From firewall to blockchain technology, the search for a definitive solution to cybersecurity challenges continues. Today, blockchain security, a $4 billion problem, has provoked an ongoing arms race between innovative security solutions and evolving cyber threats.
This race birthed the multi-sig technology, multi-party computation (MPC)and other security measures that have advanced blockchain security. However, despite the effectiveness of these innovations, the cryptocurrency industry remains exposed to significant risks from cyber threats.
Nevertheless, a recent study by
Thank you for having me. My journey into web3 was informed by a deep background in advanced detection technologies and system security. Prior to entering the blockchain space, I co-founded and led Presenso, a company that specialized in AI-driven predictive maintenance for industrial machinery, which was acquired by SKF. This experience, combined with my technical expertise, paved my path towards blockchain.
My interest in blockchain was sparked by my work on national defense systems in Israel, where I developed technologies that underpin the Iron Dome’s missile interception capabilities. This work led to several patents in automated anomaly detection, highlighting my focus on proactive security measures.
Seeing the parallels between national security and blockchain's vulnerabilities, I was compelled to address the insufficient measures in place for protecting digital assets. I co-founded Cyvers to fill this gap, bringing my patented detection techniques into the blockchain environment to safeguard against unauthorized access and ensure transaction integrity. Our approach involves understanding the unique challenges of blockchain security from a holistic perspective, which allows us to develop solutions that are not just reactive but are fundamentally proactive, ensuring the digital asset ecosystem remains robust and trusted.
The security challenges in the blockchain technology space are significantly more complex than those we encountered in the traditional Web2 environment. In addition to dealing with familiar risks such as data breaches and phishing attacks, blockchain firms face new challenges unique to the decentralized nature of Web3. Despite blockchain technology being around for over 15 years, it is still in a nascent stage, often resulting in infrastructure that is not designed with security as a priority. Many blockchain firms lack robust security protocols to effectively mitigate malicious activities.
There has been a dramatic increase in these security challenges. In 2023 alone, we detected over $1.7 billion in stolen funds across centralized and decentralized finance platforms. The first quarter of 2024 has shown that the appetite of malicious actors is only growing—a trend we expect to continue as the industry expands and attracts more capital. We deploy a comprehensive suite of solutions designed to address these multifaceted risks.
We focus on preventing hacks and exploits by monitoring for abnormal behaviors that signal impending attacks. Our scam prevention systems are crucial in identifying and alerting users about potential phishing attempts and fraudulent schemes before they can cause harm. Additionally, we place a high emphasis on portfolio protection, continuously screening and securing crypto wallets and transactions against unauthorized access or theft. Our address screening tools further ensure the integrity and security of transactions by verifying the trustworthiness of blockchain addresses.
This proactive approach is essential as the rapid evolution of blockchain technology often outpaces security developments, making it a constant race to protect against both known and emerging threats. Through our advanced detection capabilities and ongoing collaboration with regulators, we are dedicated to strengthening trust and security within the blockchain ecosystem.
The DAO hack was definitely an eye-opener for the industry. It highlighted critical vulnerabilities in smart contract design and governance structures in blockchain systems. This event shifted the community’s focus significantly toward security and paved the way for more rigorous security practices and innovations in the space.
The report by Chainalysis is in line with what we've observed at Cyvers—hacking poses a significant and growing threat to the digital asset space, affecting not only CeFi and DeFi platforms but increasingly targeting institutional entities that are venturing into Web3. As these platforms attract more substantial investments, they become more appealing targets for cybercriminals, who continue to evolve their methods and attack vectors. This trend is reflected in our security reports as well (
As far as being pro-active is concerned, we are constantly adapting our strategies to stay ahead of these new and creative tactics employed by hackers. Our team is dedicated to identifying potential threats through advanced monitoring techniques that recognize abnormal activity patterns indicative of a hack attempt.
This proactive approach allows us to address vulnerabilities before they can be exploited, safeguarding our clients' assets against the wide range of risks that now include sophisticated institutional attacks as well as more traditional forms of cyber threats. Our commitment is to provide the highest level of security, continuously enhancing our systems to counteract the dynamic challenges presented by these malicious actors in the blockchain ecosystem.
Regulatory frameworks are crucial in establishing a baseline of security practices and requirements that protect consumers and maintain the integrity of the blockchain ecosystem. While current regulatory focus often leans more towards compliance issues, such as anti-money laundering (AML) and know-your-customer (KYC) protocols, there is a growing need for regulations that directly address security challenges.
I believe that as more institutional entities enter the Web3 space, there will be a significant shift towards crafting clearer regulatory guidance that focuses on these security challenges. This shift is essential because, with increased institutional involvement, the stakes are higher, and the potential impacts of security breaches become more severe.
