Threat Stream
How It Works
The Threat Stream provides instant access to ongoing blockchain security incidents, highlighting key threats and suspicious activities. It provides a detailed overview of live threat data, keeping users informed about potential risks.
Key Components of the Feed
Threat Stream Overview
Feature | Description |
---|---|
Severity | Assigns a severity level to each threat, from informational to critical. |
TX Hash | Unique transaction hash associated with the threat for easy tracking. |
Threat Type | Type of security event, e.g., "Transfer to Malicious Entity" or "Suspicious Transaction." |
Category | Risk category of the threat: Financial, Governance, Security, Technical |
Details | Additional context, including transaction details, involved addresses, etc. |
Date | Timestamp indicating when the event occurred. |
Filtering Options
Filter Type | Purpose |
---|---|
Exploits-Specific | Isolate incidents related to exploit activities. |
Category | Sort by the nature of the event. |
Chain | Sort threats by the specific blockchain. |
Severity | Filter threats by severity level. |
Risk Categories
The Nefture platform monitors all on-chain activity for risks of the following categories:
Governance Threats
Monitoring governance is crucial for ensuring the integrity and security of DeFi protocols. This involves tracking key activities like protocol updates, network upgrades, DAO proposals, ownership changes, and multisig behavior. The primary objective is to provide real-time insights, enabling prompt responses to potential security risks and governance-related issues.
Risks in Governance Alerts
- Admin Role Changed: Triggered when an admin role is reassigned, this alert helps track who has access to critical functions and data, preventing unauthorized access.
- Access Role Granted/Revoked: Monitors changes in access roles within smart contracts. Sudden changes, especially to high-risk accounts, could indicate a security breach.
- Governance Proposal Created: Alerts you when a governance proposal is created, as these can be exploited by malicious actors.
- Governance Proposal Executed: Notifies you when a governance proposal is executed, marking the implementation of changes.
- Contract Owner Changed: Monitors changes in smart contract ownership, which can affect control over key parameters.
- MultiSig Owner Changed: Alerts you when there are changes in the ownership of a MultiSig wallet, which could impact the control of protocol assets.
- MultiSig Threshold Changed: Tracks changes in the threshold for MultiSig transactions, which can alter the security model of the wallet.
Technical
Risks associated with technical parameters, such as code vulnerabilities, upgrades, chain configurations, and potential exploits, are critical to monitor. These risks are divided into contract-level and blockchain-level concerns. At the contract level, it's essential to track the activation of privileged functions, like pausing operations, as well as any changes to contract functionality through upgrades or modifications, which can introduce new vulnerabilities or alter the security posture.
Key Technical Alerts
- Implementation Update: Occurs when new code is deployed to a contract, often via a proxy upgrade or governance proposal. This event can significantly impact the contract's functionality and is critical to monitor for potential vulnerabilities. Tracks modifications to contract functionality, such as upgrades or amendments. Changes at this level can introduce new vulnerabilities or alter the contract’s security posture.
- Contract Paused/Unpaused: Alerts when a contract's operational status changes, such as when it is paused or resumed. This indicates shifts in the contract’s functionality that could impact its availability or security.
Security Threats
Monitoring security threats is essential for identifying and responding to malicious activities on the blockchain.
Key Security Alerts
- Suspicious Contract Deployed: Flags newly deployed contracts with potential malicious intent based on bytecode analysis, deployer authenticity, and other risk factors.
- Pre-attack detection: detecting an attack in its initial stages, prior to exploitation, such as attacker’s contracts
- Real-time exploit detection: Alerts you to abnormal transactions flagged by our ML model, often indicating an ongoing exploit.
- Address Blacklisted: Alerts you when an address is blacklisted by entities like Circle or Tether, indicating suspicious behavior. Interaction with OFAC-sanctioned, blacklisted addresses, or mixers
- Contract Reinitialized: Notifies you when a contract is reinitialized, urging a review of changes to ensure security.
Financial Threats
Financial threat monitoring helps mitigate risks like stable coin depegging, changes in pool compositions, token supply changes, address blacklisting, large withdrawals, funds transferred to mixers and more.
Key Financial Alerts
- DeFi Risks: Tracks risks related to pool compositions, liquidity, and concentration in DeFi protocols.
- Funds Transfer to Mixer: Tracks funds being transferred to mixing services, often a sign of post-exploit activity.
- Lending Protocol Risks: Monitors risks in lending protocols, such as position health and borrow rates.
- Stablecoin Risks: Tracks risks related to stablecoins, such as depegging.
- Token-Related Risks: Monitors risks such as token concentration, supply changes, and unusual transfers.
Updated about 2 months ago