[RFC] - Implement Chainalysis and Hypernative Real-Time Monitoring and Incident Response plan for Ajna’s Smart Contracts
Summary (TL;DR)
This proposal suggests adopting a combined offering of Hypernative and Chainalysis Incident Response to enhance Ajna’s protection against potential hacks or exploits. This initiative benefits Ajna users by safeguarding their funds from potential exploits on Ajna contracts and reducing potential losses in the event of an incident.
Hypernative, the leading web 3 security standard for threat prevention and real time monitoring, will provide real-time alerts on exploits that pose threats to Ajna contracts, enabling rapid communication and response to such threats. This capability will empower users to react in real-time to exploits and automatically withdraw their positions. After a hack commences, investigative response time becomes the most critical factor in asset recovery. Chainalysis Incident Response (CIR), the leading crypto asset recovery solution, is an important security measure to have in place to protect Ajna in the event of a hack.
References - Chainalysis
● Website: Chainalysis Professional Crypto Investigations & Special Programs 1
● Customer Stories / Customer References:
- Blog post on the Axie Infinity Hack & Successful Asset Recovery: “$30 Million
Seized: How the Crypto Community Is Making It Difficult for North Korean
Hackers To Profit” 1 - Twitter Post from Morpho: “Morpho Labs has partnered up with Chainalysis to
strengthen the Incident Response Plan for Morpho protocol!” - Twitter Post from Algorand: “We have engaged Chainalysis to help trace
compromised wallet transfers and freeze funds if they are deposited in an
exchange that integrates with and acts upon Chainalysis data.”
● Source Data: - Chainalysis: The Chainalysis 2023 Crypto Crime Report, including original data
and research into cryptocurrency-based crime. - Security Intelligence: Cryptocurrency-Related Crime Boomed in 2022
- Sharedum: Top 10 DeFi Hacks You Should Know in 2023
- Cointelegraph: DeFi exploits and access control hacks cost crypto investors
billions in 2022: Report
References - Hypernative
- Website: www.hypernative.io
- Customer Stories / Customer References:
- x.com
- x.com
- x.com
- 15/04/23 Hundred Finance Hack Post-Mortem | by TerraBellus | Hundred Finance
- BonqDAO report of the attack on the Bonq protocol on February 1,… — Bonq DAO
- x.com
- x.com
- x.com
- x.com
- x.com
- He stole $200 million. He gave it back. Now, the hacker is explaining why
Main Objective
Context: Hackers are stealing more cryptocurrency from DeFi platforms than ever before. In last year’s “Crypto Crime Report,” Chainalysis detailed how DeFi protocols in 2021 became the primary target of crypto hackers. That trend intensified in 2022 and is expected to continue. By the numbers, 2022 was the biggest year ever for crypto hacking, with $3.8B stolen, primarily from DeFi protocols and by North Korea-linked attackers. DeFi protocols as victims accounted for 82.1% of all cryptocurrency stolen by hackers in 2022 — a total of $3.1 billion — up from 73.3% in 2021. As a result, it has become a top priority for DeFi projects to have protection in place above smart contract audits.
Motivation: The adoption of the combined offering of Hypernative and Chainalysis aims to enhance the security of the Ajna protocol by providing real-time alerts to the community in the event of an attack and ensuring a swift response to exploit incidents. Real-time alerts enable users to respond promptly and automatically to attempted attacks, significantly minimizing the potential for losses. Swift response time is critical for successful asset recovery, as it increases the chance of controlling and reclaiming funds before they are irretrievably lost, such as being transferred to fiat off-ramps or sanctioned exchanges. By adopting the combined offering of Chainalysis CIR and Hypernative, Ajna gains access to a team comprising Chainalysis’ and Hypernative’s professional investigators, cybersecurity experts, and data engineers. This team stands ready to respond immediately in the event of a hack or exploit, thereby enhancing the likelihood of fund recovery. Chainalysis has played a pivotal role in recovering over $11B in stolen funds through their investigations and supported initiatives. Meanwhile, Hypernative successfully saved the entire position for one of its customers in the recent Abracadabra attack, which took place on January 30th, 2024, thanks to accurate and prompt detection and automated actions triggered by the Hypernative system. Today, Hypernative safeguards the funds and digital assets of leading industry players, including Balancer, Circle, Starknet, Zetachain, Linea (Consensys), Galaxy Digital, OlympusDAO, Radiant, Alchemix, Karpatkey DAO, among others.
