By: Victor Fang, CEO & Co-founder, AnChain.AI
We developed Web3SOC, Security Operations Center to Safeguard Web3 Digital Assets. This systematic framework aims to solve the essential problem in the Web3 security industry, by significantly improving MTTD, MTTR key metrics, attack surface threat modeling, and security maturity for all Web3 digital asset businesses.
None of my old friends in the cybersecurity industry believed it when I presented them our Web3 Risk 2022 Annual Report: the Web3 industry suffered astonishing $4 Billion losses last year.
While at Stanford SBC 2022, the gravity of the situation couldn’t have been clearer. I spoke to dozens of Web3 businesses ranging from DeFi to NFT projects to exchanges and beyond. What I heard was a resounding alarm, each of them was scrambling to take action against the hacks and exploits that have plagued blockchains and Web3 for years. But with most of their security budgets focused on smart contract auditing, monitoring, and blockchain investigation, what else could they do?
It’s well known that 2022’s biggest hack cost the Ronin blockchain team $620 Million. However, what is rarely discussed is that it took them 5 days to detect (Time to Detect) the hack, and a further 3 months to remediate (Time to Remediate) the vulnerabilities before finally resuming operations.
Our threat research team analyzed the top Web3 hacks and identified the key metrics that are often considered “cliche” in the cybersecurity industry:
Our research reveals several intriguing insights.
On average, each major Web3 hack costs $198 Million dollars. Your gut feeling is right, Web3 hacking is lucrative, and many can be traced back to Nation State APT groups.
The MTTD in Web3 hacks is around 7 days!
In layman’s terms: on average, it takes approximately one week for a Web3 team to realize they have been hacked!
In traditional cybersecurity, the ideal MTTR time is 5 hours or less for best practice.
There is a huge gap to improve the efficiency of human analysts in Web3.
The MTTR in Web3 hacks is around 30 days! It takes almost ONE MONTH to respond and remediate the hack, including fixing the vulnerabilities in smart contracts, multi-sig, and even Amazon KMS, before resuming normal operation.
To make matters worse, fixing decentralized systems tends to be harder than centralized systems due to the complexity of the attack surfaces, interoperability, openness, transparency, and more.
If more than a month of downtime wasn’t bad enough, such a lengthy MTTR undoubtedly results in a drastically reduced ability to recover stolen funds.
Why wouldn’t existing SOC / SOAR / SIEM systems seamlessly enable Web3 as they have traditional enterprise?
Web3 has a more complex attack surface than traditional cybersecurity!
Web3 Decentralized Apps are built on top of Blockchains and smart contracts, but we can’t forget that they also rely on Web2:
Orchestrating a systematic defense of these attack surfaces could be a challenge and requires a new level of security maturity in Web3 teams.
Web3SOC – Security Operations Center to Safeguard Your Web3 Digital Assets.
For the past 4 years, the AnChain.AI team has been at the forefront of high-profile Web3 incident response, anti-money laundering cryptocurrency tracing, smart contract security auditing, and more. Our team has distilled the extensive experience we’ve gained from the frontlines into our latest innovation aiming to solve one of the core Web3 security problems:
A systematic workflow platform to enable Web3 teams’ human analysts to improve their MTTD and MTTR maturity by 10X, as shown in early pilots.
For instance, at the time of the pGala incident on Binance BNB Pancakes Swap, which was a mirrored token of Ethereum Gala Games token, our EVM event listener detected the transaction in the Mempool, [What is Mempool? ], within a few seconds, not days.
If they had been using Web3SOC, they would have been able to take action and potentially save $4 million dollars and reputational damage!
Unlike traditional SOCs that concentrate primarily on centralized IT infrastructure, Web3SOC is designed to monitor, detect, and collaboratively respond to security incidents across various decentralized systems and platforms, covering the Web3 attack surface.
Learned from my previous tenure at Mandiant and from other cybersecurity leaders, it’s critical not to try to reinvent the wheel. Our Web3SOC is built on a strong foundation, the 5-step NIST Cybersecurity Framework, extending its support to the Web3 attack surface domain knowledge.
In the next blog, we will do a deep dive into how the AnChain.AI Web3SOC platform could have “prevented” the past Web3 attack, with more details.
Thanks for making it that far, you deserve a freshly minted joke 🍬 by ChatGPT:
“Why did the web3 hacker become an artist?
They found it easier to “draw” from other people’s crypto wallets than their own imagination!”
Special thanks to my long-time friend, Richard Seiersen who inspired me to measure anything in cybersecurity risks. Kudos to my AnChain.AI team, Philip Werlau, Lina Self, and Reynaldo, for leading the research efforts.