Hypernative 荣获1600 万美元融资,如何打造 Web3 安全防线

marsbitPublicado em 2024-09-03Última atualização em 2024-09-04

随着 DeFi 的不断发展,安全性仍然是该生态系统面临的重大挑战,每年因安全问题而导致的资产损失高达数十亿美元。根据 Chainalysis 数据,2023 年 DeFi 黑客攻击共造成超过 11 亿美元的损失。尽管这一数字较 2022 年有所下降,但 2023 年却呈现出新的攻击趋势。即使是一些长时间安全运行的知名协议,如 Curve 和 KyberSwap,也未能幸免。此外,还出现了针对基础设施漏洞(如 Flashbots Relay)的复杂攻击。

“我不是看见希望才坚持,是坚持了才有希望。”——如同姜文电影里的这句话,DeFi 的安全之路或许充满未知,也许注定曲折难行,但唯有相信并坚守,才能看到那道真正的防线。

安全

就在9月4日今天,Pendle——一种去中心化金融(DeFi)收益交易协议,允许用户通过 Aave、Compound 和 Wonderland 等顶级收益生成协议来代币化和交易未来收益——遭遇了黑客攻击,超过1亿美元的资产面临极大风险。

攻击者首先部署了一个专门用于攻击的合约,Pendle 的实时内部监控系统迅速将其识别为可疑合约。该合约由 Tornado Cash 提供资金,并开始与 Pendle 合约进行交互。

这场攻击最初发生在Penpie上,Penpie是建立在Pendle之上的集成的 DeFi 平台,专注于锁定 PENDLE 代币以获得 Pendle Finance 内的治理权和增强的收益收益。面对危机,Pendle迅速采取行动,暂停了所有合约操作,并与Penpie团队保持密切沟通,全力协助其尽快解决问题。目前,Pendle的合约已经成功解除暂停,系统恢复正常运作。而此次事件能够迅速得到控制,得益于Hypernative的支持。Hypernative在攻击发生后立即检测并精准锁定了受害者Penpie,将风险消除在萌芽阶段。

Hypernative是什么

安全

昨日,Web3 安全公司 Hypernative 完成 1600 万美元 A 轮融资,Quantstamp 领投。Bloccelerate VC、Boldstart Ventures、Borderless Capital、CMT Digital、IBI Tech Fund、Re7 Capital 等参投。此前在2023年一月完成了900万美元融资,Hypernative 的总融资额达到 2700 万美元。

Hypernative 提供了一种“实时”风险监控平台,旨在黑客攻击发生前进行预警,使用户能在损害发生前采取防御措施。据公司介绍,该平台通过监控链上与链下数据,利用人工智能和机器学习技术识别超过 200 种风险类型,涵盖智能合约攻击、桥接安全问题以及市场操控等领域。

实际上,Bridge 的开发已历时两年多。Bridge 的两位联合创始人背景深厚,均曾在 Coinbase 及多家知名金融科技企业任职。CEO Zach Abrams 曾任金融科技公司 Brex 的首席产品官,还曾在 Coinbase 担任消费者主管,并在 Square 担任总经理。CTO Sean Yu 则在 Airbnb、Coinbase、Doordash 和 Square 有丰富的工程师和工程管理经验。

值得关注的是,据 Techcrunch 报道,这两位创始人早在 2012 年共同创建了 P2P 支付平台 Evenly,专注于简化朋友间的付款分账流程。该平台在次年被 Square 收购,进一步展现了两人在支付领域的创新力和技术实力。

安全

Hypernative 于 2022 年 9 月正式推出其首款产品 Pre-Cog,这个平台通过监控链上和链下数据源,旨在威胁发生之前进行预警。据公司透露,该产品已帮助客户避免了“数千万”美元的损失。Hypernative 的目标是构建一个完整的预防性工作流程,让客户无需干预即可自动降低风险。作为首个实时监控、风险检测和自动响应解决方案,它能够精准检测绝大多数攻击,并为用户赢得宝贵的响应时间。目前,已有超过 100 个 Web3 项目依赖 Hypernative 保障安全性,包括 Balancer、Blockdaemon、Chainalysis、Chainlink、Circle、Consensys、Ethena、Etherfi、Fidelity、Galaxy、Linea、Quantstamp、Solana、Starknet 和 Uniswap。

