There are many types of risks - What do we do about it?
After speaking with various crypto participants, such as asset managers, hedge funds, and VCs, who invest in crypto protocols and with the protocols themselves. We realized that currently, none of them have the ability to detect and automatically mitigate the risks of the crypto assets they are involved in. Therefore, we conducted research on these risks and came to the insight that there are five categories of risk: Security, Governance, Economic, Technical, and Community.
Let’s take a look at some of these risks:
- Governance Risk:
Governance is a process where a participant in a protocol with a voting right can vote to change the protocol, which could have tremendous effects on investors and the protocols. Any change, whether it is a malicious change or a change of critical parameters in the code, could potentially lead to a financial loss. Companies do not have the manpower to monitor and track all of these changes, meaning that you may not know what is happening inside the code, who is standing behind it, and how it may affect your assets.
An example of this is the Audius Attack. The decentralized music streaming platform Audius was exploited on July 23 when an attacker exploited a vulnerability in its governance smart contract code. The attacker was able to change the voting system, which resulted in the transfer of over 18.5M AUDIO tokens, the platform’s native cryptocurrency, worth around $6.05 million at the time. The attacker gained less than $1.1M, and the funds were cashed out through Tornado Cash.
- Financial Risk:
There are many different financial risks, such as depegging, anomalies in pool’s, flash loans, rug-pulls, excessive transfers, liquidations, Oracle market manipulation and more. A good example of this is USDC depegging during the SVB failure. The trick with economic risks is that you want to alert them before there is an actual impact and you want to alert them only when there is an actual problem.
Combining machine learning and real time correlation of all chain data as it occurs can provide this much needed granularity
- Technical / Security Risk:
On September 20, 2022, an attacker stole over $160 million worth of assets from Wintermute, a major DeFi market-maker. The attack lasted for 43 minutes (from 05:03:35 to 05:46:59 UTC), during which the attacker used Wintermute private key to instruct the Wintermute wallet contract to transfer funds to an attacker contract.
More than that, Wintermute centralized exchange accounts kept refilling their now exploited contract due to automated processes that were not turned off when the hack was found. This caused the stealing of additional funds that were not in the treasury at the time of the first hack.
The Hypernative platform detected the attack proactively, at its earliest stages, providing clear, actionable alerts that could have been used to intervene, halt the attack, and save the funds. This demonstrates that smart real time systems can actually prevent many hacks and exploits even for attack vectors like private key theft and operational deployment mistakes.
We definitely must make a change - but how?
To effectively manage the risks inherent in the crypto space, it is imperative to explore various approaches and developments. Crypto companies have come to realize the importance of implementing a robust risk management system that can help mitigate risks in the fast-paced and dynamic crypto environment.
Achieving a secure position requires proactive monitoring of various data sources, enabling the detection of potential risks such as contract exploits, cyber-attacks, financial and governance risks. With such measures in place, your company can navigate a crisis and manage its funds effectively, even in the face of new actors with unknown intentions.
At Hypernative, we recognize the importance of addressing these risks, which is why we developed a pre-crime system that monitors risks over the blockchain in real-time. Our commitment to making the web3 ecosystem more secure is unwavering, and we are eager to engage with you to explore how our solutions can help you remain a significant participant in the web3 community. Please don't hesitate to contact us at email@example.com.