Connect Kit** \\ \\ Blockaid’s proactive dApp scanning system found a malicious payload in in the Ledger connect-kit SDK via a supply chain attack causing multiple dApps to serve malicious content for users.\\ \\ December 14, 2023\\ \\ Threat Intelligence](https://www.blockaid.io/blog/attack-report-ledger-connect-kit) [![Blockaid + Zerion](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid_zerion.png&w=3840&q=100)\\ \\ **Zerion: Phishing Defense Powered by Blockaid** \\ \\ With Zerion's Phishing Defense is rolled out to all mobile wallets and the browser extension, Blockaid is actively protecting users from fraud, phishing, and hacks.\\ \\ December 7, 2023\\ \\ Partnerships](https://www.blockaid.io/blog/zerion-phishing-defense-powered-by-blockaid) [![Blockaid + Rainbow](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Frainbow.png&w=3840&q=100)\\ \\ **Rainbow Wallet: Mobile App and Browser Extension Powered By Blockaid** \\ \\ Rainbow wallets are Powered by Blockaid, providing transparency so you know what will happen before you connect your wallet or send a transaction.\\ \\ December 6, 2023\\ \\ Partnerships](https://www.blockaid.io/blog/rainbow-wallet-mobile-app-and-browser-extension-powered-by-blockaid) [![Blockaid + Metamask](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fmetamask.png&w=3840&q=100)\\ \\ **Blockaid + MetaMask: Securing Web3 Users While Preserving Privacy** \\ \\ This week, Blockaid and MetaMask share that together we’ve pioneered technology that ensures web3 security can align with a core value of privacy.\\ \\ October 31, 2023\\ \\ Partnerships](https://www.blockaid.io/blog/blockaid-metamask-securing-web3-users-while-preserving-privacy) [![Emerging from Stealth](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fwww.blockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fstealth_header.png&w=3840&q=100)\\ \\ **Emerging from stealth with $33M in funding to secure web3** \\ \\ Today I’m excited to share that Blockaid, a leader in web3 security, is emerging from stealth with $33m in funding from a syndicate of some of the world’s greatest investors in fintech, cybersecurity, and web3.\\ \\ October 5, 2023\\ \\ Announcements](https://www.blockaid.io/blog/emerging-from-stealth-with-33-m-in-funding-to-secure-web3) ## Blockchain Glossary [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) [**Address Poisoning** \\ A deceptive tactic malicious actors use to trick users into sending cryptocurrency to an incorrect address.](https://www.blockaid.io/glossary/address-poisoning) [**Blind Signing** \\ Blind Signing refers to the act of approving a transaction on a hardware wallet without full visibility of its details.](https://www.blockaid.io/glossary/blind-signing) [**Bypass** \\ A term used by malicious actors to describe methods that allow drainers to prompt a malicious transaction without the transaction being flagged by security providers.](https://www.blockaid.io/glossary/bypass) [**Decentralized Application (dApp)** \\ A website that uses the blockchain as its backend infrastructure, allowing users to perform onchain interactions such as reading onchain state or executing smart contract functions.](https://www.blockaid.io/glossary/dapp) [**Hardware Wallet** \\ A hardware wallet is a secure physical device for storing cryptocurrency private keys offline, safeguarding them from online threats such as hacking.](https://www.blockaid.io/glossary/hardware-wallet) [**JSON-RPC** \\ A protocol used for making remote procedure calls in a simple, stateless, and lightweight format. Used in blockchain environments for communication between clients and servers, enabling them to request and receive data in a structured way.](https://www.blockaid.io/glossary/json-rpc) PreviousPage 1 of 4Next ### Explore more Web3 resources [View All](https://www.blockaid.io/blog) [![Blockaid Announces $50M Series B](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Fblockaid-series-bannouncement.png&w=3840&q=100)\\ \\ FEATURED\\ \\ **Behind Blockaid's Series B—Securing an Onchain Future** \\ \\ This investment will help us scale to meet the surging demand for our security platform as we protect the largest companies operating onchain.\\ \\ February 18, 2025\\ \\ Announcements](https://www.blockaid.io/blog/behind-blockaids-series-b-securing-an-onchain-future) [![Exchange Tokens](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2FresourceThumbnails%2Ffile%2Ftokens.png&w=3840&q=100)\\ \\ **How Blockaid Helps Exchanges Turn Token Listings into a Competitive Advantage** \\ \\ Learn how Blockaid enables exchanges to list tokens instantly while automatically blocking scams—eliminating slow manual reviews, reducing risk, and unlocking new opportunities.\\ \\ January 28, 2025\\ \\ Token Security](https://www.blockaid.io/blog/how-blockaid-helps-exchanges-turn-token-listings-into-a-competitive-advantage) ## About Blockaid [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) # About Blockaid Blockaid is the onchain security platform for monitoring, detecting, and responding to onchain and offchain threats. Comprehensive security platform for Web3 projects #### The Onchain Security Platform ![Blockaid Founders](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2FFounders_Blockaid-1.png&w=3840&q=100) Comprehensive security platform for Web3 projects #### The Onchain Security Platform Blockaid provides an end-to-end solution that can help any company building in the space keep their users safe - including tools like smart contract monitoring, transaction simulation, dApp scanning, token security tools, on-chain and off-chain threat hunting capabilities, and more. From nation state cybersecurity - to the onchain battlefield #### Built by elite security researchers ![Blockaid Team](https://www.blockaid.io/_next/image?url=https%3A%2F%2Fblockaid.io%2Fapi%2Fmedia%2Ffile%2Fteam%2520(1).jpg&w=3840&q=100) From nation state cybersecurity - to the onchain battlefield #### Built by elite security researchers Founded in 2022 by former Israeli cyber intelligence operatives, Blockaid is the security solution of choice for leading web3 companies like Metamask, Coinbase, Stellar and more. With offices in New York and Tel Aviv, Blockaid has raised $83M from Ribbit, Variant, Cyberstarts, Sequoia, Greylock, and Google Ventures. Backed by industry leaders [![investor sequioa](https://blockaid.io/api/media/file/investor-sequioa.svg)](https://www.sequoiacap.com/) [![investor greylock](https://blockaid.io/api/media/file/investor-greylock-1.svg)](https://greylock.com/) [![investor cyber starts](https://blockaid.io/api/media/file/investor-cyberstarts.svg)](https://cyberstarts.com/) [![investor ribbit capital](https://blockaid.io/api/media/file/investor-ribbit-capital.svg)](https://ribbitcap.com/) [![](https://blockaid.io/api/media/file/gv_transparent-copy%20(2)-1.svg)](https://www.gv.com/) [![investor variant](https://blockaid.io/api/media/file/investor-variant.svg)](https://variant.fund/) ## Let’s secure the future together We are always on the lookout for talented people who are passionate about onchain security. Get in touch to explore a role that could be right for you. [Explore