The Interceptor

Introducing:

The Interceptor

Your companion for secure and transparent Ethereum transactions. Simulate, explore, and transact crypto with confidence and full transparency.

  • Checkmark MetaMask Compatible
  • Checkmark Secures Your Crypto
Download for Firefox Download for Chrome

Curious how it works? The code is open source and is publicly available in Github!

Interceptor Extension

Features

Transactions Explained

The Interceptor provides a clear and detailed visualization of your what's actually happening in a transaction.

A capture of Interceptor explaining transactions

Scam Protection

Identify and automatically prevent known scams before they happen.

Read More →

A capture of Interceptor

Simulation Stack

View the effects a transaction will have without executing it.

A capture of interceptor showing simulation stack

Impersonate

Don't let not having a private key prevent you from browsing as Vitalik.

A capture of Interceptor impersonating as Vitalik

How It Works

Diagram With Interceptor
Whithout Interceptor

When you use a standard dApp, it connects directly to MetaMask, which generates transaction signatures that are often complex and hard to understand

Not understanding what you are signing can put you at significant risk, especially if you're not aware on how blockchain transactions work.

Diagram With Interceptor
With Interceptor

The Interceptor sits between the dApp and MetaMask, allowing it to 'intercept' transactions before they are signed. This enables Interceptor to provide clear simulation of a transaction, along with built-in protections.

Better insight into transactions allows you to make more informed decisions

Scams

A crypto scam is a malicious attempt to steal your crypto assets, consisting of two distinct parts: deceit—how a scammer tricks you, and payload—what the scammer does with your account.

Worried you might be getting scammed? Don't guess—join our Discord community for support and stay informed.

Join our Discord community

Protections

Simple mistakes can sometimes lead to significant financial losses. Here's a few of the common errors that would have been prevented by The Interceptor

Token Approval To Non-Contract Account

Token Approval is often used by scammers to steal your money later, while only usually required when interacting with a contract

USD $15,000 worth of loss example

Calling A Function On A Non-Contract Account

Token Approval is often used by scammers to steal your money later, while only usually required when interacting with a contract

USD $1,200 Loss

Interaction With Source Univerified Contract

Token approvals to contracts not source verified on Etherscan

Sending Tokens To Known Bad Destination

Transferring funds to addresses flagged as scams or blacklisted destinations can result in permanent loss.

USD $12,500 Loss Transaction

Meet the herd

Dark Florist is an exceptional team of Ethereum developers who are tired of poor user experience and security of the current Ethereum wallet landscape and we are here to build things better.

Killari

Killari

Data Scientist

Micah Zoltu

Micah Zoltu

Senior Blockchain Engineer

Jubal Mabaquiao

Jubal Mabaquiao

Software Engineer

Dark Florist

We've Also Built

Check out other products and tools we've designed to help you transact on the blockchain more smartly and securely

Horswap

Horswap

Open source and censorship resistant interface for the Uniswap protocol

Github Visit App

Privacy Policy

Our Privacy Policy was last updated on April 18, 2023. This Privacy Policy describes Dark Florist's policies and procedures on the collection, use and disclosure of your information when you use our service and tells you about your privacy rights and how the law protects you.

How the Company May Use Your Personal Data

Dark Florist takes an extremely aggressive stance protecting and preserving user privacy. There are no analytics or tracking built in to the Interceptor and all communication with servers are strictly necessary for functionality. In order to use some features an Ethereum JSON-RPC server connection is required. We provide one by default, but enable and encourage users to change it to a server of their own. If the default server is used, then your activity will be sent to it. Dark Florist does not retain IP addresses or request payloads. Dark Florist makes use of a variety of third party services, such as CloudFlare, and user interactions through those services will be governed by the corresponding privacy policies of those services.

We do not knowingly collect information online from children under 13 (nor anyone over 13). If you learn that you or your children have provided Dark Florist with Personal Information, please contact us. If we become aware that Personal Information has been collected we will take steps to remove that information from our servers.

Contact Us

We are committed to processing your personal data lawfully and to respecting your data protection rights. Please contact us if you have any questions about this notice or the personal data we hold about you. Our contact details are: [email protected], marking your communication 'Data Protection Enquiry'.

Changes To This Policy

The Company may revise this Privacy Policy from time to time. If we make a change to this policy that, in our sole discretion, is material, we will take steps to notify all users by a notice on the site. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Malware

Crypto-targeting malware comes in many forms, including keyloggers that record keystrokes, clipboard hijackers that replace copied wallet addresses with the scammer's address, and trojans that scan devices for stored private keys. Some malware disguises itself as legitimate wallet software or browser extensions, tricking users into installing it.

Once malware is active, it can silently monitor transactions, intercept credentials, or even initiate unauthorized transfers. Because malware operates in the background, victims may not notice its presence until their funds are stolen. Removing the malware does not recover lost assets, making prevention crucial.

Tip:
  • Download software from trusted sources. Avoid untrusted app stores or links.
  • Use a hardware wallet. Keeping private keys offline prevents malware from accessing them.
  • Regularly scan your device. Use trusted antivirus and anti-malware tools to detect threats.

