 Hi. Hi, everyone. Thanks for joining us today. It's Jester here with Cointelegraph and today I'm joined by Alex Tula, founder of Web3 Antivirus. Alex is a leading expert in the field of blockchain security with a strong background in computer science and cybersecurity. He funded with 3 Antivirus, a pioneering company that specializes in developing antivirus solutions for Web3. Under Alex's leadership, Web3 Antivirus has become a trusted and respected brand known for its innovative approach and commitment to security. Hi, Alex. Thanks for joining us today. How are you this afternoon? Yeah, hi, Jessica. Thanks for the intro. Yeah, I'm doing good. I'm happy to be here and share a little bit of information and maybe shed a light on what we're building and why we are so excited with the project that we've built so far. Absolutely. Well, we're excited to have you here. But before we get started, I just want to remind our audience to please send us your questions in the chat and make sure to like the video and subscribe to the channel. I'm really excited to be here with Alex. But first, here's a quick video introducing Web3 Antivirus. As we saw from the video, Web3 Antivirus is a type of software that is designed to protect against security threats in the Web3 space. Alex, can you share how Web3 Antivirus works to identify and protect, prevent attacks on blockchain systems and networks, including malware, phishing attacks, and other types of cyber threats? And how does Web3 Antivirus differ from traditional antivirus software? Well, yeah, so Web3 Antivirus is not an antivirus in the conventional sense. But we have a name so that people can more easily understand mission and purpose and to pay tribute to antivirus software that has been protecting us for decades. In Web3, safety is a must have. And we believe that it can and should be accessible to everyone. And after Erase TurboLand 2022, crypto enthusiasts are more aware that their assets need to be protected. So, and this is why we created Web3 Antivirus. It's an autonomous Chrome extension, something like a protective layer between a user and dangerous that may encounter in a Web3 space. And it guards users from signing dangerous transactions or messages and helps not to engage with the malicious websites. Like, yeah. Amazing. And, you know, what are some of the most common types of threats that Web3 Antivirus is designed to protect against? Yeah. So, I would say there are two main types of threats that the extension protects from. Speaking about phishing, like, the first one is the phishing website. And the second one is a malicious smart contract. So, if we talk about the phishing website, let me briefly explain how it works. So, phishing is a classic example of social engineering. And for all those impersonate, legitimate businesses for individuals, and their goal is to obtain sensitive information such as passwords, credit card numbers, personal contact details, or in case of crypto scams, the private keys or recovery phrases. So, often scammers will create websites that almost perfectly resemble their website or legitimate business. There are often cases when crypto scammers advertise those websites so they get on top of such results. And the way to combat phishing is to stay vigilant. Bookmark the website you use for your crypto transactions to be sure you access the original resource every time. If you get an unsolicited email or chat message supposedly from Exchange, crypto wallet, or maybe support team of a crypto project, be careful about the links in it because they could contain malware or lead you to a malicious website. So, WebTrain Tivirus here provides an additional layer of protection. It underlines a vast database of non-throttle and dangerous and blacklisted websites. It uses AI similarity validation to check the main names and shows in a real time if a user should stay away from that website. And like I said, another one speciality for WebTrain Tivirus is scanning smart contracts for potential suspicious and malicious activities and other sorts of scam. Amazing. That makes me recall a meme that I read recently. The only thing that grows faster than technology is actually scams, right? So being very delicate and aware and being able to protect ourselves is really important. I'd just like to remind our audience that this is an interactive show. So if you have any questions or comments, please make sure to feel free to send them in the chat and I'll ask Alex the question so that he can answer them directly. As we move on, Alex, can you tell me more about the smart contract analysis as it relates to WebTrain Tivirus and protecting against those scammers like we mentioned before? Yeah, of course. The first important thing to understand is that in general, any smart contract, any transaction from the blockchain is controlled by smart contracts and scammers can exploit vulnerabilities or they can create their own smart contracts with malicious logic. So crypto scammers attempt to have users sign malicious transactions from messages and then drain their wallet. And for example, you may be tricked into thinking that approving a transaction would result in your coins being stated to earn a yield. In reality, the transaction or message you approved would take all the tokens out of your wallet and send it to address control by a scammer. So most people don't have technical knowledge to tell a malicious smart contract by looking at its code. Yeah, it's even for me, it might take hours to deep dive into understanding sometimes quite complex logic of a smart contract. So as a rule of thumb, we recommend to stay alert about social engineering attacks. And it's often a way that scammers use to involve users in interaction with malicious activities, contracts and unsolicited invitations or promotions to register on a website, sign a message for transaction should be viewed with extreme skepticism and caution. And to cover the smart contract part, and to cover this auditing part, we have created our extension and it works like this. So every time a user is about to sign a transaction on a different, like on the marketplace or it could be a swap or a different project. So W2A activates and we post the transaction, we put the transaction on post, like briefly to run us through our auditing algorithms, and we search for all sorts of red flags. It could be malicious logic, suspicious functions, compromise information, slow transaction volume and other. And it's not only about like detecting those flags, but it's also like combinations of those detectors because sometimes sometimes good functions could make worse