Careers](https://www.comeet.com/jobs/blockaid/69.00b) ## Blockaid Demo Request [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) Need to report an incident? [Click here.](https://report.blockaid.io/) # Explore Blockaid for your organization Schedule a call to discuss your use case and see a demo. Full Name \* How can we reach you? \* What company do you work for? \* Role/Title \* What would you like to discuss? \* Select an option...Protecting users on my platformMonitoring onchain assetsStopping crypto fraud like pig butcheringOperational security for digital assetsIntegrating Blockaid CosignerOther Do you have a scheduling link we can use? How did you hear about Blockaid? Select an option...Search Engine (Google/DuckDuckGo/Bing)X (Twitter)LinkedInNews ArticleOther Keep me updated about product releases, industry news, and events (You can unsubscribe at any time) Request Demo By submitting this form, you agree to our [Privacy Policy](https://www.blockaid.io/legal/privacy-policy). Securing the Largest Companies Operating Onchain [![](https://www.blockaid.io/api/media/file/MetaMask-logo-black-1.svg)](https://metamask.io/) [![Stellar Light BG](https://www.blockaid.io/api/media/file/stellar-light-bg-1.svg)](https://stellar.org/) [![World Light BG](https://www.blockaid.io/api/media/file/world-light-bg.svg)](https://world.org/) [![](https://www.blockaid.io/api/media/file/opensea-light-bg.svg)](https://opensea.io/) ![Blockaid Security](https://www.blockaid.io/_next/static/media/form_side.fe7ba133.svg) td.doubleclick.net # td.doubleclick.net is blocked This page has been blocked by an extension - Try disabling your extensions. ERR\_BLOCKED\_BY\_CLIENT Reload This page has been blocked by an extension ![]()![]() ## Job Opportunities at Blockaid [![Company logo](https://www.comeet.co/pub/blockaid/69.00B/logo?size=medium&last-modified=1707311949)](https://www.comeet.com/jobs/blockaid/69.00B) ## Blockaid ## About Blockaid Blockaid works with some of the biggest companies in web3/crypto to protect their users from fraud, phishing, and hacks. ## Current Openings ## Customer Success - [Customer Success Manager\\ \\ - Tel Aviv](https://www.comeet.com/jobs/blockaid/69.00B/customer-success-manager/76.557) - [Customer Success Manager\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/customer-success-manager/76.557-3C.407) ## Engineering - [Backend Engineer\\ \\ - Tel Aviv\\ - Senior\\ - Full-time](https://www.comeet.com/jobs/blockaid/69.00B/backend-engineer/96.A4E) - [Cyber Security Analyst\\ \\ - Tel Aviv\\ - Senior\\ - Full-time](https://www.comeet.com/jobs/blockaid/69.00B/cyber-security-analyst/2C.F47) - [DevOps Engineer\\ \\ - Tel Aviv](https://www.comeet.com/jobs/blockaid/69.00B/devops-engineer/1A.C4F) - [Fullstack Engineer\\ \\ - Tel Aviv\\ - Senior\\ - Full-time](https://www.comeet.com/jobs/blockaid/69.00B/fullstack-engineer/C7.E4F) - [R&D - Team Lead\\ \\ - Tel Aviv](https://www.comeet.com/jobs/blockaid/69.00B/rd---team-lead/AE.F49) - [Security Researcher\\ \\ - Tel Aviv](https://www.comeet.com/jobs/blockaid/69.00B/security-researcher/3E.05A) - [Software Architect\\ \\ - Tel Aviv\\ - Senior\\ - Full-time](https://www.comeet.com/jobs/blockaid/69.00B/software-architect/56.C46) ## Marketing - [Brand Designer\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/brand-designer/56.15A) - [Community Manager\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/community-manager/66.153) - [GTM Engineer (Business Development)\\ \\ - New York\\ - Full-time](https://www.comeet.com/jobs/blockaid/69.00B/gtm-engineer-business-development/01.55F) - [Product Marketing Manager\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/product-marketing-manager/56.153) ## Product Management - [Senior Product Manager\\ \\ - Tel Aviv](https://www.comeet.com/jobs/blockaid/69.00B/senior-product-manager/90.559) ## Revenue Operations - [Manager, Customer Success Operations\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/manager-customer-success-operations/F0.654) ## Sales - [Account Executive\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/account-executive/38.152) - [Account Executive\\ \\ - California](https://www.comeet.com/jobs/blockaid/69.00B/account-executive/38.152-58.50F) - [Account Executive\\ \\ - Europe](https://www.comeet.com/jobs/blockaid/69.00B/account-executive/38.152-68.500) - [Account Executive\\ \\ - Japan](https://www.comeet.com/jobs/blockaid/69.00B/account-executive/38.152-68.501) - [Account Executive\\ \\ - Singapore](https://www.comeet.com/jobs/blockaid/69.00B/account-executive/38.152-68.502) - [Account Executive\\ \\ - Hong Kong](https://www.comeet.com/jobs/blockaid/69.00B/account-executive/38.152-68.503) - [Solutions Engineer\\ \\ - New York](https://www.comeet.com/jobs/blockaid/69.00B/solutions-engineer/AA.05A) Spark Hire Recruit Jobs \| Spark Hire Recruit - Collaborative Recruiting ## Backpack Security Solutions [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) ## Introduction Backpack is an all-in-one crypto app that combines a self-custodial wallet and centralized exchange. The Backpack Wallet, available as both an app and desktop extension, supports multiple chains including Solana, Ethereum, Arbitrum, Base, Optimism, and Polygon. Users can store, send, and collect tokens and NFTs, as well as buy, sell, swap, and bridge thousands of tokens through an integrated swapper. Backpack prioritizes security, offering continual audits, NFT locking, scam detection alerts, and hardware wallet support. ![backpack_interface.png](https://blockaid.io/api/resourceContentImages/file/backpack_interface.png) ## The challenge Backpack users heavily transact on Solana. As Solana's popularity surged, so did the number of scams targeting users in its ecosystem. To address this, Backpack needed to move fast and integrate Solana-specific security components for its wallet. ## The solution Backpack chose Blockaid for its speed, scalability, and proactive security approach that prevents the loss of user funds and has put notable wallet drainers out of business. By continuously scanning the internet for new domains and dApps, Blockaid identifies malicious dApps as early as 24 hours before they are first used in an attack. For Backpack, this means that malicious apps created with wallet-draining kits from groups like Endless and Riddance are detected before users lose funds, not added to a blocklist only after losses are reported. Beyond showing transaction details, Backpack’s integration with Blockaid also tells users whether transactions are dangerous or safe before they sign. ![backpack_warning.png](https://blockaid.io/api/resourceContentImages/file/backpack_warning.png) And because Blockaid can simulate transactions with less than 300ms of latency, the team was able to increase security while improving the responsiveness of its app. “At Backpack, we prioritize security as the foundation for storing and managing cryptocurrencies. Our partnership with Blockaid enhances our commitment to safety, enabling users to interact with on-chain apps with confidence.” - Armani Ferrante ## Results - Total Transactions Scanned: ~180 million - Malicious Transactions Identified: ~71,000 - User Impact: 5.6% of active users experienced a drain attempt - Domain Analysis: 1,300 domains analyzed, 250 (19.2%) were sources of malicious transactions - Predominant Threat: Transfer farming (75% of all malicious activities) - Estimated losses prevented: $26.6M ## Recap Backpack, a web3 wallet and exchange platform, has always prioritized user security. The rapid growth of the Solana ecosystem, while beneficial, also increased risks for users. To maintain its commitment to security and protect against both existing and emerging threats, Backpack made the strategic decision to switch to Blockaid, ensuring the best possible protection for its user base. It is now able to proactively detect malicious dApps before a user is scammed and determine the safety of every transaction without slowing down the user experience. ## Onchain Activities Overview [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description Unlike offchain processes, which happen outside the blockchain and require manual input to bring data onto the chain, onchain activities are transparent and permanently stored on the decentralized ledger. The term "Onchain" is the Web3 equivalent of "Online," referring to any activity that occurs directly on the blockchain. ‍Onchain operations are fundamental to blockchain ecosystems, encompassing each transaction, smart contract execution, or asset transfer that takes place. These actions are automatically recorded in a block, which is subsequently validated by the network's nodes. This process creates an immutable and verifiable history of events. For example, when someone transfers Bitcoin, the transaction is processed, confirmed by the Bitcoin network, and stored onchain. All network participants can view the transaction, adding transparency and trust. Onchain mechanisms are crucial for the integrity of decentralized finance (DeFi), ensuring transactions are secure and verifiable by anyone. ## Secure every onchain interaction with Blockaid Request a Demo ## Bypass Security Flaws [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description A bypass occurs when attackers exploit flaws or bugs in the security process to prevent it from analyzing the state (transaction, dApp, address) properly. Most of the bypasses used by attackers are targeting the [transaction simulation](https://www.blockaid.io/glossary/transaction-simulation) process. These bypasses can take different forms. Some are designed to cause the simulation to fail entirely, triggering errors that leave security systems without the data needed to assess the transaction’s risks.   More complex approaches directly target the simulation, disrupting its ability to flag malicious behavior or allowing the transaction to slip through unnoticed. Companies like Blockaid are often in a constant game of whack-a-mole to find and mitigate bypasses as they are being found. At Blockaid, we employ a team of cybersecurity researchers who focus on threat hunting - finding the bypasses before the attackers do, and fixing them before they can cause harm to users. For more information, see [our blog post](https://www.blockaid.io/blog/bypasses-how-attackers-evade-transaction-simulation). ## Stay ahead of attackers with Blockaid Request a Demo ## Contract Exploit Overview [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description Smart contracts are only as secure as the code they are written in. Malicious actors often scour contracts for coding flaws that can be exploited for financial gain. For example, an attacker might discover a reentrancy vulnerability in a contract, allowing them to drain funds through repeated withdrawal calls before the contract updates its balance. Contract exploits are a major concern in DeFi, where billions of dollars are managed by automated contracts. Companies like Blockaid are building [ODR](https://www.blockaid.io/glossary/onchain-detection-and-response) systems that monitor contract interactions in real-time, ensuring that any attempt to exploit these vulnerabilities is detected and mitigated before damage occurs. ## Protect your onchain assets from being exploited Request a Demo ## Onchain Detection Overview [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description Onchain detection plays a crucial role in spotting malicious activity or vulnerabilities in real time, before they can be exploited. For example, it can identify when a wallet is interacting with a compromised smart contract or when unusual transaction patterns emerge, allowing security teams to take preventative action. However, **onchain detection alone isn’t enough** to fully protect blockchain assets. While it can identify threats, timely action is required to neutralize them. This is why solutions like **Blockaid's Onchain Detection and Response (ODR)** combine detection with automated responses, ensuring that once a threat is flagged, appropriate measures—such as freezing assets or alerting relevant parties—can be taken right away. This integrated approach helps reduce the time between detecting a problem and responding to it, which is critical in fast-moving blockchain environments. ## Detect every onchain threat with Blockaid Request a Demo [iframe](https://td.doubleclick.net/td/rul/11505270602?random=1746704007562&cv=11&fst=1746704007562&fmt=3&bg=ffffff&guid=ON&async=1>m=45be5570h2v9202428819z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116026~103130498~103130500~103200004~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.blockaid.io%2Fglossary%2Fonchain-detection&hn=www.googleadservices.com&frm=0&tiba=Onchain%20Detection%20%7C%20Web3%20Glossary&npa=0&pscdl=noapi&auid=1567505160.1746704008&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config)[iframe](https://td.doubleclick.net/td/rul/16585165352?random=1746704007638&cv=11&fst=1746704007638&fmt=3&bg=ffffff&guid=ON&async=1>m=45je5570h2v9108097933z89168830165za200zb9168830165&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&ptag_exp=101509157~103101750~103101752~103116025~103200001~103233427~103251618~103251620~103252644~103252646~103284320~103284322~103301114~103301116&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.blockaid.io%2Fglossary%2Fonchain-detection&hn=www.googleadservices.com&frm=0&tiba=Onchain%20Detection%20%7C%20Web3%20Glossary&npa=0&pscdl=noapi&auid=1567505160.1746704008&uaa=x86&uab=64&uafvl=Chromium%3B136.0.7103.59%7CGoogle%2520Chrome%3B136.0.7103.59%7CNot.A%252FBrand%3B99.0.0.0&uamb=0&uam=&uap=Linux%20x86_64&uapv=6.6.72&uaw=0&fledge=1&data=event%3Dgtag.config) ## Malicious Airdrops Explained [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description Malicious airdrops are a form of cyber attack where attackers send tokens or NFTs to unsuspecting wallet addresses. These tokens are often designed to appear legitimate, enticing users to interact with them. Upon interaction, victims may be directed to connect their wallets to [malicious dApps](https://www.blockaid.io/glossary/wallet-drainer) or approve harmful transactions. ## Filter out tokens and NFTs associated with malicious airdrops using Blockaid Request a Demo ## Wallet Drainer Overview [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description