[OGP-3] Implement Chainalysis Incident Response + Monitoring for Ethos Reserve Smart Contracts

Proposal Type: Funding Proposal
Supported Chains: Chainalysis’ Tools and Services are Chain agnostic. Focusing on Ethos Reserve’s current deployment. (Optimism)
Proposal Author: Chainalysis
Date: Aug, 13, 2023

Executive Summary
Chainalysis offers a comprehensive security suite tailored for Ethos Reserve. Through predictive monitoring, streamlined recovery coordination, and bespoke incident response planning, Chainalysis proposes, for a $30,000 grant for 12 months of service, to fortify Ethos Reserve’s infrastructure against the rising threat of DeFi hacks and exploits, and aims for rapid asset recovery. [0.0042% of $7.14M TVL]

Proposal Motivation
Hackers are stealing more cryptocurrency from DeFi platforms than ever before. In Chainalysis “Crypto Crime Report 2023,” It is detailed how DeFi protocols in 2022 became the primary target of crypto with $3.8B stolen, primarily from DeFi protocols and by North Korea-linked attackers. There is a dire need for preemptive action. Chainalysis emphasizes a multifaceted approach ensuring swift alerts, post-breach strategies, and comprehensive incident response planning.

Conflict of Interest: Chainalysis affirms no existing or foreseen conflicts of interest. The proposal aims solely to bolster Ethos Reserve’s security infrastructure.

Justification: The faster the response to hacks, the higher the likelihood of recovering assets. In light of the recent DeFi exploits, many communities consistently discuss how protocols can augment security measures. Chainalysis offers this proposal for community commentary, input, and consideration to strengthen security monitoring of Ethos Reserve. To date, Chainalysis has aided in the recovery of over $11B in stolen funds through their own investigations and others they’ve supported.

Proposal Specifics

• Monitoring/Prediction: Chainalysis will integrate state-of-the-art technology to predict potential threats. Early alerts will significantly bolster the chances of freezing and subsequently recovering funds.
• Recovery Coordination: After immobilizing funds, Chainalysis will promptly generate an Intelligence Report. This report will be shared with pertinent Law Enforcement agencies. Chainalysis will also facilitate introductions to experienced legal counsel for navigating jurisdiction-specific recovery processes.
• Incident Response Planning: Chainalysis proposes to collaborate closely with the Ethos Reserve team to:
  • Draft External Communications: Ensure transparent yet strategic community disclosures without hampering recovery possibilities.
  • Collaborate on an Emergency Response Plan: Clearly delineate responsibilities within the team during crises.

Team Experience

Chainalysis is a firm composed of a world-class ensemble of professional investigators, cybersecurity mavens, and adept data engineers. With a prominent global reputation, Chainalysis has consistently demonstrated its prowess in successful asset recovery operations with $11B in stolen funds recovered since our first investigation of the Mt. Gox Investigation of 2014.

Customer Stories:

Axie Infinity Hack & Successful Asset Recovery: “$30 Million Seized: How the Crypto Community Is Making It Difficult for North Korean Hackers To Profit” (https://blog.chainalysis.com/reports/axie-infinity-ronin-bridge-dprk-hack-seizure/)

(Further testimonials in Reference Section)

Key Objectives & Success Metrics

• Complete integration of Chainalysis’ monitoring system within two months.
• Achieve 95% accuracy in predictive alerts.
• Streamline an incident response blueprint within one month.
• Aim for a 80%+ success rate of recoverable funds post-incident.

Length of Engagement & Budget Breakdown

Engagement Specifications: Procuring Proactive CIR costs up to $30,000 for 12 months of coverage (paid upfront). This includes the incident alert/monitoring, the response plan guidance and up to 100 hours of investigative work and support for any hacks or incidents that occur in the engagement period. Approval of this proposal shall begin the onboarding process for CIR, and transfer of payment for 12 months of coverage.

OATH Ecosystem Offering: Chainalysis values the partnership with OATH that was built through previous investigations. As a Governance focused community, OATH is uniquely positioned to implement this incident response offering across multiple protocols. If OATH, in good faith, agrees to present this offering to other protocols in their ecosystem, whereby Chainalysis is a standardized part of their suggested on-chain security package, Chainalysis will extend OATH a discount for all CIR Proposals of 16% (12 month coverage for $25,000). This discount would be applicable to only those protocols and dApps within OATH’s ecosystem; starting with Ethos Reserve. [0.35% of TVL]

Risk Assessment

After having successful fund seizures and recoveries in the largest defi exploit of last year (Axie Infinity), Chainalysis has a proven track record of continuing to be the trailblazers in defining the industry standard for crypto recovery efforts. Potential risks to this proposal mainly encompass breaches that might surpass our recovery capabilities, given the constantly evolving hacking methodologies. Regular system updates, cybersecurity training, and close collaboration between Ethos Reserve and Chainalysis can help mitigate these risks.

