Forta: First Real-Time Monitoring And Threat Detection Network
The blockchain industry is expanding exponentially and with a projected compound annual growth rate of 56.3%, Statista suggests that by 2027, the blockchain industry could surpass $163.83 billion in market size. Growth potential could even be considerably more because, right now, only 10% of the global population owns cryptocurrency.
Companies worldwide are discovering the benefits of transferring their assets through blockchain-backed infrastructure solutions. Moreover, organisations' annual cost savings could range from 17 to $24 billion in global trading processing fees by implementing blockchain solutions.
As more institutions and individuals alike embrace the fast-evolving technology of Web3, the drive to protect data and assets from cybercriminals must stay ahead of potential attacks. That makes blockchain security paramount to its success.
Cybercrime: Protecting Valuable Assets
Every organisation takes asset protection seriously, but breaches do happen, and it's costly. As increasingly more companies adopt blockchain solutions, the priority is enhanced security with assets flowing on public protocols.
In 2022, software exploits already account for almost $2 billion in crypto asset losses and, according to Chainalysis, in 2021, the costs of digital theft totaled $3.2 billion.
Although Web3 addresses many of Web2’s native technological vulnerabilities, it must of course still place emphasis on the core issues at the very heart of those vulnerabilities. And indeed the success of any Web3 project depends on robust ecosystem security.
User privacy and anonymity are primary features of Web3 security but, equally, what makes Web3 great also makes it relatively easy for hackers to access and steal assets, knowing that their personal identity is almost impossible to trace.
Notable Web3 Hack Examples
Axie Infinity Hack
One of the largest Web3 hacks this year was the Ronin Bridge incident on Axie Infinity, a popular online play-to-earn NFT token-based video game.
In March, a game developer clicked on a job offer in a PDF that turned out to be fake. Hackers accessed four of the nine cryptographic keys that secured the Axie game’s cross-chain bridge and escaped with $625 million in stolen assets.
The Ronin Bridge, an Ethereum sidechain created for Axie Infinity, has since reopened and added more validators. However, after the hack, users lost trust and confidence in the platform's security and, by default, the Axie ecosystem lost many of its active users.
Another hack which deeply affected users’ confidence in the long-tail technical viability of Web3 technology was the $325 million Wormhole hack, which occurred earlier in February this year.
Wormhole is a blockchain token bridge where traders can transfer NFT assets between multiple blockchain networks. The Wormhole breach was a smart contract exploit on the Solana to Ethereum bridge, allowing users to mint and withdraw wrapped Ether without a collateral requirement. The venture capital company behind Wormhole, Jump Crypto, stepped in to replenish the stolen funds and keep the affected Solana-based platforms solvent.
It is thus clear that the Web3 economy does indeed showcase an extraordinary amount of growth potential and technical and macro-financial development. The need for a user-first, security-focused protocol in the space to counter cybercrime and ensure real-time threat detection mechanisms is perhaps more necessary than ever.
Introducing Forta: The First Real-Time Monitoring And Threat Detection Network
Early detection monitoring can help prevent a Web3 attack from escalating, and timely security alerts can significantly aid damage limitation by minimising the loss of assets.
Since launching in 2021, Forta has made significant progress, with over 13 thousand alert subscriptions, flagging $1.75 billion in hacks, and monitoring over $36 billion in total value locked (TVL).
Moreover, Forta currently safeguards over 52 per cent of the top 30 DeFi protocols in TVL, such as:
Now, to better understand the Forta ecosystem, its usability and the value-add propositions, it is productive to dive deeper into how the protocol works on a more technical level.
How Forta Works
The Forta Network consists of two primary components, with these being:
- Detection Bots: Scripts looking for smart contract state changes and transaction characteristics on a specific chain
- Scan Nodes: For block transactions, the nodes run 24/7, checking and detecting specific events or conditions and emitting an alert (stored on IPFS)
In addition, Forta keeps automated public records of all alerts so that anyone wishing to check smart contract security can access them via Forta Explorer alerts or the API.