Scope of Work
- Monitoring & Alerts - setup and configure the Hypernative system
Objective: Provide a robust monitoring and alert system to assess smart contracts
and on-chain holdings for potential security threats or anomalies.
Tasks:
A. Protocol Security
- Reviewing security framework and response procedure, assigning a contact person for various events
- Set standard operational procedure (response & contact points) on the category of events and time-sensitivity for any security or operational case.
- Provide ongoing monitoring and promptly relay alerts to designated client contacts.
- Understand and create post-incident measures.
- Automatically notify Chainalysis to label attacker wallets and track stolen funds.
2. Protocol Security Alerts
- Leverage Hypernative zero-day detection modules to detect threats and alerts in real-time on security incidents related to or directed at Ajna Protocol contracts.
- Alert and warn the community in real-time regarding anomalies and threats and allow users to automatically withdraw their positions.
- Hypernative enables users to create custom monitors, allowing them to set up alerts for specific wallets, whales, events, contract calls, and more. This customization feature empowers users to tailor their monitoring according to their specific requirements.
2. Bridges, and related Tokens
-
Bridge Security Monitoring
- Provide security alerts related to bridge security incidents and risks
-
Related Token Monitoring
- Monitor tokens dependent on or related to Ajna for anomalies, market economic conditions, security, holdings concentration, and supply changes (mints/burns)
3. Phishing and Scamming Detection
- On-chain detection
- Detect phishing campaigns targeted at AJNA token holders and provide alerts to warn the community
4. Participants Monitoring
-
Monitor suspicious users
- Monitor large transfers or movements of funds from participants in the protocol
-
Monitor suspicious or illicit activity or illicit funds holdings for protocol participants
- Monitor blacklisted addresses
- Monitor addresses from OFAC lists or that were part of a hack/exploit/fraud
5. Protocol Operations Monitoring
-
Monitor protocol treasury and wallets
- Monitor large transfers or movements of funds from protocol treasury
- Monitor protocol multi-sig wallets for anomalies and suspicious transactions
- Monitor large transfers or movements of funds from protocol treasury
-
Monitor protocol-defined parameters/invariants
- Monitor specific invariants, functions, and events as specified by the Ajna team
6. OpSec Guidelines
Objective: To lead a Web3-specific discussion that ensures the client’s operational
security is at its highest standard.
Tasks: a) Conduct an operational security discussion specific to Web3 threat vectors and assets at risk. b) Create a report detailing potential vulnerabilities, risks, and recommendations of how to improve Web3 specific Operational Security. c) Support the OpSec through quarterly reports of emerging threats and trends and immediate communication of urgent or imminent risks in the market that may be applicable. *Note: This OpSec review is not intended for the complete technology stack. It is specifically focused on wallets/vaults, access points, community engagement and external social communication.
7. Emergency Response Plan
Objective: To help establish a well-defined and actionable crisis management plan to handle potential security breaches or threats.
Tasks: a) Develop an external communication strategy to inform stakeholders,
partners, and users, ensuring accurate information dissemination. b) Create an internal communication protocol to ensure immediate and cohesive action across the team. c) Outline a technical response procedure to identify, isolate, and mitigate threats in real-time.
8. Incident Response
Objective: To provide swift action in the event of a security incident, ensuring minimal damage and maximum recovery potential.
Tasks: a) Trace and attribute unauthorized or suspicious transactions to their source. b) Engage with involved platforms, exchanges, or Web3 entities to assist in obtaining a temporary freeze on suspect funds. c) Provide detailed reports of incidents to assist in legal or organizational action.
9. Recovery Support
Objective: To assist clients in the aftermath of a security incident in the fund recovery process.
Tasks: a) Offer digital forensics services to understand the depth and source of the breach. b) Provide malware disassembly, identifying potential threats and ensuring their removal. c) Aid in the asset recovery process, leveraging relationships with platforms and exchanges. d) Provide recommendations and guidance on post-incident best practices to prevent recurrence.
Specification
The request is to approve a $48K budget expenditure for 12 months, approved and released by the DAO contributors.
It includes up to 100 hours of investigative work and support for any hacks or incidents that occur in the covered 12 month period. Approval of this grant shall begin the onboarding process for CIR and Hypernative, and transfer of payment for 12 months of coverage.