things. And in parallel, so what we do is we simulate that transaction in our backend, in the background and check every single smart contract every single piece of code that is interacted with this transaction. And in a few seconds, we present a risky board and users can decide whether they would like to proceed with the transaction or not. So it's kind of a two-bottom step for the client. And yeah, so in a nutshell, this is how the smart contract works. Absolutely. And you know, I'm curious, like one of the major things that we saw last year is a lot of scams with like NFT drops and things of that nature. And then like the smart contract that if you receive something and you went and then sold it, then you would lose all of your assets. Is this something that Web3 Antivirus could help prevent and kind of scan through and kind of flag? Yeah, of course. So Web3 Antivirus here is to keep you informed about what is happening with every transaction, like what you are going to sign. And it's kind of doing your research in the background and combining with extensive results so you can understand what is going to happen if you sign this transaction. Absolutely. So in layman terms, it's almost like providing that blue check mark to confirm that, hey, we've done our due diligence, we've reviewed it, we've put it through our processes and you should feel safe to go forward and sign the contract. Like there are no major red flags. Amazing. Well, does Web3 Antivirus offer benefits to Web3 projects from the perspective of blockchain security and risk management? Can Web3 platforms benefit from Web3 Antivirus extensions just as private users do? Yeah, of course. So at the development stage, we kept in mind the possibility of integrations with Web3 projects, crypto wallets and blockchain to support the ecosystem. And so Web3 Antivirus can offer substantial benefits for projects, the dev teams and community. We propose a verification system. One of them is like a verification system which allows to add unique information about the project and digital assets, visual and textual details for from the project team along with verified status, like we just talked about, like that blue mark, and kind of a status that we display within the Web3 interface. It will not only give users more insight but will also work as additional confirmation of projects originality. Obviously, scam projects and copycats will not receive such verification and we hope this will prompt users to carry an additional research. Another one, it could be like integration with the wallets when we talk about, so we can provide the similar report for the users but not through our interface, not through our extension but through the wallet or marketplace so we can do that research in the background and deliver the results to the project. For example, when W2-8 is integrated with the wallet so we can detect poison attacks addresses and tell about this because this type of scam is really common nowadays and anyone can be a victim. It's only one of the examples of integration with the projects and we can discuss individually what we can support and how we could deliver a value for those projects. Of course, I would like to mention like integration with other protocols, not integration but let's say supporting other protocols and we plan to expand and extend our algorithms beyond the serial blockchain. We will cover a range of protocols starting with the most popular ones like Polygon, Binance, it's where all this all this scam happens and with even compatible blockchains conceptually there will be no difference so WebChainTivirus will operate with all side blockchains actually protecting users from suspicious interactions, malicious interactions like this. Amazing, awesome. We do have a question from the chat. How can the Web3 Antivirus be used? I think this question is mostly about application, how they may be able to integrate it onto their everyday servers and so forth. It's a very easy setup so actually there is no setup at all. What a user needs to do is just get to the Chrome extension store, click install our Web3 Antivirus software and that's it. We don't ask any integrations, we don't ask for seed phrase, we don't ask to integrations with a metamask or any kind of a any kind of other details so and we activate our protection right from the installation point. So it's just as simple as a widget. Yeah so it's a browser, it's like a widget, it's a browser extension and it starts checking every transaction on every website so it's not just some specific website or some specific project so every time we see like interaction with a metamask or other wallets so we literally post that transaction so we do not allow that transaction happens until a user sees a report from our extension like what we found. Amazing and then I have here it's currently so it has ETH and BNB chain support, is that correct? So currently we support ETH and we are working on deliver our solution to BNB chain as well and it will happen quite soon because what we would like to do is to deep dive as much as possible with one chain and then just copy to others and we quite succeed with Ethereum as of now. Amazing and you know moving on how is Web3 Antivirus evolving to meet the changing needs and threats of blockchain space and what can we expect to see in 2023 and do you plan on rolling out additional features for Web3 projects? Yeah of course so Web3 is going through difficult times now we know this and there is lots of talk about its future potential involvement and we believe that infrastructure projects and valuable solutions that really solves problems will be fine and remain in demand. At the same time I do not expect the activity of cameras to decrease that is why the W3A team is focused on constantly improving the extension functionality and building the community around it. Ultimately our main goal is to provide users with tools and knowledge to take back their safety in Web3. So to do this we monitor threats and security trends so that Web3 Antivirus can be as up to date as possible to detect the most dangerous scams and for example soon we will be able to warn users about like additional honeypot attacks that are still on the rise and cost millions of dollars in losses. In addition we are also expanding the list of supported wallets and protocols like I said before and in order to give protection to as many users as possible that are still regardless of which wallet or protocol they use. Also there is a big trend on transparency users want to know more about the projects and products they engage with and it's perfectly