Securing Web3: An Overview of Aleph Zero Ecosystem ‘DeSec’ Project Interlock
Is incentivized blockchain integrated web browser security the answer, to successfully tackle cybercrime?
By Ryan Xander
Project: Interlock
Website Twitter Discord Medium LinkedIn Telegram Whitepaper Litepaper
The Rise of Decentralized Finance (DeFi)
Decentralized Finance, more commonly known as DeFi is experiencing a steady rise in popularity as an alternative to centralized financial services. Since early 2019 a wave of new firms built on the Ethereum platform, exploded onto the crypto scene, with new and seasoned investors and traders being swamped with high yield crypto earning services, which could be accessed by farming or staking coins on a particular DeFi platform.
Today DeFi refers to an entire ecosystem of financial services, projects and applications, built on blockchain technologies. Yield farming, staking and trading on decentralized exchanges are some of the ways crypto holders can earn profits.
Since DeFi is about cutting out the centralized authorities and middle men, where can users of these services hold their coins? The standard option these days seems to be to self custody them in one’s own private wallet. Metamask is one of the leading browser extension crypto wallets for DeFi users, which can be linked to the platform of choice, giving the user custody and control over the crypto tokens and coins, using their own private keys.
DeFi and Web3 Cyber Attacks are on the rise
Due to the rise in the number of users holding their own coins, rather than in crypto exchanges, the amount of hacks, targeting DeFi users, has also spiked massively over the past two years, with hackers reported to have stolen $3.1bn worth of crypto currency in 2021 and $3.8bn in 2022!
According to the Chainanalysis crypto crime report for 2022, over 80% of the hacks were in DeFi. This is a worrying trend as more people entering this space are being targeted by cyber criminals and scammers, falling prey to their attacks which are growing in frequency and sophistication.
Is prevention better than cure? It’s tricky
Implementing better cybersecurity practises has always been the most effective way in keeping users safe while online, so refraining from clicking on suspicious looking URLs, not visiting sketchy looking websites and making sure some pre-installed or additional security applications are running as a safety net, which will at least make it harder for cybercriminals to successfully attack and exploit any security oversights and vulnerabilities.
In recent years, online fraud has gotten a lot more sophisticated and frequent. Perhaps it is fair to say that less experienced users who have chosen to self-custody their coins using their own private keys and wallets, are not implementing cybersecurity best practices, so as a result are more reckless with how they go about guarding their sensitive data while online.
Consequently, these kinds of security oversights are giving hackers an open door to literally walk in and grab private keys and passwords from compromised systems.
It’s a minefield, danger everywhere, HELP!
There is another argument here, which offers some sympathy for many web users and those entering the DeFi space, in that it is getting harder to spot potential scam projects and fraudulent sites, with tactics such as social engineering being used by scammers, proving to be very effective at roping in unsuspecting users.
Fact is that many users are marching head first into an unregulated space, with little to no protection from DeFi firms, which pretty much comes with the decentralized nature of Decentralized Finance. This is because unlike centralized financial institutions and banks, the lack of central authorities and protocols in place to protect users against losses incurred as a result of fraud, are simply not there.
With nobody to really turn to for help and with more cybercrime happening than ever before, what else can be done to improve the DeFi user experience from a security standpoint?
Enter a new cybercrime fighting superhero
Interlock, a new globally based start-up and pioneer of the DeSec movement (Decentralized Security), believe they have developed solutions to combat some of the most common cybersecurity threats faced by web3 and DeFi users today.
Their goal is to simplify, protect, incentivize and make web security solutions accessible to everyone, harnessing the decentralized data handling power of DLT (Distributed Ledger Technology) and AI, to bring forth an innovative and paradigm shifting strategy in fighting cybercrime in the Web3 space.
The way they intend to help secure the web and succeed where others have largely failed, is by building blockchain based enterprise grade cybersecurity products and a threat intelligence sharing network, bringing in a proactive rather than reactive approach to taking on cybercriminals.
Have a listen to this Twitter live Q&A recording, with members of the Interlock team, outlining their approach on how they are using their tech, to make the internet safer.
