Author: Kaori, Jack, BlockBeats
When the addresses of big players are continuously attacked, and hackers take away tens of millions of dollars at a time, everyone notices that the security tools they usually use have started generating revenue. Last week, the security plugin Scam Sniffer, which is almost essential for trading cryptocurrencies, was discovered by the community to have suddenly added an inexplicable fee during transactions, inserting commands to automatically deduct fees before signing. In the on-chain world where security is of utmost importance, this news raised questions among the community and many users, with some even uninstalling the Scam Sniffer plugin directly.
On October 19, the official team of Scam Sniffer stated on their X account that they apologize for any inconvenience the new fees for the Scam Sniffer plugin may cause users, stating, "Scam Sniffer is working hard to improve notification features to enhance transparency."
Scam Sniffer's Fees Spark Controversy
After reviewing the plugin interface and official website, BlockBeats reporters found that Scam Sniffer has set up a fee notification banner and updated documentation detailing the fee deductions. Additionally, the free version of the plugin has advanced features enabled by default, which has also raised user concerns.
The official documentation of Scam Sniffer shows that the plugin implements the fee feature by seamlessly integrating a custom command into Uniswap's universal router transactions. A fee of 0.25% will be charged for specific DEX transactions, such as Uniswap and Pancake. If users disable the "Enable Advanced Plan" option, some features will become unavailable, including ad removal, fewer detection times, and higher levels of security protection.
To ensure users' payment capabilities and fairness, Scam Sniffer has set a fee cap of $400 per address per month. Furthermore, addresses of users who have purchased the plugin will be whitelisted and exempt from any fees for the first three months, meaning Scam Sniffer has abandoned a buyout service model in favor of charging fees per transaction, stating that "future fees will become a default component of the product."
Left: User-shared Scam Sniffer plugin confirmation interface before transaction; Right: Free version of Scam Sniffer plugin interface with added fee reminder and advertisements
In response to the fee controversy, Scam Sniffer emphasized, "A transparent structure is crucial for gaining user trust, and clear notifications can reduce confusion and enhance user experience." It is evident that Scam Sniffer's fee plan has long been part of its product development strategy, and this response is more about addressing the public relations issue of failing to notify users in a timely manner.
Regarding user concerns about whether Scam Sniffer would alter transactions, BlockBeats verified with GoPlus founder Mike, who stated that the 0.25% fee charged by the Scam Sniffer plugin for specific DEX transactions is the same as the fees charged by Uniswap's frontend and does not alter user transactions.
However, the community still shows significant division over Scam Sniffer's sudden fee plan. Some users believe that changing the fee model to a recharge method, charging based on detection counts or dates, would be better, stating that Scam Sniffer "is a security plugin that makes users worry about security." Another user pointed out the monopolistic issues behind the fees, arguing that "such an exaggerated rate can only be charged by a monopolistic position."
However, some users are not sensitive to the fees themselves and are more concerned about the product improvements and long-term benefits that paying can bring. WTF Academy founder 0xAA expressed support for Scam Sniffer's fees, stating, "Compared to the losses from phishing, this fee is just a drop in the bucket, but the fees need to be transparent; otherwise, user trust will be lost." Another community user, @BTW0205, also believes, "There’s not much issue with paying; if paid funds can develop better products, help more people avoid losses, and ensure the integrity of the team's operations, it is worth it."
Earning Difficulties: What is the Right Way to Make Money?
Accompanying this event is a discussion about the business models in the crypto security industry.
How to generate cash flow? This is the "truth of making money" that most founders and investors have been pondering as this cycle has developed. Since the exit logic of "issuing tokens - going public - lying flat" is no longer valid, it might be worth learning from the "dividend philosophy" that is currently popular in traditional markets. Products like Pump.fun and GMGN have made significant profits in the meme market, further proving this new logic of making money and exiting.
When "issuing tokens" is no longer the only business model, the ability of projects to generate revenue becomes particularly important. Many products that already have product-market fit (PMF) are beginning to explore their monetization paths, and the crypto security field is one of them.
Are Value-Added Services the Answer?
Similar to traditional internet security, blockchain security services can also be roughly divided into B-end and C-end. For the B-end, a blockchain project's security is divided into pre-chain and post-chain. Pre-chain mainly involves the security audit of smart contract code, while post-chain includes attack tracing, threat intelligence, and real-time monitoring. For the C-end, it mainly involves user wallet security, asset recovery, and other services.