在过去一年中,Hypernative Platform 的网络覆盖范围扩大了三倍,达到 40 多家连锁店,并增加了 100 多个新检测器,以识别行业内多个类别的最大风险集。该团队还推出了 Hypernative Security Oracle,这是一种精确的内联解决方案,可在不影响其他用户体验的情况下阻止攻击者,以及 Hypernative Screener,可在授权交易之前筛选地址并正确识别风险。

检测量、准确性和预警时间的结合使 Hypernative 成为 Web3 领域领先的主动安全解决方案。去年,Hypernative 平台检测到了 99.5% 的黑客攻击,误报率不到 0.001%。在 99% 的案例中,攻击是在第一次交易前 2 分钟以上检测到的。迄今为止,该系统帮助客户节省了价值超过 1 亿美元的资金。

Hypernative 团队深信区块链技术的变革力量,但也认识到,如果没有显著的安全性改进,区块链的全部潜力将无法实现。最新一轮融资标志着我们让 Web3 安全惠及所有人的使命中的一个重要里程碑。

该团队将利用这笔额外资金拓展新的安全堆栈垂直领域,并构建 Web3 安全网络。这笔融资还将使 Hypernative 能够在全球范围内扩张,壮大团队,并将实时监控和响应作为标准安全实践。

Hypernative的解决方案

协议的实时保护-保护您的用户和声誉,避免灾难性损失

在资金损失发生之前自动阻止网络攻击

实时接收新兴攻击的警报

利用链上响应自动阻止黑客攻击

监控整个Web3

前端

智能合约漏洞

私钥与访问控制

市场操纵

第三方风险以及更多

检测链上风险

使用超过250个预制模板,覆盖特定市场风险,确保无风险点被忽视

结合定制警报模板和API,创建适合您使用场景的监控和响应计划

屏蔽恶意或受制裁的发送地址

精确拦截可疑发送者,同时保证合法用户的协议可用性

通过Hypernative Screener的查询和判决,阻止高风险用户使用您的协议

通过Hypernative Security Oracle自动排除恶意或受制裁的发送者,保护您的合约方法免受恶意行为者的滥用

链的实时保护-保护您的区块空间,构建繁荣的生态系统

启用全生态系统保护

通过Hypernative Chain Program,您的协议将:

获得保障用户安全的安全计划和行动指南

一键启动全面安全,加速发布计划

通过加入最可信、最经受考验的链条,提升您的声誉

保护您的链上基础设施

通过精准警报和决策上下文,赋能您的安全团队快速决策

我们提供超过200个现成警报和定制代理,提供准确的风险洞察,涵盖:

桥接

操作钱包

财库

相关代币

基础设施智能合约

不良发送者的筛选

阻止链上破坏

通过Hypernative Security Oracle,赋能您的协议阻止恶意攻击者与其合约交互

为基金和财务经理实时保护

保护您的仓位免受攻击、系统性和市场风险的影响

自动从被黑协议中撤出资金

通过与您的系统连接的实时攻击警报,快速将资金从受影响的dApp中移出

管理所有仓位的风险

利用实时警报监控您所有的仓位

通过定制和现成的推送通知,优化您的市场风险和市场表现策略

使用通知中的丰富上下文信息,快速对仓位做出决策

管理质押、托管和收益生成风险

实时接收关于质押服务提供商的表现警报:削减、错过的奖励、发起退出等

监控热钱包或托管服务(如Fireblocks)并紧急提取资金

监控DeFi协议、流动性池等,以防止可能的攻击

数据平台的实时保护

赋能用户做出明智的决策和投资

丰富的市场洞察力

Hypernative提供数百种现成的金融、治理、性能和安全风险警报,让数据平台全方位掌握Web3

跨链评估地址信誉

使用Hypernative Screener查询每个地址,接收数十个数据点,以标记受制裁或恶意的钱包,跨链进行分析

抢先了解

Hypernative为多链、多堆栈生态系统而打造,可在不到一秒的时间内检测市场和钱包风险,这一优势可传递给您的客户

结语

安全

2024上半年黑客攻击事件,源于: Security Incident Dashboard

Security Incident Dashboard 的数据显示,2024 年上半年已经发生了 50 多起黑客攻击,单次损失都超过了 10 万美元。这些数字背后,不仅仅是简单的资产流失,更是一次次刺穿 DeFi 领域信任的利刃。对于那些管理着数十亿资产的协议来说,任何一次安全事件,都像一场飓风,带来无法弥补的破坏。尽管在某些极端情况下,资金能够部分追回(比如 Euler 事件),但这种情况并不常见。每一次黑客的成功,都在让 DeFi 的未来染上更多的不确定性。

业界确实也在努力,推出了不少安全增强方案,代码审计成了几乎每个协议的上线标配。审计是好事,但它不是万灵药。面对合约升级、配置调整、外部依赖漏洞等问题时,审计只能算是开胃菜,真正的硬仗远在后头。

于是,像 Hypernative 这样的玩家登上了舞台,他们不再被动地等待,而是主动出击,用实时监控和精准的攻击检测,将安全防线拉到了前线。这是否能成为 Web3 安全的最终答案?没人知道。但正是这种不确定性,才让一切变得如此刺激。未来的战场早已拉开帷幕,结局如何,我们拭目以待。

Leituras Relacionadas

BIS Report Compliance Observations: The True Risks of Stablecoins Go Beyond 'De-pegging'

The BIS report, "Anchoring trust in money: innovation beyond stablecoins," highlights that the primary risks of stablecoins extend beyond potential de-pegging. It argues that the core challenge is whether stablecoins can be integrated into a financial system that is identifiable, monitorable, accountable, and regulatable. While acknowledging efficiency gains like faster payments and programmability, BIS emphasizes that money requires an institutional framework—including legal certainty, liquidity support, and financial integrity controls—which many stablecoins currently lack. The report details compliance risks, noting that while blockchain transactions are transparent, address visibility does not equate to identity or purpose clarity. This creates a systemic risk as pseudonymity, non-custodial wallets, and cross-chain bridges can undermine AML/CFT controls. Furthermore, these risks can spill over into the traditional financial system through on- and off-ramps. The future direction, per BIS, is not to prohibit innovation but to embed regulatory rules—such as identity verification and transaction screening—directly into the technological infrastructure of tokenized finance. The key takeaway for compliance is that any new financial instrument must clearly address questions of customer identification, transaction monitoring, accountability, and cross-border rule consistency to be viable as a mainstream payment tool.

marsbitHá 53m

BIS Report Compliance Observations: The True Risks of Stablecoins Go Beyond 'De-pegging'

marsbitHá 53m

When US Giants Collectively "Defect" to Chinese AI Models

When Silicon Valley Giants Turn to Chinese AI Models to Cut Costs A surprising trend is emerging: major U.S. tech companies are significantly reducing AI costs by switching to Chinese models. Coinbase, the largest U.S. cryptocurrency exchange, reportedly halved its AI spending after migrating to China's GLM-5.2 and Kimi 2.7 models, despite increasing usage. They achieved this through a sophisticated three-part strategy: implementing an automatic routing system to select the most cost-effective model per task, boosting cache hit rates from 5% to 60% to reuse computations, and employing "context engineering" to provide AI with more precise, less cluttered information. They are not alone. AI startup Lindy switched from Claude to DeepSeek, saving millions, while Snowflake's tests found GLM-5.2 solved 66% of coding tasks compared to Claude Opus's 67%—but at a fraction of the cost (output pricing is 5-7 times lower). While the top Western models may offer slightly better stability, the massive price differential is leading many businesses to reconsider their value proposition. This shift signals a deeper change in the AI industry, moving beyond pure performance benchmarks to a fierce cost competition. As pressure mounts, even OpenAI and Anthropic have begun slashing prices. For users, this means more choices, lower costs, and a crucial lesson: using multiple models based on task complexity, optimizing with caching, and keeping contexts lean are now key to leveraging AI efficiently and affordably.

