Our Take On Harpie
THE BOTTOM LINE:
Harpie protects crypto wallets against exploits. The Harpie RPC endpoint sits between your wallet and the blockchain and scans all outgoing transactions, warning you of potentially malicious approvals and transfers. It offers wallet monitoring, transaction firewall, and threat response. In some cases, it can even recover stolen digital assets. DeFi enthusiasts wanting an extra layer of protection for their valuables can look to Harpie as an always-on wallet security system.
- Provides always-on protection from all types of wallet-level attacks
- An RPC endpoint can revert malicious transactions before they’re confirmed on the blockchain
- Protects any type of blockchain asset, including tokens and NFTs
- Can introduce friction into the transaction process by requiring manual transaction approvals
- Only available for Ethereum wallets
Private key theft
Accidental asset transfer
|Large database of suspicious wallet addresses
RPC endpoint for extensive asset protection
|Wallet audit service and transaction background check
Transaction Firewall which scans every outgoing transaction
Harpie Vault for recovering stolen assets
|Fully non-custodial approach to user assets
Audited contracts with almost entirely immutable variables
Multiple admin roles for essential product-level functions
What Is Harpie?
Harpie is a tool that protects the valuables inside your crypto wallet, including your high-value coins and NFTs. If Harpie detects malicious activity coming from your wallet, such as an attempt to send a high-value asset to a different wallet, it will block the transaction and secure your assets.
Harpie Key Features
The Harpie tool takes several complementary approaches to protecting your assets.
Harpie maintains a database of suspicious and malicious Ethereum wallets, warning you any time you are about to send an asset to a potentially dangerous address. Harpie can also take the wheel directly if assets are moved out of your wallet without prior authorization, securing the assets in a special vault for safe retrieval.
- Background Check Monitoring: When you connect to Harpie for the first time, the service will scan your wallet against an extensive list of suspicious Ethereum addresses and warn you of any dangerous transactions that you’ve made.
- Transaction Firewall: If you’re about to send a transaction to a suspicious or unknown address, Harpie will warn you or even block the transaction. Users also have the option of setting up 2-factor authentication, which requires each wallet transaction to be approved via email before Harpie lets it through.
- Harpie Vault: As a “last line of defense,” Harpie can re-route assets that are moved out of a user’s wallet, directing them towards the “Harpie Vault” rather than the target address. This means that even if a hacker were to initiate a transaction to remove assets from your wallet, Harpie would beat them to the punch and redirect your valuables to a special Vault for safekeeping.
- Enterprise API: For enterprises, Harpie has developed a background check API that indexes over 1.8 million malicious addresses and 800,000 verified smart contracts. Companies can use the API to check the status of various Ethereum addresses and get information on individual transactions. This helps to identify malicious actors and prevent dangerous asset transfers.
The Harpie service is currently free of charge. Simply install the RPC endpoint through your wallet to get all the benefits of Harpie, including the Transaction Firewall and the Harpie Vault.
Our Expert Review of Harpie
According to their website, Harpie protects over $100 million in digital assets across all users of the services. That’s a lot of crypto being kept safe from bad actors.
The service provides several levels of protection depending on your personal risk preferences. It warns you if you are about to sign a malicious transaction, and it can even take emergency steps to secure your valuables in case they get taken from your wallet.
Below, we take a look at the various products and services offered by Harpie. To really understand the product, though, we need to begin with a primer on “RPC” technology.
What is an RPC endpoint?
If you’ve spent any amount of time in the world of crypto, you’ll know that blockchains are complex beasts. Harpie takes advantage of a lesser-known aspect of blockchain infrastructure known as the “RPC endpoint” to protect your assets. If you’ve ever sent a blockchain transaction, you’ve already used an RPC endpoint.
In simple terms, the RPC endpoint is what relays transactions from your wallet to the actual blockchain. Every blockchain transaction gets sent to an RPC endpoint first and then relayed to the blockchain. Usually, these endpoints are just a mundane piece of infrastructure. However, they also happen to be the perfect place for a service such as Harpie’s, which catches malicious transactions before they can do damage. Even if an asset such as an NFT has technically been dispatched from your wallet, the Harpie RPC endpoint can “catch” it before the transaction reaches the blockchain and secure your valuables on your behalf.
Background Check Monitoring
Harpie uses large data models to monitor known lists of criminal addresses and warn users of any suspicious activity in their wallets. According to Harpie, they have a database of over 1,000,000 malicious addresses, with more being added constantly. If you’re about to send funds to a suspicious wallet address, Harpie will warn you before you approve the transaction.
