Using zkTLS to Vampire Attack web2

This essay breaks down how zkTLS can empower web3 builders to vampire attack web2 apps, unlocking a new frontier of concurrent loyalty experiences and large-scale user migration.

A Quick History Lesson

Crypto has long thrived on aggressive, innovative tactics to challenge entrenched incumbents. We’ve seen hyper-capitalistic plays like CZ triggering an FTX bank run with a single tweet announcing Binance would liquidate its remaining $FTT holdings due to “recent revelations that have come to light.” 4. One of the earliest innovative tactics was the “vampire attack” — a method of siphoning users, liquidity, or value from an existing platform by offering incentives or retroactive rewards based on the user's interactions with the victim protocol. At the time, it was a novel idea. Several protocols attempted it, but few achieved breakout success.

Now, with the emergence of Zero-Knowledge Transport Layer Security (zkTLS), a new wave of vampire attacks is possible — one that moves beyond your on-chain history and into the core of your non-crypto digital identity. Using this technology, dApps can now offer a new suite of incentives based on prior or current web2 activity: concurrent loyalty programs, aggressive incentives, and user history for migration— all without needing permission from the incumbent platform. It's like playing an SNES video game, saving midway through, switching to an N64 and picking up right where you left off. Instead of being trapped in walled gardens, users can seamlessly port their digital identities, behaviors, and benefits across ecosystems, without using app specific APIs.

To appreciate the potential of this shift, we first need to revisit where the vampire attack began.

The Vampire Attack

As mentioned, a vampire attack is effectively a method of aggressively siphoning liquidity, users, or assets from a protocol by offering superior incentives from the protocol being attacked. The origin story dates back to 2020, when SushiSwap launched a full-blown assault on Uniswap. By forking Uniswap’s codebase and dangling $SUSHI token rewards to Uniswap liquidity providers, SushiSwap managed to migrate over $1 billion in liquidity within a matter of days​. It was a bold, brutal maneuver that shook the DeFi landscape—and it kind of worked for a period of time. Outside of DeFi another marquee vampire attack was when LooksRare launched a vampire attack against NFT giant OpenSea, drawing users into the platform that offered enhanced revenue share, this one also worked but just for a period of time.

Every successful vampire attack follows a familiar playbook: (1) Target a dominant player with entrenched network effects and sticky liquidity, (2) Offer users better economics, ownership, or just free tokens, and (3) Incentivize rapid migration with immediate, tangible rewards. It's a strategy that rewards agility, economic creativity, and a willingness to go for the jugular. Now this hasn’t necessarily worked out, as Uniswap and Opensea outlived Sushiswap and LooksRare respectively, but for a moment they were able to capture lightning in a bottle. Both of these attempts were done via on-chain activity which is still in its early days, but what if dApps were able to vampire attack your existing digital identity to lure you in? 

What Exactly Is zkTLS?

Enter zkTLS. It lets a user prove they interacted with a web2 service, like Amazon or Instagram, without needing to trust the platform or any third party. Normally, the internet uses TLS to encrypt the connection between you and a website, keeping your data private and protected from outsiders. But while TLS keeps things secure, it doesn’t natively let anyone else verify what actually happened during the session. Only you and the website know what was exchanged, which keeps that data locked inside the platform - that's the whole point, secure communication.

Under the hood zkTLS allows users to generate cryptographic proofs of their interactions with web2 services—without disclosing the content of those interactions or requiring cooperation from the underlying platform. This capability enables crypto applications to build verifiable systems on top of existing web2 behavior. A developer could, for instance, issue tokens for e-commerce purchases, mirror followers or activity from social media into an on-chain protocol, or verify subscriptions to provide tiered access to a dApp. These proofs shift the balance of power: instead of relying on centralized APIs or trusted intermediaries, dApps can independently verify user activity and create parallel systems of loyalty, identity, and incentives. As usage of traditional platforms continues, a user's entire history can be silently redirected into the web3 ecosystem.

Benefits—and the Fine Print

While vampire attacking web2 with zkTLS could unlock user sovereignty and accelerate crypto adoption, it’s not without technical, legal, and market risks. The benefits are clear: users gain a new tool to move their data and identity across platforms, breaking the data walled gardens web2 giants have built over the past two decades. 

But the risks are just as real. Full disclosure, I am not a lawyer and this is not legal advice, but there could be a world where legal battles erupt, with web2 incumbents arguing that zkTLS-app scraping violates terms of service, intellectual property rights, or even consumer protection laws. Platforms might also retaliate by blocking zkTLS traffic at the network level, using centralized notary vulnerabilities as a chokepoint. On the technical side, while zkTLS is powerful, it still introduces latency and complexity in the current state—especially in designs that depend on intermediary notaries, which could be censored or blacklisted under pressure. There's also a risk of user confusion: explaining cryptographic loyalty proofs to mainstream web2 audiences won't be easy - most of the complexity will have to be abstracted. 

There are a lot of risks, as with a lot of other technology, but worth noting here that this isn’t a silver bullet, merely an experiment at this with a lot of potential.

I think the idea of vampire attacking web2 using zkTLS is a fun and interesting experiment that represents an innovative evolution in crypto’s insurgent playbook. What once worked to siphon liquidity and users in new DeFi protocols—forking code, dangling incentives, migrating communities—can now have an expanded suite of tools to migrate users and data. zkTLS could unlock the ability to build permissionless, incentive-driven layers on top of web2 services. There is potential that the next wave of breakout dApps will be the ones that recognize this and act accordingly.