A wallet drainer is a piece of malicious code embedded in dApps that is designed to deceive users into signing malicious transactions. Once the user signs, attackers can swiftly drain all available funds and assets—often without the user realizing it until it's too late. These attacks are cleverly disguised as legitimate activities: enticing airdrops, exclusive giveaways, and even apps posing as well-known services. Many wallet drainers are developed by threat actors operating under a Drainer-as-a-Serivce model. These group offer a one-click solution for deploying new malicious dApps, and their customers are responsible for getting users to interact with the dApps. The revenues are then shared between the attacker who deployed the dApp and the group who developed the draining kit. ## Protect users from Wallet Drainers with Blockaid Request a Demo ## Transaction Validation [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description In Web3, transactions can involve complex interactions between smart contracts and wallets. Transaction validation ensures that the transaction is free from security risks. For example, security validation tools can check whether a transaction is interacting with known malicious smart contracts or whether the transaction parameters have been manipulated to benefit an attacker. ## Secure every onchain interaction Request a Demo ## Address Poisoning Explained [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description Unlike phishing attacks, which often involve social engineering and malicious websites, address poisoning operates within the blockchain's infrastructure. In this type of attack, attackers aims to "poison" a user's address book by flooding it with transactions originating from addresses controlled by the attacker, hoping that these addresses will end up in the user's address book - and the user will mistakenly send funds to one of these fraudulent addresses in the future. For more information about Address Poisoning, see our [deep dive article](https://www.blockaid.io/blog/a-deep-dive-into-address-poisoning). ## Filter and block address poisoning attacks with Blockaid Request a Demo ## Crypto Trading Safety [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Introduction DEX Screener is a real-time data platform for cryptocurrency traders. It tracks token prices, trading volume, and onchain trades across major networks including Ethereum, BSC, Polygon, Avalanche, and others. Traders rely on DEX Screener to spot new opportunities and make informed investment decisions. ![ui.png](https://www.blockaid.io/api/media/file/ui.png) ## The challenge In crypto trading, being early to a new token can mean the difference between significant profits and missed opportunities. DEX Screener needed to list new tokens quickly to serve their traders. But they also needed to protect users from scams, particularly large scale pump and dump operations. ![pump_dump.png](https://www.blockaid.io/api/media/file/pump_dump.png) These scams created three major risks: - Legal exposure (similar to lawsuits other platforms like Uniswap faced) - Damage to DEX Screener's reputation - User churn and lost revenue To address this, DEX Screener implemented a combination of user reports and manual review by employees to identify and flag malicious tokens. This process was accurate but increasingly slow and labor intensive. ## The solution DEX Screener had tried every onchain security solution on the market except Blockaid. Nothing worked well enough, so they continued to rely on human moderators. _“I'll be honest: unless you have human moderators I have a hard time believing any tool is able to give us fast and accurate results for what is and isn't malicious (we tried several). I'd be extremely happy to be proven wrong though and happy to chat.“_\- Andy, DEX Screener Then they tested Blockaid. The proof of concept addressed their two key requirements: 1. Speed: Mean time-to-detection (MTTD) in under 10 minutes of a new token being identified 2. Accuracy: Maintaining a near-zero false positive rate to mitigate the serious consequences of malicious tokens With their concerns addressed, DEX Screener implemented Blockaid's solution across two major chains: Solana and Base. The end solution is simple: when Blockaid identifies a malicious token, DEX Screener flags it and ensures the token gets little to no exposure. ## Results Since implementing Blockaid, DEX Screener has freed up 160 hours per month that they used to spend checking tokens manually while achieving a near zero false positive rate. The new system has also caught complex scams that would have been difficult to uncover in manual review. In one example, Blockaid spotted a sophisticated rug pull on Base by finding connections between suspicious accounts and previously successful scams. _"Keeping up with the flood of pump and dumps and other scam tokens was a massive headache. Blockaid solved this for us."_\- Andy, DEX Screener ## Recap With Blockaid, DEX Screener solved what seemed like an impossible problem. Instead of needing more people to check for scams manually, they now have an automated solution that detects scams faster and more accurately. ## Smart Contract Monitoring [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description Smart contracts are self-executing contracts with the terms directly written into code. Once deployed on a blockchain, they can hold funds and can be managed by issuing onchain transactions that execute the stored bytecode. However, they are vulnerable to attacks if not properly monitored. For example, hackers often exploit coding flaws to drain funds or manipulate contract behavior, as seen in high-profile DeFi hacks. Monitoring smart contracts in real-time allows security platforms to detect vulnerabilities or irregular behaviors—such as unexpected fund movements—before they result in significant losses. ‍This type of monitoring is essential for preventing unauthorized access and exploitation of contract code. Smart Contract Monitoring is an example of [Onchain detection](https://www.blockaid.io/glossary/onchain-detection) capability. ## Detect and Respond to any onchain threat Request a Demo ## Onchain Detection Response [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description ODR is crucial for the security of blockchain-based financial systems, particularly in high-stakes environments like DeFi. For example, when a malicious actor deploys a smart contract that contains an exploit, ODR systems detect the abnormal activity, initiate a response—such as freezing funds or notifying the security team—thereby mitigating the threat. By integrating both detection and response, ODR offers a proactive security model that can prevent attacks from causing widespread damage. This approach is vital for companies managing large amounts of digital assets, where every second matters. ODR systems continuously monitor the blockchain for suspicious activities, leveraging automated workflows to ensure that threats are neutralized with minimal delay. This model is particularly effective against new and emerging threats, as it relies on real-time intelligence