Self-custody of crypto allows us to be our own banks. In many ways, this is great. We remain in full control of our assets. Our transactions can't be censored. Our funds can't be used without our knowledge.

These benefits come with a cost, though. Interacting with the blockchain can be dangerous, and there is no blueprint that tells us whether a destination is safe or unsafe - good or bad. Access to funds plus a lack of guardrails make crypto users the perfect target for scammers. Low protection, high reward.

Our goal at Oz Security is to provide this blueprint to guide users of any dApp or wallet to avoid bad actors both on and off chain. In cybersecurity, this blueprint is called a threat intelligence feed.

What is threat intelligence?

Threat intelligence is a highly curated dataset that identifies and describes malicious actors, devices, or destinations. Crucially, the data provided by a threat intelligence feed is intelligence - not data. Intelligence is actionable, meaning those interacting with it can use the information to make better choices.

In the case of crypto-focused threat intelligence, data from the feed aids users in making better decisions about:

  1. Whether it's safe to interact with a web page or domain

  2. Whether a smart contract or dApp they're using is performing its intended function

  3. Whether or not to interact with the owner of a given wallet

Which data sources are used for threat intelligence?

Creating a high-quality threat feed relies on multiple sources of data. This data must be normalized and aggregated in order to become useful intelligence. The types of useful data include:

  • Public data available on-chain, including:

    • Transactions

    • Wallet metadata (age, past transactions, balance, etc)

    • Contracts (code analysis, past transactions, owner, etc)

  • Private data, as user reports

Oz uses these signals to create a database of known good and bad actors, and makes the data available via an open API.

Contributing data

One of the most valuable signals for a threat intelligence feed is user input. Oz will collect user input via our Chrome extension. Users can indicate the safety of a web3 endpoint, and Oz will use that signal to help determine the endpoint's overall risk. Users can report on the safety of:

  • Wallets

  • Contracts

  • URLs

When a user contributes data about the safety of an endpoint, they will earn OZT - the native token of the Oz protocol.

Last updated