Making web3 safe and easy to understand
Today we’re announcing three new products to help us accomplish our goal of making all crypto transactions safe and easy to understand.
- Stelo v2. We’ve redesigned the Stelo extension from scratch to make it simpler, faster, and easier to use. You can download it here.
- Stelo for developers. We’re releasing our developer API to empower every dApp and wallet to use the Stelo Transaction Engine that powers the Stelo extension.
- Approvals.xyz. We’re launching approvals.xyz, a token approvals experience to understand your wallet health and keep it safe.
We’re also announcing a $6m fundraise led by a16z crypto. Read on for more about our vision for a safer, more user friendly crypto ecosystem.
Imagine a world where every time you went to buy a cup of coffee there was a small chance all of your money was stolen. So you have three wallets - one for coffee, one for shopping, and one you keep locked in your parents' basement.
This is the state of crypto in 2023.
At Stelo, we’re here to fix that.
We’re building the user interface to web3 so that people can have the confidence to be at the center of their digital lives without the fear of losing everything.
We launched the Stelo extension in September to protect people from scams and phishing. Since then, we’ve protected thousands of wallets holding assets worth over $100m.
The core of all of our products is the Stelo Transaction Engine. It does three things:
- Simulation - simulates the transaction and lets you know what assets are leaving and entering your wallet.
- Enrichment - enriches the transaction with on and off-chain data such as human readable names, recognizable NFTs, and prices.
- Risk analysis - analyzes the transaction and surfaces risk factors to help prevent you from getting phished or scammed.
Stelo Extension v2
One of the most powerful aspects of web3 is that any developer can build a website that interacts with any contract. Developers don’t have to ask permission to interact with Uniswap pools or utilize OpenSea’s marketplace contracts.
However, one of the risks of decentralization is that websites can tell you they’re doing one thing and actually construct a transaction that does something else. The source of truth needs to live outside of the website.
The Stelo extension secures every transaction and acts like a firewall for your wallet. It translates complex transactions and signatures into plain English so you can transact with confidence.
Here’s an example:
Transactions are only one half of the puzzle. Off-chain signatures have become an increasingly common way to save users gas fees for actions such as granting approvals to DEXs, listing NFTs on marketplaces, and interacting with multisig contracts like a Gnosis Safe.
However, wallets have very little understanding of signatures, which leaves users blind to the potentially catastrophic effects of signing these messages. The recent Kevin Rose attack utilized this dynamic to trick him into signing away over $2m worth of his NFTs in a single click.
Stelo interprets the most popular signature types and runs them through the Stelo Transaction Engine. The result is safe, human-readable signatures that people can feel more confident in. For example, here’s what Kevin saw in Stelo vs. what he would have seen in MetaMask.
Chrome extensions can be a dangerous attack vector in and of themselves so we’ve gone through many steps to be as transparent and secure as possible. Stelo never has access to your seed phrase or private keys and the extension has been fully open source since day one.
Stelo for Developers
Since we launched the first version of Stelo, developers have been reaching out to bring Stelo intelligence to their own dApps and wallets.
Our goal at Stelo is to make every transaction safe and easy to understand, whether users have Stelo installed or not.
Today we’re announcing two products for developers - Stelo API and Stelo Embed.
Stelo API enables transaction safety for every dApp and wallet. It brings the same transaction intelligence and risk analysis that powers the Stelo extension to any wallet. Developers will have everything they need to bring their users context, understanding, and safety. You can read more about the API at docs.stelolabs.com or reach out to us to get an API key.
Stelo Embed allows any dApp or wallet connection product to embed a Stelo transaction screen on their site — think of it like a trusted checkout screen for your dApp that can increase confidence and conversion rate.
Embed can be implemented in a matter of minutes and gives you all the benefits of the Stelo API without the development time. Developers just pass the same transaction object they send to the wallet and Stelo Embed takes care of the rest. You can preview Stelo Embed in action on our new token approvals site – approvals.xyz.
One of the biggest risk vectors in web3 is open approvals. Many of the most used contracts, from OpenSea to Uniswap, rely on token approvals. Approvals are permissions to move your assets and are required for token swaps and NFT listings.
In order to provide the simplest user experience with the fewest transactions, these dApps request indefinite approval to move users' assets. While this reduces friction, it also leads to a big security risk if the contract gets compromised or the user later signs a signature that moves the asset. The recent Kevin Rose attack exploited the fact that Kevin had already given approval to OpenSea to move his NFTs.
The Stelo extension and API protect users from signing malicious transactions and signatures, but we recommend that users manage their open approvals to stay extra safe.
Today we’re launching approvals.xyz. This is an intuitive way for users to understand their token approvals, and take action to make their wallet even more secure. Approvals is backed by the same simulation, enrichment, and risk intelligence that powers Stelo.
After connecting a wallet, users will be given recommendations on which approvals to revoke, a wallet health score to understand their overall risk, and the ability to simulate revokes, powered by Stelo Embed.
Support in our journey
While we’re thrilled about launching these new products today, this is just the start. Web3 security is ever evolving, and we will have to stay one step ahead.
With that in mind, we’re excited to announce our $6 million seed round led by a16z crypto. Others joining the round include First Round Capital, Opensea Ventures, Chainforest, BoxGroup, Pear, Mischief, Homebrew, Louis Beryl, Sabrina Hahn, Dylan Field, Dan Romero, Gokul Rajaram, Lenny Rachitsky, and many more great angels.
We’re hiring engineers to bring our ambitious vision to life. If what we’re doing excites you, explore our open roles and reach out to firstname.lastname@example.org.