directly from the blockchain. ## Protect your onchain assets with the most advanced ODR solution Request a Demo ## Privacy Policy Overview [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) BLOCKAID Ltd., its subsidiaries, and affiliates (“ **Blockaid**", “ **our**”, “ **we**” or " **us**") respects the privacy of the visitors on our website [https://blockaid.io](https://blockaid.io/) (the " **Website**" and **“User(s)**” or **“you**” respectively). The Website's main goal is to provide general information regarding Blockaid, updates regarding our operations in the fields of blockchain security and to present relevant professional content. Therefore, our Website is of informative nature, and through it we collect only minimal personal data as descried below. This Privacy Policy applies exclusively to the usage of the Website and shall not extend to any other engagements between Blockaid and the User. If the User is party to any other agreement with Blockaid, other policies may apply. “ **Personal Data**” or “ **Personal Information**” means any information that identifies or can be used, alone or together with other data, to identify an individual and any information deemed as personal information under applicable privacy laws. Please note that some provisions in this Privacy Policy only apply to individuals in certain jurisdictions. For example, the legal bases stated in section 1 below are only relevant to GDPR-protected individuals. This Privacy Policy forms part of our Terms of Use which is available at [https://blockaid.io/legal/terms-of-use](https://blockaid.io/legal/terms-of-use) (“ **TOU**”). Any capitalized but undefined term in this Privacy Policy shall have the meaning given to it in the TOU and other agreements applicable between us. For the avoidance of doubt, you are not obliged to provide us with any Personal Information; using our Website and providing us with your information is solely at your discretion. 1. **What information we collect, why we collect it, and how it used.** We collect the following types of Personal Data from our Users in the following circumstances: 2. **When you use or interact with the Website**, we collect information related to the way you interact with the Website \[e.g., determine general geolocation information (i.e., country) from which the Users are connected\] and will use the Personal Data relating to such usage for the following purposes: operate the Website, enhance the User’s experience, provide and personalize our services or advertising efforts to our Users. Our legal basis for such processing is our legitimate interest, such as supporting and improving our services and Website. 3. **When you contact us,** you will be asked to provide us with the details such as your name, e-mail address, phone number, company name, the content of your message or any other information that you voluntarily decide to provide us with. Obviously, once we receive your details, our representative may contact you to complete the process and therefore, our representative may collect additional information from you. We process such Personal Data for the following purposes: Receive and process your request, customize your experience and support our Website and customer services, record keeping, provide our services. Our legal basis for such processing is the performance of a contract (i.e., any agreement between us) and our legitimate interests (e.g., to handle and keep record of requests). 4. **When you subscribed for marketing communication** **or newsletter,** we collect your e-mail address, and any additional information you choose to provide us with, for the following purposes: Sending you marketing and other communication, keeping in touch with you and update you with about our services, and managing our marketing efforts. Once we receive your details, our representative may contact you with offers, and therefore, our representative may collect additional information from you. Our legal basis for such processing is the performance of a contract (i.e., the TOU), your consent (when applicable), or our legitimate interest (e.g., improve our communication efforts). We also collect Non-personal Information (defined below) for statistical and research purposes (e.g. learning about general preferences and user trends) and for customization and improvement of our Website, products, services and marketing efforts. 1. **THIRD PARTIES** **RECIPIENTS.** We share Personal Information only with the following recipients: 2. With our service providers/vendors such as our hosting providers, CRM tools, etc. 3. With our business partners with whom we jointly offer products or services. We may also share Personal Data with our affiliated companies. They may combine this Personal Data with other details they hold about you. Unless they provide you with their own privacy policy, they may use your Personal Data for the purposes explained in this Privacy Policy. 4. For the purposes explained in this Privacy Policy, we may transfer your Personal Data to third parties in countries which do not have the same level of data protection laws as those in the country where you are located. We use several legal and technical mechanisms to help ensure that your rights and protections are respected. 5. To the extent necessary, with regulators, courts or competent authorities, to comply with applicable laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order; 6. If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your Personal Data to such third party (whether actual or potential) in connection with the foregoing events; 7. In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your Personal Data in connection with the foregoing events, including, in connection with, or during negotiations of, any merger, sale of company assets, consolidation or restructuring, financing, or acquisition of all or a portion of our business by or to another company; and/or 8. Where you have provided your consent to us sharing or transferring your Personal Data (e.g., where you provide us with marketing consents or opt-in to optional additional services or functionality). For the avoidance of doubt, we may transfer and disclose Non-personal Information to third parties at our discretion, including statistical, analytical and research purposes and for customization, development and improvement of our Website, services, or marketing methods. Non-Personal Information is any unconcealed information which does not enable identification of an individual User, and which is available to us while such User is using the Website (“ **Non-personal Information**”). 01. **PRIVACY RIGHTS.