AIP #21 - Implement Chainalysis Crypto Incident Response Plan for Abracadabra’s Smart Contracts

AIP #21- Implement Chainalysis Crypto Incident Response Plan for Abracadabra’s Smart Contracts

Summary/Scope (TL;DR)

This is a proposal to adopt Chainalysis Incident Response to protect Abracadabra in the event of a hack or exploit. After a hack commences, investigative response time is the most critical vector to asset recovery. Chainalysis Incident Response (CIR), the leading crypto asset recovery solution, is an important security measure to have in place to protect Abracadabra in the event of a hack. It also serves as a strong deterrent to help minimize the risk of a hack in the first place.

References

• Website: Chainalysis Professional Crypto Investigations & Special Programs
• One-Pager: Defi Crypto Incident Response 1-Pager

Customer Stories / Customer References:

• Blog post on the Axie Infinity Hack & Successful Asset Recovery: “$30 Million Seized: How the Crypto Community Is Making It Difficult for North Korean Hackers To Profit”
• Twitter Post from Morpho: “Morpho Labs has partnered up with Chainalysis to strengthen the Incident Response Plan for Morpho protocol!”
• Twitter Post from Algorand: “We have engaged Chainalysis to help trace compromised wallet transfers and freeze funds if they are deposited in an exchange that integrates with and acts upon Chainalysis data.”

Source Data:

• Chainalysis: The Chainalysis 2023 Crypto Crime Report, including original data and research into cryptocurrency-based crime.
• Security Intelligence: Cryptocurrency-Related Crime Boomed in 2022
• Sharedum: Top 10 DeFi Hacks You Should Know in 2023
• Cointelegraph: DeFi exploits and access control hacks cost crypto investors billions in 2022: Report

Main Objective

Context: Hackers are stealing more cryptocurrency from DeFi platforms than ever before. In last year’s “Crypto Crime Report,” Chainalysis detailed how DeFi protocols in 2021 became the primary target of crypto hackers. That trend intensified in 2022 and is expected to continue. By the numbers, 2022 was the biggest year ever for crypto hacking, with $3.8B stolen, primarily from DeFi protocols and by North Korea-linked attackers. DeFi protocols as victims accounted for 82.1% of all cryptocurrency stolen by hackers in 2022 — a total of $3.1 billion — up from 73.3% in 2021. As a result, it has become a top priority for DeFi projects to have protection in place above smart contract audits.

Motivation: Response time is one of the most important factors in successful asset recovery as a fast response significantly increases the opportunity to control and recover funds before they are gone (sent to a fiat off-ramp, moved to a sanctioned exchange, etc.) By procuring Chainalysis CIR, Abracadabra would have Chainalysis’ world-class team of professional investigators, cybersecurity experts, and data engineers on standby in the event of a hack or exploit, ready to respond immediately and thus increasing the likelihood of recovering funds. To date, Chainalysis has aided in the recovery of over $11B in stolen funds through our own investigations and others we supported.

Further, Chainalysis’ reputation is known across the world. By implementing CIR and broadcasting your Chainalysis partnership like Morpho did in the tweet above, you’re creating a strong deterrent. Hackers know that even if they do exploit your protocol, they won’t be able to easily profit from the stolen funds, thus diminishing their financial incentive to attack.

Proposal

Abracadabra can implement a multi-year CIR protection plan, which delivers a number of benefits to the community:

• A multi-year plan is a commitment to cybersecurity and consumer protections. It sends a strong message to the Abracadabra community and beyond and is well-aligned to Abracadabra’s longer-term security objectives.
• Abracadabra can lock in pricing today, securing lower cost pricing and removing future price/budget uncertainty.

To fund this partnership, the DAO will tap into its security budget of $100k stablecoin.

Benefit Recap

• Deter Hacks: The best outcome is you never get hacked. CIR helps deter hackers by letting them know a leading global crypto investigative team is on your side.

• Project your Community, Boost your Brand: By adopting CIR, you can show the Abracadabra community (and the broader DeFi community) that you’re taking serious action when it comes to cybersecurity and consumer protections, thus improving your brand reputation and differentiating yourself in the market.

• Partner with the Best: With CIR, Abracadabra can tap into Chainalysis’ expertise for complex blockchain analysis and investigations. The CIR team is ready to respond to cybersecurity breaches, ransomware attacks, recovery of stolen cryptocurrency, and perform other analyses involving blockchain data. The team consists of respected professional investigators, cybersecurity experts, and data engineers.

• Reaction Time: Having a proactive solution in place decreases the time to respond and increases the likelihood of asset freezing and recovery by the customer or law enforcement should the worst happen.

• Technical Skills: The ability to trace funds through various types of complex platforms is a crucial part of the CIR incident response and the ability of our customers to recover funds successfully. This applies to identified mixer platforms but also unidentified mixers and new bridging protocols between blockchains.

• Network: Chainalysis has a huge customer base and, with it, a sizable network with personal connections to almost all significant exchanges and services in the crypto space. Also, their strong relationship with Law Enforcement Agencies around the world makes them very efficient in engaging the relevant entities when needed.

• ROI: In over 80% of all cases where an incident has occurred, Chainalysis investigators have been able to give our customers valuable information that leads to recovery of more than what their CIR fee was. This demonstrates a great return on investment for CIR customers.

