"Issuing tokens" is no longer the only business model; the ability of projects to generate revenue has become particularly important. Many products that already have Product-Market Fit (PMF) are starting to explore their monetization paths, and the crypto security field is one of them.
Written by: Kaori
Edited by: Jack
When the addresses of big players were attacked one after another, with hackers taking away tens of millions of dollars, people noticed that the security tools they commonly used began to generate income. Last week, the security plugin Scam Sniffer, which is almost essential for trading cryptocurrencies, was discovered by the community to have suddenly added an inexplicable fee during transactions, inserting commands to automatically deduct fees before signing. In the on-chain world where security is of utmost importance, this news raised questions among the community and many users, with some even uninstalling the Scam Sniffer plugin directly.
On October 19, the official Scam Sniffer team stated on their X account that they apologize for any inconvenience the new fees for the Scam Sniffer plugin may have caused users, stating, "Scam Sniffer is working to improve its notification features to enhance transparency."
Scam Sniffer's Fee Controversy
After reviewing the plugin interface and official website, BlockBeats reporters found that Scam Sniffer did not promptly clarify the updates to the fee terms to users. Additionally, the free version of the plugin has advanced features enabled by default, which also raised user concerns.
The official documentation of Scam Sniffer shows that the plugin implements its fee structure by seamlessly integrating a custom command into Uniswap's universal router transactions. A fee of 0.25% will be charged for specific DEX transactions, such as Uniswap and Pancake. If users disable the "Enable Premium Plan" option, some features will become unavailable, including ad removal, fewer detection attempts, and higher levels of security protection.
To ensure users' payment capabilities and fairness, Scam Sniffer has set a monthly fee cap of $400 per address. Furthermore, addresses of users who have purchased the plugin will be whitelisted and exempt from any fees for the first three months, meaning Scam Sniffer has abandoned a buyout service model in favor of charging fees per transaction, stating that "future fees will become a default component of the product."
Left: User-shared interface of Scam Sniffer plugin before confirming a transaction; Right: Free version of Scam Sniffer plugin interface with added fee reminder and advertisements
In response to the fee controversy, Scam Sniffer emphasized, "A transparent structure is crucial for gaining user trust, and clear notifications can reduce confusion and enhance user experience." It is evident that Scam Sniffer's fee plan has long been part of its product development strategy, and this response is more about addressing the public relations issue of failing to notify users in a timely manner.
Regarding user concerns about whether Scam Sniffer would alter transactions, BlockBeats verified with GoPlus founder Mike, who stated that the 0.25% fee charged by the Scam Sniffer plugin for specific DEX transactions is the same as the fee charged by Uniswap's frontend; Scam Sniffer is merely "redirecting the fees that users should have paid to Uniswap to its own plugin, and Uniswap allows such operations."
However, the community still shows significant disagreement over Scam Sniffer's sudden fee plan. Some users believe that changing the fee model to a recharge method, charging based on detection attempts or dates, would be better, stating that Scam Sniffer "is a security plugin that makes users worry about security." Another user pointed out the monopolistic issues behind the fees, arguing that "such an exaggerated rate can only be charged by a monopolistic position."
Nevertheless, some users are not sensitive to the fees themselves and are more concerned about the product improvements and long-term benefits that paying can bring. WTF Academy founder 0xAA expressed support for Scam Sniffer's fees, stating, "Compared to the losses from phishing, this fee is just a drop in the bucket, but the fees need to be transparent; otherwise, user trust will be lost." Another community user, @BTW0205, also stated, "There’s not much issue with paying; if the paid funds can be used to develop better products, help more people avoid losses, and ensure the integrity of the team's operations, then it is worth it."
Struggling to Make Money: What is the Right Way to Profit?
This incident has sparked discussions about the business models in the crypto security industry.
How to generate cash flow? This is the "truth of making money" that most founders and investors have been contemplating as this cycle has developed. Since the exit logic of "issuing tokens - going public - lying flat" is no longer valid, it might be worth learning from the "dividend philosophy" that is currently popular in traditional markets. Products like Pump.fun and GMGN have made significant profits in the meme market, further proving this new logic of making money and exiting.
When "issuing tokens" is no longer the only business model, the ability of projects to generate revenue becomes particularly important. Many products that already have PMF are also starting to explore their monetization paths, and the crypto security field is one of them.
Are Value-Added Services the Answer?
Similar to traditional internet security, blockchain security services can also be roughly divided into B-end and C-end. For the B-end, a blockchain project's security is divided into pre-chain and post-chain. Pre-chain mainly involves the security audit of smart contract code, while post-chain includes attack tracing, threat intelligence, and real-time monitoring. For the C-end, it mainly involves user wallet security, asset recovery, and other services.