understandable and we try to be as open and transparent as possible in our work from like social media to GitHub repositories is why actually we rolled out the code to GitHub so everyone can check and verify by themselves. Yeah you know I'm sure you come a lot of like scenarios of scams and things of that nature and something that we as the community are always very intrigued by the level of detail that these scammers go into to really like scam users a lot of their assets and I'm curious what are some of the most tricky or elaborate scams that Web3 Antivirus has detected or can detect. Okay so yeah we can we can talk a lot about this because every day scammers present something really new but yeah that's maybe offline some of them so yeah I would say the most something that still works and we can see on every day basis is efficient and malicious sites it's a very common scheme rather easy to start and there is a great potential to expand another one is a messages like this sign so it's a dangerous scheme and it's yeah it's easy to fall for. Fish on sites will treat a user into a sign in a message saying it's a ossification or for example signing up for a white list and since it's not a transaction and there is no gas fee many users sign that message without without a second thought and after that it's highly likely that their assets will quickly disappear from their world. So yeah and then another one is there are also various schemes that results in user closing their assets by unknowingly granting access permission to them during the transaction so it's more common to NFTs and then after that selling on an open C for example and these scams are hard to avoid and they can be you can be masked by like seamlessly okay transaction to prevent that WebTree and Clinus shows detailed information about permission requests and assets that users are granting to access to so yeah so the users and so they will get clear messages explaining what they will receive and what they what's on what they what they give and what they receive like as a result of this transaction um and yeah some some other like some other good examples could be poison attacks and the really trending now scammers create the impression that the user made a zero value transaction to the same address as a few minutes so the from address is exactly the same but the recipient address is different only with first four and last four digits like symbols so can yeah imagine a user who received a push notification from their wallet it could be my user wallet it could be metamask it could be different all kind of wallets and from where the user just sent a transaction and so the user receives a push notifications that tells that another transaction just got through and so but he didn't he didn't he didn't proceed with the transaction so what would you do so first thought would be that my wallet has been hacked and I have to quickly transfer all my funds to an exchange account or some other account and that would lead to errors as users will send the funds to the raw address and um we are and some that address could be like the one that that was poisoned that is similar to the one that I just sent and uh so yeah we're currently developing a solution to alert users and we'll share more details over next week uh how to like how stay protected from these kind of scams and yeah and um even though like the most popular scams scams in general uh like um I also can like um tell that I say that it's a honeypot because a honeypot prevents a buyer um over talking from reselling it uh and this inability to sell causes the talking price to only increase for as long as scammers would like so it creates the appearance of a moaning you know moaning token and thereby tricks even more users into buying and so yeah this this is why honeypots are far far the most popular or I would say they allow scammers to both manipulate their users and the token price as yeah so and then as honeypots of all we're trying to virus follow uh to help users avoid by enticing assets and they will not be able to resell so yeah it's uh and I can continue because it's like different combinations of of these scams like together with the official website and um all of them lead to lose your assets yeah I mean this is absolutely amazing and you know we hear about these scams and we read about them all the time but now we're talking about web three where you're tying in your identity your wallets your assets and and you know risking all of that just seems it's very like nerve wracking to consider and and the scammers are getting a lot smarter so I'm wondering what is one of the most eye-popping scam web three antivirus has spotted to date and how much do you think would have been lost if web three antivirus wasn't there to help um yeah when it comes to numbers uh that was a lunch just a month and a half ago um to date we have sourced it over 1.2 million suspicious sites into our database and we put in thousands of smart contracts um I can't remember I cannot mention specific high-profile cases of fraud that we have prevented and that that have made headlines but um I guess that is a good thing the headlines usually uh describe the cases uh whereas cameras succeeded um and it's yeah so it's impossible to name um the exact amount of saved assets because we don't have access to users wallets and don't collect such information but uh for many fraud schemes such amount can be abstractly described as all assets that were in the user's wallet um for example we have run into scammers who targeted digital creatives on dribble like web 2.0 platform uh the scammers were offering a job to redesign the nfc projects website um on the side they offer it to connect your wallet to their platform to see all the functionality and details like images descriptions of all the entities if someone connected a wallet and um and there were assets in it so the site offering to sign a message uh it's it was not even a transaction and as a result all assets would be transferred to the scammers this is just one example of many and here alone vector anti-virus saved millions of dollars in assets so yeah some some there is some numbers that's incredible um audience just wanted uh remind everyone if you have any questions please sum them our way I know this is a very exciting topic I'm very intrigued um Alex can Web3 antivirus help investigators when trying to identify hackers and scammers I know you said you had a list of like suspicious sites that's uh in your rolodex but um how can you help investigators like help identify these hackers and scammers and potentially you know um help