This article sheds light on the critical security challenges facing Web3, and provides an overview of how Forta is addressing these issues, as presented by Head of Ecosystem Andrew Beal.
🎙️@FortaNetwork is building the largest network of security intel in Web3.
— Token Terminal (@tokenterminal) December 4, 2023
⚠️Problem:
- $1.5B was lost to smart contract exploits in '23
- $1B was lost to onchain scams in '23
✅Solution:
A network that...
- Identifies & broadcasts smart contract exploits in real-time to… pic.twitter.com/RXCPBneAjg
The below transcript has been edited for clarity.
The security problems facing Web3
Web3 today faces two predominant security threats. Firstly, the prevalence of smart contract exploits is alarming. Secondly, the increasing number of scams directly targets end users. Both scenarios adversely affect users: smart contract breaches often result in the theft of user funds, while scams exploit users directly. Economically speaking, in 2023, around $1.5 billion has been lost to smart contract exploits and another $1 billion to scams.
Root causes of Web3 vulnerabilities
Understanding why Web3 is susceptible to such exploits and scams is crucial. Smart contracts, being code, inherently cannot be entirely foolproof, making security a challenging endeavor. Surprisingly, many teams, akin to startups, focus more on growth than security, often lacking full-time security experts. Their approach usually stops at obtaining an audit and establishing a bug bounty program, which repeatedly proves to be insufficient.
As for scams, they thrive partly due to the inexperience of many users in navigating the crypto and Web3 landscape. Additionally, wallets and exchanges frequently fall short in warning users about potential risks. Thus, the responsibility should not lie solely with the users; service providers must also play a proactive role in safeguarding them.
Forta's approach to solving Web3's security problems
Forta Network acts as a comprehensive monitoring system, akin to a vast array of security cameras and alarms, vigilantly scanning on-chain activities for any signs of exploits, scams, or other suspicious activities. In the realm of smart contract exploits, our objective is to detect attacks in real-time and promptly alert the community to either prevent or swiftly respond to these incidents. Regarding scams, our focus is on early detection, enabling wallets and teams to shield end users from harmful interactions.
Our detection methodology for both exploits and scams involves a blend of heuristics and machine learning, identifying on-chain patterns typically associated with threats. Upon detecting dubious on-chain activity, the Forta Network issues real-time alerts and labels the entities involved in the suspicious behavior. These labels, stored in Forta’s database and accessible via our GraphQL API, offer valuable intelligence for various entities like DeFi protocols, Web3 wallets, compliance companies, centralized exchanges, custodians, and even law enforcement agencies, aiding in the fight against money laundering.
The FORT token
The FORTA network, being decentralized, relies heavily on the FORT token, a utility token that is vital for both network security and economics. Node operators, responsible for running the 'security cameras' (bots), must stake FORT tokens to ensure honest operation, with the stake acting as a deterrent against malicious activities. Delegators can also stake tokens on node pools to bolster security and earn rewards. Additionally, bot development is open to any developer, who must also stake on their bots to signify quality. Lastly, token holders are instrumental in network governance, using their FORT tokens to vote on proposals.
For more insights into Forta's role in enhancing Web3 security, visit us at forta.org.
Andrew on X (Twitter): https://twitter.com/ajbeal
Forta on X (Twitter): https://twitter.com/FortaNetwork
The authors of this content, or members, affiliates, or stakeholders of Token Terminal may be participating or are invested in protocols or tokens mentioned herein. The foregoing statement acts as a disclosure of potential conflicts of interest and is not a recommendation to purchase or invest in any token or participate in any protocol. Token Terminal does not recommend any particular course of action in relation to any token or protocol. The content herein is meant purely for educational and informational purposes only, and should not be relied upon as financial, investment, legal, tax or any other professional or other advice. None of the content and information herein is presented to induce or to attempt to induce any reader or other person to buy, sell or hold any token or participate in any protocol or enter into, or offer to enter into, any agreement for or with a view to buying or selling any token or participating in any protocol. Statements made herein (including statements of opinion, if any) are wholly generic and not tailored to take into account the personal needs and unique circumstances of any reader or any other person. Readers are strongly urged to exercise caution and have regard to their own personal needs and circumstances before making any decision to buy or sell any token or participate in any protocol. Observations and views expressed herein may be changed by Token Terminal at any time without notice. Token Terminal accepts no liability whatsoever for any losses or liabilities arising from the use of or reliance on any of this content.
Stay in the loop
Join our mailing list to get the latest insights!
Continue reading
- Token Terminal Partners with Firstset
Token Terminal Partners with Firstset
Together, Token Terminal and Firstset (“TT x 1S”) provide blockchain networks—both emerging and established—with a comprehensive validator solution that goes beyond traditional validation services. By partnering with TT x 1S, a network gets access to enterprise-level validation services, institutional-grade onchain analytics, and a Wall Street distribution—-from testnet to mainnet and beyond.
- Announcing Our Engineering Blog Series: ‘How We Build’ by the Token Terminal Engineering Team
Announcing Our Engineering Blog Series: ‘How We Build’ by the Token Terminal Engineering Team
We’re excited to launch our new blog series, ‘How We Build,’ where our engineering team takes you behind the scenes to reveal how we run a scalable and reliable blockchain data pipeline—the core infrastructure powering all of Token Terminal’s products. From managing in-house node infrastructure across 40+ blockchains to maintaining a 400TB data warehouse.
- No history, no trust: why full nodes alone aren’t enough
No history, no trust: why full nodes alone aren’t enough
Archival nodes are vital for maintaining the full history of a blockchain. They ensure that anyone can access past data for in-depth analytics or audits. Without archival nodes, it becomes difficult to verify historical transactions or trace the complete history of smart contracts—undermining the very principles that make blockchains so powerful.