Chains

BNB Smart Chain

Build web3 dApps effortlessly

BNB Beacon Chain

Sunset Complete

BNB ecosystem’s staking & governance layer

DocumentationGitHubFaucetStake BNBBscScanBSCTraceDev ToolsLearn more about FusionDocumentationBeacon Chain ExplorerToken Recovery ToolDocumentationGitHubFaucetBridgeGreenfieldScanDCellarDev ToolsDocumentationGitHubFaucetBridgeopBNBScanDev ToolsDocumentationGitHub

Developers


Submit dApps

BNB Smart ChainBNB GreenfieldopBNBzkBNBBNB HackBNB Incubation Alliance (BIA)Most Valuable Builder Accelerator Program (MVB)BNB Chain GrantsKickstartGas GrantsTVL Incentive ProgramMEME Coins InnovationSee All Programs

Ecosystem

Staking

Earn BNB and rewards effortlessly

Tokenization Solutions

Get Your Business Into Web3

Native StakingLiquid StakingCompany TokenizationReal World Assets TokenizationNFT Loyalty Program

Community

Contact UsGet Started
Contact UsGet Started

Safeguarding Your Web3 Journey: The HashDit Extension

2023.11.29  •  7 min read
Blog post image.

Main Takeaways

  • When the market stirs, so too do scammers and attackers. Their efforts can be surprisingly effective, even against experienced users. 
  • HashDit Extension is a complimentary, open-source Web3 security tool designed to shield you from a variety of cyber threats and phishing scams.
  • The HashDit Extension is available in the Chrome Web Store now: https://tinyurl.com/mnsv3f7y .

How Does The HashDit Extension Protect You?

The HashDit Extension is designed to serve as an extra layer of protection when interacting with websites that involve digital assets.

It works by sitting in between websites and extension-based wallets like TrustWallet and MetaMask, analyzing transactions, identifying risk factors, and alerting you to potential threats. This approach employs a multi-layered defense mechanism to safeguard your online interactions.

Let's take an example of a mining website that seems normal at first glance. Without HashDit’s protection, this is what you see:

However, here’s a view of the SAME phishing website with HashDit protecting you:

Workflow:

Here’s a visual of how our multi-layered defense mechanism keeps you safe.

 HashDit Extension WorkFlow

Layer1: Real-time Scanning (Phishing) Before Connecting to the Website

The HashDit extension proactively identifies new risky websites and alerts you of any phishing or scam websites before interacting with them, thereby preventing any accidental divulgence of your sensitive information or funds. 

Potential wallet drainers can connect and clean out your wallet before you even realize it. The HashDit Extension patrols your wallet perpetually, identifying potential threats before they can connect to your wallet.

Phishing Website Warning from HashDit Extension

Layer2: Well-Rounded Detection Before Completing Transactions & Signatures

The HashDit Extension combines the website, transaction, contract and receipt address information in order to compile a well-rounded detection. This detection is then complemented with an analysis of the threat by generating warnings about risky transactions or suspicious signatures. 

Thus, the HashDit Extension ensures that you are aware of potential harm before proceeding with any transaction.

Transaction Analysis Pop Up of the HashDit Extension 

The HashDit Extension Pop Up - A Deep Dive

Not all users are familiar with transactions and signatures, especially new users to the crypto. Often, Web3 phishing websites entice users to participate in high-return projects. 

However, when users connect their wallets and click the receive button, the website asks users to approve unlimited USDT to an EOA (Externally Owned Account) address. This “approval” process is an ERC20 standard - a method of allowing any other address to withdraw funds from the owner without further permissions until the specified limit.

This means that this EOA address can empty the user's wallet at any time. This is one of the most common phishing methods, and our transaction detection will detect this risk and promptly warn users. 

Example 1:

Example 1: Function name and dApp URL risk analysis
Example 1: Contract risk analysis
Example 1: Function detail
Example 1: Involved risk addresses highlight in function detail
Example 1: Overall risks

Example 2: 

An attacker creates a vanity address that is very similar to the victim's address.