In addition to real-time protection, the Harpie database can check if you have interacted with suspicious addresses in the past and list the individual addresses it flags so you can better understand how you are exposed.
Harpie also provides a form of “2-factor authentication” for your crypto transactions.
Here’s how it works: Harpie maintains a list of over 40,000 benign addresses, which includes the addresses of popular DeFi protocols like Uniswap and OpenSea. If you’re sending a transaction to one of these addresses, the Harpie RPC lets the transaction through like normal. However, if you’re sending a transaction to an address that Harpie does not recognize, you’ll need to confirm the transaction via email before Harpie lets it through. This ensures that any potentially dangerous transaction gets your explicit approval using your email as a second line of defense.
You can customize the Harpie RPC based on what level of protection you’d like. By default, it will send you an email only when a transaction looks suspicious. However, you can select the “Strict” option if you want to manually notify every outgoing transaction from your wallet. This option may be ideal for cold wallets or high-value wallets that you don’t use often.
For the ultimate level of protection, Harpie has created the Harpie Vault.
Imagine that you open your wallet one day to find some of your most valuable NFTs missing. You look through your most recent transactions and realize in horror that someone has hacked a recent protocol you used and, through this, exploited your wallet and lifted your NFTs for themselves.
It’s a situation that’s unfortunately all too common.
With the Harpie RPC endpoint, however, things go a little differently if your wallet gets exploited. The moment a hacker tries to send your NFTs to themselves, Harpie will recognize that the hacker’s address is not listed in your approved addresses. The RPC springs into action and redirects the transaction toward the Harpie Vault (instead of the hacker’s wallet), where your NFTs will be safely stored until you retrieve them.
The particulars of how this works can get technical, but essentially, Harpie “front runs” the hacker’s transaction by paying a high gas fee, which means the Harpie transaction executes prior to the hacker’s transaction. This allows Harpie to snatch your NFTs out of the clutches of the hacker before they can get away with them.
To retrieve your NFTs, you simply transfer them back from the Harpie Vault to your wallet. This is a secure process as Harpie Vaults are unique to each user, and each user can retrieve only their NFTs from the Vault.
To open a help ticket for any questions or issues, you’ll first need to join the Harpie Discord server.
Once you’re in, navigate to the #customer-support channel to open a ticket. I followed this process to ask the team a few questions and got a timely response within less than 10 minutes from Noah Chong, one of the co-founders of Harpie.
According to the company’s website, you can also DM the team through their Twitter profile for product questions.
Who’s Harpie For?
- People who own high-value crypto assets: While Harpie is available to anyone with a crypto wallet, it’s particularly useful for crypto enthusiasts with high-value digital assets. Given the high level of risk in the crypto space, Harpie’s robust security measures are crucial. The real-time monitoring, 2-factor email notifications, and the Harpie Vault provide whales and holders of large portfolios with peace of mind.
- People who use DeFi a lot: The crypto world is split in two: centralized finance (CeFi) and decentralized finance (DeFi). Centralized venues like Coinbase and Binance usually take care of safe-keeping user assets. It’s in DeFi that users have to be particularly careful when it comes to safeguarding their crypto. Harpie protects users from protocol hacks, wallet exploitation, and other types of malicious activity across all of DeFi.
- People who trade NFTs often: NFT traders in particular can appreciate Harpie’s services. As more and more attacks target high-value non-fungibles, the Harpie Vault is an invaluable tool for degens, whales, and NFT holders of all types.
Who’s it Not For?
- People who don’t use DeFi: Harpie isn’t ideal for crypto enthusiasts who exclusively use centralized finance (CeFi). The product is tailored to non-custodial wallets where users own their keys. In places like Coinbase and Binance, the platforms control the wallet security.
- People who use other RPC endpoints: Recently, advanced RPC endpoints like MEV Blocker have emerged to protect users from price exploitation when trading. Harpie is not compatible with other RPC endpoints, so users will have to choose between Harpie and any other RPC solutions they may be using. This may make the product unsuitable for users already taking advantage of the features of another RPC.
- People who transact with small addresses often: For optimal protection, Harpie requires you to send transactions to trusted addresses only. The service automatically captures any assets sent to an unrecognized address and puts them in the Harpie Vault. Users who frequently need to send funds to small addresses may find it tedious to manually add each address to their trusted network in order to use their wallet as normal.
