When the addresses of bigwigs were attacked one after another and tens of millions of dollars were taken away by hackers, everyone found that the commonly used security tools began to generate income. Last week, the community discovered that Scam Sniffer, a security plug-in that is almost a must-have for cryptocurrency trading, suddenly had an inexplicable fee during transactions. It would insert instructions before signing to automatically deduct the fee. In the on-chain world where security is a top priority, this news aroused doubts from the community and users, and some users even directly uninstalled the Scam Sniffer plug-in.

On October 19, the official Scam Sniffer team said on the X account that they apologized for the inconvenience that the new fees of the Scam Sniffer plug-in product may cause to users, "Scam Sniffer is working to improve the notification function to increase transparency."

Scam Sniffer charges cause controversy

After consulting the plug-in interface and official website, BlockBeats reporters found that Scam Sniffer officials have set up fee notification banners and document updates that introduce fee deduction details. In addition, the free version of the plug-in has advanced features enabled by default, which has also aroused user doubts.

The official Scam Sniffer document shows that the plug-in implements the charging function by seamlessly integrating a custom instruction in the Uniswap universal router transaction. For specific DEXs, such as Uniswap and Pancake transactions, a fee of 0.25% will be charged. If the user disables the "Enable Premium Plan" option, some features will be unavailable, including ad removal, fewer detections, and a higher level of security protection.

In order to protect the user's ability to pay and fairness, Scam Sniffer has set a fee cap of $400 per address per month. In addition, the user addresses that have purchased the plug-in will be whitelisted and will be exempt from any fees for the first three months, which means that Scam Sniffer has abandoned the buyout service and instead charged fees from each transaction, and said that "future fees will become a default component of the product."

Left: The interface of the Scam Sniffer plug-in shared by a user before confirming a transaction; Right: The interface of the free version of the Scam Sniffer plug-in after adding a fee reminder and adding advertisements

In response to the charging controversy, Scam Sniffer emphasized that "a transparent structure is essential to winning user trust, and clear notifications can reduce confusion and improve user experience." It can be seen that Scam Sniffer's charging plan has long been part of its product development strategy, and this response is more about the public opinion issue of failing to notify users in a timely manner.

Regarding users' concerns about whether Scam Sniffer will tamper with transactions, BlockBeats verified with Mike, the founder of security company GoPlus, that the 0.25% fee charged by the Scam Sniffer plug-in for specific DEX transactions is the same as the fee charged by the Uniswap front-end, and will not tamper with user transactions.

However, the community still has obvious differences on Scam Sniffer's sudden payment plan. Some users believe that it would be better to change the charging model to a recharge method and subscribe by detection times or dates, saying that Scam Sniffer "is a security plug-in itself but makes users worry about safety." Another user pointed out the monopoly problem behind the charging, believing that "such an exaggerated rate can only be charged by a monopoly position."

However, some users are not sensitive to the charges themselves, but are more concerned about the product improvement and long-term benefits that payment can bring. 0xAA, founder of WTF Academy, expressed support for Scam Sniffer charging, "Compared to the loss of phishing, this fee is just a drop in the bucket, but the fee needs to be transparent, otherwise it will lose user trust." Another community user @BTW0205 also believes that "paid use is not a big problem. If you can use the paid funds to develop better products, help more people avoid losses, and ensure the integrity of the team's operations, it is worth it."

It's hard to make a living, what is the correct way to make money?

Along with this incident, there is also a discussion about the business model of the crypto security industry.

How to generate cash flow? This is the "truth of making money" that most founders and investors are thinking about since the development of this cycle. Since the exit logic of "issuing coins-listing-lying flat" is no longer valid, it is better to learn the "dividend philosophy" that is popular in the current traditional market. After products such as Pump.fun and GMGN made a lot of money in the meme market, this new logic of making money and exit seems to have been further proved.

When "issuing coins" is no longer the only business model, the project's ability to generate revenue becomes particularly important. Many products that already have PMFs have begun to figure out their own monetization paths, and the field of crypto security is one of them.

Is value-added service the answer?

Similar to traditional Internet security, blockchain security services are roughly divided into B-end and C-end. To the B-end, the security of a blockchain project is divided into pre-chain and post-chain. Before chaining, it is mainly security audits of smart contract codes. After chaining, there are real-time monitoring such as attack tracing and dangerous intelligence. On the C-end, it mainly involves services such as user wallet security and asset recovery.

