Security bot Metacert, which protects against cryptocurrency phishing in chat apps like Slack, will soon be able to scan for, and flag, malicious cryptocurrency wallet addresses. The new feature will be available in early October, along with a web browser add-on for the same purpose. The ability to have a wallet to get a wallet verified as safe will be available by the end of the year, founder Paul Walsh told VentureBeat in an email today.
“While some will want to remain anonymous, others might want to be verified so they can increase user trust,” Walsh said.
Metacert security bots first became available last year for the detection of malware, fake news, and pornography for chat apps like Skype and HipChat. Cryptocurrency protection efforts for Slack began four weeks ago.
Since then, Walsh said, the bot has scanned 120 million messages for phishing scams aimed at sucking cryptocurrency out of wallets for currencies like Golem, Omise, Hello Gold, and Coin Fund.
Cryptocurrency phishing attacks on Slack typically come in the form of links imitating the websites of initial coin offerings or popular currencies in order to trick people into sharing access to their wallet.
According to research by blockchain security firm Chainalysis, cryptocurrency owners have lost $225 million in coins and tokens this year, more than half of which was the result of phishing through things like tweets, emails, and Slack messages. More than 30,000 people have fallen prey to attacks, losing $7,500 on average. Most recently, high-profile cases include attempts to steal cryptocurrency online by North Korean hackers.
Walsh first shared an interest in protecting initial coin offerings (ICOs) and addressing cryptocurrency scams in a Medium post in July.
“We haven’t pivoted,” Walsh told VentureBeat. “We actually started off with in-app security, then messaging two years ago, and within messaging cryptocurrency is the role we want to protect, because it’s a real problem.”
Phishing for cryptocurrency on Slack does not always follow traditional phishing strategy, Walsh said.
“We thought they would sent to public channels, but they’re using the Slackbot reminder and the Slack API to send malicious phishing attacks. We didn’t predict that, so we’ve actually had to overhaul our application,” he said.
Last fall the company raised $1.2 million for its security services. Metacert has eight employees and is based in Danville, California.