The world of RPC endpoints is picking up steam as more and more projects provide intermediary services between user wallets and the blockchain. These may provide price optimizations for traders, wallet protection, and other benefits.
When it comes to asset protection in particular, as is the case with Harpie, there are some competitors emerging. We take a look at one such name below.
Harpie Vs. Nefture
An up-and-coming player in the wallet protection space is Nefture. The service works similarly to Harpie by protecting users from malicious attacks through an RPC endpoint.
When comparing Nefture with Harpie, the former offers some unique features like real-time chat assistance (for when you need help on the spot) and multi-network support for popular blockchains beyond Ethereum. Harpie still brings the muscle, though, with its extensive database of suspicious addresses and the innovative Harpie Vault, which can recover stolen assets even after the fact, which is a very useful feature that Nefture does not have.
|Warnings for potentially dangerous transactions
|Free tier + $10/month tier
|Real-time assistance through chat
Multi-network support for Ethereum, Polygon, Arbitrum, and Optimism
|Monitoring & flagging for malicious addresses
Warnings for potentially dangerous transactions
|Harpie Vault for recovery of stolen assets
Is Harpie Safe to Use?
Disclaimer: Due to the ever-changing nature of crypto, we cannot accurately say how safe and secure a product is now or will be in the future. We have examined a variety of factors to determine how safe we believe Harpie is, but please always use caution and thoroughly investigate products for yourself before using them, especially ones that connect directly to your wallet.
Given that the entire point of the product is user safety, it’s no surprise that Harpie takes security seriously. The Harpie product code has undergone an official audit from Sherlock, a respected web3 audit firm, which provides some peace of mind when it comes to the technical integrity of the product.
Assuming that the code is secure, users may have questions about what Harpie can do with their wallet assets — after all, you’re approving a third party to move anything out of your wallet at any time.
The Harpie team takes steps to assure users that their digital valuables are safe. Harpie does not take custody of any assets directly. Even when assets are sent to the Harpie Vault, a user-specified wallet is the only address that can recover them. Harpie does not take custody of the assets within any Vault wallets.
Finally, there are some edge cases where the service may not provide complete protection. The Harpie team calls out these cases explicitly on their Disclosures & Risks page. Users should read through this page to understand the full extent of their exposure.
Daniel Chong initially came up with the idea as a student at Duke University. He teamed up with his brother, Noah Chong, to create the first iteration of the Harpie application. The brothers presented their app during ETH Denver’s hackathon in 2021, placing in the top 10 overall and first in Infrastructure & Security track.
How Much Money They’ve Raised
The company is backed by well-known web3 investors including Dragonfly Capital, Coinbase Ventures, and OpenSea.
Has Harpie Been Audited?
Yes, Harpie has undergone an audit from Sherlock.
Final Thoughts On Harpie
For DeFi enthusiasts, hacks and malicious transactions are always top-of-mind. Harpie helps to turn this into peace-of-mind by taking the vigilance off the hands of traders. Thanks to Harpie’s robust suite of security features, users can rest assured they’re sending assets to the right address every time and that they’ll even be protected when they’re not looking.
If you’re not already using a custom RPC on your wallet, adding Harpie could be a no-brainer; the price tag of “free” doesn’t hurt either.
Frequently Asked Questions
An RPC endpoint is a program that sits between your wallet and the blockchain.
Every blockchain transaction has to go through an RPC endpoint before reaching the blockchain, so chances are you’ve already used one without even knowing it. RPC endpoints can help protect transactions from exploitation by opportunistic actors.
In the case of Harpie, the RPC endpoint warns you of suspicious transactions and intercepts compromised digital assets before they’re stolen from you.
Harpie fortifies your wallet by only allowing outgoing transactions to a trusted network of apps and friends. If a transaction tries to send assets to an address outside of this network, Harpie will frontrun the transaction and send the assets to the Harpie Vault instead of the target address.
Your trusted network comes standard with approvals for most large protocols, so you are free to send transactions to popular exchanges and dApps without any extra steps. If you want to add an address to your trusted network, you can also do so. Harpie doesn’t restrict any transactions going to approved addresses.
If Harpie successfully prevents an attacker from stealing your assets, you will find your assets safely stored in the Harpie Vault.
During setup, your Harpie Vault will ask you to designate a “withdrawal address.” This is the only wallet address that can reclaim the funds inside your wallet. Not even the Harpie team has access to these funds. As a best practice, you should make your withdrawal address different from the wallet you are using Harpie protection on. This way, even if your wallet is compromised, the hacker does not have access to the Harpie Vault.