Frequently Asked Questions

SHIELD is currently in public beta. This means the core engine is fully operational and actively protecting users, but the product continues to evolve — new threat categories are being added, detection coverage is expanding across additional EVM chains, and the classification AI is continuously refined based on emerging attack patterns.

Being in beta also means we are transparent about limitations: no security tool eliminates 100% of risk, and novel attack vectors may not be detected immediately upon first appearance. SHIELD reduces the attack surface significantly — but always conduct your own due diligence before signing any transaction.

SHIELD's threat intelligence engine currently covers the following EVM-compatible networks:

• Ethereum Mainnet
• BNB Chain (BSC)
• Polygon (MATIC)
• Arbitrum One
• Base
• Avalanche C-Chain

Coverage across additional chains — including Optimism, zkSync, and Linea — is on the development roadmap. Phishing and domain-level threats are chain-agnostic and are detected regardless of which network is active in your wallet.

The moment your browser navigates to any URL, SHIELD's classification engine activates and evaluates the domain against multiple threat vectors simultaneously:

• Domain age analysis — phishing sites are almost always freshly registered. Domains under 30 days old interacting with wallet connection events are flagged immediately.
• IDN homograph detection — attackers use Unicode characters visually identical to Latin letters to spoof legitimate domains (e.g., uniswаp.org with a Cyrillic 'а'). SHIELD normalizes all domain strings before comparison.
• Typosquatting similarity scoring — the engine computes edit-distance scores against a reference database of 300+ legitimate DeFi protocol domains.
• SSL certificate provenance — self-issued or free certificates on domains mimicking established protocols are treated as elevated risk signals.
• Known-bad infrastructure fingerprinting — IP ranges, hosting providers, and nameserver patterns associated with previous phishing campaigns are tracked and used to flag new deployments on the same infrastructure.

All of the above runs locally or via a sub-50ms API call — you never see a loading delay and the verdict is rendered before your wallet extension has a chance to prompt you.

A honeypot contract is a token engineered to allow unrestricted buying while making it technically impossible — or economically prohibitive — for anyone other than the deployer to sell. Common implementation patterns include:

• Hidden require(isWhitelisted[msg.sender]) checks inside the _transfer function that revert for non-owner callers
• Dynamic tax functions that return 100% on sell for addresses not controlled by the deployer
• Admin-callable functions that toggle a tradingEnabled flag to freeze sells after a pump
• Fake liquidity locks that expire within hours of token launch

SHIELD dispatches the contract address to an on-chain simulation layer that executes a test sell transaction against the contract bytecode without broadcasting it. If the simulation reverts or returns a zero-value output, SHIELD issues a CRITICAL honeypot alert before you execute the buy. This process takes under 800ms on a cold query.

An infinite approval is when a smart contract requests permission to spend the maximum possible amount of an ERC-20 token from your wallet — type(uint256).max — rather than only the amount required for the current transaction. This is the most prevalent wallet drain vector in DeFi today.

Once granted, the approved contract can drain your entire token balance at any point in the future — even months later, and even after you have stopped using the protocol. If that contract is later exploited, upgraded maliciously, or was designed as a drainer from the start, your full balance is at risk with no further action required from you.

SHIELD intercepts every approval transaction before your wallet signs it, decodes the spender address and amount parameter, and presents you with a clear warning if an infinite spend is being requested. It then recommends approving only the exact amount needed for the current operation. This single feature prevents the majority of DeFi wallet drain incidents.

No. SHIELD's threat database is not manually curated — it is driven by an automated on-chain monitoring system that operates continuously across all covered networks. The system tracks:

• Newly deployed smart contracts and their bytecode similarity to known drainer families
• Deployer wallet histories — if an address has previously launched contracts that were flagged, new deployments from that address inherit elevated risk scores
• Liquidity event anomalies — coordinated liquidity removal patterns that match historical rugpull signatures
• Domain registration feeds — newly registered domains containing DeFi protocol keywords are immediately evaluated
• Social signal correlation — community-reported scam campaigns are cross-referenced with on-chain activity to confirm and propagate threat verdicts

The threat database refreshes across all active SHIELD instances every 6 hours maximum, via a signed and encrypted pull — no Chrome Web Store update required. This over-the-air intelligence system means SHIELD responds to new threats in hours, not weeks.

Address poisoning is an attack where a threat actor sends zero-value or dust transactions to your wallet from a vanity address that is visually identical to an address you have previously interacted with — matching the first 4-6 and last 4-6 characters. The goal is to contaminate your transaction history so that when you copy-paste a recent address, you accidentally select the attacker's address instead of the legitimate one.

