Verify API: A Major Step Towards Combatting Phishing Attacks
Security issues have long thwarted widespread web3 adoption, and with devastating attacks rife throughout the ecosystem on a near-daily basis, it’s little wonder why.
Phishing scams in particular pose a major security gap across the industry, with an estimated $108 million worth of web3 users’ funds lost to such hacks in the first half of 2023 alone. Though the future that web3 can offer is, in many ways, unparalleled, it simply should not come with such critical compromises. Until we can create a web3 that is stronger, safer, and more secure for today’s users, we’ll simply never be ready to welcome tomorrow’s.
At WalletConnect, we’ve made it our mission to provide builders with the tools they need to create better foundations for a web3-native future to thrive upon. Today, we’re excited to share the latest step along that mission: Verify API.
What is Verify API?
Verify API is a first-of-its-kind layered security solution that enables wallets and apps to help users protect themselves from phishing attacks.
A security-first feature, Verify API empowers 500+ wallets and 3,000+ apps to support millions of users in detecting suspicious or malicious domains when connecting to an app or signing a transaction. Verify API’s robust architecture enables wallets and apps to support users in better identifying the veracity of the domain they are attempting to connect to. As we often say in web3 — don’t trust, verify.
With the combined power of WalletConnect’s secure registry and industry-leading security tools, wallets that integrate the feature can autonomously cross-reference the origin legitimacy of session metadata and:
- Allow users to easily detect whether the domain they’re connecting to is the same domain as verified by the application in the WalletConnect domain registry
- Notify users if the domain they’re trying to connect to cannot be confirmed as the registered domain of the application they want to access
- Warn users if the domain they’re trying to connect to has been flagged as different from the one registered by the application they want to access
- Alert users if the domain they’re trying to connect to has been flagged as a known malicious domain
Equally, apps that verify their domain can distinguish their service from any potential bad actors who may be trying to impersonate their brand, ultimately ensuring their users are better supported in shielding themselves from exploitation and able to interact with their app securely.
With over 2,000 leading web3 apps — like PancakeSwap and Snapshot — now supporting Verify as a means to better guide their users’ journeys, this easy-to-integrate, seamless, security-first feature is ready to change the game for countless across web3.
How can I use Verify?
If you have a project that utilizes WalletConnect’s SDKs, here’s how you can get Verify up and running:
Apps: For apps to have verified status, they must verify their domain in the WalletConnect Cloud by following a few simple steps. Head to the WalletConnect docs for details on how to verify, or read this blog for a step-by-step guide on the process. Alternatively, you can verify your domain directly in the WalletConnect Cloud here. Verifying your domain is strongly recommended to help end users distinguish your app from one that may be harmful.
Wallets: For wallets to enable their users to seamlessly experience this extra layer of security, head to the WalletConnect docs for details on integration methods, or read this blog for a step-by-step guide on how to integrate the new feature into your existing Web3Wallet installation.
Users: Use a specific wallet or app that doesn’t currently support Verify? You can always make a request to the project for Verify integration and tag us on Twitter if you have any questions.
What’s next?
We’re beyond proud to bring Verify to our community and help to accelerate the mission towards building a stronger, safer, and all-around-better web3 — but the journey doesn’t stop here. We’ve got lots of other exciting things in store as we strive to create best-in-class tools for those at the forefront of this new digital era, so stay tuned for future updates and information.
Have a technical question or need support?
Feel free to shoot them over to us on GitHub and someone from the team will help you in any way they can.
To keep up with our announcements, join our Discord and follow us on Twitter. If you are a wallet or an app that is interested in integrating WalletConnect, head over to our website and explore our documentation.