Benchmarking
Benchmarking what types of scams can be prevented is critically important to us. We default to transparency so that your expectations are aligned with the services we offer.
Last updated: 3/8/2024
Coverage on all major drainer kits
| Kit Name | Coverage |
|---|---|
| Pink Drainer | ✅ |
| Venom Drainer | ✅ |
| Inferno Drainer | ✅ |
| Angel Drainer | ✅ |
| Ace Drainer | ✅ |
| Node Drainer | ✅ |
| MS Drainer | ✅ |
| Cute Drainer | ✅ |
| Pussy Drainer | ✅ |
| Lethal Drainer | ✅ |
| Riddance Drainer | ✅ |
| Aqua Drainer (Solana) | ✅ |
| And many more kits | ✅ |
In total, the above drainer kits have stolen well in excess of >$300M from users in 2023 alone.
Many drainer kits have spinoff kits that share a lot of similarities in their code / techniques. We not only cover the low level fingerprints of these kits for tracking purposes, but we also cover the techniques that are being used to phish consumers.
Scam benchmarks:
| Scam Type | Example | Coverage |
|---|---|---|
| Wallet Drainers | A fraudulent website that drains all NFTs, tokens, or other assets within your wallet. | ✅ |
| NFT Marketplace Listing Scams | Exploits open approvals from assets you've previously sold/listed on Blur, OpenSea, or LooksRare. Attacker is able to sell the asset to themselves for 0 ETH | ✅ |
| Malicious signatures | eth_sign and other arbitrary value transfer functions. | ✅ |
| ETH Drainers | A scam website that claims to be a NFT mint but actually steals all the Ethereum from an account | ✅ |
| Low trust domains | Websites with very low reputation, which are often related to spam, malware, social engineering, and scams. | ✅ |
| Homoglyphs | øpeñsea.com (malicious) vs opensea.io (verified) | ✅ |
| Brand impersonation / URL typo-squatting | opensae.net (malicious) vs opensea.io (verified) | ✅ |
| Address screening | Aggregating data from other blockchain data providers about the reputation of the address | ✅ |
| High risk contract method calls | SecurityUpdate() and other method calls that are intended to mislead users into sending ETH for nothing in return. | ✅ |
| OpenSea Wyvern Contract exploit | This is an attack specific to the old OpenSea contract where users could be mislead into granting an attacker ownership of their proxy contract and therefore their assets. | ✅ |
| OFAC blocklist | Screening information against OFAC's blocklist | Coming soon |
| Seed phrase compromise | We are researching ways to extend our phishing detection to detect websites that have the intent of stealing the users' private key or seed phrase. | Coming soon |
| Honeypot detection & other smart contract risks | Honeypot detection: Smart contracts that only allow for assets to be sent in and not sent out. We will be adding support for this and other smart contract-related risks soon. | Coming soon |
| Rug pulls | We cannot predict the intentions of a NFT project that minted legitimately but then proceeds to abandon the project. However we can detect risks in the smart contract itself if the project appears to be suspicious. | ❌ |
| Address poisoning | We are exploring ways to detect this but do not support this right now. | ❌ |
| Malware | Malicious file downloads from play-to-earn malware campaigns or any form of malware. | Contact us |