> For the complete documentation index, see [llms.txt](https://harpie.gitbook.io/welcome-to-the-harpie-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://harpie.gitbook.io/welcome-to-the-harpie-docs/about/what-attacks-can-harpie-prevent.md).

# What attacks can Harpie prevent?

Below is a list of many (but not all) of the types of attacks that Harpie can prevent.

### Frontend Attacks

<figure><img src="/files/qBNaV6DBXeZgs19X6909" alt=""><figcaption><p>$570k was stolen in just a few hours because of the Curve.fi attack</p></figcaption></figure>

This attack is almost unavoidable. By hijacking a trusted website, attackers can trick users of the site into signing their money away.&#x20;

### Phishing/Impersonation

<figure><img src="/files/Kc2dM9dHunO9ij2X5Z6G" alt=""><figcaption><p>This OpenSea phishing link was a single email campaign that caused $1.7 million in damages.</p></figcaption></figure>

These types of attacks impersonate a trustworthy party. Attackers use this misplaced trust to trick victims into signing malicious smart contracts designed to steal their money.

### Fake Site Scam

<figure><img src="/files/jVVGeO1SgOnZsporGrq0" alt=""><figcaption></figcaption></figure>

These attacks use a clean, well-designed website to trick victims into trusting the site. Afterwards, victims are asked to sign malicious smart contracts or send over their private keys to the attacker as part of a "user onboarding" process.

### Private Key Theft

Private key theft is being phased out in favor of smart-contract-based attacks, like the attacks described above. That being said, ownership of a wallet's private key allows an attacker to freely transact with the assets inside.

Because private key theft gives an attacker complete control over your wallet and its assets, see [Disclosures & Risks](/welcome-to-the-harpie-docs/tech-and-security/disclosures-and-risks.md) for edge cases where Harpie would not be able to protect your wallet from private key thieves.

### Accidental Transfer

Misspelling one of the 40 characters in an Ethereum address during a transfer can cause a victim to lose access to those assets permanently. Harpie stops accidental transfers from occurring, since your trusted network will not include that misspelled address.

### What types of attacks can Harpie not prevent?

No security product is comprehensive, so for the sake of transparency, we've included info on our limitations in [Disclosures & Risks](/welcome-to-the-harpie-docs/tech-and-security/disclosures-and-risks.md).