Forta has over 12,000 community-run Scan Nodes, executing Detection Bots for each new block and every transaction on a specific blockchain network and providing multichain support across seven of the leading blockchains, with these being:
Now, this, of course, begs the question: Why does the Web3 economy need Forta and its threat detection network?
Forta: An Essential Tool For Protocol Security
Web3 is advancing at an incredible speed, and it's simply impossible for a centralised entity to monitor real-time activity 24/7 in an entirely proficient manner. For instance, in the first quarter of 2022, hacks and exploits were responsible for over $1 billion in losses in Web3 alone, and some remained undiscovered for days after the breach.
To counter this, Forta sets the industry standard for real-time operational monitoring and threat detection in Web3. And it does this via accurate and timely alerts that can help neutralise threats and minimise potential losses.
Historically, blockchain and Web3 hacks have happened in multiple different ways, and these can generally be categorised into the following stages, with these being:
- Funding: The cybercriminal needs funds to execute trades, pay gas fees or for collateral for borrowing.
- Preparation: For example, before the exploitation occurs, the hacker may have to set up a smart contract.
- Exploitation: The stage where the attacker takes funds from users or smart contracts. There are numerous types of approaches at the exploitation stage.
- Money Laundering: Once the attacker has accessed the funds, they launder them through privacy-oriented protocols.
In the early stages, alerts may raise community awareness, but automated or manual alerts may trigger as the attacker progresses. In the last step, a protocol could instigate a total shutdown, thus preventing further losses.
Forta's community-created Detection Bots can be protocol-specific or generic. Either way, the bot detects security-related issues.
Forta’s Threat Detection Kits
Forta has five protection kits to help you monitor and protect your Web3 projects and assets without needing a custom-made bot. Each kit consists of:
- Security Detection Bots
- Bot Templates created by security experts and the Forta community
The design of each kit monitors and detects specific parts of a Web3 ecosystem, with each kit specifically designed to cater for a particular use case, with these being the Bridge Threat Detection Kit, DeFi Threat Detection Kit, Governance Threat Detection Kit, NFT Threat Detection Kit and the Stablecoin Threat Detection Kit.
To showcase the set of advantages inherent in Forta Network’s technology, let us now outline a few instances of real-world use cases for Forta’s real-time threat detection protocol, with social engineering being a prime example.
Examples Of Real-World Use
Spoofing and social engineering are commonplace on DeFi platforms, especially on the front end, where attackers can set up an identical front-end user interface and trick users into signing malicious contracts.
Forta’s community-built social engineering Detection Bot monitors incoming contract transactions and compares addresses with a list of legitimate contracts. If the bot finds a similar address to an existing contract, it will automatically deliver a Forta alert to the subscriber, highlighting the existence of a potentially malicious contract.
The Social Engineering Bot In Action
Via the Convex Finance website, an unverified contract asked for user approval. The contract had identical first and last four characters of a verified Convex contract.
The unverified contract requested a signature by making it look like a Convex Finance contract. This type of attack is called ice phishing, a typical social engineering attack. Funds go to the attacker's address if a malicious contract is approved.
The Forta Detection Bot can detect a malicious contract even when the first and last three characters of a contract are the same, and it's programmed to execute an instant alert automatically. Subsequently, a potentially incredibly damaging situation is averted.
Solving Cybercrime And Preventing Hacks Through Advanced Machine Learning
Now, Forta is a community-driven project that supports and encourages the data science community to build and innovate on the network.
Intelligent and innovative machine learning can enhance Web3 security and threat detection. Still, machine-based learning is only as powerful as results, so security alerts must be relevant, timely, and actionable.
When a smart contract deploys, it must interact with other protocols and contracts. It's a complicated process because the computer must predict all potential edge cases and attack trajectories. In addition, Detection Bots must constantly evolve to develop protection against increasingly sophisticated attacks and differentiate between benign blockchain activities.
