These days, crypto projects are extremely attractive to hackers. Many hold considerable sums of money while defense systems are still being developed. Unfortunately, even an audit from a respected company can’t guarantee that a project won’t be hacked. This is why it’s especially important to preemptively consider the actions required to control the damages if an attack has already happened. The sooner you act, the more users’ finances you can save. This crypto project security guide emphasizes strategies for early detection and recovery, ensuring that your project does not get hacked.
Crypto project security: Importance of early detection
Preparation for a potential attack starts in the code development stage. Preparing a failsafe is vital; here, you have to have the option to stop all the protocol’s operations.
It often happens that during an attack, only a part of the available funds are extracted. With such mechanisms, a protocol is put on hold during an attack. This can potentially help protect the remaining assets; after the attack, there would be time to rebuild the project. Mechanisms have to be put in place in a way that doesn’t compromise the decentralization of the project. Otherwise, the option of both pausing and extracting the money from the protocol opens up possibilities for a rug pull.
Many tokens have an option for blacklisting. If a hacker fails to extract the money in time, there’s a possibility to block their funds. That has happened more than once during previous attacks. For instance, USDT blocked a hacker’s account, preventing them from spending the stolen USDTs.
That’s why systems for project monitoring are vital. The most well-known crypto project attack in history became known to the owners of the Ronin protocol only six days later. They were informed by a user who failed to withdraw funds from the protocol. This time was more than enough for the hackers to cover up all the traces of the attack.
Another example, this time a positive one, illustrates a timely reaction to an attack. After the PolyNetwork attack, $30 million in tether was blocked, and the hacker’s address was blacklisted a few minutes before they managed to withdraw the funds through the Curve protocol.
Signs of exploit
So, how do you spot an attack? Attacks can be of various natures but are usually accompanied by movements of large amounts of money through a protocol’s smart contracts. This is why any unusual activity like money transfers or just a large number of transfers immediately falls under suspicion.
The most popular type of attack is price manipulation. These attacks usually involve flash loans and result in multiple token transfers to inflate the price of a particular token and then use it to hack a protocol. Another popular attack method is reentrancy. This type of attack also involves multiple operations within a single transaction. Still, its main defining feature is the fact that the same contract is called several times within a single transaction.
Too often, hackers send their transactions with a high gas fee. This is why any complex transaction with an extremely high gas fee is always a red flag.
Indirect signs of an attack involve a drop in TVL, a change in the price of one of the project’s assets, and withdrawals from wallets and treasury contracts.
How to establish communication with a hacker
Attempting to communicate with the hacker is another efficient way of returning the funds extracted from the protocol. In the best-case scenario, the attack has been conducted by a white hacker. In this situation, the hacker will likely contact the project owners. Usually, white hackers return the funds, keeping a small portion to themselves as a bounty. In return, the project representatives have to guarantee that they won’t pursue the hacker. Considering the average amount of money stolen during an attack, most hackers are very satisfied with such an outcome.
To contact the hacker most projects address them via their social media and on-chain messages. On-chain messages allow a small amount of tokens to be transferred, along with additional text.
Hacker’s deanonymization
After an attack, any hacker’s main goal is to extract the stolen funds anonymously. To cover their tracks, hackers use mixers, bridges, and other means. At the same time, if a hacker makes an error and is deanonymized, it’s entirely possible to track them down and either hold them accountable or arrange the return of the funds.
An example of that is communication with the hacker who performed the biggest attack in the history of smart contracts – the Poly Network attack we mentioned previously. There was no sign of the hacker immediately after the attack. But after the hacker extracted a portion of the money to their traceable wallet that was used on one of the exchanges, they had no other option but to begin returning the funds.
After a successful attack, the hacker didn’t react to any offers motivating them to return the money. However, a tweet by the account belonging to @wardbradt suggested that the hacker had used an address for withdrawing that had the potential to reveal their identity.
After the tweet, the hacker became more inclined to communicate. At first, they stated that it was possible to return part of the stolen funds. Later, the hacker agreed to return all the money.
This example illustrates how deanonymizing a hacker helps to return the funds.
External monitoring services
Attack monitoring can also be used to prevent attacks that are actively developing. Here’s how some of them work. The monitoring system follows the transactions deployed to the chain and analyzes them. If an attack is detected, the system sends a front-run transaction to pause the protocol. The said transaction is sent with a higher gas fee to pause the protocol before the attack happens. As a result, the attack transaction fails.
Crypto project security checklist
- Make sure that your code is well-tested and audited by a reputable security company to minimize the possibility of a hack.
- Develop a plan for pausing the protocol in case of a hack.
- Set up a bug bounty program for white hackers.
- Set a monitoring system to detect any suspicious transactions. The better option is to use external services that monitor your protocol. If a hack is detected, the protocol is paused by a front-run transaction that prevents the attack from succeeding.
- Prepare a list of contacts for security companies who can help to trace stolen funds and deanonymize the hacker.
Contingency is key to crypto project security
A protocol’s security doesn’t mean just writing a correct code, thoroughly testing, completing an audit, and organizing bug bounties. All that, while lowering the risks of an attack, doesn’t give you a 100% guarantee that your crypto project is secure.
This is why contingency plans have to be developed along with the protocol development. You must know in advance the sequence of actions that will be taken in case of an attack. A contingency plan helps avoid losing precious time and possibly save the stolen money.
Frequently asked questions
When do you need to prepare for an attack?
What types of communication with hackers exist?
How can an ongoing attack be prevented?
About the author
Gleb Zykov started his career as a software developer in a research institute, where he honed his technical and programming skills in the development of various robots for the Russian Ministry of Emergency Situations. He then brought his expertise to the IT services company GTC-Soft, where he designed Android applications and became the lead developer and CTO.
At GTC, Gleb led the development of several vehicle monitoring services and a premium taxi service similar to Uber. In 2017, Gleb co-founded HashEx, an international blockchain auditing and consulting company. As the CTO, he heads the development of blockchain solutions and smart contract audits for the company’s clients.
Disclaimer
In line with the Trust Project guidelines, the educational content on this website is offered in good faith and for general information purposes only. BeInCrypto prioritizes providing high-quality information, taking the time to research and create informative content for readers. While partners may reward the company with commissions for placements in articles, these commissions do not influence the unbiased, honest, and helpful content creation process. Any action taken by the reader based on this information is strictly at their own risk. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.