They then send very small amounts of cryptocurrency to the victim's address, hoping when victims see a transaction for a token they typically interact with in their transaction history, victims might copy the recipient address (thinking it is their own) and then send funds to that address. This is also called Address Poisoning

Example 2: Transfer value and recipient risk analysis
Example 2: Overall risks

HashDit’s Extension goes beyond just warning users. It provides easy-to-understand insights into transactions and signatures, increasing users’ knowledge and awareness. This is especially helpful for newcomers in the crypto world who are at risk of being exploited by scammers.                            

 Signature Insight of HashDit Extension Pop Up

While maintaining your safety is important, maintaining your data privacy is equally important and is one of our primary concerns. The HashDit Extension has been engineered to never access your seed phrase or private key. We cannot, and will not ever, access your wallet directly. We aim to give you peace of mind and secure browsing in one single package.

Currently, HashDit Extension supports Ethereum and BNB Chain, with plans to include more chains like Polygon and opBNB in the near future.

Type of Risk Detected by the HashDit Extension

Scam Type

Example

Coverage

Wallet Drainers

Sophisticated scam groups which use different measures such as tricking users to ‘approve’ their funds to the scammers, resulting in their NFTs, tokens, or other assets being stolen.

Malicious signatures

Misleading functions with ill-intent, such as 'Set Approval For All', 'eth_sign', etc which can lead to users losing their assets.

Low trust domains

Websites with very low reputation, often linked to spam, malware, social engineering phishing, and scams. They usually impersonate notable online platforms. 

High risk contract method calls

Risky method calls such as  'SecurityUpdate()', which are designed to deceive users into sending ETH to the scam contract.

Honeypot detection & other smart contract risks

Honeypot token is one example which only allows users to trade into an asset without being able to sell it afterwards. Other risks include but are not limited to: backdoor, scam tokens and centralization risks.

Rug pulls

Sudden abandonment of a project by the scam creator(s), after the team initially promises to work and develop on the project. This usually occurs once the investment amount by the victims is deemed enough by the scam creators.

Address poisoning

The attacker creates a vanity address that is very similar to the victim's address. They then send very small amounts of cryptocurrency to the victim's address, hoping when victims see a transaction for a token they typically interact with in their transaction history, victims might copy the recipient address (thinking it is their own) and then send funds to that address.

Seed phrase compromises

Scams to steal the users’ seed phrases/private keys, thereby being able to control their crypto assets.

Coming soon

Malware

Malicious software disguised as attractive downloads and campaigns.

Contact us

 

Malicious extension

Posing as a utility software while engaging in harmful activities.

Contact us

HashDit - A Background

HashDit is a Web3 Security Firm focused on providing a safe ecosystem for both protocol users and smart contract developers on BNB Chain. 

Our Goals:

Our central objective is to furnish crucial threat intelligence to empower everyday DeFi investors in making well-informed decisions. Navigating this intricate DeFi landscape poses challenges even for seasoned investors, let alone newcomers. HashDit aims to bridge this knowledge gap by offering timely and comprehensive threat intelligence on DeFi projects.

Our Partners:

HashDit's API integration extends its influence to numerous prominent applications, anchoring active measures to safeguard users from the clutches of fraudulent activities.

PancakeSwap: This leading DEX on the BNBChain, with a substantial $1.3 billion in TVL, seamlessly incorporates HashDit's solution. Automated scans of tokens within the PancakeSwap framework offer users discernible risk scores. This feature empowers users with real-time insights into potential transactional risks, bolstering informed decision-making amid their DeFi interactions.

TrustWallet: HashDit's API takes center stage within TrustWallet, an industry vanguard Web3 Wallet. Serving as a protective layer within the user experience, HashDit's threat intelligence suite preempts elevated risks by promptly notifying users before they connect to the dApp or execute transactions. This proactive approach ensures users operate with heightened vigilance, fortifying their engagement within the dynamic DeFi landscape.

BSCscan: A prime example of HashDit's impact unfolds through its collaboration with blockchain explorers, most notably BSCscan. Integrating risk alerts within the explorer's interface bolsters user prudence and caution. Users are empowered to tread warily when engaging with projects or addresses displaying suspicious or high-risk attributes. This measured approach fosters an environment of cautious exploration, preventing undue exposure to potential risks.

Disclaimer

Although the HashDit Extension can scan and detect a large number of threats, one should never solely rely on a single app to ensure personal security. Your most crucial defense is your personal digital and crypto security knowledge. Secure your assets by applying as many security and crypto best practices as possible. #DYOR

Share