Forta is the largest network of security intel in Web3. The decentralized Forta Network leverages machine learning and a community of security researchers to detect exploits, scams and other threats.
The first half of 2024 saw a surge in malicious onchain activities, ranging from scams to sophisticated hacks. According to data from the Forta-powered site dirtyblocks.com, July alone saw scam transactions in 99% of Ethereum blocks, constituting around 10% of all transactions. This alarming trend, coupled with reported losses totaling $750 million in Q1 and Q2, underscores the persistent threat posed by malicious actors in the blockchain ecosystem.
However, amidst these challenges, there is a light at the end of the tunnel in the form of Forta’s Attack Detector. Throughout Q1 & Q2 2024, Forta successfully identified and alerted stakeholders to 43 potential attacks before any funds were compromised, which could have potentially prevented up to $118 million in damages.
A critical metric, “time to detection,” highlights Forta’s ability to preemptively identify threats at an average of 950 seconds (more than 15 minutes) before an exploitation occurs. In several instances, the Attack Detector flagged malicious activities well in advance, not only pinpointing the specific exploit but also tracing back to suspicious behaviors by the attacker. This ability is crucial, as even a few moments of advance notice can enable protocols to enact automated incident responses, thwarting attackers before funds are lost.
Examination of attack vectors reveal that oracle manipulation, reward manipulation, and insufficient access controls constitute the most prevalent exploit categories, accounting for approximately 50% of all detected breaches. Further analysis reveals that a significant portion of attacker funding originates from platforms like TornadoCash, contributing 44% of illicit funds, followed by ChangeNow at 14% and fixed float services at 7%. The remaining 35% stems from various sources, including Railgun, SWFT swap, Layerswap, and fraudulent KYC processes on centralized exchanges.
These findings underscore the critical need for robust security measures and continuous monitoring within the blockchain ecosystem. The following 15 incidents, all detected by the Forta Attack Detector ahead of exploitation, underscore monitoring’s pivotal role in fortifying blockchain security and illustrate the capacity for effectiveness in proactive threat detection.
In January 2024, Gamma protocol suffered a $6.3 million exploit due to a critical vulnerability in its liquidity pool. The attacker exploited a flaw in the protocol’s price update mechanism, allowing them to manipulate asset prices within the pool. This manipulation enabled the attacker to drain funds by executing trades at artificially favorable rates, resulting in substantial financial losses for the protocol. Forta’s Attack Detector flagged the suspicious activity during the exploitation phase. Had immediate action been taken based on Forta’s alert, 71% of the funds could have been saved.
In January 2024, Abracadabra Money protocol, known for its MIM (Magic Internet Money) stablecoin, was exploited for $6.5 million due to a critical vulnerability in one of its smart contracts. The attacker took advantage of a flaw in the protocol’s collateralization mechanism, by manipulating the parameters, they were able to withdraw significantly more funds than they had deposited as collateral. Forta’s Attack Detector alerted right after the first malicious transaction, indicating that 44% of the funds could have been saved if immediate action had been taken.
In February 2024, the Miner project experienced a major exploit, resulting in a $466,000 loss. The attacker exploited a vulnerability in the contract’s reward distribution mechanism, enabling them to manipulate the system and drain funds. Once again, this incident was flagged by Forta’s Attack Detector.
In March 2024, Woo Finance experienced a severe security breach, resulting in a loss of $8.75 million due to a critical vulnerability in its smart contract. The breach exploited weaknesses in the contract’s authorization checks and transaction validation processes, allowing the attacker to bypass security measures and siphon funds. Forta’s Attack Detector alerted immediately after the first transaction, providing a crucial early warning that could have prevented further losses. If immediate action had been taken based on Forta’s alert, two-thirds of the funds could have been saved.
In March 2024, Polyhedra Network faced a wallet access vulnerability that resulted in the theft of $1.4 million. The attacker exploited a flaw that allowed unauthorized access to user wallets, leading to significant losses. Forta’s Attack Detector flagged the attacker 9 minutes before the exploit transaction, allowing for the potential of manual and automated intervention.