The Interlock Team
The three founding members heading up the team, hail from the cyber security and ethical hacking fields, bringing a wealth of relevant industry experience to the table. CEO Rick Deacon, a former Cyber security researcher and YC alumni, is joined by CTO Erhan Justice, a former Apple Engineer and pioneer of browser isolation technology. Principle Engineer, Nick Zivkovic who is an expert in building distributed systems completes the founding team.
What are some of the top security problems in crypto and web3?
- Crypto wallets are loosely guarded, exposing them to potential hackers.
- Users are tricked into handing over wallet keys
- Clicking phishing links
- Giving away passwords
- Signing malicious smart contracts.
- Lack of 2FA security
- Weak passwords and private keys
For some additional reading, check out this excellent and informative Web3 Security Q&A with Interlock CEO Rick Deacon, about the common security threats encountered by users in web3.
Why have Web2 security solutions not solved the problem?
According to the Interlock team, they have become frustrated and unimpressed with the lack of communication and value added relationships between cybersecurity firms and organizations using their products. They hope to change this, by building better relationships with enterprises and users, all working together to create a non-siloed, incentivized threat intelligence sharing network, to more effectively identify existing and new threats in real time.
In Web3, we can gather communities ready to help battle threats and then utilize the data they create, and are rewarded for, to create an even more useful and larger dataset. This dataset, created by individuals, wasn’t possible prior to Web3 due to the lack of collaboration. — Rick Deacon, Interlock CEO
How will Interlock’s solutions make the Internet safer?
Users using security apps such as the ThreatSlayer browser extension, can scan URLs and share the security data within a network. When other users click those links, they will be alerted informing them that the site could be malicious and will be asked to close the tab. There is not much more for users to do, other than leaving ThreatSlayer running as they go about their usual online activities.
ThreatSlayer also picks up novel threats as they become active thanks to the integration of AI based detection algorithms, keeping security data always up to date. Smart contract scanning will also be added in due course.
We built a browser extension that keeps you safe with an AI threat detector and trained it on large datasets of known crypto scams, phishing links, dangerous URLs, malware, and more. — Interlock Team
Integrating the Aleph Zero blockchain into Interlock security products
The Interlock team have chosen to integrate the public DAG enhanced Aleph Zero blockchain platform because they believe it holds some key advantages over other public Layer 1 platforms. In fact, they had also considered Solana integration but ultimately felt that Aleph Zero, with it’s support for private smart contracts (Liminal) and other key advantages, would be a better fit for their particular use case.
The ILOCK Token
The team have created the ILock Token, on the Aleph Zero network, which is a utility token that will be used to reward users within the Interlock ecosystem, when running the ThreatSlayer browser extension and sharing the generated anonymized security data.
This form of incentivized data sharing will help build a strong network of users, all working together in an effort to create better DeFi and Web3 security for everyone.
ILock token integration is not supported in the current build of ThreatSlayer but will be rolling out following a future update.
Enterprise grade infrastructure of Aleph Zero
Some key advantages of building on Aleph Zero will bring benefits such as best in class transaction speeds and instant time to finality, far lower transaction fees compared to more expensive layer 1 platforms, enterprise level security on a fully audited platform, an immutable and decentralized ledger which is permissionless and cannot be halted by a single entity, like centralized server based permissioned systems like AWS can be.
There is actually a whole lot more that Aleph Zero brings to the table, which makes it one of the first true enterprise ready platforms, with WASM smart contract support based on the Substrate stack set to roll out soon on the mainnet.
Is Aleph Zero the new Solana?
The peer reviewed Aleph Zero platform is one of the many newcomers entering the web3 space but the highly educated and skilled team are already making waves, thanks to their relentless yet efficient work ethic, professionalism and expertise, leaving no stone unturned in their quest to build the best enterprise grade layer 1 platform, thus becoming a major competitor to the likes of Ethereum, Solana, Avalanche and Cosmos.
The platform is also quickly catching the attention of the web3 developer community as well as crypto and blockchain enthusiasts, who are starting to view it as a serious contender to some of the top, already established alternatives.
The Aleph Zero Ecosystem is still young with a handful of good quality dApps in development that have been disclosed, with some others still to be announced by project teams.
