GM,

First, over the past weekend, I airdropped OP tokens into the wallets of eligible members who provided their addresses. Blocktrend has distributed a total of 1,784 OP tokens, worth over 100,000 NTD. The number of tokens each person received varied based on their total payments, ranging from 2 to 24 tokens. New members curious about why Blocktrend distributes money to subscribers can refer to this article. I hope to create a positive cycle of content through airdrops.

Blocktrend received nearly 5,000 OP rewards in total. However, despite initially promising to distribute 100% to members, we ended up giving out less than half. This is not because I want to "embezzle" but for two reasons:

1. Eligible members did not claim their tokens.

2. Some accounts received fewer tokens due to having two accounts.

I would, of course, be happy to keep the remaining funds (currently valued at 200,000 NTD) for other uses, but I'm also concerned that some people might have simply missed out. This week, I will send another email to members who are eligible for the OP airdrop but did not provide their wallet addresses. If no one claims the tokens, I will consider it a donation to Blocktrend 🤣 Let's get to the main topic.

Last week, there was a significant cybersecurity incident. Squarespace, a Nasdaq-listed company that acquired Google's domain business last year, was hacked, and hundreds of cryptocurrency websites were hijacked. Even if users entered the correct URL, they were redirected to phishing sites, making it very difficult to prevent.

In the past, website hijacking mainly aimed to steal personal information, account passwords, or credit card numbers. Now, cryptocurrency has become the primary target for hackers. This article will explain how the incident happened and teach you how to use Harpie to create an on-chain firewall for your wallet.

Domain Hijacking

Last week, the website of Compound Finance, the world's third-largest decentralized lending service by market cap, was hijacked by hackers. I made a video explaining this as soon as it happened.

Regardless of whether you manually enter the URL https://compound.finance or access the website through a Google search, you will be redirected by hackers to the phishing site "compound-finance.app." It's as if the hackers set up an "automatic redirect" for the site and prevented the site owners from reversing it. If users do not notice the subtle difference between the phishing URL and the original URL, and connect their wallets or authorize transactions, their cryptocurrency will be completely drained.

Fortunately, this incident did not cause widespread loss. This is because the built-in phishing site detection in browsers has become the first line of defense. Users will see a prominent red warning screen, and unless they are "persistent," they will usually stop there.

Initially, people thought that Compound Finance was the victim of an attack. However, after discovering that multiple websites were affected, it was revealed that the source of the entire hacking incident was actually Squarespace, a Nasdaq-listed domain service provider. After hacking into Squarespace, the attackers hijacked hundreds of cryptocurrency websites managed by them.

These affected websites were quite unlucky. They were originally customers of Google Domains, a domain service under Google. However, in 2023, Google sold its domain business to Squarespace, indirectly making these websites victims of the hacking incident.

Blocktrend had previously introduced several cybersecurity tools designed to prevent phishing attacks1. The main focus of this article, Harpie, offers even more powerful features. If you accidentally authorize a phishing website, Harpie can use a unique MEV mechanism on the blockchain to automatically retrieve your funds from the hacker. And this service is free!

On-Chain Firewall

Harpie markets itself as an "on-chain firewall" with three main functions:

1. Wallet Health Check

2. Two-Factor Authentication

3. Asset Recovery

After connecting your wallet to the Harpie website, the system will generate a health report based on your past on-chain activities. Similar to a medical report, you need to pay attention to any "red marks." The image below shows my wallet health score. Out of a possible 100 points, I scored 64, which is barely passing. However, by following the suggested actions, you can quickly improve your wallet's security level to 100 points.

What Does a Score of 100 Mean? Harpie CEO Daniel Chong divides wallet security into three major aspects:

1. Private Key Management

2. Transaction Management

3. Authorization Management

Private key management is the most familiar to everyone. However, many people mistakenly believe that as long as they buy a cold wallet, their assets are completely safe. This is a misconception. The advantage of using a cold wallet is that it isolates the private key from the internet, making it extremely difficult for hackers to steal it. However, hackers can still attack from the other two aspects, which is where Harpie's protection comes into play.

For example, if I want to transfer ETH stored in my cold wallet to deposit in Compound Finance but fail to notice that the website has already been hijacked, I would take out my cold wallet to confirm the authorization and send the transaction. In this case, the ETH would still go directly to the hacker's wallet.

If this makes you feel that a cold wallet is not safe enough, you are wronging it. A cold wallet only helps you keep your keys from being stolen, but whom you choose to transact with is your own decision.

