Projects can sign up to receive training in incident response from trusted security experts through SEAL Drills. To ensure broad accessibility and to improve ecosystem security, SEAL Drills are offered for free as a public good.
SAN FRANCISCO, Oct. 25, 2023 /PRNewswire-PRWeb/ -- The creators of SEAL 911, the first responder Telegram bot designed to allow anyone to contact a team of security experts and which recently intercepted a live hack, are proud to announce SEAL Drills, organized by the SEAL Chaos Team.
According to Beosin and Footprint Analytics, almost 500MM USD was stolen via hacks in the H1 2023 alone. In these situations, projects need to respond quickly and efficiently in designated situation rooms known as "war rooms". However, many projects do not have the necessary training to operate these situation rooms efficiently. Instead they rely on the help of security experts who volunteer their time in order to facilitate the remediation and recovery of assets.
SEAL Chaos Team's Drills are designed to solve this problem by providing members of the crypto community hands-on training in running a war room. Operated by the SEAL Chaos Team consisting of samczsun, Head of Security at Paradigm, Isaac Patka, Co-Founder of Shield3, and numerous other security experts, SEAL Chaos Team takes projects through a tabletop exercise to assess a project's threat model, before running a security incident simulation.
The SEAL Chaos Team has already conducted exercises with well-known protocols such as Compound Finance and Yearn Finance, and are currently preparing an exercise for Aave. Projects interested in signing up for Drills can do so using this form.
"In order to make crypto safer for everyone, we need to make sure that we're doing everything we can across the spectrum to protect user funds," said samczsun of Paradigm. "With SEAL 911, we made it easier for individuals to report security issues, and with the SEAL Chaos Team we're excited to be providing high quality training to those who need it."
"Designing these exercises for crypto companies is like holding regular fire drills; it's not about inciting fear but ensuring readiness and honing reflexes," added Isaac Patka. "We aim to highlight interdependencies, strengthen communications and learn from each other to build a resilient ecosystem."
In early July, a Drill was conducted using the Compound Protocol as the testing grounds. As the protocol is decentralized, the exercise was designed to assess the response from protocol contributors - including Compound Labs, Chainlink Labs, Gauntlet, and OpenZeppelin.
It was successful in uncovering potential improvements in Compound Labs' incident response process that can be applied for future blockchain products. OpenZeppelin also gained valuable insights to improve the protocol's overall security posture with enhanced security monitoring and automation of key incident response steps as part of its security partnership with the Compound DAO.
"It is paramount for the Web3 sector to continue conducting such incident response exercises to help decentralized platforms prepare for major potential 'black swan' events," said Michael Lewellen, Head of Solutions Architecture at OpenZeppelin. "While there is a low probability that you will be hacked, the impact of being exploited could be catastrophic if a protocol is not prepared."
In late September, a second Drill was conducted for Yearn Finance, where an external protocol managing a large amount of user funds of a popular Yearn strategy was targeted. With the failure taking place outside of the core Yearn smart contracts, the team had to rapidly pull in the right subject matter experts and emergency procedures to put together a response plan. The exercise successfully tested their ability to understand how the affected strategy worked and what sequence of transactions needed to be made to recall funds to safety, and simulate the response before execution.
"Yearn was lucky to be one of the earliest teams approached by SEAL," said banteg, Core Developer at Yearn. "We are not strangers to dealing with complex systems, investigating incidents. Our engineers can be often seen helping out in war rooms. And yet, we were thoroughly impressed with the sophistication that went into preparing and simulating the attack. We are very grateful to SEAL for this opportunity and highly recommend this exercise to other security-minded teams."
About SEAL
SEAL is a collaborative effort among security professionals and other parties interested in improving security in the crypto ecosystem.
About the Compound protocol
Compound is an algorithmic, autonomous interest rate protocol built for developers, to unlock a universe of open financial applications. Learn more at https://compound.finance/.
About OpenZeppelin
OpenZeppelin is a leading blockchain security company providing security audits to the most trusted organizations in crypto. OpenZeppelin has also built the world's leading Open Source library for smart contract development, which is trusted by thousands of public projects.
About Yearn
Yearn is DeFi's premier yield aggregator. Giving individuals, DAOs and other protocols a way to deposit digital assets and receive yield. The protocol is maintained by various independent developers and is governed by veYFI holders.
About Shield3
Shield3 is a security & compliance automation platform. Shield3 offers enterprises tailored workflows to analyze, understand, route, and report on transactions for all blockchain applications.
For more information, please visit https://www.shield3.com/.
Media Contact
Jennifer Avrhami, Pitch Public Relations, 1 602-339-7800, [email protected], www.pitchpublicrelations.com
SOURCE SEAL
Share this article