When the essential plugin Scam Sniffer for trading cryptocurrencies charges fees, it sparks controversy over the trade-offs of income for security tools

Authors: Kaori, Jack, BlockBeats

When the addresses of big players are continuously attacked, with hackers taking away tens of millions of dollars, people have noticed that the security tools they commonly use have started generating revenue. Last week, the widely used security plugin Scam Sniffer was discovered by the community to have suddenly added an inexplicable fee during transactions, which automatically deducts charges by inserting commands before signing. In the on-chain world where security is of utmost importance, this news has raised questions among the community and users, with some even uninstalling the Scam Sniffer plugin directly.

On October 19, the official team of Scam Sniffer stated on their X account that they apologize for any inconvenience the new fees for the Scam Sniffer plugin may cause users, stating, "Scam Sniffer is working hard to improve notification features to enhance transparency."

Scam Sniffer's Fees Spark Controversy

After reviewing the plugin interface and official website, BlockBeats reporters found that Scam Sniffer has set up a fee notification banner and updated documentation detailing the fee deductions. Additionally, the free version of the plugin has advanced features enabled by default, which has also raised user concerns.

The official documentation of Scam Sniffer shows that the plugin implements the fee feature by seamlessly integrating a custom command into Uniswap's universal router transactions. A fee of 0.25% will be charged for specific DEX transactions, such as Uniswap and Pancake. If users disable the "Enable Advanced Plan" option, some features will become unavailable, including ad removal, fewer detection counts, and higher levels of security protection.

To ensure users' payment capabilities and fairness, Scam Sniffer has set a fee cap of $400 per address per month. Additionally, addresses of users who have purchased the plugin will be whitelisted, exempting them from any fees for the first three months, meaning Scam Sniffer has abandoned a buyout service model in favor of charging fees per transaction, stating that "future fees will become a default component of the product."

Left: User-shared Scam Sniffer plugin confirmation transaction interface; Right: Free version of Scam Sniffer plugin interface with added fee reminder and advertisements

In response to the fee controversy, Scam Sniffer emphasized, "A transparent structure is crucial for gaining user trust, and clear notifications can reduce confusion and enhance user experience." It is evident that Scam Sniffer's fee plan has long been a part of its product development strategy, and this response is more about addressing the public relations issue of failing to notify users in a timely manner.

Regarding users' concerns about whether Scam Sniffer would alter transactions, BlockBeats verified with GoPlus founder Mike, who stated that the 0.25% fee charged by the Scam Sniffer plugin for specific DEX transactions is the same as the fees charged by Uniswap's frontend and does not alter user transactions.

However, the community still shows significant division over Scam Sniffer's sudden fee plan. Some users believe that changing the charging model to a prepaid method, where fees are deducted based on detection counts or dates, would be better, stating that Scam Sniffer "is a security plugin that makes users worry about security." Another user pointed out the monopolistic issues behind the fees, arguing that "such an exaggerated rate can only be charged due to a monopolistic position."

Nevertheless, some users are not sensitive to the fees themselves and are more concerned about the product improvements and long-term benefits that the fees could bring. 0xAA, founder of WTF Academy, expressed support for Scam Sniffer's fees, stating, "Compared to the losses from phishing, this fee is just a drop in the bucket, but the fees need to be transparent; otherwise, user trust will be lost." Another community user, @BTW0205, also believes, "There’s not much issue with paid usage; if paid funds can develop better products, help more people avoid losses, and ensure the integrity of the team's operations, then it’s worth it."

Difficulties in Monetization: What is the Right Way to Make Money?

This incident has sparked discussions about the business models in the crypto security industry.

How to generate cash flow? This is the "truth of making money" that most founders and investors have been contemplating as this cycle has developed. Since the exit logic of "issuing tokens - going public - lying flat" is no longer valid, it might be worth learning from the "dividend philosophy" that is currently popular in traditional markets. After products like Pump.fun and GMGN made significant profits in the meme market, this new logic of making money and exiting seems to have gained further validation.

When "issuing tokens" is no longer the only business model, the ability of projects to generate revenue becomes particularly important. Many products that already have product-market fit (PMF) are also beginning to explore their monetization paths, and the crypto security field is one of them.

Are Value-Added Services the Answer?

Similar to traditional internet security, blockchain security services can also be roughly divided into B-end and C-end. For the B-end, the security of a blockchain project is divided into pre-chain and post-chain phases. Pre-chain focuses on the security audit of smart contract code, while post-chain involves real-time monitoring of attack tracing, threat intelligence, etc. For the C-end, it mainly involves user wallet security, asset recovery, and other services.

