Forta is the largest network of security intel in Web3. The decentralized Forta Network leverages machine learning and a community of security researchers to detect exploits, scams and other threats.
As another year comes to a close, it’s always useful to reflect on the progress over the last 12 months. For the Forta Community, 2023 was a full year of research, product development, community collaboration, growth, and learnings. Here’s a short recap of the last year in the Forta Network.
Exploit Detection
Exploit detection remains a key focus of the Forta Community, culminating in November’s release of Attack Detector 2.0 in collaboration with BlockSec, Nethermind and the Forta Foundation. The Attack Detector 2.0 leverages machine learning and dozens of detection bots built by Forta community researchers to monitor on-chain activity for early signs of an exploit. As for performance metrics, the Attack Detector 2.0 detected 75% of attacks in October, 42% of these exploits were detected in advance, before any funds were stolen (meaning there was an opportunity for intervention). An extensive list of high profile attacks detected by the Attack Detector can be found here.
These statistics prove that a meaningful number of attacks can be detected in advance. If security is a priority for projects, real-time threat detection is a necessary component of any project’s incident response protocol. This also serves as a reminder that detection by itself isn’t sufficient. Detection is not prevention, to prevent hacks, projects (protocols and bridges) need to invest in more automated prevention mechanisms that take advantage of Forta’s early detection.
The Attack Detector 2.0 is available via a $399 monthly subscription in the Forta App, providing the Web3 community with an accessible and affordable option for such an essential tool. Additionally, the Attack Detector has been integrated into OpenZeppelin’s Defender 2.0 platform, which allows protocols to configure Attack Detector alerts to work with an incident response workflow that can automatically fire functions like pausing contracts. Looking ahead to 2024, Forta expects more experimentation with automated prevention mechanisms.
Detecting and Preventing Scams
The Forta Network’s other major release in 2023 was the launch of the Scam Detector in partnership with BlockSec, ChainPatrol, Nethermind, and Forta community developers. The Scam Detector monitors on-chain activity for scams and other end-user threats, labeling the addresses, URLs, social media handles, and contracts involved so they can be identified in the future.
The Scam Detector has proven valuable to Web3 wallets in the transaction screening process, as well as to compliance companies working on anti-money laundering and investigations. Notable users of the Scam Detector include TRM Labs and Blowfish, among others.
In 2023, research funded by the Forta Foundation also uncovered a new type of scam, Sleepdropping, a process where tokens are airdropped into victims’ wallets to lure the victim to a phishing site. Initial research indicated that scammers stole as much as $32M from this scam.
Machine Learning Advances
Machine learning is an integral part of the Forta Network and has pushed threat detection to unprecedented levels of precision and recall. When thinking about machine learning in the context of detection, one often thinks about supervised classifiers, which predict whether an entity, say a smart contract, is malicious or not. This is indeed a crucial use case in which the Forta Network leverages machine learning, but in 2023, the community pushed the utility of ML well beyond this.
Some further examples cutting-edge ML research led by researchers in the Forta community:
– Time-series and spatial anomaly detection allows Forta detection bots to flag previously unknown attacks. It is used extensively in the Attack Detector.
– Graph Neural Network models that analyze relationships across on-chain addresses and can propagate labels across different accounts. This allows the Scam Detector not only to flag the scammer, but also related accounts, such as affiliates, funders, and drop addresses.
– Smart contract embeddings are learned vector representations. With these vectors, the Scam Detector can track scam campaigns even when scammers refresh their entire infrastructure and assets as the code they utilize in their malicious smart contracts is usually similar and can be found through these embedding vectors.
The community is extensively working on leveraging large language models in context of threat detection, user experiences, and grading – apply to join Forta’s rewards program here. More to come in 2024!
Network Evolution
FORT tokenholders approved several major governance proposals in 2023, most notably the implementation of network fees. In late 2022, FORT voters approved enabling delegated staking, a feature that was implemented in 2023. As of the publication of this blog, 25 million FORT is currently staked on the network. When fees were turned on in August, developers could for the first time directly monetize their bots and receive their distribution of revenue each week. Premium feeds like the Attack and Scam Detector immediately launched after the implementation of fees, followed by Solidus Labs’ Token Rug Pull Detector and Frwd Labs’ Sybil Defender.
The Forta Foundation’s security development grant program also produced dozens of new and valuable detection bots, innovative research, and helped develop a new cohort of community members, with over 100 individuals involved in the program in 2023.
Looking Ahead
The Forta Network’s mission to protect all of Web3 remains the same. To achieve this, in 2024 the Forta Foundation will be supporting initiatives to transition the community from a focus on pure detection to detection, prevention, and other automated mechanisms designed to stop hacks. The Forta Network has demonstrated the ability to detect malicious activity, but exploits and scams remain far too frequent, and this frequency is impeding the industry’s ability to grow. It is time to stop the problem at the root.
Share post