March 20, 2023
Security

Crypto and Web3 Risk. What can we do about it?

Cryptocurrencies are increasingly seen as interesting assets by early adopters in the tech industry, with the user base increasing by nearly 200% since 2018. However, by the end of 2022, a feeling of security was shaken.

Hypernative Research

While the lack of regulation in the crypto market is seen as an appealing aspect by many, it is also a concern for some. In a survey, 22% of respondents who were undecided about investing in cryptocurrency cited the lack of regulation as a concern. Other common worries among those considering investing in crypto include fear of hacking or fraud (31%) and a lack of knowledge about the crypto market (27%).

Growth in crypto users has increased by more that 190% since 2018.

A report from the Federal Trade Commission in 2022 revealed that over 46,000 individuals had lost over $1 billion in crypto scams since 2021. The frequency of crypto theft has also increased by 160%, with the most common schemes involving Private Key Compromising and Access Control exploits.

While cryptocurrencies offer many benefits, it is important to be aware of the potential security threats and take appropriate measures to protect against them. It is also crucial to educate oneself about the crypto market and be cautious of promises of big returns or requests to send cryptocurrency in advance.

Different types of risk

After speaking with various crypto participants, such as asset managers, hedge funds, and VCs, who invest in crypto protocols and with the protocols themselves. We realized that currently none of them have the ability to detect and automatically mitigate the risks of the crypto assets they are involved in. Therefore, we conducted research on these risks and came to the insight that there are five categories of risk: Security, Governance, Economic, Technical, and Community.

Let’s take a look at some of these risks:

Governance Risk:

Governance is a process where a participant in a protocol with a voting right can vote to change the protocol, which could have tremendous effects on investors and the protocols. Any change, whether it is a malicious change or a change of critical parameters in the code, could potentially lead to a financial loss. Companies do not have the manpower to monitor and track all of these changes, meaning that you may not know what is happening inside the code, who is standing behind it, and how it may affect your assets.

An example of this is the Audius Attack. The decentralized music streaming platform Audius was exploited on July 23 when an attacker exploited a vulnerability in its governance smart contract code. The attacker was able to change the voting system, which resulted in the transfer of over 18.5M AUDIO tokens, the platform’s native cryptocurrency, worth around $6.05M at the time. The attacker gained less than $1.1M, and the funds were cashed out through Tornado Cash.

Financial Risk:

There are many different financial risks, such as depegging, anomalies in pool’s, flash loans, rug-pulls, excessive transfers, liquidations, Oracle market manipulation and more. A good example of this is USDC depegging during the SVB failure. The trick with economic risks is that you want to alert them before there is an actual impact and you want to alert them only when there is an actual problem.


Combining machine learning and real time correlation of all chain data as it occurs can provide this much needed granularity



Technical / Security Risk:

On September 20, 2022, an attacker stole over $160M worth of assets from Wintermute, a major DeFi market-maker. The attack lasted for 43 minutes (from 05:03:35 to 05:46:59 UTC), during which the attacker used Wintermute private key to instruct the Wintermute wallet contract to transfer funds to an attacker contract.


More than that, Wintermute centralized exchange accounts kept refilling their now exploited contract due to automated processes that was not turned off when the hack was found. This caused an additional loss of funds that were not in the treasury at the time of the first hack.

The Hypernative platform detected the attack proactively, at its earliest stages, providing clear, actionable alerts that could have been used to intervene, halt the attack, and save the funds. This demonstrates that smart real time systems can actually prevent many hacks and exploits even for attack vectors like private key theft and operational deployment mistakes.

We need a change - but how?

To effectively manage the risks inherent in the crypto space, it is imperative to explore various approaches and developments. Crypto companies have come to realize the importance of implementing a robust risk management system that can help mitigate risks in the fast-paced and dynamic crypto environment.

Achieving a secure position requires proactive monitoring of various data sources, enabling the detection of potential risks such as contract exploits, cyber-attacks, financial and governance risks. With such measures in place, your company can navigate a crisis and manage its funds effectively, even in the face of new actors with unknown intentions.

At Hypernative, we recognize the importance of addressing these risks, which is why we developed a pre-crime system that monitors risks over the blockchain in real-time. Our commitment to making the web3 ecosystem more secure is unwavering, and we are eager to engage with you to explore how our solutions can help you remain a significant participant in the web3 community. Please don't hesitate to contact us at [email protected].

Hypernative can protect you from zero-day vulnerabilities, frontend hacks, state actor threats and much more.

Book a demo