** The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by the GDPR): 02. You have a right to access Personal Data held about you; 03. You have the right to request that we rectify any Personal Data we hold that is inaccurate or misleading, and to request the erasure/deletion of your Personal Data (e.g. from our records). Please note that there may be circumstances in which we are required to retain your Personal Data, for example, for the exercise or defense of legal claims. In any event, if you wish to delete or modify Personal Information, please contact us with adequate detail of your request through the “Get a Demo” link in the Website and we will make reasonable efforts to modify or delete any such Personal Information pursuant to any applicable privacy laws. 04. You have the right to object, to or to request restriction, when we process your personal data based on our legitimate interests; 05. You have the right to data portability. This means that you may have the right to receive your Personal Data in a structured, commonly used and machine-readable format, and that you have the right to transmit that data to another controller; 06. If applicable, you have the right to object to profiling; 07. In case we process your Personal Data based on your consent, you have the right to withdraw your consent at any time. Please note that there may be circumstances in which we are entitled to continue processing your data, particularly if the processing is required to meet our legal and regulatory obligations. Also, please note that the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal; 08. You also have a right to request certain details of the basis on which your Personal Data is transferred outside the European Economic Area, but data transfer agreements or other details may need to be partially redacted for reasons such as commercial confidentiality; 09. You have a right to lodge a complaint with your local data protection supervisory at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before contacting your local supervisory authority or relevant institution. 10. **RETENTION.** Your Personal Data will be stored until we proactively delete it or you send a valid deletion request. Please note that in some circumstances we may store your Personal Data for longer periods of time, for example (i) where we are required to do so in accordance with legal, regulatory, tax or accounting requirements, or (ii) for us to have an accurate record of your dealings with us in the event of any complaints or challenges, or (iii) if we reasonably believe there is a prospect of litigation relating to your Personal Data or dealings. 11. **CHILDREN DATA.** We only offer our Website and services to adult professional individuals and do not knowingly collect Personal Data from or about individuals under the age of eighteen (18). For the purposes of the GDPR, we do not intend to offer services directly to children. In the event that we become aware that you provide Personal Data in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at [contact@blockaid.io](mailto:contact@blockaid.io). 1. **SECURITY.** We have implemented appropriate technical, organizational and security measures designed to protect your Personal Data. However, please note that we cannot guarantee that the information will not be compromised as a result of unauthorized penetration into our servers, or otherwise. As the security of information depends in part on the security of the network you use to communicate with us and the security you use to protect your user IDs and passwords, please make sure to take appropriate measures to protect this information. 2. **THIRD PARTY PRODUCTS.** We may enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us via our Website. We are not responsible for the privacy practices or the content of such third parties, so please be aware that they can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third Party Service. 3. **COOKIES AND OTHER TRACKING TECHNOLOGIES.** When you access or use the Website, we or our third party service providers may use industry-wide technologies such as "cookies" or other similar technologies which store certain information on your computer or device (" **Cookies**"), which will allow us to enable automatic activation of certain features and make your experience much more convenient and effortless. We or our authorized third party service providers may use both session cookies (which expire once you close the Website) and persistent cookies (which stay on your system until you delete them). It is easy to disable or delete Cookies, and most browsers will allow you to erase cookies from your computer's hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you disable or erase cookies, your online experience may be limited. 4. **GOOGLE ANALYTICS**. The Website uses a tool called “ **Google Analytics**” to collect information about use of the Website. Google Analytics collects information such as how often users visit this Website, what pages they visit when they do so, and what other websites they used prior to coming to this Website. We use the information we get from Google Analytics to maintain and improve the Website and our products. We do not combine the information collected through the use of Google Analytics with Personal Information we collect. Google’s ability to use and share information collected by Google Analytics about your visits to this Website is restricted by the Google Analytics Terms of Service, available at [https://marketingplatform.google.com/about/analytics/terms/us/](https://marketingplatform.google.com/about/analytics/terms/us/), and the Google Privacy Policy, available at [http://www.google.com/policies/privacy/](http://www.google.com/policies/privacy/). You may learn more about how Google collects and processes data specifically in connection with Google Analytics at [http://www.google.com/policies/privacy/partners/](http://www.google.com/policies/privacy/partners/). You may prevent your data from being used by Google Analytics by downloading and installing the Google Analytics Opt-out Browser Add-on, available at [https://tools.google.com/dlpage/gaoptout/](https://tools.google.com/dlpage/gaoptout/). 5. **CROSS BORDERS DATA.** We store Personal data with the following storing companies, including Google, Amazon and Others. In order to operate the Website, we may transfer information collected about you, including Personal Information, to affiliated entities, or to other third party service providers (as provided herein) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. 6. **UPDATES.** Blockaid reserves the right to change this policy at any time, and if so, we will provide notice about the changes of this policy. Such updates will usually take effect within seven (7) days after such notice or update, however, in the event that the Privacy Policy should be amended to comply with any legal requirements, the amendments may take effect immediately, or as required by applicable law and without any prior notice. 7. **CONTACT US.