In March 2024, Polyhedra Network faced a wallet access vulnerability that resulted in the theft of $1.4 million. The attacker exploited a flaw that allowed unauthorized access to user wallets, leading to significant losses. Again, Forta’s Attack Detector flagged the attacker 9 minutes before the exploit transaction, allowing for the potential of manual and automated intervention.
In March 2024, a critical incident affected the Curio protocol, resulting in a loss of approximately $16 million. Forta’s Attack Detector flagged the attack 660 seconds in advance. The exploit targeted a weakness in the protocol’s access control mechanisms. Although the malicious activity was not immediately detected, Forta’s high-precision ML model identified suspicious behavior, allowing for timely intervention.
In March 2024, Lava Lending was exploited via a flash loan attack, resulting in the theft of $340,000 worth of crypto. The attacker manipulated the protocol by borrowing a large sum, quickly executing a series of transactions to exploit the system, and then repaying the loan, pocketing the profits. Once again, this incident was flagged by Forta’s Attack Detector in advance of exploitation.
In March 2024, PrismaFi was targeted in a notable attack, resulting in an $11 million loss for the protocol. Forta’s Attack Detector flagged the attacker 92 seconds before the exploit transaction, allowing for the potential of manual and automated intervention.
In April 2024, Open Leverage suffered an exploit resulting in the loss of $350,000. The attacker exploited a vulnerability in the protocol’s price oracle, allowing them to manipulate the price data and execute profitable trades at the expense of the platform. Forta flagged the address 13 seconds before the contract was invoked.
In April 2024, Hedgey Finance fell victim to a significant attack that resulted in a loss of approximately $44 million. The exploit leveraged a vulnerability in the contract’s handling of user rewards. Forta’s Attack Detector flagged this attack 43 seconds before it could be executed, allowing for potential automated intervention.
In April 2024, Pike Finance experienced a severe exploit that resulted in a loss of approximately $1.6 million. The attacker managed to exploit vulnerabilities across three different chains: Optimism, Arbitrum, and Ethereum Mainnet. Forta’s Attack Detector flagged the exploit on all three chains (Optimism, Arbitrum, Ethereum) allowing for potential intervention that could have saved the funds.
In May 2024, Galaxy Fox Token was exploited, resulting in a loss of $330,000. The attacker exploited a vulnerability in the token’s smart contract that allowed for unauthorized minting of tokens. By taking advantage of this flaw, the attacker created a large number of tokens and then sold them, draining the funds from the token’s liquidity pool. Again, this was previously flagged by the attack detector.
In May 2024, MetaDragon suffered a significant exploit when a hacker targeted the META NFT contract. The attacker converted NFTs in their wallet into META tokens and sold them, resulting in substantial losses. Forta’s Attack Detector flagged the suspicious activity early, with a detection time of approximately 117 seconds before the exploit transaction.
In May 2024, Forta detected a hack on Uwu Lend where the the attacker drained $20 million by exploiting vulnerabilities in the oracle system. Forta identified the threat days earlier when the attacker was funded by Tornado Cash and deployed a suspicious smart contract. After the initial drain, the same attacker exploited Uwu Lend again for $3.7 million. Following the previous large attack on Uwu Lend, Forta’s early warning again underscores the need for continuous monitoring and rapid response mechanisms.
Reflecting on the cybersecurity landscape of 2024, it’s clear that a proactive approach and advanced monitoring tools are crucial for preventing significant financial losses in the Web3 space. To this end, Forta’s Attack Detector has demonstrated its effectiveness again and again in identifying and alerting potential threats, allowing for the potential of timely intervention.
To safeguard your smart contracts and digital assets, consider subscribing to Forta’s Attack Detector. To take your protocol’s cybersecurity to a new level and implement automation incident response, just integrate Forta’s Attack Detector with OpenZeppelin Defender or Hacken Extractor to create a comprehensive defense strategy. When combined with Forta and Defender/Hacken Extractor adds an additional layer of proactive defense, ensuring a thorough approach to identifying and mitigating risks.
Subscribe to Forta’s Attack Detector today and take a proactive step towards securing your project’s future.