Our knowledge is constantly expanding, allowing us to build things differently than we used to. Modern cryptography, which makes things like multi-sig possible, is only a few decades old; it didn't even exist when the current banking industry was being established.
It really comes down to the burglar's expectations. If most crypto holders used geographically separated multi-sig, these attacks wouldn't be worth the effort anymore.
It’s the same logic as iPhones bricking themselves after being stolen. Even if your specific phone isn't an iPhone, the fact that most phones are now useless to thieves discourages the crime across the board.
This isn’t just a problem in the Netherlands or a thing of the past. 2025 actually saw the highest number of attacks ever recorded [0].
There are ways to prevent this. Like using multi-sig with geographical separation (so you can't move funds alone) or setting up forced time-delays. Ultimately, being your own bank is a massive responsibility, and I think too many people take that reality too lightly.
I generated a report for my website and it showed up the domain itself (the true correct one I own and verified) 3 times as a medium risk. It should not be reporting the domain itself as typosquatting and it should be avoiding duplicates.
The onboarding itself could be smoother if I had less options when I sign up. I just want to check the tool by adding a domain (it could default to my email domain) and generating a report (a report should autogenerate when I add a domain, or at least have a button to quickly do that instead of needing to change tab).
When adding a domain, I shouldn't need to verify it if I signed up with an email @thatdomain already.
It was not obvious to me whether the page would refresh automatically or I would receive an email (I did) when the scan would finish. It would be great if the page told me that and also how long will the scan take on average.
This is all honest feedback that I hope helps you. Good luck!
Thanks so much for the detailed feedback! This is incredibly helpful for our roadmap. I want to address your point about the "duplicates" first, because it’s actually a perfect example of why this tool is necessary.
It’s not your domain—it’s a "Homograph"
Take a very close look at the characters in those "Medium" risk rows. While they look identical to your domain, they are actually using Internationalized Domain Names (IDN).
The tool isn't reporting your own domain; it's reporting spoofed versions that use Greek or Cyrillic characters (like a "c" that is actually a Greek "с").
Why it matters: Phishers use these because they are visually indistinguishable from your real site in a browser address bar. The fact that you thought they were your own site proves exactly why you need to monitor them!
Improving the Onboarding
You’re 100% right on the friction points. We’re taking your notes to heart:
Auto-Generation: We agree. Adding a domain should trigger an immediate scan without navigating away.
Smart Defaults: Defaulting to the email domain for the first scan is a great "quick start" idea.
Trust-based Verification: If you’ve verified your email @company.com, we should absolutely fast-track the verification for company.com.
Status Transparency: We’ll add a "Time to Completion" estimate and a clearer "We will email you" notification so you aren't left staring at a static page.
Thank you for the honest feedback—it’s exactly what we need to make this more than just a security tool, but a great user experience.
Our knowledge is constantly expanding, allowing us to build things differently than we used to. Modern cryptography, which makes things like multi-sig possible, is only a few decades old; it didn't even exist when the current banking industry was being established.
reply