For project parties, setting a security budget is a necessary expense, making it relatively easier for security companies to advance their business in the B-end. For ordinary users, although blockchain security guarantees seem more urgent and necessary compared to traditional internet security, having a demand does not mean that the business model for security services can easily achieve profitability.
Only when specific scenarios trigger urgent needs will users' willingness to pay become strong. For example, before users accept the fact that their assets have been stolen, conveying the need to the security company may prompt users to pay. However, such scenarios are relatively infrequent and difficult to expand, meaning that companies providing security services for C-end users find it hard to obtain stable cash flow, which may also be one of the considerations for Scam Sniffer to initiate its fee plan.
Yuxian, founder of SlowMist, mentioned in an interview with BlockBeats that users may be willing to pay high fees to recover stolen assets after the fact, but beforehand, getting users to understand the value of security services and pay for them in advance remains a challenge. GoPlus founder Mike also emphasized this point, stating that how to encourage users to proactively choose to pay for security services before incidents occur through reasonable fees and value-added services is key to the development of security products.
Scam Sniffer is not the first security product to adopt front-end fees. The security plugin Pocket Universe, which emerged in 2022, also charges a fixed fee for specific DEX transactions, with rates as high as 0.8%. Kerberus Sentinel3, which acquired the security plugin Fire this year, also set a fixed fee of 8%.
However, these two products differ from Scam Sniffer in that they both offer insurance value-added services, meaning that if the plugin has scanned and not warned users of transaction risks, users can seek compensation for lost assets. Pocket Universe offers a compensation limit of $20,000, while Sentinel3 offers a limit of $30,000.
For Sentinel3, not all users are eligible for compensation. Sentinel3's product services are divided into free and paid versions, with the paid version requiring a payment of 0.8% fixed fee, which includes eligibility for compensation, RPC services, and anti-address pollution features.
This business model, which separates free and paid versions, may be clearer and easier for users to accept compared to Scam Sniffer's direct fee initiation. Some users, while recognizing the importance of security, have a lower acceptance of separate charges for security services, especially when transitioning from free to paid can create a sense of loss.
However, even with clear product design and value-added services, the actual market acceptance remains a challenge. For example, the Web3 security company Stelo, which raised $6 million led by a16z, shut down all its products at the end of October last year due to the team's misjudgment of market scale, competition level, and market maturity, leading to its products not meeting expectations.
Stelo initially believed that as the user base grew, the system could continuously improve its detection capabilities for malicious transactions through network effects, ultimately forming a positive cycle. However, reality proved that most malicious transactions could be detected through simple rules without relying on network effects. In a market with no entry barriers, numerous competitors, and no strong network effects, Stelo failed to find a suitable profit model and ultimately had to exit the market.
Retreating to the Background Security Layer
So how to achieve a sustainable profit model through innovative charging strategies and value-added services while ensuring user trust is a question that the current crypto security industry needs to consider.
However, one trend that cannot be ignored is that if we compare Web3 to the internet, we may just be entering the era of Windows XP/IE6 browsers. Yuxian believes that as the industry's infrastructure gradually matures, many security products will retreat to the background, becoming default configurations, industry standards, and even user habits.
In this way, how blockchain security can be more deeply embedded in the underlying infrastructure in the future, making security a default service rather than an independently existing product module, further standardizing and intelligentizing, enhancing the overall security level of the ecosystem, and thus reducing reliance on independent security plugins will be a major trend in industry development.
Mike, founder of GoPlus, stated that future security infrastructure will sink down to solve all related problems for users, whether for DEX or wallets, users will only need to call this security service layer to meet their security needs. This horizontal expansion means that security services will cover all major scenarios for users, forming a unified security baseline.
Currently, C-end security services are still fragmented, requiring users to integrate different security tools. This fragmentation leads to inconsistent user experiences across different services and high integration costs. In the future, security services will be horizontally expanded and unified into an integrated solution, allowing companies to simply reference this layer of security service to handle all security issues, thus focusing on their core business without having to separately address user-side security needs.
Returning to the business aspect, according to a Marketsand Markets research report, the blockchain security market size is expected to grow from $3 billion in 2024 to $37.4 billion in 2029, with a compound annual growth rate (CAGR) of 65.5%. This indicates that the crypto security industry still has significant room for development, but it also means that market competition will become increasingly fierce. Only those companies that can effectively integrate security technology, user needs, and business models will stand out in this competition.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
