What makes a cryptocurrency investible? Obviously we can look at the traditional benchmarks: sensible value proposition, market opportunity, proven team, etc., but what about security and technical risk? If we were talking about a traditional software or Saas company, we would expect robust and multi-layered digital security protections including encryption, firewalls, antivirus software, and of course, scanning and runtime protections. Most projects in DeFi would respond to this question the same way: the blockchain is immutable and as far as we know, unhackable. This is apparently true, but it doesn’t mean that any of those projects are functionally “safe”.
Blockchains and the decentralized economy have been rightfully praised for bringing inclusion, immutability, and unparalleled network security to finance. However, the track record of consumer protection and transactional security has so far left a lot to be desired. Systems built around blockchains such as borrowing, generating passive income, staking, and NFTs can still be vulnerable to attack or exploitation.
Hacks are seen as “just a part of life”
This was the tweet from the Poly Network on August 10, confirming that more than $610 million was drained from their protocol, making this the largest known DeFi hack in history. By the time that the exploit was flagged, Poly was unfortunately unable to take intervening action to prevent the loss. The price of Poly Network (POLY) plummeted following news of the loss. It’s important to note that the exploit that led to this loss was carried out on 184 blocks on the blockchain, over roughly 40 minutes. Detecting the first suspicious transaction would have been key to mitigating the ultimate damage.
Over $1.2 billion in cryptocurrencies have been lost to hacks and exploits in 2021 so far. According to Poly, it took only a few hours to identify and completely patch the vulnerabilities that led to the attack described above. In common with the vast majority of major DeFi losses, the unfortunate events of August 10th were not the result of a major flaw in blockchain technology or a globally coordinated super-hack, but rather just some minor cracks in the systems that consumers use to interact with decentralized protocols.
The solution: build a Fort(a)?
Forta is a blockchain project that raised $23 in an oversubscribed Series A this summer, and last Monday debuted new features that significantly improve the agent developer and user experience. The mission of Forta is to fill in the gaps of runtime security for all protocols and applications beyond the immutability of the blockchain itself. Forta uses a network of “Agent” scripts that monitor smart contracts (programs stored on a blockchain) and protocols for hacks, unusual transactions, and other suspicious activity. Alerts are then provided to protocol operators, investors, and integrators in real-time, so measures can be taken to prevent and/or mitigate any damage.
Unfortunately, runtime security was not available to alert and mitigate hacks like those suffered by Poly Network, Indexed, and others - until now. Forta is now live and available for everyone.
What does it mean that Forta is now live?
The launch of the Forta app builds upon the successful beta testing that has been taking place since July, and introduces a wide suite of new features and quality of life improvements.
- Forta Explorer
The new Forta Explorer gives users, investors, and protocol owners the ability to easily find and subscribe to alerts for particular events or smart contracts, which will arrive in their email or Slack. ] These alerts give protocol development teams, investors, and integrators the ability to be immediately notified when the security alarms go off. In these mission critical situations, the Explorer gives users a crucial leg up in resolving issues before they become expensive problems.
- Forta Connect
Forta Connect is a self-service portal for agent developers to launch and manage their agents and alerts. Developers will be able to publish their agents pseudonymously and have the associated gas fees covered by Forta. Forta Connect also serves as an agent developer profile, which includes information about the agents a developer has already published and badges and awards given for their work.
- Private Alerts
Though Forta is a public infrastructure by default, there are circumstances that may be more sensitive than others. When detecting a particularly sensitive vulnerability or exploit, developers, and investors now have the option to keep it private and react to it before notifying their communities — or, inadvertently, a hacker.
Satoshi may be perfect, but as investors, developers, and fans of his idea of blockchain - we are not. The explosion of cryptocurrencies and smart contracts has provided opportunity for millions, but has also consistently proven that all of the non-Satoshi developers are neither perfect nor omniscient. Runtime smart contract security is not just a good idea, but vital to protecting digital assets and assuring fans new and old that the decentralized economy is a safe place for them to be.
Learn more about how Forta smart contract security could have prevented the Poly Network hack, and can help protect your investments in the future at Forta.org.