marsbitHá 1h

When US Giants Collectively "Defect" to Chinese AI Models

marsbitHá 1h

BIS Report Compliance Watch: The Real Risks of Stablecoins Are Not Just 'De-pegging'

BIS Report Compliance Observations: The real risks of stablecoins go beyond "depegging" The BIS report "Anchoring trust in money: innovation beyond stablecoins" argues that while stablecoins and tokenization offer efficiency gains, their primary risk lies in fitting into an identifiable, monitorable, accountable, and regulatable financial system. Money's trust stems not just from technology but from institutional arrangements: a common unit of account, guaranteed redemption at par, liquidity support, regulatory frameworks, and financial integrity requirements. Stablecoins, operating on permissionless blockchains with pseudo-anonymity and non-custodial wallets, create systemic compliance gaps: unclear customer identity, incomplete fund origins, unexplained transaction purposes, fragmented cross-chain paths, and ambiguous liability. On-chain transparency does not equal compliance transparency. Public addresses don't reveal identity or intent. While blockchain analytics aid law enforcement, they cannot replace routine, large-scale AML/CFT controls. Effective compliance requires a closed-loop process encompassing customer onboarding, transaction monitoring, investigation, reporting, and audit. Stablecoin risks are not confined to the blockchain; they re-enter the traditional financial system via on/off-ramps, exchanges, and payment institutions. This forces banks to monitor client accounts for activity linked to virtual assets. The future direction is not to prohibit innovation but to embed rules into the technology. Tokenized finance should integrate with the existing two-tier monetary system, embedding compliance—like customer identification, pre-transaction screening, and auditable data trails—directly into the transaction flow. For compliance professionals, the key takeaway is that any new financial instrument must answer core questions: Who identifies the customer? Who monitors transactions? Who handles exceptions? Who is liable? Compliance is not the antithesis of innovation but the essential infrastructure for its sustainable growth.

链捕手Há 1h

BIS Report Compliance Watch: The Real Risks of Stablecoins Are Not Just 'De-pegging'

链捕手Há 1h

When American Giants 'Defect' to Chinese AI Models

Summary: The trend of major U.S. technology firms adopting more cost-effective Chinese AI models is gaining momentum. A prime example is Coinbase, the largest U.S. cryptocurrency exchange, which reportedly halved its AI expenditure by switching to Chinese models GLM-5.2 and Kimi 2.7, while its usage volume increased. This was achieved through a sophisticated cost-saving system featuring intelligent model routing (selecting the most suitable model per task), dramatically improving cache hit rates from 5% to 60%, and implementing "Context Engineering" to streamline prompts. This shift is not isolated. Other companies like the AI startup Lindy and data cloud firm Snowflake are making similar moves, drawn by the significant price disparity. For instance, GLM-5.2 costs $1.40/$4.40 per million tokens (input/output), compared to $5/$25 for Claude Opus 4.7. While top Western models may offer slightly higher stability or speed in complex tasks, the performance gap is narrowing, making the price difference harder to justify for many enterprise use cases. The implications are significant for both businesses and individual users. It highlights the importance of a multi-model strategy based on task requirements, the value of caching and reusing outputs, and the effectiveness of providing concise context. Ultimately, this migration signals a potential reshaping of the AI industry's pricing model, moving competition from pure performance benchmarks to practical cost-effectiveness, with increased choice and downward price pressure benefiting end-users.

链捕手Há 1h

When American Giants 'Defect' to Chinese AI Models

链捕手Há 1h

Trading

Spot
活动图片