It’s the worst of web3.

You visit a website, service, community, or game hoping to check it out and maybe join. But before you can walk through the gate, the service asks you to connect a cryptocurrency wallet like MetaMask. It is the digital equivalent of being able to shop in a boutique only after giving the store owner all your bank details. It feels backward, unnecessary and dangerous.

It’s also a serious brake on web3 adoption.

“$2.7B in Cryptocurrency Lost in 2022 Due to Hacking of Smart Contracts or Protocol Infrastructure,” Delphi Digital, the “Institutional Grade” Cryptocurrency Research Firm Recently tweeted. “This represents an increase of 63% over last year.”

What can you do?

Serial entrepreneur Alexei Dulub thinks he has the answer: web3 “antivirus.” Years of building blockchain and auditing smart contract solutions for clients through his outsourced software development company PixelPlex taught him that web3 is riddled with bugs. Those bugs can be exploited by hackers or just clever technologists finding ways to use smart contracts in ways their creators didn’t intend. Poorly written smart contracts have resulted in millions locked up for both creators and clients, or millions simply stolen.

Bugs are one thing. In some ways worse are smart contracts that are literally written to steal your cryptocurrency, NFTs, or other digital artifacts of value. And because we’re trained not to read the fine print in EULAs (end user license agreements) and probably can’t read the code in smart contracts, we’re ripe for a scam.

“Do you know what you are signing with Metamask?” Dulub asked me.

The short answer, for me, is no.

That’s where Web3 Antivirus comes in. Installed as a Chrome plugin, Web3 Antivirus kicks in when you’re about to sign a transaction, then momentarily pauses the transaction and scans it for risk factors. Having a website that is on what the company says are “thousands” of block lists is one, as is a code requesting access to all your cryptocurrencies or instructions that are encrypted and therefore presumably acting alone. in favor of the author of the smart contract.

After analyzing the smart contract, Web3 Antivirus gives you an overview of potential risks and allows you to make what Dulub says is a more informed decision about whether or not to proceed.

“The plugin also protects users from visiting phishing websites: it checks domain names against thousands of blocklists, identifies suspicious logic with its proprietary ML templates, and warns users if the website is unsafe,” says Dulub.

Crucially, according to the company, Web3 Antivirus does not request access to your wallet, your digital assets, or the seed phrases (long crypto-style passwords) that protect your cryptocurrency.

However, it’s worth noting that the Chrome plugin requires access to “read and change all your data across all websites” and to manage your apps, extensions, and themes. These are likely necessary to do your job, but in theory, in the wrong hands, this is clearly a security risk.

When I mentioned this, Dulub said that this is one of the reasons why the Web3 Antivirus tool is open source (anyone can see its code on GitHub), essentially to show that the company has nothing to hide.

“The key goal of the solution is to help the web3 community save billions of dollars by making the decentralized ledger ecosystem a safer place to cooperate and work, which will benefit all stakeholders in the long run. ”, he added. “You don’t need to trust us, but at least you go into more detail.”

One thing that is still unclear: monetization.

I asked Dulub how he plans to monetize Web3 Antivirus.

“In many ways,” he replied. “B2C [business to consumer] premium subscriptions for additional details and assessment of financial risks, B2B [business to business] SaaS models with pay-as-you-go and collaboration: While interacting with a protocol, a user can be notified about other available options.”

“An example: when purchasing a token on OpenSea, users may receive a message that there is a way to save on fees by using Sudoswap, Blur, or X2Y2 instead.”

The plugin is brand new, just released. According to the Chrome Web Store, it has less than 100 users to date. However, it definitely fills a need in the market: the ability to get confirmation from a reputable third party that the smart contract you are about to sign will not deplete all of your Ethereum. So if it proves to be effective, there is certainly an opportunity for significant growth.

And it would be nice to know with some level of confidence that trading crypto, buying an NFT, joining a DAO, or playing a web3 game is safe.