For project parties, setting a security budget is a necessary expense, making it relatively easier for security companies to advance their business in the B-end. However, for ordinary users, although blockchain security guarantees seem more urgent and necessary compared to traditional internet security, having a demand does not mean that the business model for security services can easily achieve profitability.
Only when specific scenarios trigger urgent needs will users' willingness to pay become strong. For example, before users accept the fact that their assets have been stolen, conveying the need to security companies may prompt users to engage in payment behavior. However, such scenarios are relatively infrequent and difficult to expand, meaning that companies providing security services for C-end users find it challenging to obtain stable cash flow, which may also be one of the considerations for Scam Sniffer to initiate its fee plan.
Yuxian, founder of Slow Mist, mentioned in an interview with BlockBeats that users may be willing to pay high fees to recover stolen assets after the fact, but beforehand, getting users to understand the value of security services and pay for them in advance remains a challenge. GoPlus founder Mike also emphasized this point, stating that how to encourage users to proactively choose to pay for security services before a security incident occurs is key to the development of security products.
Scam Sniffer is not the first security product to adopt front-end fees; the security plugin Pocket Universe, launched in 2022, also charges a fixed fee for specific DEX transactions, with rates as high as 0.8%. Kerberus Sentinel3, which acquired the security plugin Fire this year, also set a fixed fee of 8%.
However, these two products differ from Scam Sniffer in that they both offer insurance value-added services, meaning that if the plugin has scanned and not warned users of transaction risks, users can seek compensation for lost assets. Pocket Universe has a compensation limit of $20,000, while Sentinel3 has a compensation limit of $30,000.
For Sentinel3, not all users are eligible for compensation. Sentinel3's product services are divided into free and paid versions, with the paid version requiring a payment of 0.8% fixed fee, which includes eligibility for compensation, RPC services, and anti-address pollution features.
This business model, which divides into free and paid versions, may be clearer and easier for users to accept compared to Scam Sniffer's direct fee initiation. Some users may believe that security is important, but their acceptance of separate charges for security services is relatively low, especially when transitioning from free to paid can create a sense of loss.
However, even with clear product design and value-added services, the actual market acceptance remains a challenge. For example, the Web3 security company Stelo, which raised $6 million led by a16z, shut down all its products at the end of October last year due to the team's misjudgment of market scale, competition level, and market maturity, leading to its products not meeting expectations.
Stelo initially believed that as the user base grew, the system could continuously improve its detection capabilities for malicious transactions through network effects, ultimately forming a positive cycle. However, reality proved that most malicious transactions could be detected through simple rules without relying on network effects. In a market with no entry barriers, numerous competitors, and no strong network effects, Stelo failed to find a suitable profit model and ultimately had to exit the market.
Retreating to the Background Security Layer
So how to achieve a sustainable profit model through innovative charging strategies and value-added services while ensuring user trust is a question that the current crypto security industry needs to consider.
However, one trend that cannot be ignored is that if we compare Web3 to the internet, we may just be entering the era of Windows XP/IE6 browsers. Yuxian believes that as the industry's infrastructure gradually matures, many security products will retreat to the background, becoming default configurations, industry standards, and even user habits.
In this way, how blockchain security can be more deeply embedded in the underlying infrastructure in the future, making security a default service rather than an independently existing product module, further standardizing and intelligentizing, enhancing the overall security level of the ecosystem, and reducing reliance on independent security plugins will be a major trend in industry development.
GoPlus founder Mike stated that the future security infrastructure will sink down to solve all related problems for users, whether for DEX or wallets, users will only need to call this security service layer to meet their security needs. This horizontal expansion means that security services will cover all major scenarios for users, forming a unified security baseline.
Currently, C-end security services remain fragmented, requiring users to integrate different security tools. This fragmentation leads to inconsistent user experiences across different services and high integration costs. In the future, security services will be horizontally expanded and unified into an integrated solution, allowing companies to handle all security issues by referencing this security service layer, thus focusing on their core business without having to separately address user-side security needs.
Returning to the business aspect, according to a Marketsand Markets research report, the blockchain security market size is expected to grow from $3 billion in 2024 to $37.4 billion in 2029, with a compound annual growth rate (CAGR) of 65.5%. This indicates that the crypto security industry still has significant development space, but it also means that market competition will become increasingly fierce, and only those companies that can effectively integrate security technology, user needs, and business models will stand out in this competition.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