To avoid transacting with the wrong recipient, Harpie's "Two-Factor Authentication" feature can help. Users must modify their settings to set Harpie as the wallet's RPC node. An RPC node is an intermediary station for information between the wallet and the blockchain. How much balance is in each wallet and what transactions to send must be communicated with the blockchain through the RPC node.

Setting Harpie as the wallet's RPC node is like adding a security checkpoint to your wallet. All future transactions in and out of the wallet must pass through Harpie's checkpoint.

Harpie maintains a blacklist containing as many as 26 million phishing addresses found on the internet. Whenever a user sends a transaction from their wallet, Harpie first sends a notification to their email, along with third-party advice, to let the user decide whether to proceed or reject it. The image below shows a notification I received, indicating that the address I was about to interact with is suspicious and advising against proceeding.

Although previously introduced tools like Wallet Guard or Scam Sniffer by Blocktrend offer similar functions, Harpie takes a more "intrusive" approach. Not only can it notify users in advance, but it can also help recover funds afterward. Harpie refers to this feature as "Advanced Security."

Fighting for Funds with Hackers

According to Harpie:

Harpie collaborates with users to establish a trusted network, which identifies malicious transactions. If your wallet attempts to transfer funds to someone outside this trusted network, the mechanism will activate and prevent the transaction. We use an advanced strategy called front running, which allows us to "cancel" the transaction even if you have already sent it on the blockchain... When Harpie detects a malicious transfer or authorization, we transfer your funds to a non-custodial vault before the transaction is finalized on the blockchain. By paying a higher gas fee, we can transfer the funds to a pre-set vault before the hacker can move your funds into their wallet.

I discussed front running in a previous article, "Arbitrage Bot Gets Counterattacked! MIT Brothers Move 800 Million in 12 Seconds and Get Caught2" If you are a major investor whose actions can influence the market, and I am your fund manager, I could place orders ahead of you every time you intend to buy or sell large amounts, making risk-free profits.

Front running is illegal in traditional financial markets, but Harpie uses it to protect assets—by using the RPC node to learn about user transfers and authorization activities in advance. If the recipient of the user’s interaction is not within the pre-established trusted network, Harpie will activate the front running mechanism and transfer the funds to a secure vault, where only wallets pre-designated by the user can withdraw the funds.

In essence, Harpie’s two-factor authentication and advanced security represent blacklist and whitelist mechanisms, respectively. Two-factor authentication compares transactions against the blacklist, while advanced security requires users to establish a whitelist. The safest approach is to activate both mechanisms simultaneously. Unless Harpie's database misses something, it should be very difficult for your funds to leave your control.

Despite Harpie's convenience and free personal use, it should attract many users. However, according to Harpie's data released on May 30 this year, only 1,402 ETH have been protected through Harpie. For an average individual, this is not a small amount, but on a global user scale, it seems insignificant.

Why aren’t major investors using Harpie? I believe privacy concerns are the primary reason.

Privacy Concerns

The larger the user's asset scale, the greater the economic value they can bring to Harpie. If every transaction of a major investor is leaked to Harpie in advance, there's no guarantee that Harpie won't use this information advantage to make money.

Harpie's privacy policy clearly states that it will collect multiple personal information from users, including blockchain and transaction data, web browsing information, and device information. Harpie not only uses this information to provide services but also shares it with third-party partners. However, the problem is that Harpie does not explicitly state who these "third-party partners" are—could they be MEV arbitrage bots?

Moreover, Harpie claims to be willing to pay a higher gas fee to recover funds from hackers for its users. With such considerate service, it seems odd that their business model does not charge individual users. It is logical for a community with a security guard to collect management fees, so if Harpie does not charge users, it raises suspicions that it might be in the privacy business.

This might explain why Harpie currently manages relatively few assets. Large asset holders typically do not sacrifice transaction privacy to save on "building management fees." However, for individuals with smaller asset scales, trying out Harpie's on-chain firewall might still be worthwhile.

Share

Blocktrend is an independent media platform sustained by reader subscription fees. If you find Blocktrend's articles valuable, we welcome you to share this piece. You can also join discussions on our member-created Discord or collect the Writing NFT to include this article in your Web3 records.

Furthermore, please consider recommending Blocktrend to your friends and family. If you successfully refer a friend who subscribes, you'll receive a complimentary one-month extension of your membership. You can find past issues in the article list. As readers often inquire about referral codes, I have compiled them on a dedicated page for your convenience. Feel free to make use of them.