Security in crypto has never been more important. Blowfish.xyz makes it easy to identify & stop crypto fraud before it happens, and it is the engine that powers Phantom’s Transaction Previews. Blowfish Founder and CEO Fabio Berger joins Brian Friel to talk about some of the recent high profile hacks in crypto, what blowfish is doing to stop them, and how you can stay safe.

Show Notes:

00:55 - Background / How did Blowfish start?

04:14 - What is Blowfish?

05:59 - High Profile Hacks

08:35:08 - Types of Scams, how to avoid them?

17:18 - A builder he admires

Full Transcript:

Brian Friel (00:06):

Hey, everyone, and welcome to the Zeitgeist, the show where we highlight the founders, developers, and designers who are pushing the Web 3.0 space forward. I'm Brian Friel, developer relations at Phantom, and I'm super excited to introduce our guest, Fabio Berger, the founder and CEO of Blowfish.xyz. Blowfish makes it easy to identify and stop crypto fraud before it happens, and it's the engine that powers Phantom's transaction previews.

(00:29):

Fabio, welcome to the show.

Fabio Berger (00:31):

Thanks so much for having me.

Brian Friel (00:32):

I'm really excited to talk to you today. We've been working with you guys for quite a while now, and you guys have been doing great work. We just shared some stats on how many millions of transactions, I think it's 85 million transactions you guys have scanned with us to date in protecting users from wallet drains. But before we get into all that, I'd love to have you introduce yourself and explain a little bit about who you are and how did you start Blowfish?

Fabio Berger (00:55):

Well, I guess I need to start with how I got into crypto. That actually happened in my senior year when I was still studying computer science at Duke and a friend of mine sent me the Bitcoin white paper and I read it. I didn't get it. I read it again and I was like, "Ah, digital scarcity. This is going to be interesting. We can build some interesting stuff with this." So I ended up working full-time in crypto starting at the end of 2016, and I joined 0x Labs as the first hire and was there for three and a half years launching several versions of the protocol. And actually, while I was there, we had launched a way for people to trade assets, peer-to-peer, and there was a subreddit that started and people started to send back and forth these off-chain orders for assets and that was the first time that I came in contact with crypto native scams.

(01:47):

People started to create orders for assets with the same name as USDC or Die, but that were actually counterfeit tokens. And I thought to myself, "Oh, this is problematic. Someone will definitely solve this." And then, I guess, fast forward four years later, the problem was still not solved. And so actually, while I was doing some contract work for Phantom in sort of the space of software supply chain security, I saw again how big of a problem these crypto native scams had become and I decided that I wanted to work on it. So together with my two co-founders, who had also worked at 0x with me, we decided to start Blowfish.

Brian Friel (02:27):

That's awesome. And so just talk a little bit more about that counterfeit token thing because I think to you and I work in this space, we might be very familiar with it, but it sounds almost like an oxymoron where it's like, "Hey, you're in crypto. You're verifying everything you're doing. How can you have counterfeit tokens? How does that actually work?"

Fabio Berger (02:44):

So it all comes down to the fact that the only guaranteed to be unique identifier for a token is the contract address where it is deployed. And so anyone can create a new token, a new asset that has the same symbol and name as a well-known token, let's say, USDC. And so unless you really check very carefully if the contract address is the canonical USDC contract, you could easily get fooled into thinking that someone's trading you real USDC and instead, you're getting a counterfeit token.

(03:18):

And I think that this actually points to this fundamental issue in crypto or fundamental problem that we still have to solve. We have all this amazing math in cryptography to ensure that, Brian, you own this private key and you're the only one who knows it. Therefore, you're the only one who can sign this transaction and authorize the transaction. But, actually knowing what you're signing, that's hard.

Brian Friel (03:41):

Yeah, absolutely. And that might be a good segue to where you guys come into here. As an end-user at Phantom for the past almost a year now, I'd say, it's, what, about eight months or so that we've been working with you guys, it doesn't seem maybe like a whole lot has changed. Hopefully, also if you're using legitimate sites, you see Blowfish too often, but some advanced users might have seen that our simulator has had some pretty big upgrades over the past year in large part due to the work that you guys have been doing. Can you talk a little bit about what Blowfish is and how does this all work under the hood? What are you guys actually doing?