Learn more about some of the early ecosystem dapps, integrating Aleph Zero technology here in this great write-up by Blockchain software engineer and technical writer, Edinyanga Ottoho.
What Interlock security solutions are currently available?
The Interlock team have so far released the free browser extension based enterprise grade security application, ThreatSlayer, which is supported by Chrome, Microsoft Edge and Brave. Firefox support is also rolling out soon, so will run in pretty much all of the most popular web browsers.
ThreatSlayer can be downloaded for free in the Chrome store. A second application is a security app/bot called Bouncer, which can scan for malicious links in Discord servers.
How will Interlock Promote enterprise adoption and generate revenue?
Enterprises will be encouraged to stake tokens directly, to help support and grow the ecosystem. Interlock will also sell threat intelligence to companies as well as roll out an enterprise version of ThreatSlayer, which will allow organizations to block sites by policy rather than via scanning.
There is also an enterprise focused API called Autocrat, which will bring the same innovative threat detection technology to web applications.
Any company that consumes user input could use Autocrat to protect themselves and their users from phishing attacks.
Some of the Discord servers Bouncer protects, plan to migrate to their own online discussion platforms later this year. Those platforms could use Autocrat to scan every link for every user, rather than every individual user installing Bouncer on their own server. — Dan Tennery-Spalding, Interlock Product Manager
Is the ThreatSlayer browser extension safe to download?
The Interlock team have reiterated that all of their code is open source, public and available for review. If anyone has any doubts, first ensure that they are installing the correct extension by Interlock, looking through their privacy policy and additionally reviewing or getting a professional to review the code to verify that the application is indeed safe, if still in doubt.
Initial impressions of ThreatSlayer 0.0.4 Beta
ThreatSlayer is currently available as a browser extension and can be downloaded in the Chrome store. Setup is pretty much one click to add the extension, which begins working right away with nothing else really to do in terms of setup. Users are greeted with a clean and simple uncluttered, easy to navigate interface, with a few clickable tabs.
Upon opening the extension, I was brought to the main dashboard, which shows the total number of URLs that have been scanned by ThreatSlayer, as well as a breakdown of the unique URLs that have been scanned versus how many of them were malicious.
The Collect Tab currently has options greyed out with a coming soon message. Once active, this is where users can toggle a setting to share anonymized security data in order to receive Ilock tokens, to their specified wallet address.
Upon my initial testing, running ThreatSlayer beta 0.0.4 in the Edge browser, I noticed that real time scanning of URLs was working in this build and during my web browsing, was actively scanning and updating the scanned URL count in the background.
It should be noted that due to to my exemplary browsing habits and cybersecurity best practises, ThreatSlayer had not picked up any malicious threats thus far, in the 10 days that it has been actively running on my system. As someone who is not heavily into DeFi and is quite careful while browsing and installing apps and extensions, it was always likely that ThreatSlayer would not catch any threats.
I shall be delving a little deeper into the world of web3 and DeFi, in order to give ThreatSlayer more of a workout across a few different web browsers, and situations which will expose it to some potentially hazardous activity.
Keep an eye out for a follow up article, which will focus on the security data sharing feature and Ilock token integration once that is added, to give readers more of an insight into how finding threats and sharing the corresponding Intel for rewards, will work in a practical sense.
The DeSec revolution
Is DeSec the future of web3 security? The Interlock team certainly seem to think so and while it’s still early days, what I have observed during my research and observations, is how committed and passionate the team are about their innovative technology.
While it remains to be seen how well their approach will work at scale in real world use, major kudos for attempting something different and being brave enough to embrace blockchain and decentralization, as a foundation on which to build their cybercrime fighting ecosystem on.
Interlock’s desire to see a much more collaborative and proactive rather than reactive and siloed approach to web security, is also commendable and by creating a network of users and organizations all sharing threat intelligence, thanks to the help of AI and an impressive DAG enhanced blockchain platform in Aleph Zero, may actually have the necessary components in place, to effectively deal with some of the biggest cybersecurity threats plaguing DeFi and web3 today and beyond.
Learn more about the Interlock team, project fundamentals and tokenomics here.