Machine learning combines maths and statistics to create high levels of precision, exposing critical and covert attacks with real-time alerts. Above all, in a security context, the machine learns to identify relevant threat specifics so that alerts expose the immediate threat explicitly. After that, so that users can take prompt action, the clarity of the alert must be immediately understandable to subscribers.
Of course, machines rely on quality data input to help build powerful algorithms to identify smart contract behaviour based on historical data. In addition, it must understand routine blockchain activity, thus limiting unnecessary flag alerts.
In time, machine learning creates a behaviour ranking system that helps it become more efficient at identifying the severity and urgency of a situation. The process of machine learning is enhanced because every blockchain transaction is documented, unlike other mainstream domains like credit card companies.
Forta Resources for Developers
Forta offers exceptional developer support, understanding that providing the best resources aids in attracting developers to create high-quality Detection Bots for the Forta Network:
- The Forta SDK helps developers understand the Forta bot development, core concepts, and architecture.
- The Bot Wizard is a no-code tool to quickly create Forta Detection Bots in a few minutes or even seconds. In addition, Forta has a range of community-developed Forta Detection Bot templates. Moreover, there are examples of potential use cases with little to no configuration needed.
- The Forta Detection Bot CLI is a tool for initialising projects.
- The Forta Hardhat plugin is an existing Hardhat projects can integrate Forta, keeping security and operational monitoring alongside smart contracts.
- Best Practices. Learning Forta best practices enables developers to learn how to develop successful Detection Bots.
The Forta Network currently has over 1 thousand developers, adding high-quality operational Detection Bots on a daily basis to the network.
Furthermore, Forta provides in-depth tutorials for beginners, such as the basics of building a Detection Bot. In addition, users can subscribe to real-time alerts on events or follow the progress of chosen projects.
Moreover, Forta has created a themed level on The Ethernaut, a popular Web3/Solidity war game, where players can create a Detection Bot within the game to assess potential security issues.
Forta Governance Council: A United Community
Holistically speaking, Forta Network's core mission is to monitor all blockchain transactions and protect all assets in Web3. Forta is a public utility that serves the DeFi, DAO, and NFT ecosystems.
Forta's vision is that a permissionless platform is the only solution to address the evolving risk factors. The formation of the initial Forta Governance Council in June 2022 includes ecosystem experts and early Forta community members.
Community involvement is an essential requirement for Web3 monitoring and security, and the Forta community is evolving rapidly. It is committed to developing a more substantial base of security professionals, engineers, developers, and infrastructure providers.
The Forta Foundation also plays a vital role in the ecosystem, with a mission to steward the continued evolution of the Forta Network by facilitating the collective action of its community. The Foundation focuses on building on the success of the Forta Network by encouraging top talent to embrace the Forta ecosystem and join the community by assisting with related product development, Scan Node operation, and creating more Detection Bots.
Initial Forta Governance Council Members
The Forta Network has a strong community, including NFT collectors, investors, developers, data scientists, disruptive founders, security researchers, and protocols.
The following members were elected and approved for the initial Forta Governance Council:
- Demian Brener: CEO & Founder at OpenZeppelin, the organisation that founded and incubated Forta.
- Hart Lambur: Co-Founder at UMA, a Web3 protocol and active Forta user.
- Jeremy Sklaroff: GC at Celestia – a highly experienced crypto lawyer passionate about decentralised technology.
- Jonathan Alexander: CTO at OpenZeppelin.
- Juan Garre: Director at the Forta Foundation. Juan is a serial entrepreneur who has run Forta Foundation operations since its inception.
- Mat Travizano: Founder at Rewilder, Mat is a serial entrepreneur focusing on overcoming environmental issues using blockchain technology.
- Tomasz Stańczak: Founder at Nethermind, a company actively involved in the Forta Ecosystem. Nethermind was an early member of the Forta community and has contributed to core development, runs Scan Nodes and develops Detection Bots.
