Real-Time Security in Solana Ecosystem: Breaking Misconceptions

In a groundbreaking presentation at Breakpoint 2024, Gal Sagie, CEO and co-founder of Vibernative, unveils a revolutionary approach to blockchain security that could save the Solana ecosystem billions. With a free offering for all Solana projects, this game-changing technology is set to redefine how we think about and implement security in the Web3 space.

Summary

Gal Sagie's talk at Breakpoint 2024 challenges three major misconceptions about blockchain security and introduces Vibernative's innovative solution. The first misconception is that security audits alone are sufficient to protect projects. Sagie reveals that despite audits, $2 billion was stolen in 2023 from audited companies. The second misconception is that attacks happen in a single transaction, whereas Vibernative has found that 98% of attacks can be detected minutes or even hours before the first attack transaction. The third misconception is that nothing can be done once an attack is detected, which Vibernative disproves by having saved over $200 million for its customers.

Vibernative's approach involves real-time monitoring of on-chain and off-chain data sources, using hundreds of detectors and models to identify risks across various categories. The system can detect malicious actors before they act and classify attack contracts as they're deployed. This holistic approach to security covers not just smart contract vulnerabilities but also front-end attacks, wallet-related issues, and market manipulation.

In a significant move for the Solana ecosystem, Vibernative has partnered with the Solana Foundation to offer free accounts to all projects building on Solana. This initiative aims to provide a base layer of security for every builder in the ecosystem, addressing the common issue of new projects lacking dedicated security personnel or resources.

Key Points:

Misconceptions in Blockchain Security

Gal Sagie identifies three major misconceptions in the blockchain security space. First, many believe that security audits are sufficient to protect projects. However, Sagie points out that in 2023 alone, over $2 billion was stolen from companies that had undergone one or more audits. This highlights that audits, while valuable, are not a comprehensive solution to security threats.

The second misconception is that attacks occur in a single transaction. Vibernative's experience shows that in 98% of cases, they can detect attack indicators minutes or even hours before the first malicious transaction takes place. This revelation opens up new possibilities for preemptive security measures.

Lastly, there's a belief that once an attack is detected, nothing can be done to prevent it. Vibernative has proven this wrong by stopping over 200 attacks and saving more than $200 million for their customers. This demonstrates that with the right tools and rapid response, significant damage can be prevented even after an attack has been initiated.

Vibernative's Innovative Approach

Vibernative's security solution takes a holistic approach to blockchain protection. The system monitors both on-chain and off-chain data sources in real-time, employing hundreds of different detectors and models. These range from machine learning algorithms to other advanced techniques designed to identify risks across various categories before they materialize.

One of the key innovations is Vibernative's ability to classify malicious actors before they carry out an attack. By monitoring every smart contract deployed, including on Solana, the system can accurately identify attack contracts. Through real-time fuzzing simulation and logic analysis, Vibernative can determine if a project is being targeted and help initiate recovery procedures.

This approach extends beyond just smart contract vulnerabilities. It covers a wide range of attack vectors including front-end attacks (like DNS or BGP hijacking), wallet-related issues, market manipulation, and protocol-specific vulnerabilities. By offering this comprehensive coverage, Vibernative aims to be a one-stop shop for blockchain security, capable of monitoring, detecting, and automatically preventing a wide array of threats.

Solana Ecosystem Integration and Free Protection

In a significant move for the Solana ecosystem, Vibernative has partnered with the Solana Foundation to offer free accounts to all projects building on Solana. This initiative aims to provide a foundational layer of security for every builder in the ecosystem, addressing the common issue of new projects lacking dedicated security personnel or resources.

Gal Sagie emphasizes the importance of this offering, noting that many new projects often lack the focus, time, or expertise to implement comprehensive security measures internally. By providing free access to Vibernative's platform, the goal is to ensure that every project in the Solana ecosystem has access to advanced security capabilities from the outset.

The integration with the Solana ecosystem is already underway, with several projects already using Vibernative in production. One highlighted example is Squads Wallet, the leading multi-sig provider for Solana. Sagie outlined three key use cases for Squads Wallet: multi-sig monitoring to detect suspicious behavior, automated actions triggered by Vibernative's detections and alerts, and ensuring the security of Squads' on-chain presence.

Facts + Figures

• More than $2 billion was stolen in 2023 from companies that had undergone security audits
• Vibernative can detect 98% of attacks before the first malicious transaction occurs
• The company has stopped over 200 attacks and saved more than $200 million for its customers
• Vibernative supports more than 40 blockchain networks
• The company works with over 130 customers
• If widely adopted, Vibernative estimates it could have prevented more than $1 billion in losses
• Vibernative's team combines hundreds of years of cybersecurity experience
• The company offers a free account for anyone building on Solana
• Squads Wallet, a leading multi-sig provider for Solana, is integrating Vibernative's security solutions

Top quotes

1. "Over the last two years, we have seen that most of the projects that we work with get audited, sometimes even multiple audits, pay a lot of money for these audits, but still get hacked."

2. "We were able to detect almost all the hacks and exploits that happened across more than 40 chains that we support. And in 98% of the cases, we are actually able to detect the attack few minutes and sometimes even more before the first attack transaction."

3. "Hibernative stopped more than 200 and saved more than $200 million of customer money. And if everyone were using Hibernative, we could have probably prevented more than $1 billion of loss."

4. "We found out many attacks are happening when the attacker deploy smart contract. And these smart contracts are the actual, the actual attacks, the actual contracts of the hackers triggered attack."

5. "Even if all your code is correct, you can still get exploited from a variety of different ways."

Questions Answered

What are the three main misconceptions about blockchain security?

The three main misconceptions are: 1) Security audits alone are sufficient to protect projects, 2) Attacks happen in a single transaction, and 3) Nothing can be done once an attack is detected. Vibernative's experience shows that audited projects still get hacked, attacks can be detected before they occur, and significant funds can be saved even after an attack begins.

How does Vibernative's security approach differ from traditional methods?

Vibernative takes a holistic approach to security, monitoring both on-chain and off-chain data sources in real-time. They use hundreds of different detectors and models, including machine learning algorithms, to identify risks across various categories before they materialize. This approach allows them to detect malicious actors and classify attack contracts as they're deployed, covering a wide range of attack vectors beyond just smart contract vulnerabilities.

What is Vibernative offering to projects building on Solana?

Vibernative, in partnership with the Solana Foundation, is offering free accounts to all projects building on Solana. This initiative aims to provide a base layer of security for every builder in the Solana ecosystem, addressing the common issue of new projects lacking dedicated security personnel or resources. Projects can register and easily onboard to the platform to start using Vibernative's security capabilities.

How is Squads Wallet integrating Vibernative's security solutions?

Squads Wallet, a leading multi-sig provider for Solana, is integrating Vibernative's security solutions in three main ways: 1) Multi-sig monitoring to detect suspicious or abnormal behavior in wallets, 2) Automated actions triggered by Vibernative's detections and alerts, allowing for rapid response to threats, and 3) Ensuring the security of Squads' on-chain presence.

Can Vibernative's system prevent attacks before they happen?

Yes, Vibernative's system is designed to detect potential attacks before they occur. In 98% of cases, they can identify attack indicators minutes or even hours before the first malicious transaction takes place. This early detection allows for preemptive measures to be taken, potentially stopping attacks before they can cause damage.