Fabio Berger (04:15):

So at its core, what we are building is a suite of APIs for wallets like Phantom where whenever a user of a wallet is visiting a site and it's asking them to sign something, so it could be a transaction or a message, that wallet can first send it to us and be like, "Hey, is this kosher? Is this doing anything strange, or is this just a vanilla transaction?" And what we are doing under the hood is we're scanning and simulating that transaction and we are looking to see if there are any patterns that we can recognize from previous scams.

(04:50):

We also figure out from the user's perspective, what is this transaction going to do to that user's assets? How is it going to modify their token balances or their NFTs? And we send all of that information back to the wallet and the wallet can then present it to the user. And what's really nice about this is now, instead of going and having to read the smart contract and read a bunch of code to understand what is this transaction going to do, the user can just see, "Okay, this is how my balances are going to change. This is where my assets are moving or not moving." And then they can self-verify if this transaction is doing what they thought it was.

Brian Friel (05:26):

And that's very topical. We're recording this right now in January of 2023, and unfortunately, just earlier this month, there was a very prolific hack where Kevin Rose just lost over $2 million worth of his NFT collection. We've seen many other high profile hacks come in the space as well. Can you talk a little bit about how some of these hacks actually work and maybe, specifically to the Kevin Rose incident, was there anything that he could have done or a similar user who fell into a similar pattern could have done to maybe identify this without having to read the contract code like you're saying?

Fabio Berger (06:00):

Yeah, so it's super unfortunate for Kevin. Every day, hundreds of thousands of people have the same thing occur to them. In this particular case, the attack vector was essentially a OpenSea order. This OpenSea order was crafted such that Kevin was trading his very valuable NFTs in return for nothing. So we call this a trade for nothing OpenSea order. And if you are not using a wallet that sort of shows you what you're about to sign, you could easily fall for this. Had Kevin used Phantom or any other wallet that's powered by Blowfish, he would not have lost his NFTs. We have had a check in place for this exact scam pattern since June of last year. And so this wasn't actually a new attack. This is one that we've known about for a long time and that sort of security-conscious wallets have been protecting their users against. But it turns out that unfortunately, Kevin wasn't using one of those wallets.

Brian Friel (06:59):

And so what would you say to people also who say, "I get it. Signing stuff in crypto is really risky. That's why I have a hardware wallet." What are the strengths and weaknesses of these things? How should people think about using one? Is it like a cure-all solution or maybe, do you have different opinions on that?

Fabio Berger (07:16):

I think a hardware wallet can make sense. It's really designed to protect against malware on your laptop. It's an air-gapped device that has a very minimized interface. All it can do is essentially sign things and you need to physically press a button to authorize that signature. But hardware wallets suffer the same sort of UX challenges and the same scam and hack potential as any other wallet. So there's nothing about a hardware wallet in particular that would've protected, let's say, Kevin, from this attack. What he would need is some sort of an interface that would show him what he's signing and also provide him warnings if he's about to trade, let's say, an OpenSea order where on one side, he's handing off $2 million and in return for that, he's receiving $0.

Brian Friel (08:07):

That's tough when you don't have much of an interface on a hardware wallet to be able to see that for yourself.

(08:12):

Well, let's talk a little bit more about some of these scams because you mentioned the OpenSea scam and that didn't even necessarily seem like it was anything that was wrong with OpenSea, per se. It was just that there was an end user didn't really even know what they were signing, and they were, unfortunately, led to a situation where they thought they were interacting with a trusted party and they weren't. What are some of the other types of scams that you guys see in the wild?

Fabio Berger (08:35):

So there's obviously many different ways that sort of scammers try to lure their victims into signing something. I could kind of talk at length about that, but everyone's seen sort of the scammy NFT AirDrops or the Discord messages promising you huge rewards. But the attack vector, essentially, how do they actually remove the funds out of your wallet? A lot of the times, they're not actually exploiting a weakness in a smart contract. They're either crafting a smart contract that is made to steal your funds or they are crafting a transaction or an order or a message that is made for that purpose. So in the very early days, they weren't doing anything fancy at all. They were literally just asking you to approve them to withdraw your assets and that was kind of enough.

