Benchmarking
Benchmarking what types of scams can be prevented is critically important to us. We default to transparency so that your expectations are aligned with the services we offer.
Scam benchmarks:
| Scam Type | Example | Simulation APIs Coverage |
|---|---|---|
| Wallet Drainers | A fraudulent new NFT mint site that drains all NFTs, tokens, or other assets within your wallet. | ✅ |
| Seaport Listing Scams | Exploits open approvals on the old OpenSea wyvern contract which allows assets to be listed and bought by an attacker on OpenSea for 0 ETH. This is how Kevin Rose was scammed. | ✅ |
| Blur Listing Scams | Exploits open approvals from assets you've previously sold/listed on Blur. Attacker is able to sell the asset to themselves for 0 ETH | ✅ |
| Malicious signatures | Set Approval For All, eth_sign, and other arbitrary value transfer functions. Set Approval For All is allowed on verified marketplaces | ✅ |
| ETH Drainers | A scam website that claims to be a NFT mint but actually steals all the Ethereum from an account | ✅ |
| Low trust domains | Websites with very low reputation, which are often related to spam, malware, social engineering, and scams. | ✅ |
| Homoglyphs | øpeñsea.com (malicious) vs opensea.io (verified) | ✅ |
| URL typo-squatting | opensae.net (malicious) vs opensea.io (verified) | ✅ |
| OFAC blocklist | Screening information against OFAC's blocklist | Coming soon |
| Honeypot detection | Smart contracts that only allow for assets to be sent in and not sent out. | Coming soon |
| Address screening | Aggregating data from other blockchain data providers | Coming soon |
| Rug pulls | We cannot predict the intentions of a NFT project that minted legitimately but then proceeds to abandon the project. | ❌ |
| Seed phrase compromise | We cannot detect scams which lure a user into giving away their seed phrase to an attacker. However, if the method for the attack is a phishing website it is possible that the Phishing Detection Service's URL scanner may catch it. | ❌ (may be caught by the PDS) |
| Malware | Malicious file downloads from play-to-earn malware campaigns or any form of malware. | Contact us |
NOTE: For scam benchmarks on the Phishing Detection APIs please contact us at [email protected] Our Simulation API always calls the URL scanning API as long as a URL is provided, and combines them into one JSON response for easy integration.