Hexagate is a web3 security provider helping protocols, bridges and chains to protect their smart contracts and users from theft caused by cyber exploits and web3 threats. Hexagate offers a platform that detects threats in real-time and prevents them from causing any impact.
Hexagate offers real-time monitoring solutions for all sorts of threats, before they impact any digital assets, and automated prevention tools for PoolTogether so devs can take on-chain action, when applicable.
This benefits PoolTogether devs and users by safeguarding their funds from potential exploits on any PoolTogether contract and reduces the amount of funds lost in a possible incident.
Hexagate monitors blockchains in real-time, and by leveraging ML, security heuristics and hybrid detection algorithms, it provides early detection of exploits. When bundled with Hexagate’s automated remediation workflows, the Hexagate platform provides full protection against all Web3 threats for smart contracts, tokens and EOAs. The Hexagate platform covers the detection of cyber and financial exploits on 1st and 3rd party code and mainnet deployments, governance and administration risks, suspicious fund movements, phishing, fraud, scams and custom invariants.
Protocols, bridges and chains that use Hexagate benefit from early and accurate detection of threats, remediation workflows, IR and forensics.
The company already protects over $10B in TVL across multiple chains, trusted by the biggest names in the industry, and managed to detect ahead-of-time exploits that targeted Euler, iearn, Hundred Finance, Conic and more.
Hexagate is a VC-funded company backed by leading VCs, founded by serial entrepreneurs that previously built companies that got acquired by Jfrog and Claroty. Our team brings vast experience in the cybersecurity realm.
Hexagate also helps the entire ecosystem by helping others in a time of need, participating in post-mortem analysis, war-rooms aimed at unveiling exploiters and recovering funds and by conducting research activities on protocols - here are a few examples:
Found and responsibly disclosed a vulnerability in the Polygon Proof of Stake system that enables to bypass the consensus - Polygon Consensus Bypass Bugfix Review | by Immunefi | Immunefi | Medium
Helping Compound V2 and Compound V2 forks with a zero day exploit to open markets safely - Hundred Finance Exploit and Compound v2 - Compound Community Forum
And many more, you are welcome to follow us on our Twitter and see.
Proposal - TL;DR
Hexagate monitors malicious activity on-chain, including on any PoolTogether contracts.
Hexagate can partner with PoolTogether, so that PoolTogether can get real-time alerts on threats threatening PoolTogether contracts or governance participants and run automated workflows to remediate issues in real-time, when Hexagate fires an alert. That will, for instance, allow rapid communication and response to threats that come up and will allow users to react in real-time to exploits and automatically withdraw their positions.
Detailed proposal for PoolTogether
Hexagate will provide access to a select personnel in PoolTogether for access to its web3 security platform and web3 threat intelligence feed, including our on-chain investigation engine.
Threats covered by the Hexagate platform:
Exploits on first or third-party code
1. Detect suspicious malicious contracts before they exploit a protocol 2. Detect novel 0-day exploits and unknown threats on protocols or its dependencies 3. Dependencies including: tokens, deployers, oracles, bridges, other protocols and so on 4. Detect token exploits - excessive minting or burning, abnormal transfers, centralization risks, missing access controls allowing arbitrary approvals or transfers, rug pulls 5. Detect oracle deviations and delays 6. Tracking abnormal transfers to detect private key compromises 7. Alert on token depeg – stablecoins, wrapped assets or bridged assets 8. Track fund movement post-incident and automatically tag malicious entities on-chain to taint stolen funds movement in real-time
- Governance and Administration
1. Simulate and analyze any malicious governance proposal (or a malicious proposer) that goes on-chain (including when a governance proposal executes) 2. Analyze contract ownership or role changes for abnormal changes to malicious entities 3. Detect malicious implementation updates and changes to privileged configurations that result from a missing access controls, private key compromises or rug pulls 4. Detect centralization risks on governance token holders or phishing attempts on governance token holders 5. Monitor governance token transfers
- Funds movement
1. Track illicit funding sources and track fund movement 2. Monitor and tag all malicious on-chain activity including fraud shops, mixers, USDT / USDC / OFAC blacklists, high risk exchanges and stolen funds. 3. Monitor abnormal transfers and/or fund movements from specific addresses (protocol treasury, whales, protocol participants, etc.)
- Invariants and parameters
1. Monitor predefined invariants and params per the protocol specifications
- Phishing, fraud and scams
1. Governance participants interacting with malicious contracts, phishing addresses, scam tokens and so on 2. Detecting malicious dapps impersonating PoolTogether
- Hexagate provides generic webhooks, Slack/telegram/email/discord/pagerduty integrations for any types of alerts.
- Hexagate enables user-generated custom monitors so a user can set up alerts on specific wallets, whales, specific events, specific contract calls, and so on, enabling users to customize their monitoring to fit their needs.
- Phishing detection for governance participants - Hexagate surfaces any phishing attempt on PoolTogether governance participants.
- Connection to our network of partners and collaborators in which we have an open channel to such as Chainalysis, Binance, on-chain sleuths and so on to be able to notify them in real time when an incident happens so they can tag the bad actors and prevent them from off-ramping on a big list of exchanges, uncover the attacker’s identity, help with crafting a post-mortem paper and analyze the blast radius of the incident.
- Beacon chain monitoring
a. Hexagate monitors for beacon chain events such as slashing. The platform allows users to monitor and get notified in real time whenever a specific validator is slashed.
- Professional service and support:
a. Helping out with bug bounty programs submissions, security reviews and triaging incidents in real-time by assigning a security researcher from our end to help out right on time. In the initial proposal we’ll allocate 15 hours of security research activity to help on that front, and expand that as needed.
b. Preparation and training for managing a war room, assigning roles and responsibilities and helping out with crafting security frameworks and incident response procedures - based on our expertise gained from being active in many such incident response events.
a. During onboarding a Hexagate security engineer with a PoolTogether stakeholder will map all the contracts, tokens, bridges, oracles, governance structure that are related and even remotely affecting PoolTogether contracts and on-chain assets to be able to have a broad coverage of all possible threats. Access to the platform will be granted to the select personnel on the PoolTogether team to use the platform to configure monitors, alert notification channels and run triaging and investigations for any on-chain activity. These will be provided right after signing.