What makes Web3 such a rich target for cyber criminals? Why do some of the most-audited projects still get hacked? How does one detect an exploit before it even happens? Chainalysis invited Hypernative's co-founder Gal Sagie on their Public Key Podcast to discuss that and much more. You can see the full version here, but below is a short excerpt from the conversation. The text has been edited for brevity and readability.
Gal Sagie:
The risk in Web3 in blockchain is very versatile. You have code or smart contract vulnerabilities. You have market risks. You have front-end risk. You have dependency risks, there are technical risks involving the contracts that are deployed and the nodes and the infrastructure that they are running on. There are a variety of risks regarding ownership and how code is uploaded or changed on-chain like, what you mentioned, governance attack, which we have seen quite a lot.
Ian Andrews (CMO, Chainalysis):
It seems to me like when I hear people talking about security, the default position is, well, security is handled through a smart contract audit. And it seems like people are often missing everything else that goes around that. Do you see the same thing in the industry right now or are people's attitudes to this starting to change?
Gal:
In mid 2022, it was really hard to convince people that there is this thing, real time-monitoring, and there is this thing, real-time security, for Web3 and that it can actually do something. There was this conception that an audit is enough. And the more audits that you're doing, the more secure you are.
We've seen projects invest huge amounts of money in audits, sometimes even in the hundreds of thousands of dollars per year. Today, I think everyone gets that audits are a must-do first step, but are not enough.
It's not enough for a few reasons. One of them is that audits don't even cover all of the different attack vectors that you can lose money through. For example, a founder's computer was hacked by malware that stole the seed phrase of the wallet and then tried to change something in the contracts that the address was controlling. That's private key theft, a third-party attack vector. There is a whole spectrum of attacks, front-end attacks that are happening on your web application, like DNS hijacks, and things like that. All of these are not covered by an audit.
I think the mindset is shifting. Today, people understand that the security budget is something that needs to be split between the different kinds of solutions, of which audit is just one. Real-time security and monitoring is a very important aspect of that, which can again provide a very good return on investment.
Ian:
I'm curious about speed to detect. So we've been talking about this idea of you can alert one of your customers before a hack is actually carried out. Is that seconds before? Is it minutes? Is it hours? What's the timescale that we're dealing with here because I think that might be interesting to people?
Gal:
That's the question we have asked ourselves [in the beginning]. At some point in time we said, okay, we have enough data. The system detected enough hacks or exploits. We wanted to see how it's actually behaving. And we did a very extensive research that looked at the detection time, essentially when Hypernative first detected an attack. And of course, there are a lot of criteria that involve accuracy as well and understanding who the target is.
The interesting part is that we found that 98-99% of the attacks in the last year and a half could actually be detected two minutes and more before the first hack transaction, which was mind-blowing data for us. Because it means if you have something you can actually do to prevent the hack from happening, then there is enough time to do an automated action.
(Continued here.)
Smart contracts call for smarter security. Hypernative monitors both onchain and offchain data sources in real time to stop hacks with the fastest and most-reliable threat detection and response in Web3. Over 80 leading Web3 projects already rely on Hypernative’s enterprise-grade platform that monitors over $37 billion worth of digital assets across 25 chains. The list includes Karpatkey, Starknet, Polygon, Messari, Chainalysis, Circle, Galaxy Digital, Ether.fi, Radiant Capital, and more.
Hypernative Platform uses battle-tested, sophisticated machine learning models to identify threats with high accuracy and give customers precious minutes to respond before exploits can do damage. The system monitors over 25 chains, covering security, technical, financial, governance and other risks. Hypernative Platform detected 99.5% of hacks last year with less than 0.001% false positive rate and saved more than $50 million of funds to date.
Reach out for a demo of Hypernative’s platform, tune into Hypernative’s blog and our social channels to keep up with the latest on cybersecurity in Web3.
Secure everything you build, run and own in Web3 with Hypernative.
_logo%201.svg)