This document will be part of the terms and conditions of your agreement and therefore needs to contain all the required information about the project. Don’t remove any of the mandatory parts presented in bold letters or as headlines! Lines starting with a
>(such as this one) can be removed.
See the Grants Program Process on how to submit a proposal.
- Project Name: Nighthawk
- Team Name: PhishFort
- Payment Address: 0x689874C41A979082EEd74ca880Ca3487aF85710D
- Category: Web3 and FOSS
The combination of your GitHub account submitting the application and the payment address above will be your unique identifier during the program. Please keep them safe.
Phishing is the biggest security challenge that end users face in crypto, period. We are in desperate need for crypto centric solutions to our security issues in the space and phishing is no different. From fake Vitalik giveaways on Twitter to phishing streams from the EF on youtube to good old fashioned phishing emails, we have a challenge on our hands when it comes to keeping our users safe. Users need to know:
- That when they interact with websites, social media accounts, social media posts, that they are in fact interacting with the person(s) they think they are (authenticity).
- That as far as is possible, they are not interacting with malicious content online.
NightHawk addresses both of these problems using a clean UI and UX for the end user.
Phishing is far more than just a security threat to the ecosystem. It’s regularly cited by both newcomers and experienced users as one of their biggest fears and hurdles to adoption in the space. Phishing is a hurdle to adoption. We put forward this project as a positive step towards keeping users safe online in our industry.
Nighthawk is a free anti-phishing browser extension offering safe browsing in the web3 field.
The plugin is 100% open source, privacy focused and does nothing to store users browsing history or anything else privacy compromising on our servers. It is almost completely serverless with all activity happening in the browser for the user.
It’s widely known that the crypto space, including the Polkadot community, is consistently under the threat of scams. While quantifying the exact losses is challenging, phishing attacks have resulted in the loss of hundreds of millions of dollars across the crypto ecosystem. PhishFort is embarking on a significant initiative by creating a consumer-oriented, community-driven, free, and efficient solution to combat this problem. While our primary business involves providing B2B services to various industry communities, this project is our way of giving back to the entire crypto industry without commercial interests.
Our motivation to undertake this endeavour stems from our deep understanding of the crypto landscape and the severe damage inflicted by phishing attacks in a matter of minutes. What has been missing in this fight against phishing is a swift response mechanism driven by the community. Although we take pride in promptly removing malicious content from the internet, we recognise the need to offer real-time protection to end users if we are to collectively address this problem. Nighthawk has been designed to serve this exact purpose.
For too long, end users have been easy prey for scammers, but we aim to change this dynamic. By allowing users to report scams and disseminate these reports to the entire userbase for near real-time protection, we aspire to transform potential victims into proactive responders.
The MVP of the project has been successfully deployed to the Chrome Store and Add-ons Store, available here:
The stack is mostly TypeScript based, with React for most front end components and GCP cloud provider to facilitate the sharing of threat intel with the extension.
As a next step, we aspire to integrate auto-classification and rule-generation engine into the plugin.
Here are three steps to this:
- Heuristic engine development
- Rule generation and integrating submitting rules suggested by the community
- LLM based rule generation
- Team Lead: Valentyn
- 23 team members at PhishFort all of whom will contribute to this in various ways, from engineering to analysis of reports, to the design of the project.
- Contact Name: Valentyn Markushev
- Contact Email: valentyn.markushev (at) phishfort.com
- Website: Phishfort.com , Nighthawk.Phishfort.com
- Registered Address: 160 Robinson Road, #14-04 Singapore Business Federation Centre, Singapore
- Registered Legal Entity: PROTAKEDOWN PTE. LTD.
PhishFort is an anti-phishing security team dedicated to fighting phishing in the crypto world. We’ve been working in the space for 5 years now, building quietly and helping some of the biggest web3 and crypto companies in the world execute an anti-phishing strategy with us. We detect and shut down scams in the space and we’re proud of the work we’ve done and continue to do to date. EF will know many of our partners (wallets, DEXs, dApps etc) who we work with in the space to keep safer.
The above is shared to say that above all else, we as a team do nothing but fight phishing in the crypto space, 24/7.
Public repo of the project: https://github.com/phishfort/nighthawk-extension
Please describe why you are applying for this grant.
- Total Estimated Duration: 10 months
- Full-time equivalent (FTE): 5 (see)
- Total Costs: $50,000
The more you can organize your milestones into manageable chunks that are conducive to iteration, the better!
Estimated duration: 2 months
Costs: 10,000 USD
|Conduct a final research on set of rules to start off with
|Design heuristic engine and rule structure
|Finalize the architecture and rule definition
|Create initial rule sets
|For the first milestone we’ll be handcrafting and manually assessing the initial set of rules
|Accuracy modeling and testing
|Run initial rules in controlled environment and minimize false positives and assess performance
Estimated Duration: 3 months
Costs: 15,000 USD
|Functionality for accepting rules from users
|Add UI/UX, testing, evaluation and distribution of users’ submitted rules
|False positive check
|False positive auto check for community rules against an appropriate dataset
|Performance feedback for users’ rule
|Run a test of the users’ rules on sample websites and report performance back to users. This allows the user to assess whether the rule performs as expected
|Search, sort and pack subsets of data sets for model training for Milestone 3
Estimated Duration: 5 months
Costs: 25,000 USD
|Group rule datasets and relevant training data for LLM processing
|Apply insights to the data using human and machine-assisted activities and expose the model to a vast amount of data. Research to be conducted on performance of RAG/FT/PEFT and choose an appropriate mechanism
|Model performance evaluation
|Determine the effectiveness of the data within the model and adjusting pre-trained parameters to improve its performance
|Test the model within small group of volunteers and team
|After bug fixing and mitigating issues, open testing to a wider audience
We are a team of security professionals who will battle phishing to make web3 space as secure as possible for everyone. We believe that auto-classification would bring anti-phishing protection to a new level. In addition, crypto communities is a crucial part of our venture, thus we want to foster a strong sense of collaboration, transparency, and innovation within these communities to drive the success of our project and contribute to the broader growth of the cryptocurrency ecosystem.
This is a good place to share how you might like to get more grant funding for future work
How did you hear about the Grants Program? Medium
Last year we acquired a grant from Coinbase to build the MVP. Unfortunately, their grant program is closed this year. Thus, we are actively seeking fresh prospects to enhance Nighthawk further.