Additional Details

Endorsing Chainalysis’s proposal is not just an upgrade; it is a testament to Ethos Reserve’s unwavering commitment to user trust and security. With Chainalysis, Ethos can ensure vigilant monitoring, swift response, and meticulous planning, setting a gold standard in DeFi security.

If the community supports this proposal, Chainalysis can support follow-on proposals for other OATH Ecosystem dApps, and will explore potential co-marketing engagements in collaboration with core contributors of the OATH Foundation.

References

• Website: Chainalysis Professional Crypto Investigations & Special Programs
• One-Pager: Defi Crypto Incident Response 1-Pager
• Customer Stories / Customer References:
  • Blog post on the Axie Infinity Hack & Successful Asset Recovery: “$30 Million Seized: How the Crypto Community Is Making It Difficult for North Korean Hackers To Profit”
  • Twitter Post from Morpho: “Morpho Labs has partnered up with Chainalysis to strengthen the Incident Response Plan for Morpho protocol!”
  • Twitter Post from Algorand: “We have engaged Chainalysis to help trace compromised wallet transfers and freeze funds if they are deposited in an exchange that integrates with and acts upon Chainalysis data.”
• Source Data:
  • Chainalysis: The Chainalysis 2023 Crypto Crime Report, including original data and research into cryptocurrency-based crime.
  • Security Intelligence: Cryptocurrency-Related Crime Boomed in 2022
  • Sharedum: Top 10 DeFi Hacks You Should Know in 2023
  • Cointelegraph: DeFi exploits, and access control hacks cost crypto investors billions in 2022: Report

We’ve been working closely with the Chainalysis team for a year now and their professionalism and skill consistently impresses me. Obviously 30k is a lot of money but i think it’s a pretty crazy deal considering the strength this adds to our emergency response processes.

I like the proposal. But I have a question: what is the impact of changing the code during the service? Eg: you guys analyse current code and then v2 launches. Will there be a new analysis? Will the monitoring work the same way? What is the impact and what are the risks?

I will let Chainalysis chime in here but I believe the monitoring system would work for Ethos v1 and v2.

Casey from Chainalysis here!

Thank you for this great question @NauLxD. TLDR: YES, when there are any contract changes, Chainalysis will adapt and update the monitoring for Ethos reserve.

A few added details for clarity:

1. Analysis/Monitoring at Contract level - We do not audit the contract(s) at a code level, but we are monitoring the on-chain interactions with Ethos contracts to identify what behavior wallets are exhibiting that could be indicative of preparations for a malicious attack. (e.g. Is it a wallet interacting with your contract or is it another contract? Are they repeatedly trying a similar behavior in rapid succession, etc.)

Our core focus is to find who is about to attack, and raise the alarms so that OATH security counsels can execute the necessary counter measures ahead of an exploit. Through monitoring, we will often observe which portions of the contract a malicious user is trying to exploit, and that will help us inform the response team for OATH of where to concentrate efforts.

Updating Contracts - When there are changes to Ethos on-chain deployment, we will need to be updated with any planned changes, so we can refresh our monitoring integration before new contracts go live. We have a plan to touch base every 3 months to review the emergency plan and will also respond/update should OATH make us aware of planned changes.

Thank you for the answer.

In case there is a change of contract will that be uploaded on your end in a short period of time or only during the next “catch up”?

I think this is worth it

If the foundation can afford it, I think it’s a good use for the money. But if the 30k is a large portion of all there’s to spend I’m not so sure about it.

Thank you for the proposal Chainalysis crew!

Personally I’ve been sold on this proposal, it seems the value in this level of security monitoring and emergency responsiveness is well worth it and your reputation speaks for itself.

Agreed. I’d definitely rather have it and not need it than need it and not have it…

If OATH makes Chainalysis aware of a contract update, we can coordinate a time with our team outside of the scheduled touchpoints to address the updates so that we can accommodate the team’s roadmap while providing continuous coverage.

That’s good. Does it cause any additional cost?

I support this. Seems like a requirement to grow the protocol/ecosystem.

I tend to agree.

I’m curious whether other projects like Chainalysis exist and is the 30k the standard for this service ?
Although no objections to the proposals but would like to understand the environment around such services.

My Opinion: Proposal Ready for GPRC Review

GPRC member chiming in: ready for review.

Ready for review from me as well

Ready for Review by the GPRC.

Hi @NauLxD - No! Contract Updates won’t incur any additional charges. Pricing is based on our support in a hack up to 100 hrs. When engaged proactively, we’ve had investigations lead to seizures in as little as 2 hrs.