Blockaid, an Israel-based Web3 security startup, announced raising $33 million today in its latest round.
Ribbit Capital and Variant led the round, with participation from Cyberstarts, Sequoia Capital, and Greylock Partners.
The capital injection will be used to expand Blockaid’s product offerings, customer base, and team, all aimed at tackling ongoing security challenges within the Web3 space, including fraud, phishing, and hacks.
Launched last year by alumni of Israel’s Unit 8200 cyber intelligence unit and recently emerged from stealth mode, Blockaid also revealed its inaugural customers, which include prominent names like Metamask, Opensea, Rainbow, and Zerion.
“Soon after starting the company, we got a quick seed investment and started to work with some of the biggest and best companies in the space to solve some of the biggest problems, primarily protecting users from nasty kinds of attacks,” Ido Ben Natan, co-founder and CEO of Blockaid, told Decrypt. “Since then, we’ve scanned over 450 million transactions, of which over 1.2 million have been malicious, securing over $500 worth of funds.”
How Blockaid’s tech works
Blockaid offers two security solutions.
The first is its dApp Scanning Engine, which is responsible for emulating all potential user actions in a decentralized application (dApp) and determining if these actions, as well as the dApp itself, are malicious.
The second solution is the dApp Scanning Sandbox, which safely simulates user interactions with a dApp without putting any user assets at risk. If any transactions within the sandbox are identified as malicious, the entire dApp is instantly marked as malicious, meaning that every user safeguarded by Blockaid will be shielded from the threats posed by this malicious dApp.
End users benefit from an added layer of protection without incurring any additional costs or efforts as both of Blockaid’s security solutions are integrated into wallets, allowing providers to monitor transactions, interact with dApps, and communicate with smart contracts.
Blockaid says it’s different from its competitors in two significant ways.
First, it’s compatible with any blockchain network. Second, Blockaid claims to be the sole security solution provider capable of simulating off-chain signatures described in EIP-712—a standard for secure off-chain signature verification on the Ethereum blockchain—just as effectively as on-chain transactions.
Highlighting the importance of the enhanced security for Web3 wallets, Blockaid’s co-founder and CTO Raz Niv pointed out that more than 10% of web replication they investigate are actually malicious sites like wallet drainers that try to fool the users into clicking buttons that will eventually empty their wallets.
“This is a huge problem, something that really stalls mass adoption,” Niv told Decrypt.” You can’t bring regular users to an industry where out of 10 sites one is malicious. And this is exactly the tech we’re building.”
Vitalik Buterin’s Twitter incident
Comparing Blockaid’s detection engine to an antivirus, the CTO said the company’s tech played a crucial role in shielding more than $100,000 in user assets from potential theft during the September incident that saw the Twitter account of the Ethereum co-founder Vitalik Buterin getting compromised and almost $700,000 in user assets stolen.
“We were able to catch the exact wallet drainer that was published in Vitalik’s Twitter more than 24 hours before the first user was connected to the [malicious] site and got hacked,” Niv told Decrypt.
The attack still led to $700,000 in losses, including valuable NFTs, from wallets that were not protected by Blockaid.
The incident, according to Blockaid’s CEO, served as further proof that Web3 space can be really scary, “something that we don’t want our parents to use,” given the level of existing risks.
“The overall goal of what we’re doing at Blockaid is to really try to make the industry much safer, so that more and more users can use this technology,” Ben Nathan told Decrypt. “That’s about signing transactions with confidence and seeing much less malicious activity.”