** If you have any questions, concerns or complaints concerning this Privacy Policy or if you wish to exercise your rights, we encourage you to first contact us by using the “Get a Demo” link on the Website or via [contact@blockaid.io](mailto:contact@blockaid.io). ## Onchain Detection and Response [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) ## Description ODR enhances blockchain security by addressing three critical challenges: limited visibility, slow response times, and lack of proactive threat detection. Unlike traditional security tools that focus solely on pre-transaction threats, ODR continuously analyzes every onchain interaction, delivering comprehensive visibility and rapid response capabilities. By monitoring all onchain assets, including contracts, tokens, and externally owned accounts (EOAs), ODR provides Web3 security teams with full visibility into their ecosystem, enabling them to quickly detect and assess vulnerabilities. These capabilities act as a central hub for threat detection, investigation, and response, extending beyond transaction-centered monitoring to include asynchronous and proactive threat detection. ‍With automated response workflows—such as blocking suspicious addresses or revoking permissions—ODR ensures swift mitigation, reducing the impact of potential threats. ‍Additionally, ODR employs advanced techniques like static code analysis to proactively detect malicious intent before attacks unfold, delivering comprehensive, real-time protection across the blockchain landscape. ## Get started with Blockaid, the most advanced ODR solution Request a Demo ## Blockaid Terms of Use [![Logo](https://www.blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://www.blockaid.io/) [![Logo](https://www.blockaid.io/images/logos/blockaid.svg)](https://www.blockaid.io/) **Blockaid Terms of Use** Welcome to htps://blockaid.io (together with its subdomains, Content, Marks and services, the " **Website**"). Please read the following Terms of Use carefully before using this Website so that you are aware of your legal rights and obligations with respect to Blockaid Ltd. (" **Blockaid**", " **we**", " **our**" or " **us**"). By accessing or using the Website, you expressly acknowledge and agree that you are entering a legal agreement with us and have understood and agree to comply with, and be legally bound by, these Terms of Use, together with the Privacy Policy (the " **Terms**"). You hereby waive any applicable rights to require an original (non-electronic) signature or delivery or retention of non-electronic records, to the extent not prohibited under applicable law. If you do not agree to be bound by these Terms please do not access or use the Website. 01. **BACKGROUND.** The Website is intended to provide general information regarding Blockaid, updates regarding our operations in the fields of blockchain security and to present relevant professional content. 02. **MODIFICATION.** We reserve the right, at our discretion, to change these Terms at any time. Such change will be effective ten (7) days following posting of the revised Terms on the Website, and your continued use of the Website thereafter means that you accept those changes. 03. **ABILITY TO ACCEPT TERMS.** The Website is only intended for individuals above the age of 18. If you are under 18 years please do not visit or use the Website. 04. **WEBSITE ACCESS.** For such time as these Terms are in effect, we hereby grant you permission to visit and use the Website provided that you comply with these Terms and applicable law. 05. **RESTRICTIONS.** You shall not: (i) copy, distribute or modify any part of the Website without our prior written authorization; (ii) use, modify, create derivative works of, transfer (by sale, resale, license, sublicense, download or otherwise), reproduce, distribute, display or disclose Content (defined below), except as expressly authorized herein; (iii) disrupt servers or networks connected to the Website; (iv) use or launch any automated system (including without limitation, "robots" and "spiders") to access the Website; and/or (v) circumvent, disable or otherwise interfere with security-related features of the Website or features that prevent or restrict use or copying of any Content or that enforce limitations on use of the Website. 06. **PAYMENTS TO BLOCKAID.** Except as expressly set forth in the Terms, your general right to access and use the Website is currently for free, but we may in the future charge a fee for certain access or usage. You will not be charged for any such access or use of the Website unless you first agree to such charges, but please be aware that any failure to pay applicable charges may result in you not having access to some or all of the Website. 07. **INTELLECTUAL PROPERTY RIGHTS.** 08. Content and Marks. The (i) content on the Website, including without limitation, the text, documents, articles, brochures, descriptions, products, software, graphics, photos, sounds, videos, interactive features, any other information and services (collectively, the " **Content**"), and (ii) the trademarks, service marks and logos contained therein (" **Marks**"), are the property of Blockaid and/or its licensors and may be protected by applicable copyright or other intellectual property laws and treaties. "Blockaid", the Blockaid logo, and other marks are Marks of Blockaid or its affiliates. All other trademarks, service marks, and logos used on the Website are the trademarks, service marks, or logos of their respective owners. We reserve all rights not expressly granted in and to the Website and the Content. 09. Use of Content. Content on the Website is provided to you for your information and personal use only and may not be used, modified, copied, distributed, transmitted, broadcast, displayed, sold, licensed, de-compiled, or otherwise exploited for any other purposes whatsoever without our prior written consent. If you download or print a copy of the Content you must retain all copyright and other proprietary notices contained therein. 10. **INFORMATION DESCRIPTION.** We attempt to be as accurate as possible. However, we cannot and do not warrant that the Content available on the Website is accurate, complete, reliable, current, or error-free. We reserve the right to make changes in or to the Content, or any part thereof, in our sole judgment, without the requirement of giving any notice prior to or after making such changes to the Content. Your use of the Content, or any part thereof, is made solely at your own risk and responsibility. 11. **LINKS.** 12. The Website may contain links, and may enable you to post content, to third party websites that are not owned or controlled by Blockaid. We are not affiliated with, have no control over, and assume no responsibility for the content, privacy policies, or practices of, any third party web sites. You: (i) are solely responsible and liable for your use of and linking to third party websites and any content that you may send or post to a third party website; and (ii) expressly release Blockaid from any and all liability arising from your use of any third party website. Accordingly, we encourage you to read the terms and conditions and privacy policy of each third party website that you may choose to visit. 13. Blockaid permits you to link to the Website provided that: (i) you link to but do not replicate any page on this Website; (ii) the hyperlink text shall accurately describe the Content as it appears on the Website; (iii) you shall not misrepresent your relationship with Blockaid or present any false information about Blockaid and shall not imply in any way that we are endorsing any services or products, unless we have given you our express prior consent; (iv) you shall not link from a website (" **Third Party Website**") which prohibited linkinkg to third parties; (v) such Third Party Website does not contain content that (a) is offensive or controversial (both at our discretion), or (b) infringes any intellectual property, privacy rights, or other rights of any person or entity; and/or (vi) you, and your website, comply with these Terms and applicable law. 14. **PRIVACY.