Let's Talk About 'Web3' Security Projects

Howard Kane
Last Updated:
February 4, 2024
Published:
February 4, 2024

Much ado about internet security. More and more developers are transitioning to infrastructure and helping grow the business of security education (certification) companies, but the levels of fraud and thievery are very hard to lower even when the crypto markets are declining. 

Throughout our exploration of early-stage crypto startups, we’ve interviewed several founders and team members of web3 security startups, which gave us some insight into what this growing space is shaping up to be.  From community-owned malicious data gathering projects to wallet protection solutions appearing, the people involved are trying to minimize vulnerabilities for themselves and others, and the risk of large-scale hacks we still often see today.

From what we've found in our weekly discovery projects in recent months, we can derive several subcategories of blockchain security companies:

  • Smart contract risk infrastructure. These companies are building tooling for the automatic detection of flaws and hazards in smart contracts and more general web3 code. They help developers catch their mistakes by themselves before the code is deployed. With many projects in this category driven by AI, developers can get insights and alerts about their code in real-time.
  • Wallets and browser extensions. There are some open-source extensions and wallets that can evaluate every dApp the user visits, where the criteria come from the security project and the data may come from users. This enables immediate blocking of all websites with malicious properties determined by experts. Users may also be able to earn token rewards for sharing some browsing data that could help others avoid bad dApps.  
  • Social media and governance tools against malicious actors. This subcategory includes bots for capturing phishing DMs, or malicious activity tracking and transaction history analysis tools. Using such tools projects can enable protection for all of their users and set dynamic permissions for interactions within the community. Ex. On Discord, if someone wants to send you a link to a known dangerous website (caught in active databases of bad sites), these systems can block the message. 
  • Security protocols / protective transaction mechanics. The subject of zero-knowledge proof cryptography is being brought back by the web3 people, with new scaling and privacy systems like rollups introduced. These systems, along with protocols appearing in the underground that achieve true anonymity, are helping other projects make the best out of their platforms. 
  • Agencies or auditors. Controversial because oftentimes they artificially increase the sense of security within an ecosystem while the given project – their client – remains malicious. On the other hand, beneficial for both emerging proprietary and open-source crypto projects to establish themselves in the big pool of noise that is web3. Smart contract auditors are to companies as certification organizations are to IT people.
  • Anonymity and pseudonymity tools. Includes systems derived from ZKP-enabled privacy protocols, new types of digital identities, as well as completely unique tooling for covering up transaction and wallet activity histories. Dark Pools and soul-bound token-driven social media on Farcaster are examples. 

The following is a list of the key blockchain security projects we’d like to share with you as highlights from our research. 

Security Protocols

Specular - the first EVM-native optimistic rollup that offers two improved items from the blockchain trilemma - security and decentralization, and supports permissionless inclusion of Ethereum clients and dispute resolution.

Silent Protocol - a startup building a privacy-compliant infrastructure for dApps where true financial primitives can be created in the DeFi. For users, a privacy infrastructure means they can access dApps anonymously and confidentially. Silent brought a new MPC protocol and its silent-compliance virtual machine for encapsulating dApp operations.

Protective Browser Extensions & Wallets  

TholosAPP - a self-custodial multi-chain crypto wallet and an intuitive with a portfolio dashboard. Projects can incorporate Tholos with their own systems to better manage asset custody and their treasuries, and get institutional-grade security. 

Pocket Universe - a web3 transaction security company that offers a free browser extension for asset safety. Pocket Universe detects malicious Seaport transactions, honeypot NFTs, counterfeit tokens, and more.

Fire - a Chrome extension that simulates transactions and provides details on what exactly will go in and out of a user’s wallet before the contract is signed.

Stelo is an open-source extension that keeps crypto safe from phishing and helps users understand transactions before they sign them. 

ThreatSlayer is a threat detection browser extension aimed at the mainstream user. They utilize AI threat detection technology to catch and block browser-based attacks, like phishing attacks and social engineering. Users can catch threats and share the data for token rewards, while ThreatSlayer sells threat data to other firms.

Smart Contract Risk Infrastructure

ChainPatrol - a web3 security platform offering advanced tools for stopping phishing scams, picking up false positives on security analysis, and freezing compromised social accounts.

Neutron - a Cosmos-based and Cosmos Hub-used smart contract platform utilizing CosmWasm to create interchain security for staked $ATOM, and interoperability through IBC/ICQ/ICA technologies. 

Hexagate - a new web3 security firm that offers a transaction analysis API.

Skylock - a Canadian company that helps web3 startups defend themselves from digital threats using machine learning, anomaly and hack detection, malicious transaction interception, and on-chain event monitoring tools.

Audits

Spearbit - a decentralized agency filled with security experts whom companies can hire for reviews, audits, and consultation. The talent is hired on a case-to-case basis to match security skills with the client's problem.

Zellic is a web3 audit firm specializing in both security and compliance. A range of services is offered, from smart contract auditing and dApp security foundations.

Anonymity

RAILGUN - a ZKP-driven privacy and anonymity system for EVM-based products that makes it possible for users to anonymously interact with DEXs, lending platforms, and other dApps directly on-chain on Ethereum.

Big Whale Labs - the company behind a series of other unique web3 projects that include SealCred, Echo, and Sealcaster. SealCred is a new social protocol based on soul-bound NFTs that power on-chain pseudonymity, Echo is a tool for tweeting anonymously with ZKP badges, and Sealcaster is a Farcaster tool for anonymous posting.   

Safe Ecosystem Governance

Shield - an AI-enabled web3 security provider building automation and monitoring tools that detect fraudulent, fake, and scammy behavior in blockchain ecosystems.

 

The emerging projects in this space are creating completely new types of protective solutions for web3 products that are looking less like traditional websites or apps by the day, which can be celebrated. 

It is truly exciting to see things like ecosystems with incentivized user reporting of malicious dApps, ways to tweet anonymously with the help of zero-knowledge proofs, or developers utilizing real-time smart contract analysis tools to write better lines from the very start.