Using current and historical data from DeFi to warn MetaMask users before making a transfer to a known-malicious address. Information is stored in a smart contract on web3 and accessed using the Pocket network to further decentralise the approach. Added information is available on IPFS to reduce the cost of the service. Users are notified when trying to make a transaction about the validity of a contract address based on a variety of factors explained in the next section.
Building on the MetaMask source code we have deployed a plug-in (snap) which intercepts the recipient address whilst a user is going through the motions of sending funds.
The address is then verified using a variety of sources, including:
Data scraped from social media (twitter posts and youtube videos offering 2-4-1 on deposits)
Static analysis of contract code
Bytecode pattern matching of smart contracts
Data stored on the IPFS which can provide more information besides a simple score.