Subscribe to Bankless or sign in
Security threats have crypto embattled lately, with the recent spike in DNS hijacks (e.g. CoW Swap and eth.limo) being among the most sinister vectors for everyday users. You go to a frontend, and everything looks normal so you fire off a transaction, but it's a trap that sends your funds to an attacker's wallet. It's hard to catch before it's too late.
A potential defense here is to make it so you don't have to catch anything. In other words, use decentralized frontend alternatives that structurally can't serve middleman attacks because they can't be intermediated.
There are two paths that are immediately broadly practical here: the hybrid approach (accessing apps served via IPFS and ENS) and the fully onchain approach (accessing apps served via ERC-4804). Both avenues can provide the same guarantee, namely that no centralized infra stands between you and the app, and fortunately tools already exist so you can explore either approach.
Alternative browser shields
It's possible to deploy frontends using just IPFS and ENS, no servers or DNS needed (i.e. point your 
ENS at the IPFS hash of your files). ERC-4804 goes further to the chain, allowing fully onchain websites where the content itself lives in smart contracts. But deploying apps in these ways is half the battle. How can people actually access them conveniently?
If you try to use a regular web browser to interact with these sorts of decentralized apps, it won't recognize what you're trying to tell it to do. Hence the creation of specialized web3 browsers. For example:
- Freedom Browser
This open-source browser treats ENS, IPFS, and Swarm (a decentralized comms and storage service) as "first-class protocols" so you can access frontends without relying on DNS or centralized gateways. - EVM Browser
This copyleft browser is built around the ERC-4804web3://protocol, supports ENS, and lets you load fully onchain websites served directly by smart contracts on
Ethereum or on any other Ethereum Virtual Machine chain.
Browsers like these are getting an influx of attention right now as a result of the rise of DNS hijacks in crypto. Now, let's hope more builders take up the mantle here and build apps fit for these tools, apps that can't be hacked at the level of the frontend.
If you want a sense for what's coming, one of my favorite devs, ross, just unveiled zSwap, a DEX frontend deployed entirely into Ethereum contract bytecode for under $5 and retrievable via EVM Browser. The app's entire logic lives onchain permanently, callable by anyone.
Accordingly, imagine a future where most DeFi projects host permanent redoubt frontends like this where the security of the UI is always guaranteed. We have the resources to make this approach the paradigm rather than the exception, so let's build toward it.
