What attacks can Harpie prevent?

Read more on the various web3 attacks that Harpie is built to protect you against.

Below is a list of many (but not all) of the types of attacks that Harpie can prevent.

Frontend Attacks

$570k was stolen in just a few hours because of the Curve.fi attack

This attack is almost unavoidable. By hijacking a trusted website, attackers can trick users of the site into signing their money away.

Phishing/Impersonation

This OpenSea phishing link was a single email campaign that caused $1.7 million in damages.

These types of attacks impersonate a trustworthy party. Attackers use this misplaced trust to trick victims into signing malicious smart contracts designed to steal their money.

Fake Site Scam

These attacks use a clean, well-designed website to trick victims into trusting the site. Afterwards, victims are asked to sign malicious smart contracts or send over their private keys to the attacker as part of a "user onboarding" process.

Private Key Theft

Private key theft is being phased out in favor of smart-contract-based attacks, like the attacks described above. That being said, ownership of a wallet's private key allows an attacker to freely transact with the assets inside.

Because private key theft gives an attacker complete control over your wallet and its assets, see Disclosures & Risks for edge cases where Harpie would not be able to protect your wallet from private key thieves.

Accidental Transfer

Misspelling one of the 40 characters in an Ethereum address during a transfer can cause a victim to lose access to those assets permanently. Harpie stops accidental transfers from occurring, since your trusted network will not include that misspelled address.

What types of attacks can Harpie not prevent?

No security product is comprehensive, so for the sake of transparency, we've included info on our limitations in Disclosures & Risks.