(09:27):

But now that wallets like Phantom are actually showing users these simulation results, it's become a little bit harder. They have to get more creative. So a lot of the attack vectors that we're seeing are actually attempts to circumvent or fool or take down the simulator. These scammers really don't like the simulator because if the user sees that they're about to lose all of their assets, they're much less likely to click Confirm.

(09:54):

I guess the more sophisticated attacks that we're seeing are ways in which the scammer can steal the user's funds, but indirectly. And so in the solana ecosystem, I can give you an example, which is every token that you own, you own in a separate token account. This token account has an authority. This authority is essentially the person who's allowed, authorized to withdraw funds from that account. And so in the early days, the scammers would literally just ask you to sign a transfer that would transfer them your funds. But now, they'll try and be a bit more sophisticated and they'll actually just ask you to change the authority of the account. So the assets haven't moved, but now, the scammer is authorized to move them on your behalf. And so these are some of the scams that we're seeing right now.

Brian Friel (10:43):

So those are things where if you just simulated what's the pre-balance and the post-balance of me signing this transaction, in that case of transferring an authority, you might just say, "Oh." If you're doing this simulation yourself, you're saying, "Well, no coins are going to move," but then come tomorrow evening when you're asleep, the scammer could wake up and say, "Oh, I have authority of all these accounts" and sweep everything.

Fabio Berger (11:06):

This sort of delayed sweep of your accounts obviously gets a lot of people and then makes it really hard for people to actually even know what happened. So a lot of people are then confused and they're like, "Hey, my funds just moved out of my account and I didn't even sign a transaction" and actually, they signed one yesterday.

Brian Friel (11:22):

Yeah, we've heard that. We've seen that in the wild where people post the Twitter and say, "Oh, I was hacked, but I swear I didn't touch anything this week. My phone was off." And that's really unfortunate when that happens.

Fabio Berger (11:33):

When I think really deeply about this problem, I just realized that a lot of this technology was built with some trust assumptions, especially around the dApps that people are using. People kind of assume, "Oh, well, the dApp, you went to this website. You trust this website. We can trust this website and this dApp." And because of that sort of trust assumption, there's essentially a lot of room for scammers to mess with things. And I think that we really need, actually, to rethink this whole dApp to wallet interface and we need to reanalyze it and maybe patch it with this understanding that, actually, users can't trust every dApp, and so we should maybe try and minimize the trust in that interaction.

Brian Friel (12:16):

I keep thinking back to email like how when the early email providers, you would set up your own email server and then anything could come in and now, we take for granted all the amazing spam prevention that's out there. That obviously comes with its own trade-offs and costs as well, but it seems like we're in a similar moment right now in the crypto space trying to figure that out.

(12:34):

Do you think it's fair to say, too, that you mentioned earlier that a lot of these hacks, maybe we hear a lot when they happen, which is not that frequent, but you hear about the smart contract vulnerabilities that occasionally happen. But is it fair to say that more often than not, it's really social engineering more than anything else that gets the common user, getting them to, like you said, click on a scam link or a bad NFT drop that sends them to a website where they input their seed phrase, those kind of things. Is that what you would think is the bigger issue that we need to face?

Fabio Berger (13:02):

I mean, they're both problems. And that's the interesting thing is we can find stats online for, okay, how much money has been lost to hacks, but there aren't any good stats of knowing how many people have gotten scammed and how much money has been lost to scams. And my hunch is that the number is either equally big and ginormous or maybe even bigger. And yeah, there's definitely sort of an element of it, that social engineering, but it's not only social engineering. Honestly, they kind of prey a lot on people's desire for easy money or a reward or to get in on a really hot NFT mint. These sorts of economic incentives is how they sort of lure people into engaging with them and you could sort of consider that social engineering, but I think it's more a psychological engineering or manipulation.

Brian Friel (13:54):

The sense of urgency that's required with a lot of these things too, potentially.

Fabio Berger (13:58):

Yeah, absolutely. Absolutely.

Brian Friel (14:00):

That makes a lot of sense. So I guess putting yourselves in the shoes of an average Phantom user, not reading the smart contract code for themselves, are there any best practices that you would impart on maybe any crypto user? How should they go about thinking about interacting with dApps and signing transactions?

