Web3 browser extensions: Yay or nay?
My first published article for 2023:
Happy new year, everyone!
Heads up 04/2023: Wallet Guard also has transaction simulation now — this article needs a bit of a polish. Will do.
The number of web3 scams is so high, that there has been some massive innovation about browser extensions in web3.
I do often get the question, if there are any Browser extensions I can recommend.
First off: I’m an advocate for self-education. So the best case scenario for me would be, that every user has some kind of understanding of what they are signing while interacting with the blockchain.
Is this a realistic scenario? Probably not. So this is where browser extensions come into play. I do want to add, that you should always do your own research before trusting any piece of software blindly. Install them at your own risk.
I’ve spent a lot of time in the web3 community, building a network across people that are connected within the security space.
From group chats, Discords and Twitter spaces I found that these four browser extensions can be useful and recommended. Especially if you’re new to web3 and a rookie in this space.
I’ll link my Spotlight videos I did on them on my YouTube channel before explaining what they do. The website to the extension can be found by just clicking on the bold name.
The Wallet Guard browser extension is made to protect you from visiting phishing / fake websites in the web3 space.
A lot of the times, we see domains that are impersonating an OG project in the web3 space by just changing a small detail, like the top-level-domain from .io into .xyz.
If you got the Wallet Guard extension installed, they’ll block a lot of these websites that you might have visited otherwise with a message like this:
Wallet Guard also provides a security checklist feature, which lets you check if you got the latest versions of your browser extensions installed, such as MetaMask, Phantom wallet etc.
Overall: Wallet Guard is a good solution for a general phishing protection with links in web3. Most of the scam attempts are executed on fake websites, and those are blocked to a good amount by this extension!
Shoutout to their team for doing a good chunk of web3 safety work!
Probably every one of you has used revoke.cash — or at least seen it before.
The one-man army Rosco Kalis is the pioneer in the space when it comes down to revoking approvals you signed with your wallet. The website has been a reliable source since 2019.
Revoke.cash also has a browser extension, that is designed to intercept a called signature / transaction when something seems off. The transaction / signature is analyzed and scanned for any common patterns that are used to scam people. It will then be displayed with a pop-up warning.
This includes: Set Approval For All calls, listing signatures (useful for the Opensea listing signature exploit) and hash signatures.
Installing this browser extension (available for Chromium browsers and Firefox) will help you catch a malicious signature / transaction on the fly — hopefully!
Just like revoke.cash the Pocket Universe browser extension aims to protect you and your digital assets from getting stolen by malicious transactions and signatures.
The Pocket Universe extension is available for Chromium browsers and for Firefox.
What’s special about Pocket Universe is, they are simulating every transaction / signature and the possible outcome before sending it through your wallet. Even the good ones will get visually exposed, because they’re simulating the call before it ever gets transmitted to your wallet.
If you visit a website that attempts to steal your assets by calling an Set approval for all, an Opensea signature listing (drainer) or even a honeypot contract — Pocket Universe will detect this and warn you about it.
Last but not least:
With Stelo we got the third browser extension that jumps on the malicious requests that get sent to your wallet daily — meaning transactions and signatures.
Stelo’s goal is to prevent you from signing a malicious request with your wallet — approvals, drainers — or hex signatures without you having to be an expert.
The Stelo extension enriches the transactions with additional information. On this example you’d be attempting to swap USDC into DAI, and Stelo gives you a few details of the contract that is called — Uniswap V3 in this example. This can be useful information like how many transactions the contract did in the last 30 days, or when it was first deployed to the blockchain.
Stelo is available for Chromium browsers as of January 2023.
This is my wrap up of four pretty good browser extensions that are around in the web3 space — and that I personally would trust, if I would use an extension on a regular basis. I’ve talked to every team of these four and they all are pretty engaged within the web3 community.
I know there are other contenders, but they are sometimes token gated or coming with some other barriers that I can’t recommend at the moment.
Hope this article (and most likely the videos) were helpful to give you an overview of how security focused people in the NFT & Cryptospace are working hard every day to keep users and their assets safe.
Stay safe!
