How to Make the Blockchain Attack “Blockable”
Mar 7 2022

In the past two years, we have observed a couple of security incidents in the DeFi ecosystem. Not surprisingly, there exist several cases of attacked contracts that have been audited by multiple companies [1]. Indeed, these cases suggest that though the contract audit can help, it cannot ensure that there are no vulnerabilities existing in the audited contracts.

We believe that besides the contract audit, there should exist a more proactive approach to mitigate the threats to the DeFi ecosystem. We have internally deliberated this idea in the past few months and developed a system to actively block the ongoing attacks, based on our deep insights of the DeFi world (See the findings and research of our team [2][3]). We have put the system in the alpha run since the middle of February.

On Mar 05 2022 04:35:19 PM (UTC time), our system monitored a pending attack (with the transaction hash 0xc161973ed0e43db78763aa178be311733d4ffb77948d824ed00443803d22739c), launched by the attacker (0xC711374BaC07Df9bB9dbAC596451517cEcBf0F0f). Our system immediately sent a transaction (0xf3bd801f5a75ec8177af654374f2901b5ad928abcc0a99432fb5a20981e7bbd1), and successfully blocked the attack. We then contacted the project and returned back the rescued token (0x31bff8989e9d627331435df9fed118f988b50bd1ab3b6056600ce86ccf0275ea) to their deployer account (0x67368f4c89dda2a82d12d3a703c32c35ff343bf6).

Though the number of rescued amount of token is not a big one (compared with the losses in many incidents), we believe it’s a right direction to secure the blockchain ecosystem. This concrete example just proves that it’s doable. Still we may face some technical challenges, e.g., how to increase the chance to block the attacks, and how to make this work for the PoS blockchain. Currently, we have some exciting and promising techniques being developed internally, which are rooted in our deep understanding of the blockchain ecosystem, especially security.

Stay tuned.

About BlockSec

The BlockSec Team focuses on the security of the blockchain ecosystem, and collaborates with leading DeFi projects to secure their products. The team is founded by top-notch security researchers and experienced experts from both academia and industry. The core founder of the team has been recognized as the Most Influential Scholar Award (Rank 4 from 2012–2021), in the field of security and privacy. They have published multiple blockchain security papers in prestigious conferences, reported several zero-day attacks of DeFi applications, and released detailed analysis reports of high impact security incidents.

Reference

[1] https://defiyield.app/rekt-database

[2] https://www.blocksec.com

[3] https://blocksecteam.medium.com

Sign up for the latest updates
#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability
Security Insights

#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability

This blog shows the vulnerability and attack caused by Incompatibility of commonly used modules.

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit
Security Insights

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit

On August 3, 2023, an MEV Bot on Arbitrum was attacked, resulting in $800K in loss. The root cause of this attack was **Insufficient User Input Verification**.

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks
Case Studies

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks

On April 9, 2023, SushiSwap became the target of an exploit due to an Unverified External Parameter. The total loss is about $3.3 million.

BlockSec uses cookies and other identifiers to analyze our traffic in accordance. We also share information about your use of our site with our analytics partners. By remaining on this website, you consent to our use of cookies and the Privacy Policy.