Welcome to the Harpie docs!
  • About
    • Whitepaper
    • What attacks can Harpie prevent?
  • Tech & Security
    • Harpie's Anti-Theft Tech
    • About the Transaction Firewall
    • About the Harpie Vault
    • Security
    • Contracts
      • Deployments
      • Transferer
      • Noncustodial Vault
      • Audit
    • Disclosures & Risks
  • Help
    • Getting Started
      • Get Protected
        • Protecting a token or NFT
        • Setting a withdrawal address
    • My NFTs are stuck in the Harpie Vault, how do I recover them?
    • My Vault is saying I only have 1 NFT recovered, but there should be more
    • FAQ
      • Is Harpie audited?
      • What is Harpie?
      • What is a Trusted Network?
      • What happens when I "Protect" something?
      • What is a Withdrawal Address?
  • Harpie For Enterprise
    • Harpie For Enterprise
      • Background Check API
      • Methods
        • Validate Address
        • Validate Transaction
        • Get Contract Name
Powered by GitBook
On this page
  • Frontend Attacks
  • Phishing/Impersonation
  • Fake Site Scam
  • Private Key Theft
  • Accidental Transfer
  • What types of attacks can Harpie not prevent?
  1. About

What attacks can Harpie prevent?

Read more on the various web3 attacks that Harpie is built to protect you against.

PreviousWhitepaperNextHarpie's Anti-Theft Tech

Last updated 1 year ago

Below is a list of many (but not all) of the types of attacks that Harpie can prevent.

Frontend Attacks

This attack is almost unavoidable. By hijacking a trusted website, attackers can trick users of the site into signing their money away.

Phishing/Impersonation

These types of attacks impersonate a trustworthy party. Attackers use this misplaced trust to trick victims into signing malicious smart contracts designed to steal their money.

Fake Site Scam

These attacks use a clean, well-designed website to trick victims into trusting the site. Afterwards, victims are asked to sign malicious smart contracts or send over their private keys to the attacker as part of a "user onboarding" process.

Private Key Theft

Private key theft is being phased out in favor of smart-contract-based attacks, like the attacks described above. That being said, ownership of a wallet's private key allows an attacker to freely transact with the assets inside.

Because private key theft gives an attacker complete control over your wallet and its assets, see Disclosures & Risks for edge cases where Harpie would not be able to protect your wallet from private key thieves.

Accidental Transfer

Misspelling one of the 40 characters in an Ethereum address during a transfer can cause a victim to lose access to those assets permanently. Harpie stops accidental transfers from occurring, since your trusted network will not include that misspelled address.

What types of attacks can Harpie not prevent?

No security product is comprehensive, so for the sake of transparency, we've included info on our limitations in Disclosures & Risks.

$570k was stolen in just a few hours because of the Curve.fi attack
This OpenSea phishing link was a single email campaign that caused $1.7 million in damages.