For project parties, setting a security budget is a necessary expense, making it relatively easier for security companies to promote their business in the B-end. However, for ordinary users, although blockchain security protection seems more urgent and necessary compared to traditional internet security, having a demand does not mean that the business model of security services can easily achieve profitability.

Only after a specific scenario triggers a strong demand will users' willingness to pay become intense. For instance, before users accept the fact that their assets have been stolen, conveying the need to security companies may prompt users to make payment. However, such scenarios are relatively low-frequency and difficult to expand, meaning that companies providing security services to C-end users find it challenging to obtain stable cash flow, which may also be one of the considerations for Scam Sniffer to initiate its fee plan.

Yuxian, founder of Slow Mist, mentioned in an interview with BlockBeats that users may be willing to pay high fees to recover stolen assets after the fact, but beforehand, getting users to understand the value of security services and pay for them in advance remains a challenge. GoPlus founder Mike also emphasized this point, stating that how to encourage users to choose to pay proactively before a security incident occurs through reasonable fees and value-added services is key to the development of security products.

Scam Sniffer is not the first security product to adopt front-end charging; the security plugin Pocket Universe, which emerged in 2022, also charges fixed fees for specific DEX transactions, with rates as high as 0.8%. Kerberus Sentinel3, which acquired the security plugin Fire this year, also set a fixed fee of 8%.

However, these two products differ from Scam Sniffer in that they both offer insurance value-added services, meaning that if the plugin has scanned and not warned users of transaction risks, users can seek compensation for lost assets. Pocket Universe offers a compensation limit of $20,000, while Sentinel3 offers a limit of $30,000.

For Sentinel3, not all users are eligible for compensation. Sentinel3's product services are divided into free and paid versions, with the paid version requiring a payment of 0.8% fixed fee, which includes eligibility for compensation, RPC services, anti-address pollution, etc.

This business model, which divides services into free and paid versions, may be clearer and easier for users to accept compared to Scam Sniffer's direct fee initiation. This is because some users, while acknowledging the importance of security, have a lower acceptance of separate charges for security services, especially when transitioning from free to paid, which can create a sense of loss.

However, even with clear product design and value-added services, the actual market acceptance remains a challenge. For instance, Web3 security company Stelo, which raised $6 million led by a16z, shut down all products at the end of October last year due to the team's misjudgment of market scale, competition level, and market maturity, leading to its products not meeting expectations.

Stelo initially believed that as the number of users increased, the system could continuously enhance its ability to detect malicious transactions through network effects, ultimately forming a positive cycle. However, reality proved that most malicious transactions can be detected through simple rule-based methods without relying on network effects. In a market with no entry barriers, numerous competitors, and no strong network effects, Stelo failed to find a suitable profit model and ultimately had to exit the market.

Retreating to the Background Security Layer

So how to achieve a sustainable profit model through innovative charging strategies and value-added services while ensuring user trust is a question that the current crypto security industry needs to consider.

However, one trend that cannot be ignored is that if we compare Web3 to the internet, we may just be entering the era of Windows XP/IE6 browsers. Yuxian believes that as the industry infrastructure gradually matures, many security products will retreat to the background, becoming default configurations, industry standards, and even user habits.

In this way, how blockchain security can be more deeply embedded in the underlying infrastructure in the future, making security a default service rather than an independent product module, further standardizing and intelligentizing, enhancing the overall security level of the ecosystem, and reducing reliance on independent security plugins will be a major trend in industry development.

Mike, founder of GoPlus, stated that future security infrastructure will sink down to solve all related problems for users, whether for DEX or wallets, simply by calling this security service layer to meet their security needs. This horizontal expansion means that security services will cover all major scenarios for users, forming a unified security baseline.

Currently, C-end security services remain fragmented, requiring users to integrate different security tools. This fragmentation leads to inconsistent user experiences across different services and high integration costs. In the future, security services will be horizontally expanded and unified into an integrated solution, allowing companies to simply reference this layer of security service to handle all security issues, thus focusing on their core business without having to address user-side security needs separately.

Returning to the business aspect, according to a Marketsand Markets research report, the blockchain security market size is expected to grow from $3 billion in 2024 to $37.4 billion in 2029, with a compound annual growth rate (CAGR) of 65.5%. This indicates that the crypto security industry still has significant room for growth, but it also means that market competition will become increasingly fierce. Only those companies that can effectively integrate security technology, user needs, and business models will stand out in this competition.