Imposter dApp

Scammers create imposter dApps that closely resemble real DeFi platforms, NFT marketplaces, or staking services. These fraudulent sites may use similar branding, domains with slight misspellings, or even fake social media endorsements to appear legitimate. Users who connect their wallets and interact with these dApps often unknowingly approve transactions that give scammers control over their assets.

Some imposter dApps request excessive token approvals, allowing attackers to drain funds over time, while others prompt users to enter private keys directly. Because these scams rely on deception rather than technical exploits, victims often don't realize they've been scammed until their assets are gone.

Tip:
  • Double-check URLs and sources. Always access dApps through trusted links and avoid clicking on random ads or messages.
  • Verify smart contract interactions. Use wallets that display clear transaction details before signing.
  • Revoke unnecessary approvals. Regularly review and revoke token permissions using tools like Etherscan or Revoke.cash.

Broken Promise dApp

Scammers create dApps that appear to offer lucrative opportunities, such as staking rewards, airdrops, or investment returns. These platforms may look polished and even have fake testimonials or social proof to build credibility. However, once users deposit funds or approve transactions, they find themselves unable to withdraw or access their assets.

Some of these dApps slowly drain funds through hidden fees, while others abruptly shut down after collecting enough deposits. Because they often operate on decentralized networks, there is no way to reverse transactions or recover lost assets once the scam is exposed.

Tip:
  • NFT Trading site that, when issued approval, takes your NFTs for free
  • High interest rates on deposits. Often, these will pay out rewards for some period of time before taking all your assets via approval.
  • Wallet Synchronization site, usually given by fake support staff, as a solution to any crypto problem you are having, usually stealing your private key/seed phrase.

Fake Support

Fake support scams involve scammers posing as customer support representatives in forums, social media, or direct messages. They offer “help” but trick victims into revealing private keys, seed phrases, or clicking malicious links that steal assets.

Tip:
  • Verify official support channels. Only contact support through the official website or verified accounts.
  • Never share your private key or seed phrase. Legitimate support will never ask for them.
  • Be cautious of unsolicited messages. Scammers often initiate contact first; always double-check before engaging.

Private Key Theft

Private keys are the most sensitive part of any crypto wallet—whoever holds them controls the funds. Attackers use various methods to steal private keys, such as malware that scans devices for stored keys or phishing sites that trick users into entering them. Some fake wallet apps even disguise themselves as legitimate software but secretly transmit private keys to scammers.

Once a private key is compromised, recovery is impossible. Scammers move assets immediately, often through multiple wallets to obscure the theft. Because blockchain transactions are irreversible, victims have no way to reclaim their stolen funds.

Tip:
  • Only use trusted wallet software. Download wallets only from official sources and verify their authenticity.
  • Keep your private key offline. Store it in a secure, offline location like a hardware wallet.
  • Beware of suspicious links and downloads. Avoid clicking unknown links or installing unverified software.

Private Key Request

Scammers create fake websites or apps that mimic legitimate platforms, often claiming they need a private key to restore access, verify identity, or sync a wallet. These pages may appear professional and even use convincing branding, making them seem trustworthy. In some cases, users are rushed or pressured into providing their private keys without realizing the danger.

Once a private key is entered, the scammer immediately or eventually drains the wallet, often sending funds through multiple addresses to make recovery impossible. Because blockchain transactions are irreversible, victims have no way to reclaim lost assets.

Tip:
  • Never enter your private key online. No legitimate service will ever ask for it.
  • Verify website and app legitimacy. Always check URLs and download apps only from trusted sources.
  • Be cautious of urgent requests. Scammers often create a false sense of urgency to trick users into acting without thinking.

Token Transfer

Scammers design malicious smart contracts or fake dApps that prompt users to authorize a token transfer, often under false pretenses. For example, a fraudulent staking platform may claim the user needs to approve a small transaction to activate their earnings, but in reality, the transaction is a direct transfer of funds to the scammer's wallet.

Once signed, the transfer is irreversible, and scammers typically use multiple wallets to obfuscate the stolen assets. Because these scams rely on users willingly authorizing the transaction, many victims don't realize they've been tricked until their balance is gone.

Tip:
  • Always review transaction details. Double-check what you're approving before signing any transaction.
  • Use a wallet with clear signing prompts. Some wallets highlight potential risks in transaction requests.
  • Be skeptical of urgent approvals. If a site demands immediate action, verify its legitimacy before proceeding.

Token Approval

Many DeFi platforms require users to approve token spending so smart contracts can interact with their wallets. Scammers take advantage of this by creating malicious dApps that request excessive or unlimited token approvals. Victims may unknowingly grant full control over their tokens when approving a transaction for what appears to be staking, swapping, or claiming rewards.

Unlike a one-time transfer, token approvals let scammers withdraw funds later, often waiting until a wallet has a high balance before draining it. Since approvals persist even after leaving a site, users may not realize the risk until it's too late.

Tip:
  • Check approval amounts. Avoid granting unlimited spending allowances unless absolutely necessary.
  • Use tools to review and revoke approvals. Regularly check your active token approvals using services like Etherscan or Revoke.cash.
  • Be cautious with dApps. Only connect your wallet to trusted platforms and verify requests before approving.