Considerations/Risks

There is a significant risk of not adopting a proactive asset recovery plan (that is, not having a plan in place before an attack). Waiting until after a hack occurs to partner with Chainalysis will create a significant delay in their ability to act, as it takes time to go through the approval and contracting process. As mentioned above, time is of the essence in a hack, and any delays reduce the chance of asset freezing and recovery.

Contracts/Technical Requirements

• Technical requirements: None
• Relevant token contract and chainlink oracle address: N/A

Next Steps

Voting Will start Saturday, 29th of April at 16:00 CET. Voting can be found here.

The proposal has passed!

Thank you @Arnone and the whole Chainalysis team for this proposal, it provides and in depth look at the product and its benefit.

I very much believe this product would improve Abracadabra security framework, and I believe its gonna be beneficial for the DAO. Additionally, I would like to share my personal experience in this: the Chainalysis team has been super friendly and helpful since the day we have been put in contact, and has put a lot of effort in following our DAOs procedures and governance process. Lastly, I have had personal experience with some clients of Chainalysis that have reported amazing feedbacks on their professionalism and skills as leaders in the industry.

I also agree with the budget proposal of 100k in stablecoins, coming from the protocol treasury. Security is one of the things on which a DAO should never try to save on. Having CIR already in place, if something bad was to happen, would help a lot.

Overall, I strongly support this, and I cannot wait to see the proposal process through governance, and get it voted on!

Strong Yes from my side!

Cant go wrong with more security!! Awesome RFC

Thank YOU, @Romy, for the kind words and for being one of the most genuine guys I have ever had the pleasure of working with. I couldn’t be more excited to potentially work with the amazing Abracadabra community that you all have built!

To the community: if you have any questions, please don’t hesitate to ask. I am more than happy to answer and take feedback!

Looking good to me. Abra team is always very proactive when it comes down to protect users funds and growing the reaction team can only be better.

Given how fast and active DeFi is, even if Abracadabra is battle tested, being ready to react to hacks/bugs/exploits etc can never be wrong so fully in support of this.

Keep the wizard’s coins safe

Do you have any data about the importance of fast response times and some info on the relationships you have with authorities and/or CEXs?

It would be great to have a partner with a proven track record. It would also be nice to not have to negotiate rates after a hack has taken place. I also think that this partnership combined with a bug bounty would be an extremely strong deterrent to black hats and make them consider going white hat instead.

Hi @BrabDdy great questions! @Arnone and I will write something up for you this morning to address both questions and respond ASAP!

Hi @BrabDdy to follow up…

In terms of Chainalysis reach, we have over 1,000 public and private sector customers across 70+ countries and an even broader parter ecosystem - this includes local, state and national law enforcement agencies, intelligence agencies, regulatory bodies etc across North America, Latam, EMEA, and APAC. This creates an extremely powerful network in terms of information sharing and collaboration when it comes to stolen funds investigations, asset freezing, and recovery. Our founder Michael Gronager was the former co-founder and CEO of Kraken, and we’ve got equally powerful relationships with many top CEXs across the globe. To speak to our track record/success rate… Chainalysis has aided in the recovery of over $11b worth of stolen crypto through investigations we’ve lead and supported with our team/tools, which is a pretty incredible sum. Further, over 80% of investigations we’ve led have had a positive ROI (that is, more money was frozen and recovered than spent to investigate).

Thinking about the importance of speed, once funds reach a fiat off ramp or have been moved to a sanctioned exchange, the ‘bad guys’ have won so to speak as those funds become untouchable or untraceable. There are a few steps along the way that serve as points of interference or blockers for hackers, with centralized exchange being an important one. Being able to respond immediately to a hack and working with those CEXs to identify and freeze stolen funds is critical before you miss the window to do so.

One other point to mention is that our investigators are worldwide, and with this we’re able to take advantage of contacting the appropriate entities in a timely manner.

They’re also highly skilled in investigating and following movements on various blockchains and using various techniques and tools to address obfuscation methodologies, mixers, etc.

Hi Lizzie! Thanks for the responses.

this includes local, state and national law enforcement agencies, intelligence agencies, regulatory bodies etc across North America, Latam, EMEA, and APAC.

They’re also highly skilled in investigating and following movements on various blockchains and using various techniques and tools to address obfuscation methodologies, mixers, etc.

The power of this tracking combined with a bug bounty should be a powerful push towards white-hatting instead of black hatting. Huge fan.

Further, over 80% of investigations we’ve led have had a positive ROI (that is, more money was frozen and recovered than spent to investigate).

Does the fee we’d be paying cover the costs of the investigation? If it doesn’t cover it completely, does it apply towards partially covering the additional charges?

Hey @BrabDdy, it’s a pleasure to e-meet you, and thank you for your thoughtful questions! To follow up on your question:

Does the fee we’d be paying cover the costs of the investigation? If it doesn’t cover it completely, does it apply towards partially covering the additional charges?

The fee you’d be paying for the proactive incident response will cover the full cost of the investigation, so the DAO won’t have to worry about paying any additional fee if the worst happens.

Seems like a cost effective insurance measure relative to abra TVL.

How many years of service does this $100k cover?

Hey @JTnD, it’ll cover 3 years.

Thats reasonable… 6 years for 150k would be clutch too, like a buy 3 get 3 half off deal lol.