** We will use any personal information that we may collect or obtain in connection with the Website in accordance with our Privacy Policy which is available at Blockaid.io/privacy _._ You agree that we may use personal information that you provide or make available to us in accordance with the Privacy Policy. 15. **WARRANTY DISCLAIMERS.** 16. This section applies whether or not the services provided under the Website are for payment. Applicable law may not allow the exclusion of certain warranties, so to that extent certain exclusions set forth herein may not apply. 17. THE WEBSITE IS PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS, AND WITHOUT WARRANTIES OF ANY KIND EITHER EXPRESS OR IMPLIED. BLOCKAID HEREBY DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY,  TITLE, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND THOSE ARISING BY STATUTE OR FROM A COURSE OF DEALING OR USAGE OF TRADE. BLOCKAID DOES NOT GUARANTEE THAT THE WEBSITE WILL BE FREE OF BUGS, SECURITY BREACHES, OR VIRUS ATTACKS. THE WEBSITE MAY OCCASIONALLY BE UNAVAILABLE FOR ROUTINE MAINTENANCE, UPGRADING, OR OTHER REASONS. YOU AGREE THAT BLOCKAID WILL NOT BE HELD RESPONSIBLE FOR ANY CONSEQUENCES TO YOU OR ANY THIRD PARTY THAT MAY RESULT FROM TECHNICAL PROBLEMS OF THE INTERNET, SLOW CONNECTIONS, TRAFFIC CONGESTION OR OVERLOAD OF OUR OR OTHER SERVERS. WE DO NOT WARRANT, ENDORSE OR GUARANTEE ANY CONTENT, PRODUCT, OR SERVICE THAT IS FEATURED OR ADVERTISED ON THE WEBSITE BY A THIRD PARTY. 18. PHNOMED DOES NOT OFFER A WARRANTY OR MAKE ANY REPRESENTATION REGARDING ANY CONTENT, REPORTS, INFORMATION OR RESULTS THAT YOU OBTAIN THROUGH THE USE OF THE WEBSITE AND ITS RELATED SERVICES (COLLECTIVELY, THE “ **INFORMATION**”), OR THAT THE INFORMATION IS COMPLETE OR ERROR-FREE. THE INFORMATION DOES NOT CONSTITUTE LEGAL ADVICE, AND YOU UNDERSTAND IT MUST DETERMINE FOR ITSELF THE NEED TO OBTAIN ITS OWN INDEPENDENT LEGAL ADVICE REGARDING THE SUBJECT MATTER OF ANY INFORMATION THAT YOU USE OR ARE CONSIDERING TO USE. YOUR USE OF AND RELIANCE UPON THE INFORMATION IS ENTIRELY AT YOUR SOLE DISCRETION AND RISK, AND PHNOMED SHALL HAVE NO RESPONSIBILITY OR LIABILITY WHATSOEVER TO YOU IN CONNECTION WITH ANY OF THE FOREGOING. 19. EXCEPT AS EXPRESSLY STATED IN OUR PRIVACY POLICY, BLOCKAID DOES NOT MAKE ANY REPRESENTATIONS, WARRANTIES OR CONDITIONS OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE SECURITY OF ANY INFORMATION YOU MAY PROVIDE OR ACTIVITIES YOU ENGAGE IN DURING THE COURSE OF YOUR USE OF THE WEBSITE. 20. **LIMITATION OF LIABILITY.** 21. TO THE FULLEST EXTENT PERMISSIBLE BY LAW, BLOCKAID SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, EXEMPLARY, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES OF ANY KIND, OR FOR ANY LOSS OF DATA, REVENUE, PROFITS OR REPUTATION, ARISING UNDER THESE TERMS OR OUT OF YOUR USE OF, OR INABILITY TO USE, THE WEBSITE, EVEN IF BLOCKAID HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR LOSSES. Some jurisdictions do not allow the limitation or exclusion of liability for incidental or consequential damages, so the above limitations may not apply to you. 22. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF BLOCKAID FOR ANY DAMAGES ARISING UNDER THESE TERMS OR OUT OF YOUR USE OF, OR INABILITY TO USE, THE WEBSITE EXCEED THE TOTAL AMOUNT OF FEES, IF ANY, PAID BY YOU TO BLOCKAID FOR USING THE WEBSITE DURING THE THREE (3) MONTHS PRIOR TO BRINGING THE CLAIM. 23. **INDEMNITY.** You agree to defend, indemnify and hold harmless Blockaid and our affiliates, and our respective officers, directors, employees and agents, from and against any and all claims, damages, obligations, losses, liabilities, costs and expenses (including but not limited to attorney's fees) arising from: (i) your use of, or inability to use, the Website; or (ii) your violation of these Terms. 24. **TERM AND TERMINATION.** These Terms are effective until terminated by Blockaid or you. Blockaid, in its sole discretion, has the right to terminate these Terms and/or your access to the Website, or any part thereof, immediately at any time and with or without cause (including, without any limitation, for a breach of these Terms). Blockaid shall not be liable to you or any third party for termination of the Website, or any part thereof. If you object to any term or condition of these Terms, or any subsequent modifications thereto, or become dissatisfied with the Website in any way, your only recourse is to immediately discontinue use of the Website. Upon termination of these Terms, you shall cease all use of the Website.This Section ‎14 and Sections ‎7 (Intellectual Property Rights), ‎10 (Privacy), ‎11 (Warranty Disclaimers), ‎12 (Limitation of Liability), ‎13 (Indemnity), and ‎15 (Assignment) to ‎17 (General) shall survive termination of these Terms. 25. **ASSIGNMENT.** These Terms, and any rights and licenses granted hereunder, may not be transferred or assigned by you but may be assigned by Blockaid without restriction or notification to you. Any prohibited assignment shall be null and void. 26. **GOVERNING LAW.** Blockaid reserves the right to discontinue or modify any aspect of the Website at any time. These Terms and the relationship between you and Blockaid shall be governed by and construed in accordance with the laws of the State of Delaware, without regard to its principles of conflict of laws. You agree to submit to the personal and exclusive jurisdiction of the courts located in Delaware and waive any jurisdictional, venue, or inconvenient forum objections to such courts, provided that Blockaid may seek injunctive relief in any court of competent jurisdiction. 27. **GENERAL.** These Terms shall constitute the entire agreement between you and Blockaid concerning the Website. If any provision of these Terms is deemed invalid by a court of competent jurisdiction, the invalidity of such provision shall not affect the validity of the remaining provisions of these Terms, which shall remain in full force and effect. No waiver of any term of these Terms shall be deemed a further or continuing waiver of such term or any other term, and a party's failure to assert any right or provision under these Terms shall not constitute a waiver of such right or provision. YOU AGREE THAT ANY CAUSE OF ACTION THAT YOU MAY HAVE ARISING OUT OF OR RELATED TO THE WEBSITE MUST COMMENCE WITHIN ONE (1) YEAR AFTER THE CAUSE OF ACTION ACCRUES. OTHERWISE, SUCH CAUSE OF ACTION IS PERMANENTLY BARRED. ## Blockaid Series B Funding [![Logo](https://blockaid.io/_next/image?url=%2Fimages%2Fnav%2Flogo-dark.png&w=3840&q=75)](https://blockaid.io/) [![Logo](https://blockaid.io/images/logos/blockaid.svg)](https://blockaid.io/) # This page doesn't exist. Just like a successful attack on a Blockaid customer. [Let's start over](https://blockaid.io/)