Your Security Score is your wallet's entire security history condensed into one, easy-to-understand metric. Your Security Score tells you how much your wallet is at risk of scams or hacks, based on your most recent transactions, open token approvals, and people you've interacted with in the past.

Actively monitoring your Security Score, and proactively taking action to increase your score, is your first line of defense against outside attackers.

Harpie uses your wallet's entire history to calculate your Security Score. Let's learn more about each factor that contributes to your overall score.

Token Approvals are the de-facto method that most Web3 apps use to function. They are what allow apps like OpenSea and Uniswap to sell your NFTs and tokens.

"Open" token approvals are exactly what they sound like—token approvals that are left "open" and are not closed, or revoked, after you're finished using an app. These types of approvals are like ticking time bombs, and at any moment, could cause you to lose your hard-earned tokens and NFTs.

Lowering the number of open approvals you have is the easiest way to increase your Security Score.

Token approvals are simultaneously one of the most common things you'll face as a user and also the easiest ways for hackers to get access to your money.

In most instances, token approvals are necessary to use your favorite apps, including DEXs, Web3 Gaming, NFT marketplaces, and more. For example, if you wanted to swap your $USDC for $DAI stablecoin on Uniswap, Uniswap would ask for you to approve your USDC. A transaction would most likely look like this:

Approving your $USDC to Uniswap allows Uniswap to withdraw $USDC from your wallet. In most cases, this is OK. However, if you do not revoke, or close, your open approvals, you open a backdoor into your wallet that attackers can exploit.

There's two main scenarios where approvals can cause you to lose money:

Open Token Approvals are a serious flight-risk to your wallet's security because if a hacker gets access to the dApp or wallet you've approved your tokens to, they are now in full control over the tokens in your wallet.

In 2022, over $21 million was stolen on Transit Swap, a cross chain DEX aggregator. The hacker was able to call the transferFrom function from Transit Swap's smart contract to move all active users' tokens to his own wallet.

For users that lost their money in the Transit Swap hack, simply revoking their open token approvals would have prevented this attack.

Without going into too much detail, gasless signatures are how all of the most popular NFT marketplaces allow to you sell & trade your NFTs without having to pay gas, or transaction fees, each time.

Here's an example:

Gasless signatures look innocuous enough; however, they are the leading cause of NFT theft. Anyone can request a gasless signature to your wallet, and most users overlook the danger because 1) gasless signatures don't cost any money and 2) many apps use gasless signatures as a legitimate way to verify wallet ownership and log you into apps.

The most infamous gasless signature hacking kit, Monkey Drainer, has stolen up to $13 million worth of tokens and NFTs since 2022. Many high-profile Bored Ape Yacht Club holders found their wallets empty because of this attack.

You can read more on our blog by clicking here.

Harpie uses your recent transactions to generate a history of your wallet—who you have interacted with and in what way. It doesn't matter how innocuous the transaction, even transfers of $0.01 or less affect your security score. We've found that users that have interacted at all with a hacker or scammer are 3 times more likely to be scammed again.

We've catalogued and categorized a lot of addresses. We've analyzed and stored over 60 million addresses, ranging from official smart contract addresses that you can trust to the most notorious hackers of the last few years. By knowing who you're sending your money to and understanding the risk of using unofficial or user-tested smart contracts, you can drastically reduce your chance of becoming a victim of an attack.