United States-based crypto exchange Coinbase has become the latest crypto wallet provider to roll out transaction previews and blocklists amid a rise in crypto thefts.
On Jan. 30, the crypto exchange announced that it had integrated a new suite of safety features to its wallet app to make it easier for users to spot and take action on potential foul play from scammers.
Such integrations include a transaction preview feature that gives the user an estimation of how users’ “token and NFT balances will change” during a transaction before the confirm button is hit.
The firm has also rolled out token approval alerts, which make it clear to the user when a decentralized application dApp is requesting approval to withdraw tokens and nonfungible tokens (NFTs).
Additionally, the firm has also introduced new layers of permission management that enable users to revoke DApp connections directly from the app to help minimize “exposure to potential vulnerabilities.”
The crypto exchange joins the ranks of several other crypto wallet providers that have either rolled out or announced similar features aimed at combating crypto scams and phishing attacks, including Solana-based Phantom, Web3 wallet provider Ember and Bitski.
"These types of protections are sorely needed to protect not only consumers, but businesses as well," David Schwed, chief operating officer at Halborn, a blockchain security firm. "We've seen that even those who have been in the space for a while are not immune to getting scammed."
Just two days after Moonbirds creator Kevin Rose admitted to losing $1.1 million in NFTs via a targeted phishing attack, Phantom reminded users on Jan. 27 that its wallets are protected with a number of security features which include transaction previews, an open-source blocklist, NFT spam reporting and burning.
The firm explained its transaction preview feature: "when you take an action in Phantom, like minting an NFT, we scan your transaction and proactively find anything that looks fishy. Website looks fishy? You get a warning. Trying to obfuscate code? Warning. Interacting with suspicious tokens? Warning.”
The open-source blocklist consists of a “community-maintained list of malicious domains” that Phantom blocks users from mistakenly connecting with.
12/ We’re proud of the security features we have implemented, but this is only the beginning.— Phantom (@phantom) January 26, 2023
We will continue to work tirelessly to protect our users with best-in-class security features, education, and support to make everyone’s journey through web3 safe, easy, and fun.
Tweeting on the same day as Phantom, Web3 wallet provider Ember detailed the list of its own security tools.
The list includes translation previews, token and NFT locking to stop assets being drained as part of malicious transactions, and approval revoking.
5/7) As well, Ember allows you to lock your NFTs and tokens, which disables the ability to send or sell them until they have been unlocked which requires your authentication to do so— Ember (@EmberWallet) January 27, 2023
This means that if you do sign a malicious transaction, your locked assets can't be drained
On Jan. 24, Bitski also indicated that it was working on similar integrations via its 2.0 wallet, with product designer Jasmine Xu noting that this will cover “self custody, dapp browser, transaction simulation previews, notifications about account activity, in-app burner vault, and a bunch more in a few weeks.”
Related: 5 sneaky tricks crypto phishing scammers used last year: SlowMist
"While these technologies are certainly a step in the right direction, they are definitive in their analysis. They will provide potential indicators of a scam but it's still up to the user to decide whether or not to move forward with a transaction," noted Schwed, adding:
"The other challenge is since these tools are available for anyone, the scammers can now test whether or not their scam is identified by these tools."
In its most recent blog post, Coinbase said in the coming weeks, the firm will launch a feature so that users can “view and revoke existing token balances.”
These types of features are important for crypto and NFT users, as scammers/hackers deploy a wide array of tools to hijack transactions and get funds sent to them instead of the originally intended destination.
Popular methods that dupe even experienced users include phishing attacks, scam airdrops directing people to click on malicious links, and malware.
Update Jan. 31, 11:46 pm UTC: Added comments from Halborn chief operating officer David Schwed.