Fabio Berger (14:20):

I mean, so first of all, always triple-check the domain that you're on. A large portion of the scams that we're seeing are on domains that are pretending to be a legitimate project that that user might trust. In the same way as with emails, you always have to check the email that you're looking at and make sure that it's actually coming from eBay or whatever. You have to do the same thing in crypto when you're dealing with these dApps.

(14:45):

On top of that, I would say, yeah, always look at the simulation results, always sort of double check and make sure that it's doing what you'd expect. Another good piece of advice is to really think similarly to the way you do about your money in the traditional financial system. You have a bank account or a savings account or you have the majority of your funds and then you have a wallet that you carry around in your pocket where you do day-to-day expenses.

(15:14):

And I think that's a good model to have where if you're going to ape into mints, do it from a wallet that doesn't have all of your NFTs in it, right, and that'll already limit the maximum downside that you have. But obviously, it could still hurt to lose all of that money and so you still need to be vigilant and definitely make sure that you're using a wallet that takes security seriously. Obviously, Phantom is a great example of that, but if you're very, very stubborn about sticking with one that doesn't, and I'm not going to name any names, then at least look to see if you can maybe augment the security offered by the wallet with an extension or something like that.

Brian Friel (15:52):

That makes a lot of sense. Yeah, you and I were talking just before we started recording about how Anatoly always recommends people have one wallet that only sends to another wallet, never interacts with the smart contract, and that's where you keep most of your funds. Augmenting that with a hardware wallet is great as well. But then, when you are signing things, just using really just the balance that you really need and making sure that you're checking the domain and checking the simulation results.

(16:18):

The domain front, that is hard and that's definitely something that we're definitely thinking a lot about. We have that block list that I know that you guys are big drivers to takedowns on that site or on block list as well. That won't always catch everything. Often, it is reactionary, but it is a wild world out there for users.

Fabio Berger (16:37):

Yeah, I guess one thing that we are working on is copycat detection. We actually want to be able to show users a warning if they're on a site that looks like it's impersonating a well-known site and this is something we can do with machine learning. We've already released it out in a limited sense, but in a broader sense, it's coming to Phantom soon.

Brian Friel (16:59):

Oh, I love that. Dropping the Alpha on the podcast.

Fabio Berger (17:03):

Just a little bit. Just a little bit.

Brian Friel (17:05):

That's great. Yeah, Alpha that keeps us all safe.

(17:07):

Well, Fabio, this has been really awesome discussion. One closing question that we ask all of our guests and I want to hear your opinion on is who is a builder that you admire in the Web 3.0 ecosystem?

Fabio Berger (17:20):

Oh man. I mean, there's many people doing a lot of really awesome stuff. One thing that I have been digging into more recently is a new Permit2 specification or standard that was released by Uniswap. I think it is a really big improvement over the way that sort of token approvals were done previously. And yeah, I think I really give that team kudos for constantly trying to improve every layer of the stack, even things that aren't part of their core product. And yeah, I'm excited to see how this is going to improve the UX experience on Ethereum.

(17:58):

And yeah, I think it's funny even there, it's a great step forward and everything, but it's clear that they haven't been thinking about it as much from how can this be abused by scammers? One thing that we want to do at Blowfish is actually help them improve on that front. But I keep saying this, and I'm going to keep saying it, "We're still early." I said it back in 2016. I said in 2014, and I'm saying it now, "We're still early." And so there's a lot to build and yeah, I'm just excited to be a part of it, part the solution and try and make this space a bit safer.

Brian Friel (18:33):

That's great. Well, we're very grateful to have you on board as well and thank you so much for all that you do in keeping users safe. I just saw and confirmed the stats that it was 85 million transactions scanned with you guys since last April 2022. We're recording this in January '23. During that time, over 18,000 wallet-draining transactions prevented through Blowfish alone. So, thank you guys. We view that as 18,000 users who would've left crypto altogether but are now here to stay. So Fabio, thank you so much for coming on the show. Where can people go to learn more about Blowfish?

Fabio Berger (19:07):

Yeah, thanks so much for having me. Honestly, it was really great. Yeah, if they want to learn more, check out Blowfish.xyz. That's our webpage. You'll find all the information there and you can play around with the API yourself if you're curious and yeah, follow what we're up to.

Brian Friel (19:23):

Fabio Berger, founder and CEO of Blowfish. Thank you so much.

Fabio Berger (19:25):

Thanks.