This attack requires no smart contract interaction, no phishing page, and no malware. It exploits the human tendency to verify only the beginning and end of a long hex string. Losses from address poisoning have exceeded tens of millions of dollars across documented incidents.

SHIELD detects similarity patterns between addresses in your active transaction context and known poisoning wallets in its threat database, issuing a HIGH alert before any outbound transfer is broadcast.

Rugpulls share a recognizable on-chain fingerprint that SHIELD's engine is trained to identify. Key risk indicators include:

• Liquidity lock expiry — liquidity locked for less than 30 days signals that the team retains the ability to remove it imminently
• Admin key concentration — contracts where a single EOA controls mint, pause, and upgrade functions represent a single point of failure and malicious intent risk
• Upgradeable proxy patterns without timelock — proxies that can be pointed to new implementation contracts without a governance delay allow instant rug execution
• Deployer wallet history — wallets that have previously deployed tokens that were rugpulled are flagged regardless of the new token's apparent legitimacy
• Team allocation concentration — wallets holding >30% of total supply with no vesting schedule are capable of single-transaction price collapse

SHIELD does not guarantee detection of all rugpulls — particularly well-structured long-con operations — but surfaces all available risk signals clearly before you commit capital.

Yes. Malicious airdrop tokens — sometimes called "dusting attacks" in the DeFi context — are unsolicited tokens sent to your wallet specifically to lure you to a fraudulent claim site. The playbook is consistent: you see an unknown token with an apparently high USD value in your wallet, you visit the site linked in the token's contract metadata to "claim" or "sell" it, and the site either harvests your seed phrase or prompts you to sign a SetApprovalForAll transaction that empties your NFT holdings, or an infinite ERC-20 approval that drains your tokens.

SHIELD flags unknown tokens that appear in your wallet without any prior transaction history linking you to the deployer, particularly when those tokens reference recently registered domains in their contract metadata. These receive a CRITICAL or HIGH classification depending on confirmed domain threat status.

Absolutely not. SHIELD CryptoGuard never requests, reads, stores, or transmits your private keys, seed phrase, or any wallet credential. The extension operates exclusively on publicly visible data: URLs, smart contract addresses, on-chain transaction parameters, and token approval metadata that is already exposed to the browser environment at the moment of signing.

Any tool — browser extension or otherwise — that requests your seed phrase is attempting to steal your wallet. SHIELD will never ask for this information under any circumstance, and if you encounter a prompt claiming to be SHIELD requesting your seed phrase, you are looking at a phishing attack impersonating our product.

SHIELD operates on a strict minimal data collection principle. When a threat query is required, the extension transmits only the specific data point being evaluated — a domain string or a contract address — to SHIELD's backend API. This data is processed transiently for threat classification and is not stored as a persistent record linked to your identity.

SHIELD does not track your browsing history, does not build a behavioral profile, does not store your wallet address in our databases, and does not sell or share any user data with third parties for commercial purposes. Your subscription email (if you are a PRO user) is held by Stripe and is used exclusively for billing communications.

Full details are in our Privacy Policy.

The Free tier provides essential phishing and domain protection, access to the public threat blacklist, and up to 5 smart contract analyses per day. It is suitable for occasional Web3 users who interact primarily with well-established protocols.

The PRO Shield plan ($9/month, 7-day free trial included) unlocks the full threat detection stack:

• Unlimited smart contract analyses with full bytecode-level honeypot simulation
• Infinite approval interception and transaction firewall
• Real-time alerts for rugpull risk, address poisoning, and malicious airdrop tokens
• Access to the premium threat intelligence database updated every 6 hours
• Priority threat verdict processing

For anyone actively trading on DEXs, interacting with new protocols, or holding significant on-chain value, PRO Shield provides the full protection stack that the threat environment demands.

Yes. PRO Shield subscriptions can be cancelled at any time through your Stripe billing portal with no penalty and no lock-in period. Cancellation takes effect at the end of your current billing cycle — you retain full PRO access until that date. No questions asked, no retention flows, no dark patterns.

The 7-day free trial period will not be charged if cancelled before it expires.

No — and any tool that makes this claim is being dishonest with you. The Web3 threat landscape evolves faster than any detection system can perfectly track. Novel attack architectures, zero-day contract exploits, and highly sophisticated social engineering campaigns may not be identified by SHIELD's current detection logic at the moment of first deployment.

What SHIELD provides is a significant and continuously improving reduction of the attack surface — covering the majority of threat categories that account for the overwhelming proportion of documented on-chain losses. It is a security layer, not a guarantee. The responsibility for due diligence, transaction verification, and safe key management always remains with you.

We say this not to diminish the value of the product, but because we believe users who understand the actual protection model make better decisions than users who believe they are fully invincible.