The 2 AM Call
The call came at 2 AM.
My sister's voice was shaking somewhere between panic and disbelief. "George, it's gone. Everything's gone."
She'd clicked on what looked like a legitimate Metamask airdrop link. The site seemed perfectly real—the logos were crisp, the URLs were nearly identical to the legitimate ones, even the smart contract interactions felt authentic. She entered her wallet details, confirmed a few transactions, and within minutes, three years of savings vanished. Her entire crypto portfolio.
Over $12,000.
Money she'd been setting aside to pay for her master's degree.
I'll never forget the silence after she finished explaining what happened. Not anger at herself. Not even anger at the scammers. Just... defeat. She kept saying, "I thought I was being careful. I checked everything." And she had been. She'd verified URLs, looked for HTTPS certificates, even checked social media for recent activity. But these scammers are sophisticated. They know how to make everything look right.
The helplessness is what hit me hardest.
There was no warning system. No community watching out for her. No way to know that hundreds of others had just encountered that same scam hours before she did—that the threat intelligence existed somewhere in fragmented security databases around the world, but it never reached her in time.
What I Learned
That night forced me to ask hard questions:
Why are we still losing billions to phishing attacks?
Traditional antivirus software updates weekly or monthly, but new threats emerge hourly. Centralized security databases rely on expert analysis, which is slow and reactive. By the time Metamask or Google flags a malicious URL, thousands of people have already lost money.
Why can't we crowd-source this?
Think about it: millions of crypto users encounter threats every day. If each one could instantly report a phishing site and get verified by community consensus, we'd catch scams in minutes, not months. But there's no incentive. No mechanism. Users stay silent because there's nothing in it for them.
Why do we trust corporations with security?
Metamask, Ledger, and other centralized security providers are doing their best, but they're single points of failure. They get hacked. Their databases get outdated. They can't possibly keep up with the scale of attacks. And if you don't use their tools, you're on your own.
Why hasn't blockchain solved this yet?
Cryptocurrency promised to decentralize finance. But security is still centralized. We're trying to run a decentralized financial system using centralized security infrastructure. It's a fundamental mismatch.
That's when it clicked: what if security itself was decentralized and incentivized?
How We Built Gurftron - The Vision
Gurftron isn't just another browser extension with a threat database. It's a decentralized security network where:
- Users detect threats - AI analyzes websites in real-time
- Users verify threats - Community votes on legitimacy
- Users get rewarded - STRK tokens for accurate participation
- The system improves - More users = better threat data = stronger protection
The key insight: if you reward people for identifying threats, they become your security infrastructure.
The Build
I started by researching what already existed:
- AI threat detection? Gemini API + local LLMs exist. I could integrate them.
- Multi-layer scanning? Google Safe Browsing, AbuseIPDB, Brave Search, ClamAV—all accessible APIs.
- Blockchain integration? Smart contracts for voting and rewards.
- The missing piece? A gamified system that rewards community participation.
The technical challenges came fast:
Challenge 1: Real-Time Performance
The extension needs to scan every page instantly without slowing down browsing. If Gurftron makes your browser sluggish, nobody will use it.
Solution: I implemented multi-threaded scanning by batching them to background. The ClamAV engine runs in a separate background worker. AI analysis happens asynchronously, so your browsing never blocks.
Challenge 2: Privacy at Scale
Users must stay anonymous. Their browsing habits, IP addresses, visited sites—none of this should be exposed. But threats must still be verifiable on-chain.
Solution: Zero-knowledge proofs. Instead of storing "user X visited malicious site Y," we store a ZK proof that verifies "this site contains known phishing signatures." The proof is cryptographic; it's verifiable without revealing the user's identity. Starknet's native ZK stack made this feasible.
Challenge 3: Preventing False Reports
Without consequences, users would spam the network with fake threats to farm rewards. Bad actors would attack competitors by reporting their sites as malicious.
Solution: Staking with slashing. To report a threat, you stake 10 STRK as collateral. If the community votes your report down (less than 60% approval), you lose 50% of your stake. This "skin in the game" creates strong incentives for honest reporting.
Challenge 4: Community Consensus at Scale
How do you make voting work when thousands of users are participating? How do you prevent vote manipulation?
Solution: 60% super-majority threshold with stake-weighted voting. The more STRK you've staked, the more your vote counts—but you still lose STRK if you vote wrong. This aligns incentives: honest voters accumulate more STRK over time, gaining more influence. Dishonest voters are diluted out.
Challenge 5: Sustainable Rewards
Most crypto projects fail because they over-promise rewards and depletes their token budget within months. Users earn less over time. Participation drops. The project dies.
Solution: Vesu yield farming. Instead of a fixed reward pool, we deposit STRK into Vesu (a Starknet lending protocol) and generate 10% APY. That yield becomes the reward pool. As more users participate, revenue (from premium subscriptions and staking fees) increases, which increases the principal, which increases the yield. The rewards pool grows perpetually.
This was the breakthrough. For the first time, a security tool could offer infinite rewards without ever depleting its budget.
