Jan 24, 2024

Hexagate's Security Platform: ‘Run-time’ Security for Web3 Organizations

An overview of core capabilities—Invariant Monitoring Engine, Real-Time Threat Monitoring & Detection, and Threat Remediation & Incident Response.
min read

As the adoption of blockchain technology grows, so does the responsibility to protect it against threats unique to its decentralized, composable and open nature. Hexagate was established with the purpose to provide Web3 organizations the power to protect their users from cybersecurity threats. Since its inception in 2022, Hexagate has successfully shielded chains, protocols, bridges and asset managers against financial, governance, and malicious threats, and currently protects over $15 billion digital assets. Hexagate offers a Web3 Security and Analytics API, and security advisory services alongside its core product the Hexagate Security Platform. Today, the Hexagate Security Platform provides coverage akin to ‘run-time’ security for Web2 applications, specifically for smart contracts and digital assets. 

In this article, we provide a short overview of the Hexagate Security Platform's core capabilities—Invariant Monitoring Engine, Real-Time Threat Monitoring & Detection, and Threat Remediation & Incident Response. Each capability provides an additional layer of security, and the synergy of the three capabilities together provides a proactive defense mechanism against known and unknown threats suitable for blockchain organizations seeking to reduce security complexity and supercharge their risk posture. 

Open and decentralized networks require a sophisticated approach to security. Weekly attacks on smart contracts prove why audits shouldn’t be the only defense tool and the need to introduce multiple layers of security. Whilst there is no silver bullet in cybersecurity, threat detection and mitigation tools that run in real-time have already proven their value in the Web3 security stack. 

Powered by proprietary AI detection technology, machine learning models, and a team of leading security experts, Hexagate's proactive approach predicts and detects unusual transactions and malicious activities across all chains in real-time. Hexagate is a security vendor and trusted partner to some of the largest organizations in Web3, including Polygon, Consensys, Ava Labs, EigenLayer, and has proven instrumental in protecting user assets and preserving the reputations of its clients. 

Core Capabilities of Hexagate's Security Platform

Invariant Monitoring Engine

Invariant Monitoring is a simple yet powerful tool designed for deploying and running more secure contracts, and is particularly beneficial for codebases in the Testnet stage, as well as in production (Mainnet). An invariant is something that always remains true at a protocol level such as, ‘users cannot withdraw more than they deposit’. With invariant monitoring, smart contracts can be tried and tested in Testnet under multiple states to expose false assumptions and incorrect logic in edge cases and highly complex protocol states and then monitored continuously on deployed smart contracts in Mainnet. This proactive approach allows developers to identify and rectify issues that might be overlooked in manual code reviews ahead and after deployment. 

How Hexagate’s Invariant Monitoring Engine works:

Teams can seamlessly monitor invariants within Hexagate’s Security Platform. Starting by defining and coding invariants unique to their protocol leveraging Hexagate’s DSL, teams use Hexagate to expose flaws and incorrect logic. To ensure smart contract security, invariants declarations can be monitored in Testnet and in Mainnet. Custom monitoring of protocol invariants can then be added to the Hexagate Security Platform dashboard to swiftly detect compromises.

Real-Time Threat Monitoring & Detection

Monitoring can detect anomalies, suspicious activities, and potential attacks as they emerge. That way teams can stay on top of any threats, and take action to respond and mitigate any potential damages and protect its users and reputation. Customers commonly monitor for cyber exploits, financial events, 3rd party dependencies, operational changes, governance activity, phishing and other threats. A DeFi protocol for example will want to monitor wallet addresses, assets and contract addresses, and be alerted if ETH drops by 10%, to a deposit over a certain amount, suspicious contract calls, or to a bridge hack. With monitoring technology each of these events will be monitored 24/7, and the team would receive a real-time alert to take a semi-automated or manual action like pause the protocol. Some teams go one step further and have developed automated remediation workflows which activate instantly upon critical events, more on that below. All Hexagate customers rely upon Real-Time Threat Monitoring & Detection because they can get up and running in under 20 minutes, and have time to react and respond to threats with almost 98% of hacks detected by Hexagate more than 2 minutes and up to days before. 

How Hexagate’s Real-Time Threat Monitoring & Detection works:

Customers log in, set lists of on-chain addresses to monitor, choose from preset monitoring options, and add predefined rules monitoring options too. Incident severity can be set, and alerts can be connected to various notification channels, ensuring swift and efficient responses.

Threat Remediation & Incident Response 

While monitoring technology excels at detection, robust incident response strategies are vital for mitigating losses. Hexagate collaborates with teams to develop best practice incident response plans that include technical solutions, like automated threat mitigation, alongside clear protocols, defined responsibilities, and coordinated remediation procedures. Automated threat responses are coded responses to events that can be triggered by an alert. Some popular automated threat responses include pausing the protocol or some functionality, applying function or rate limits, and implementing block lists. These extreme responses rely on finely-tuned alerts to minimize false positives and ensure high-fidelity alerts. 

How Automated Threat Mitigation works:

Teams define risk parameters and security policies around when incident response functionality, like a pause, should be used. Incident response functionality is then connected to monitors that detects either a threat, invariant or a predefined rule. High-fidelity alerts then trigger on-chain actions or notify an operator for execution. 

Closing Note

The Hexagate Security Platform's core capabilities—Invariant Monitoring Engine, Real-Time Threat Monitoring & Detection, and Threat Remediation & Incident Response —directly address the vulnerabilities of blockchain technologies. With protocol invariants continuously monitored, real-time threat monitoring and detection in place for swift responses, and automated threat mitigation ready for action, Hexagate’s Security Platform provides a proactive shield for blockchain organizations against known and unknown threats. Hexagate’s mission is to provide a security platform for blockchain organizations irrespective of their size or stage so they can securely navigate the complexities of Web3 and protect their users.

In addition to its core product, the Hexagate Security Platform, Hexagate provides a Web3 Security & Analytics API, and security advisory services. Whether you want to access Hexagate’s security advisory services, connect to its API, or get up and running on the Hexagate Security Platform in 20 minutes, the team can work with you to decide the products and services you need to protect your customers.

Get in touch to explore how Hexagate can support your Web3 cybersecurity needs.

Yaniv Nissenboim
Yaniv Nissenboim
Co-Founder & CEO

Preventing Financial Loss For

Onboard Hexagate in minutes to protect all digital assets. Book a demo to experience the broadest Web3 protection.

Query Param