We collaborate closely with regulators to advocate for and help shape these developments. Our goal is not only to comply with existing regulations but also to drive the adoption of comprehensive security measures that might otherwise be neglected in the fast-paced innovation environment of blockchain technology. We encourage regulators to become more involved and to specify the security measures that blockchain companies must implement to ensure their ecosystems are safer. This proactive approach, coupled with our regulatory collaborations, enables us to develop fundamentally robust solutions, ensuring the digital asset ecosystem remains secure and trusted.
The idea for Cyvers emerged after I reflected deeply on my next steps following the successful exit of Presenso. Recognizing the urgent need for more sophisticated security solutions in the crypto space, I decided to leverage my expertise in anomaly detection, artificial intelligence, and machine learning. I joined forces with Meir Dolev, a long-time colleague who shared my vision for a proactive defense mechanism against the unique threats in blockchain and crypto environments.
It was founded on the premise that there is a significant blind spot in the traditional Web3 security approach. Up until recently, and still today in some instances, there is a prevailing belief that auditing a smart contract ensures its safety. However, our data shows that 90% of smart contract hacks occur on contracts that have already been audited. This stark reality underscores the critical need for real-time monitoring, which is precisely why we built our advanced AI engines.
Our system is dedicated to continuously monitoring the blockchain network, covering nine different blockchains, with plans to expand this scope further. We analyze all transactions and interactions, including third-party engagements with smart contracts, wallets, and every address on the blockchain.
Our machine learning models are sophisticatedly designed to detect signs of anomalous behavior promptly.
These AI models are trained to think like hackers and malicious actors, allowing them to recognize potential threats before they fully manifest. When our system identifies an anomalous transaction or a suspicious track record, it performs a detailed analysis and then alerts the affected company with very low latency and close to zero false positives.
The response once a threat is detected is crucial. Companies working with us have the advantage of integrating our solutions directly into their systems. This integration can allow them to pause transactions or move funds from at-risk wallets or smart contracts instantaneously. Often, our system can notify customers during the preparation phase of an attack, which is critical for saving valuable time and safeguarding assets. This proactive approach not only prevents attacks but also significantly minimizes potential damages, making Cyvers an essential partner in blockchain security.
One of our standout moments involved a significant threat to the Remitano Cryptocurrency Exchange. On September 14, 2023, we quickly detected and responded to an unauthorized transaction aimed at stealing $2.7 million in cryptocurrencies. Our Vigilens tool identified the suspicious activity within seconds, enabling us to alert Remitano and coordinate a rapid response. We successfully secured significant portions of the stolen assets, demonstrating the effectiveness of our real-time threat detection and the strength of our collaborative approach with partners and regulators.
Additionally, we have continued to innovate with the recent development of an Address Poisoning Detector, launched just two weeks ago. On May 3rd, our system identified a significant incident involving the loss of $68 million worth of WBTC. This scam detection is currently the largest documented in the ecosystem, underscoring the critical nature of our new security tools.
Moreover, we also monitored the recent security breach at FixedFloat. Detected on April 2, this incident involved unauthorized transfers of various digital assets, including ETH, USDT, WETH, DAI, and USDC, to a suspicious address. The malicious actors converted these assets into ETH using a decentralized exchange before moving them to another platform.
This breach, unfortunately, followed a similar incident in February, where FixedFloat lost $26 million due to compromised access controls. Our analysis indicated that these incidents exploited specific vulnerabilities in system access controls, highlighting the need for enhanced security measures which our solutions aim to provide. These incidents not only showcase our capabilities in addressing and mitigating complex cybersecurity threats but also our commitment to advancing blockchain security technology to protect digital assets more effectively.
Being the CEO and co-founder of Cyvers has been both challenging and exhilarating. It positions me at the cutting edge of technological innovation, especially within the nascent and rapidly evolving web3 space. In cybersecurity, staying ahead of the curve is crucial; there's always something new—new companies, new technologies, and new hacking methods.
This demands that I continually keep myself knowledgeable, educated, and innovative. The responsibility of leading a team that is deeply committed to securing the digital assets of tomorrow is not just a job—it's a mission that I find incredibly rewarding. Despite the challenges, I thoroughly enjoy every minute of it and am excited about the impact we are making in enhancing blockchain security.
The future of blockchain is expansive and holds tremendous potential. However, the key to its success lies in robust security measures.
As the blockchain landscape grows and new players enter the field, the need to address security concerns is more critical than ever. Security solutions are not just a luxury; they are essential. We strongly believe in always staying ahead of malicious actors, ensuring that innovation is matched with vigilant, cutting-edge security practices. For everyone venturing into this space, remember that pushing the boundaries of technology should always be accompanied by a strong focus on protecting your assets and infrastructure.