Challenge 6: Making It Feel Natural
Technical elegance means nothing if users don't understand it. Voting on threats, staking STRK, accumulating points, this is all new mental models.
Solution: Gamification. Reputation scores, leaderboards, milestone badges, earning streaks. Users play Wordle every day without thinking about it. Voting on threats in Gurftron should feel just as natural.
The Breakthrough
Three weeks into development, I had the smart contract mostly working. Users could report threats, vote, and receive rewards. But something was missing.
I was running a test where my sister tried the extension. She detected a phishing site and staked her testnet STRK. Then she voted on another user's report. Then she claimed her rewards.
She looked at me and said: "This actually makes me feel like I'm helping."
That's when I realized: Gurftron isn't just a security tool. It's a way to participate in protecting the ecosystem. It turns vulnerability into agency. It says to every user: your experience matters, your observations matter, you matter.
My sister lost $12,000 because she was powerless. With Gurftron, she would have been part of the solution. Maybe she spots a phishing site someone else missed. Maybe she votes accurately and helps protect thousands of people.
That's the real innovation.
What I Learned Building This
1. User Experience is Everything
I could build the most elegant smart contract, but if the extension feels clunky, people won't use it. Spent 40% of development time on UX/UI. Worth every minute.
2. Starknet Changes the Economics
On Ethereum, rewarding a user 0.02 tokens for voting would cost $50 in gas. Economically nonsensical. On Starknet, it costs $0.01. Suddenly, micro-rewards make sense. This completely changes what's possible in Web3.
3. Community Consensus is Powerful
I was skeptical that a 60% voting threshold would work. But it does. Users naturally converge on correct answers. False reports get voted down. The system self-corrects. No central authority needed.
4. Security is Personal
Before my sister's incident, I thought about security as an abstract problem. After, I realized it's personal. Every person who uses Gurftron has a story, money lost, friends scammed, close calls. Building security infrastructure is more important than I ever thought.
5. Decentralization Requires Incentives
You can't just decentralize something and hope people participate. They need to benefit. Gurftron works because users are rewarded for their participation. Decentralization + incentives = sustainable.
The Challenges We Faced
Technical Challenges
Smart Contract Gas Optimization Recording every threat on-chain costs gas. Even with Starknet's low fees, thousands of daily threats add up. Solution: batch voting and periodic checkpoints instead of recording every single vote.
AI False Positives Gemini sometimes flags legitimate sites as phishing because of generic templates. Solution: multi-layer validation. A site needs to trigger multiple detection layers (AI + API checks + ClamAV) before being flagged as threat.
Wallet Integration ArgentX and Braavos have different authentication flows. Building extension that works with both was tricky. Solution: abstraction layer using get-starknet library.
Rust/Native Messaging Getting Rust to communicate securely with the Chrome extension required careful FFI bindings and message passing protocols. One mistake = security vulnerability. Spent significant time on this.
Non-Technical Challenges
Market Education Most users don't understand staking, voting, or token economics. Building the mental model into the product through onboarding and tooltips.
Trust Why should users trust Gurftron with threat data and their wallet connection? Solution: open-source code, published smart contract audits, transparency about data usage.
Why This Matters
Every day, thousands of people lose money to phishing. Most of them are careful. They check links. They verify sites. They do everything right.
Like my sister.
The current security infrastructure is failing them. Not because the tools are bad, but because centralization is fundamentally too slow. By the time a threat is flagged and added to a database, thousands have already fallen victim.
Gurftron changes this. Within minutes of someone encountering a phishing site, dozens of others can verify the threat and protect millions. Within hours, that threat is permanently recorded on an immutable, decentralized database that no attacker can manipulate.
And users are rewarded for it. They're not doing unpaid labor for a corporation. They're earning STRK, building reputation, becoming part of a community that protects itself.
This is how security should work in a decentralized ecosystem.
Going Forward
When I started this project, I had a personal motivation: my sister's lost savings. But as I built it, I realized this was bigger than one incident. This is infrastructure.
Starknet is growing. More users will migrate to crypto. More of them will encounter phishing attacks. Some will lose everything.
But they don't have to.
If Gurftron becomes the security layer for Starknet, if it catches threats hours before centralized databases, if it rewards millions of users for protecting each other, if it becomes the standard that other blockchains copy, then my sister's loss has meaning.
We're not just building a browser extension. We're building the immune system for the blockchain ecosystem.
And we're just getting started.
Technical Metrics (What We Accomplished)
- Real-time threat detection: AI + 4 API integrations + ClamAV (Rust)
- Smart contract deployed: Cairo contracts on Starknet testnet, voting mechanism live
- Backend server: Node.js proxy, event aggregation, vote counting
- Chrome extension: Full dashboard, wallet integration, reward tracking
- Test coverage: 90%+ of critical paths tested
- Performance: <500ms threat detection latency, sub-second UI responses
For: Starknet Re{Solve} Hackathon (October 2025)
Inspired by: Real people, real losses, real need for better security
Built With
- cairo
- html5
- javascript
- node.js
- rust
- starknet
- tailwind
Log in or sign up for Devpost to join the conversation.