Blockchains are rapidly evolving, and with growth comes heightened danger. For example, every deployed smart contract has unique risk trajectories that could interact with millions of users and interconnected protocols. Forta is a powerful solution to overcome these issues.
The FORT Network Token
A significant milestone for Forta was the launch of FORT, an ERC-20 token, in June 2022, thus creating a permissionless network. The token launch enables global users to contribute to the network's security by operating a Scan Node or a signal on a Detection Bot.
The total supply of FORT tokens is capped at 1 billion FORT. The coin is listed within the top 500 on CoinMarketCap of over 20,000 listed coins, with a circulating supply of 162,129,566 FORT, as of September 2022.
As it pertains to token utility, Forta uses a work token model to ensure the integrity and accuracy of the Forta Network, and virtually anyone can stake FORT tokens to signal the quality of Detection Bots in the network.
There are two primary uses necessary for effective network functioning, being Scan Node Runner Staking and Detection Bot Signalling.
Node Runner Staking And Detection Bot Signalling
Node runners scan threats to smart contracts, block-by-block state changes, and outlier transactions.
To become operational, node runners must purchase and deposit FORT tokens. It's an economic commitment to ensure the node runner completes assigned work efficiently. If the node runner acts maliciously or fails to do the assigned work, their FORT stake may be slashed, which means they could lose some or all their staked tokens. In addition, the node could be disabled.
As of September 2022, to increase network security and decrease the risks of malicious nodes, the Forta community voted to increase the minimum stake to 2,500 FORT, with a maximum limit of 3,000.
In addition, there is a thawing period for withdrawing a stake, allowing time to resolve disputes or verify a situation. If node runners maintain the minimum stake and perform as required, they receive FORT rewards from the network.
Then, there’s Detection Bot signalling.
Network developers can stake FORT on Detection Bots, which signal the bot quality to the network. In addition, it provides a mechanism for resistance to Sybil attacks, where an individual could create multiple nodes, computers, or accounts, such as numerous fake social media accounts that don’t provide value to the system.
The FORT Token Public Launch
Forta began in early 2021, incubated by the leading risk management and blockchain security company OpenZeppelin.
After achieving a successful first round of $23 million in funding from tier one backers. Forta is backed by world-class, leading entities in the Web3 venture capital sphere, with the major investment round being led by Coinbase Ventures, Blockchain Capital, a16z, Blueyard, Placeholder, North Island Ventures, the Digital Currency Group and OpenZeppelin, among others. In November 2021, Forta went public to a global audience with the launch of the Forta App and Explorer.
At launch, the FORT Token launched at $0.884, hitting a respectable all-time high of $1.21 in June 2022. While the FORT token has experienced a slight retracement from its mid-summer highs, the growing adoption surrounding its ecosystem and threat detection protocol is increasing. It is a promising sign verifiably pointing towards a bright future for both the FORT token and the Forta Network.
Forta is the first decentralised detection network for real-time operational monitoring of blockchain activity. Forta made an impressive beginning with significant backing of 23 million dollars from industry giants.
Forta has attracted some of the leading and most reputable DeFi protocols in a short period of time and now takes care of threats and security alerts for some of the top DeFi protocols. In addition, with the launch of the FORT token only a few months ago, the network continues to reach impressive milestones.
The growing community supports the Forta Governance Council, providing autonomous and creative solutions and getting behind the rapid growth and adoption of Forta solutions and the FORT token.
Whilst it's still early days for Forta, the exponential adoption of Forta's services by leading protocols and the uptake of the FORT token is unprecedented. Securing digital assets and blockchains is critical to driving mainstream crypto adoption and, in time, the expanding Forta ecosystem could potentially serve the entire cryptocurrency space.
It will be fascinating to watch how the Forta Network develops in the months and years to come.
Disclaimer: These are the writer’s opinions and should not be considered investment advice. Readers should do their own research.