The Web3 ecosystem is a dark forest, where both opportunities and dangers coexist.

Unfortunately, financial crimes, hacking attacks, fraudulent extortion, and money laundering incidents are all too common in Web3, with significant financial and societal impacts. Attack methods such as contract loophole exploits, flash loan attacks, phishing attacks, and rug pulls are emerging constantly, and evolving at an alarming pace.  

As the Web3 ecosystem continues to grow and innovate, the battle between attackers and security firms will only intensify. In this article, we will introduce Web3 security service provider SharkTeam. Through smart contract audits, on-chain security analysis, and on-chain asset tracking, SharkTeam is working to enhance the safety and security of Web3 assets.

Smart Contract Audit

Smart contracts are a fundamental part of the blockchain ecosystem, providing a transparent and immutable way to execute transactions. However, this transparency also means that any security risks associated with smart contracts are highly visible. Once a smart contract is deployed, it cannot be tampered with or stopped. Any vulnerabilities in the code can be exploited by hackers in real-time, potentially resulting in significant financial losses.

ChainAegis, an on-chain analysis platform under SharkTeam, released Web3 Security Report Q1 2023. According to the report, a total of 211 security incidents occurred in the Web3 field in the first quarter of 2023, with a total loss of more than US$383 million. Among them, there were a total of 25 security incidents caused by contract vulnerbilities, resulting in a cumulative loss of more than US$362 million. On March 13, the DeFi lending agreement Euler Finance suffered a lightning loan attack incident with a loss of 197 million US dollars, which was the most serious security loss due to contract loopholes this quarter.

The security provider SharkTeam offers smart contract auditing services, with both manual and automated auditing options. Its library of more than 200 smart contract security vulnerabilities covers the most common security incidents, attack detection and blocking technologies, and anti-phishing attacks. SharkTeam supports multi-chain smart contract auditing and covers popular smart contract languages such as Solidity, Rust, Move, Cadence, and more.

It's important to note that passing a security audit from an audit company does not guarantee absolute safety. For example, the DEX Merlin on the zkSync network suffered a Rug Pull shortly after passing an audit, resulting in a direct loss of $1.82 million. 

On-chain security analysis and asset tracking

To fully understand a Web3 project, three types of analysis are must-haves, which are: fundamental analysis, technical analysis, and on-chain analysis.

Fundamental analysis involves examining a project's finances, team, source code, announcements, features, and token-related news. Technical analysis entails observing charts and price trends of encrypted assets based on specific indicators to predict market trends and potential future price changes. Finally, on-chain analysis involves monitoring the activities and transactions of various projects on the blockchain.

SharkTeam provides analysis services for all three types of analysis. Its analysis team manually analyzes projects and produces research reports, which users can utilize to gain a more comprehensive understanding of project fundamentals and data performance. Moreover, SharkTeam's project leaderboard sorts projects based on their market capitalization, and shows project-related token prices, holdings, lock-up ratio, 24H change rate, and other data, enabling users to better perform technical analysis.

Most notably, SharkTeam also offers on-chain security analysis. The ability to track state changes over time is critical on blockchains such as Bitcoin (BTC) and Ethereum (ETH). For DeFi projects, tracking the flow of funds is crucial. Although blockchains are transparent, hackers can make it a maze.

SharkTeam launched the ChainAegis on-chain risk analysis platform in April 2022. The platform employs artificial intelligence and big data analysis technology to provide encrypted asset monitoring and online analysis services, encompassing DeFi, NFT, OTC, and other formats.

One of the unique features of the ChainAegis platform is its collection of over 1 billion on-chain risk tag libraries. These libraries enable the platform to discover and identify multiple tags of on-chain information, predict malicious attacks and crimes in advance, and track them afterward. ChainAegis also leverages correlation analysis, knowledge graphs, and other technologies to perform multi-link analysis and tracking of funds. By combining these capabilities with its risk data tag library, ChainAegis can perform visual analysis on transaction paths and predict capital flows.

In addition, ChainAegis offers real-time risk monitoring and risk alerting services. It can monitor transactions on the chain in real-time and provide alerts for price fluctuations, liquidity warnings, flash loan identification, contract vulnerability warnings, RugPull warnings, and more. Currently, SharkTeam can provide early warning services for nearly 10 mainstream public chains, including Bitcoin (BTC), Ethereum (ETH), and Binance Smart Chain (BNBChain).

The common challenge for Web3 security service providers

Web3 security service providers, such as Consensys, Certik, and Quantstamp, face a common challenge in the rapidly evolving landscape of Web3 security threats.

Recent attacks against Web3 infrastructure, such as the robbery of 2 million BNB from Binance in October 2022, serve as a reminder of the importance of effective security measures.

Moreover, hackers are increasingly leveraging artificial intelligence tools, such as ChatGPT, to automate network attacks and identify vulnerable targets.

As hackers' attack techniques continue to evolve, SharkTeam and other Web3 security service providers must work together to form a comprehensive security ecosystem that can effectively protect the Web3 world.