Web3 has undergone a tectonic shift in recent months as more and more security products try to meet the critical need to protect users, protocols, and chains from illegal on-chain activities.
When we launched Hypernative, we saw massive amounts of money stolen, users cheated, and the whole space looking like the wild west. The main problem is that the main security control protocols and chains implemented to secure these assets are the security audit process, mostly carried out by security researchers and engineers, occasionally augmented with a bug bounty program to provide some ongoing security awareness.
The effectiveness of these measures is very limited, because in practice ~50% of hacked and exploited protocols passed a security audit, often by several auditors. Moreover, auditing is a slow, non-scalable process that does not cover all the different attack vectors.
Web3 and crypto must move to real-time proactive prevention, to monitor, detect and respond to attacks in real-time, regardless of whether the attack vector was considered during an audit or was devised by an attacker at a later stage. There are already several products that can help with this, such as Hypernative, which provides a proactive security monitoring and risk mitigation platform, and others, such as Forta, PeckShield, and others.
One concern that is occasionally voiced by our customers, such as protocols and chains, is whether real-time monitoring is only capable of detecting a hack after it has already occurred. By employing innovative, research-based machine learning techniques, advanced real-time monitoring solutions can detect attacks in advance, at the early stages of attacker tooling and getting ready to execute, thus providing timely alerts and facilitating attack mitigation.
We conducted extensive research to validate this statement, examining over a hundred hacks and exploits that occurred on public blockchains, such as Ethereum, over the past three years, and explored what insights such a system could provide in real-time. In particular, we checked the timing of the first alert triggered by the platform, and what measures could be taken in real-time to mitigate the attack.
Naturally, it is crucial that such an early alert is specific and correct, since crying “Wolf!” too often leads to mistrust of the product and indifference to the generated alerts, causing more harm than good.
The research results were really encouraging, showing that an advanced platform can reduce the rate of false positives to almost zero, while still being able to alert, often in advance, about the majority of the analyzed attacks.
A clear, recent example of the effectiveness of such a real-time detection platform is last week’s AllianceBlock / BonqDAO hack.
The Hypernative platform, which continuously monitors entire blockchains, including Ethereum, BSC, Polygon, Optimism and more, triggered an Exploit Suspected alert on the Polygon blockchain, indicating the attacker addresses and the suspected victims.
In such cases, even when the exploited protocol is not a Hypernative customer, we still try to contact the relevant team and warn them through their Discord channel or on social media. We contacted the AllianceBlock team and notified them in real time, providing a window of over an hour for a response, such as pausing the corresponding token, to prevent the hacker from cashing out their illicit gains.
This is just one example of many, showing how real-time monitoring can be used to protect assets and facilitate timely attack mitigation.
We strongly believe that protocols and chains should partner with a real time monitoring security platform to detect and prevent security exposures. This approach works and can save millions.
As a protocol, you need to think about the incident prevention controls, but also about your post-incident workflows and playbooks, which in many cases can prevent substantial losses
We encourage protocols to reach out and discuss their security monitoring needs and find a vendor that can protect their assets, increase user trust and make the entire Web3 and crypto ecosystem safer.