In the past two years, we have observed a couple of security incidents in the DeFi ecosystem. Not surprisingly, there exist several cases of attacked contracts that have been audited by multiple companies [1]. Indeed, these cases suggest that though the contract audit can help, it cannot ensure that there are no vulnerabilities existing in the audited contracts.
We believe that besides the contract audit, there should exist a more proactive approach to mitigate the threats to the DeFi ecosystem. We have internally deliberated this idea in the past few months and developed a system to actively block the ongoing attacks, based on our deep insights of the DeFi world (See the findings and research of our team [2][3]). We have put the system in the alpha run since the middle of February.
On Mar 05 2022 04:35:19 PM (UTC time), our system monitored a pending attack (with the transaction hash 0xc161973ed0e43db78763aa178be311733d4ffb77948d824ed00443803d22739c), launched by the attacker (0xC711374BaC07Df9bB9dbAC596451517cEcBf0F0f). Our system immediately sent a transaction (0xf3bd801f5a75ec8177af654374f2901b5ad928abcc0a99432fb5a20981e7bbd1), and successfully blocked the attack. We then contacted the project and returned back the rescued token (0x31bff8989e9d627331435df9fed118f988b50bd1ab3b6056600ce86ccf0275ea) to their deployer account (0x67368f4c89dda2a82d12d3a703c32c35ff343bf6).
Though the number of rescued amount of token is not a big one (compared with the losses in many incidents), we believe it’s a right direction to secure the blockchain ecosystem. This concrete example just proves that it’s doable. Still we may face some technical challenges, e.g., how to increase the chance to block the attacks, and how to make this work for the PoS blockchain. Currently, we have some exciting and promising techniques being developed internally, which are rooted in our deep understanding of the blockchain ecosystem, especially security.
Stay tuned.
About BlockSec
The BlockSec Team focuses on the security of the blockchain ecosystem, and collaborates with leading DeFi projects to secure their products. The team is founded by top-notch security researchers and experienced experts from both academia and industry. The core founder of the team has been recognized as the Most Influential Scholar Award (Rank 4 from 2012–2021), in the field of security and privacy. They have published multiple blockchain security papers in prestigious conferences, reported several zero-day attacks of DeFi applications, and released detailed analysis reports of high impact security incidents.
- Twitter: https://twitter.com/BlockSecTeam
- Medium: https://blocksecteam.medium.com
- Website: https://www.blocksecteam.com