retrieve some of the lost assets if anything at the moment we don't identify hackers ourselves we directly monitor suspicious activity but we are already working on algorithms to uncover fraud schemes and gather information about hackers and this in the near future we will roll roll them out we are ready to cooperate with other companies and projects share the data we find and work out new new solutions and our goal is to make Web3 more secure and this will not be possible without the cooperation uh in within the Web3 community uh yeah and in the meantime we reveal scams on our social networks and report them on like uh projects like chain use where everyone can read more about them amazing now I know people in Web3 community are usually very cautious about new projects and instruments it's hard to gain trust and for good reason how does this influence the way Web3 antivirus works or how you um how does this influence the way that you engage and develop communicational strategies with the Web3 community uh yeah so I would say transparency is a key to trust and as I said before that is the reason we are open to the community you can find information about me talk to me on Twitter or LinkedIn look at my experience and previous projects to make your own opinion because we value transparency we have made Web3 antivirus open source you can visit our GitHub repository check the code build a copy and make that the extension operates and make sure that uh that the extension operates it's precisely as described another important aspect about trust is um users data W3A doesn't have access to any user data or assets like as simple as that so we're not in a studio wallet so we're not keeping the funds so we are we're not touching anything like that belongs to the user um and besides being open ourselves we try to foster transparency and safety in this field uh we welcome cooperation with Web3 project that carry about security and its further development um yeah and we also have plans to build our community of holiday data uh to scrutinize our analysis even more in addition uh we actually put it all instances of suspicious activities to be useful as data providers to analytics like for like data providers and analytics components um yeah I can know we have a really great team of professionals with deep experience in blockchain solutions protocol development and smart contracts for it they know firsthand how crucial it's to ensure security we know how to um like we know why we're building this product and we are very motivated to build it solid amazing now I know you mentioned it using Web3 antivirus is just as simple as downloading uh Chrome extension and going on but I'm sure there's a lot of questions from our users um an audience uh is there any fee affiliated or associated with using the the Chrome extension no it's absolutely free so you can uh we we plan to add like a premium subscription on the latest stages but then the all the basic functionality will be free forever so we are not going to charge users to uh to keep them secure amazing um and you know final question what role do user education and awareness play in the effectiveness of Web3 antivirus uh so yeah Web3 is a wild waters and many people know we're a little about security when it's when they first come to Web3 and even experienced users are often called by fraud so we are all aware of basic safety rules such as security case storage no cloud software backups uh for your wallet no photo of seed phrase like checking different sources and so on but every day the number of scams teams are isn't crazy um they're getting more elaborate and and basic is not no longer enough um yeah so and another factor is that people often uh don't have skills or time to do background check on a new project also as the FTX case showed even the big players in the market are exposed to risk and no one can make guarantees so i believe the most valuable things the most valuable thing projects can do is what they can do is to invest in educating users and help them increase their chances against scams there are there are teams that do this pretty well already and i'm sure it pays off so and we are at WebTrain to virus prioritize this goal as well uh explaining the most common dangers in Web3 describing newscams how they work and how to avoid them in a simple and clear language and of course uh the essence of our product is to provide users with one more instrument to stay safe and enhance and enhance their research amazing well alex i think i've learned so much today um thank you so much for connecting with us today today we've learned about Web3 antivirus um we've learned that it's a type of software that is designed to protect against security threats and blockchain and crypto space Web3 um it works by identifying and preventing attacks on the blockchain system and networks including malware phishing attacks um honeypods and others um Web3 antivirus differs from traditional antivirus software in that it specifically designed to address the unique security challenges posed by decentralized systems and application it's as simple as a one two three going on google chrome and downloading the application absolutely free and it may be used by organizations and individuals to protect their blockchain assets and transactions and may be integrated with other security measures to provide a comprehensive approach to blockchain security before we sign off i'm sure that the audience would like to know i know you mentioned you're available on twitter and so forth but if they wanted to reach out to you um and if they had any questions about Web3 antivirus can you share how they can get in touch with your connect with your community yeah so it's uh we have a twitter account like a Web3 antivirus account they can also can send me a direct message uh either linked in or twitter account and uh yeah and i would be happy to to to help and advise on every question or help with scam investigation or like is it just if anyone would like to share um another sort of scam or like suspicious activity who would be happy to discuss and see how how it could all of us how it could improve our product and make Web3 safe a safer place absolutely well alex it's been a real pleasure thank you so much i just want to thank you again for joining us today for the AMA and thank you to our audience for being interactive and sending along your questions i also want to remind everyone to please subscribe to coin telegraph's youtube channel we do AMAs like this quite frequently thanks again alex and thanks again to our audience we'll see you next time thank you thank you