In (What is social engineering attack and how to prevent it?), we mentioned that social engineering attacks are becoming one of the biggest security threats for Web3 investors. From impersonating customer service, phishing websites to disguising contract signatures, attackers use a variety of means that are hard to defend against.

Many investors tend to focus their security protection on wallet settings and private key protection, but in reality, what can immediately block risks from daily operations are some simple and practical security tools, such as anti-scam security plugins.

In this article, Portal Labs recommends several mainstream and well-reviewed anti-scam plugins to help you enhance asset security from the source and build your personal Web3 protection shield.

Anti-phishing plugin list

In the Web3 investment process, investors encounter countless websites, wallet signatures, and community messages every day, leading to a huge amount of information, making it difficult to be 100% cautious with every operation. But attackers precisely exploit this 'habitual trust' to launch attacks.

The role of anti-scam plugins is to provide investors with an additional 'safety reminder' before each click, signature, or authorization, helping to expose potential threats in advance. Even if your knowledge of security is limited, with these plugins, you can still effectively reduce the risk of phishing or theft.

Here is a list of 9 popular anti-scam plugins (ranked alphabetically, no specific order).

Blockem

Blockem utilizes AI algorithms to simulate transactions and score interaction addresses, helping users identify potential risks. This plugin provides personalized security advice by analyzing transaction patterns and historical data.

  • Focus: Simulated transactions, contract/token/address security rating

  • Source of security database: Relies on its own developed AI models and rule libraries for risk assessment.

  • Applicable wallets: Compatible with mainstream wallets.

  • Target audience: Users who want to enhance security protection with AI technology.

DefiLlama Extension

DefiLlama Extension provides real-time data and analysis of DeFi projects, helping users identify potential risks. By showcasing key indicators such as locked amounts and yields, users can better assess the safety of projects.

  • Focus: DeFi project security analysis

  • Source of security database: Integrates data from the DefiLlama platform to ensure accuracy and timeliness.

  • Applicable wallets: Compatible with mainstream wallets.

  • Target audience: Investors active in the DeFi field.

Fire Extension

Fire Extension is launched by the well-known Web3 security company Blowfish, capable of real-time analysis of transaction signatures, detecting high-risk contract interactions, and is particularly sensitive to malicious contract authorization. When users attempt to interact with potentially dangerous contracts, the plugin issues a warning to prevent asset loss.

  • Focus: Authorization management, simulated signature risk

  • Source of security database: Provided by Blowfish for professional security data support.

  • Applicable wallets: Adapted for wallets like MetaMask and Phantom, with some wallets having built-in API services.

  • Target audience: High-net-worth investors and Web3 project team wallet managers.

GoPlus Security

GoPlus was mentioned in the previous (Tool Article (03)), where we introduced the use of the app. In addition to the app, GoPlus also has a plugin version that can provide complete on-chain data security services. This plugin integrates multi-dimensional detection functions such as contract, token, and address risk scanning, and can real-time identify token scams and malicious addresses.

  • Focus: Contract/token/address security rating

  • Source of security database: Integrates various on-chain data and security community information.

  • Applicable wallets: Compatible with various mainstream wallets; for specifics, refer to the official compatibility list.

  • Target audience: Investors who prefer to comprehensively understand on-chain asset and interaction risks from a data perspective.

Metashield

Metashield is developed by the BuidlerDAO team and can identify authorized transactions, helping users with early warnings and blocking phishing websites through black and white lists and checking the status of authorized addresses. This plugin can be used without connecting a wallet, providing convenient security protection.

  • Focus: Contract/token/address security rating

  • Source of security database: Provided by the BuidlerDAO team for professional security data support.

  • Applicable wallets: Can be used without connecting a wallet.

  • Target audience: Users who want to increase security without affecting wallet usage.

Pocket Universe

Pocket Universe is a highly praised wallet transaction protection plugin. Before users initiate transactions, it automatically simulates the real consequences of the transaction, including whether it involves authorization, whether funds will be transferred to unknown addresses, etc., providing real-time risk alerts.

  • Focus: Simulated signature risk

  • Source of security database: Utilizes its own simulation engine and rule library for risk assessment.

  • Applicable wallets: Supports multiple mainstream wallets such as MetaMask, Coinbase Wallet, and Phantom.

  • Target audience: Users who frequently interact with DApps and participate in DeFi and NFT transactions.

Revoke.cash

Revoke.cash pops up a prompt before the user signs permissions, informing them of the details of the permission to help prevent signing malicious permissions. Additionally, users can view and revoke previous authorizations through this plugin, ensuring asset security.

  • Focus: Authorization management

  • Source of security database: Utilizes its own rule library for risk assessment.

  • Applicable wallets: Suitable for all EVM-based chains, such as Ethereum, Polygon, and Avalanche.

  • Target audience: Users who need to manage authorizations and avoid malicious contracts.

Scam Sniffer

Scam Sniffer scans the interaction logic when the user connects their wallet to initiate interactions and pops up to inform the security scan results, indicating risks. This plugin can identify phishing contracts, unknown airdrops, and other risks, protecting users from scams.

  • Focus: Anti-phishing website

  • Source of security database: Integrates multiple security data sources and updates risk information in real time.

  • Applicable wallets: Supports mainstream wallets like MetaMask.

  • Target audience: Users who need to guard against phishing contracts, unknown airdrop risks, and more.

Wallet Guard

Wallet Guard focuses on global protection features on the browser side, capable of detecting malicious links, phishing websites, and fake airdrops, as well as preventing malicious signature authorizations. It will pop up warnings when users visit suspicious websites or prepare to connect wallets.

  • Focus: Anti-phishing website

  • Source of security database: Integrates multiple well-known security community databases such as PhishFort and Chainabuse, with frequent updates and extensive coverage of risk information.

  • Applicable wallets: Supports multiple mainstream wallets including MetaMask and Coinbase Wallet.

  • Target audience: Investors active on community platforms such as Discord, Telegram, and Twitter, who are easily exposed to various airdrops or project links.

However, many investors mistakenly believe that installing plugins can completely avoid phishing.

In fact, there is also a lag risk with plugin databases, especially when encountering targeted disguises (such as stolen friend accounts or hacked project Discord), the plugin may not respond immediately.

Therefore, plugins are a baseline safeguard and cannot replace your careful habits regarding official website verification and private key management.

Suggestions for using anti-phishing plugins

In investing in Web3, the biggest fear is not understanding the market, but thinking 'I'm safe, only to fall for a link'.

Anti-scam plugins may not make you rich overnight, but they can often block a fatal blow at a critical moment.

Especially for investors who frequently participate in DeFi, NFT transactions, MEME coins, new token interactions, and airdrop activities, these plugins are not just embellishments but a safety net that protects your baseline.

It is recommended to choose at least 2-3 plugins to use in combination, covering various scenarios such as signature detection, malicious contract identification, phishing link filtering, and authorization management.

  • Fire Extension + Pocket Universe + Metashield → Core wallet multi-signature simulation + authorization protection

  • Wallet Guard + Scam Sniffer → Defending against social engineering phishing and forged links

  • Revoke.cash → Regular authorization cleanup to prevent long-term authorization risks

Remember, security is never a championship, but a long-distance race—only by keeping risks out can you enjoy the dividends of Web3.

The Web3 market is ever-changing, but the baseline of security is always a must-have course for participants.