For project parties, setting a security budget is a necessary expense, so it is relatively easier for security companies to promote their business on the B side. For ordinary users, although blockchain security is more urgent and rigidly needed than traditional Internet, rigid needs do not mean that the business model of security business can easily achieve profitability.

Only after the rigid needs are triggered in specific scenarios will the user's willingness to pay become strong. For example, before users accept the fact that their assets have been stolen, transmitting the demand to security companies may prompt users to pay. However, such scenarios are relatively low-frequency and difficult to expand, which means that companies that provide security services to C-end users find it difficult to obtain stable cash flow, which may also be one of the considerations for Scam Sniffer to start a charging plan.

Yu Xian, the founder of SlowMist, mentioned in an interview with BlockBeats that users may be willing to pay high fees to recover stolen assets afterwards, but beforehand, it is still a challenge to make users understand the value of security services and pay for them in advance. Mike, the founder of GoPlus, also emphasized this point. How to use reasonable charges and value-added services to allow users to actively choose to pay before a security incident occurs is the key to determining the development of security products.

Scam Sniffer is not the first security product to adopt front-end charging. The security plug-in product Pocket Universe, which was born in 2022, also charges a fixed fee for transactions on specific DEXs, with a rate as high as 0.8%. Kerberus Sentinel3, which acquired the security plug-in product Fire this year, also set a fixed fee of 8%.

However, the difference between these two products and Scam Sniffer is that they have launched insurance value-added services, that is, if the plug-in has been scanned and has not warned the user of transaction risks, the user can seek compensation for lost assets. The claim limit for Pocket Universe is US$20,000, and the claim limit for Sentinel3 is US$30,000.

As for Sentinel3, not all users are eligible for claims. Sentinel3's product services are divided into free and paid versions. The paid version requires a fixed fee of 0.8%, and its functions include claim eligibility, RPC service, and anti-address pollution.

This business model with free and paid versions may be clearer and easier for users to accept than Scam Sniffer's direct charging plan. Because some users believe that security is important, but they are less receptive to charging for security services separately, especially when it changes from free to paid.

However, even with clear product design and value-added services, actual market acceptance remains a challenge. For example, Stelo, a Web3 security company that received $6 million in funding led by a16z, shut down all its products at the end of October last year because the team misjudged the market size, degree of competition, and market maturity, resulting in its products not meeting expectations.

Stelo initially believed that as the number of users increased, the system would continuously improve its ability to detect malicious transactions through network effects, eventually forming a positive cycle. But reality has proved that most malicious transactions can be detected through simple rules and do not need to rely on network effects. In a market with no barriers to entry, many competitors, and no strong network effects, Stelo failed to find a suitable profit model and eventually had to exit the market.

Security layer behind the scenes

So how to achieve a sustainable profit model through innovative charging strategies and value-added services while ensuring user trust is a question that the current crypto security industry needs to think about.

But one trend that must be realized is that if Web3 is compared to the Internet, it may have just entered the era of Windows XP/IE6 browsers. Yu Xian believes that as the industry infrastructure gradually matures, many security products will retreat to the background and become the default configuration, industry standards, and even user habits.

In this way, how blockchain security will be more deeply embedded in the underlying infrastructure in the future, making security a default service rather than an independent product module, further standardizing and intelligentizing, and improving the security level of the overall ecology, thereby reducing dependence on independent security plug-ins, will be the general trend of industry development.

GoPlus founder Mike said that the future security infrastructure will sink to solve all related problems for users. Whether it is DEX or wallet, it only needs to call this security service layer to meet its security needs. This horizontal expansion means that security services will cover all major scenarios of users and form a unified security baseline.

At present, the security services on the C-end are still fragmented, and users need to integrate different security tools. This fragmentation leads to inconsistent user experience between different services and high integration costs. In the future, security services will be horizontally expanded and unified into an integrated solution. Enterprises only need to refer to this layer of security services to handle all security issues, so as to focus on their core business without having to solve the security needs of the user side separately.

Back to the matter of doing business, according to a research report by Marketsand Markets, the size of the blockchain security market will grow from US$3 billion in 2024 to US$37.4 billion in 2029, with a compound annual growth rate (CAGR) of 65.5%, which means that the encryption security industry still has a lot of room for development, but it also means that market competition will become more and more fierce. Only those companies that can effectively integrate security technology, user needs and business models can stand out in this competition.

欢迎加入律动 BlockBeats 官方社群：

Telegram 订阅群：https://t.me/theblockbeats

Telegram 交流群：https://t.me/BlockBeats_App

Twitter 官方账号：https://twitter.com/BlockBeatsAsia