Following protocol hacks and heists, a cottage industry of cryptocurrency security companies monitors the scene. One of them has now been out with a “firewall” meant to thwart the thefts in advance.According to CEO Or Dadosh, CoinDesk, Ironblocks’ new tool is a free solution for developers looking to secure their smart contracts. Their Firewall enables them to quickly and easily implement different security “policies” to keep an eye on transactions on their decentralized finance protocols and identify any unusual activity.
The open-source toolkit might provide some relief from the constant risk of DeFi hacking. According to Dadosh, there can be up to ten distinct hacks of protocols that provide cryptocurrency holders with lending, trading, staking, and other financial services every week. These thefts total: PeckShield projected losses of $60 million during April.
According to Dadosh, the firewall is a part of the smart contract processing protocols.Developers can choose from a small number of policies that search the flow for suspicious patterns and other indicators that a hack is underway.
“It doesn’t stop or pause the application, it just stops the specific transaction that may attack the application, just like in web2 firewalls,” Dadosh said.
The zkEVM chain Linea, AltLayer, and the layer-2 network Kinto are the three high-profile customers of the service at launch.More, according to Dadosh, are coming.Ironblocks, an Israeli business that last raised $7 million in venture capital in early 2023, does not plan to directly profit from the free offering. According to the company’s website, it serves as a feeder for its other crypto cyber protection solutions, such as the soon-to-be “Venn Security Network.” Dadosh was reluctant to go into details about the network’s design.
However, the Firewall toolkit might be a step in the right direction for security in an ecosystem where incremental updates—a problem here, a potential attack there—are difficult to patch on the fly due to code immutability. According to Dadosh, developers have the ability to subsequently add and remove policies from their code. It is ultimately up to the developers how they implement these changes. Maybe they could delegate the decision-making to the DAO, a multisig wallet managed by various parties, or the token-holding governing communities of respective enterprises.Preventing hackers before they occur is the goal.
“Once you get hacked, in most of the cases, you’re done,” Dadosh said. “And this is what we’re trying to prevent.”