Introducing ‘Smart Mode’: Flexible Blockchain Security with Advanced Threat Intelligence by Forta

Today, FailSafe unveils its ‘Smart Mode’ feature, a significant advancement to blockchain cybersecurity that identifies and intercepts imminent threats to compromised wallets and smart contracts: the innovation is enabled by integrating Forta’s real-time threat intelligence with FailSafe’s automated incident response system. Smart Mode monitors and analyses all pending blockchain transactions in real-time for risk and malicious activity, enabling FailSafe to instantly respond and proactively protect digital assets in the face of threat.

In FailSafe’s default mode – ‘Safe Mode’ – the system intercepts all transactions attempting to interact with FailSafe-protected assets. By comparison, Smart Mode enables users who are intentionally transacting or experience high frequency activity (such as trading desks) to stay protected by intercepting transactions only with high-risk counterparties. FailSafe is able to effectively determine risk through its collaboration with Forta’s Scam Detector, which provides real-time threat intelligence about smart contracts and EOAs engaging in scams and other end-user attacks.

Powered by Forta’s Scam Detector

The Scam Detector is enabled by a collection of key Forta bots, each monitoring for a specific threat type – ice phishing, address poisoning, rake tokens, token impersonation, fraudulent NFT orders, pig butchering, gas minting, sleep minting, hard rug pulls, soft rug pulls, and wash trading. It also leverages new predictive techniques to flag on-chain addresses associated with known scammers, and contracts that closely resemble known scammers.

How It Works

1. The Scam Detector consumes alerts from a set of base bots (example alert: “Address 0x123 is involved in an ice phishing attack”).
2. The incoming alerts are processed and labels are created (example label: Address 0x123 receives a scammer label).
3. Labels are permanently stored on the Forta Network and within FailSafe’s Redis cache (designed for scalability and low latency, enabling FailSafe to take immediate and effective action).
4. In the event that a FailSafe-protected address is detected in any pending transaction, FailSafe performs a lookup of the counterparty’s address across its threat intelligence database to determine risk level.
5. If the counterparty is flagged as high risk, FailSafe swiftly intercepts the pending transaction, moving targeted assets (such as ERC20 and ERC721 tokens) to the user’s designated Recovery Vault. Read more about the FailSafe Recovery Vault here.

Case Study: December 2023 Ledger Hack

Combined with FailSafe’s X-Ray upgrade, which enables protection against malicious smart contracts, Smart Mode offers unparalleled security for digital assets against multiple attack vectors. An example of Smart Mode performing in a real-world scenario is the recent Ledger hack, through which an attacker uploaded a malicious version of the Ledger Connect Kit which contained malware known as Angel Drainer – in the event that a FailSafe-protected Ledger wallet was targeted by this attack, FailSafe would have a) identified Angel Drainer as a known malicious smart contract, and b) intercepted the transaction(s) and moved targeted assets to safety. The Angel Drainer contract address: 0x412f10aad96fd78da6736387e2c84931ac20313f returns a 91% confidence level via Forta’s Scam Detector.

Collaborating with FailSafe: Forta Network

For all groups and individuals that are contributing to the Forta Network, FailSafe is keen to explore a marketplace offering to its end users that enables a configurable set of alerts and attacks to choose from. Use cases may involve fund administrators that want to enforce rules in the way their funds are deployed (for example, transactions with entities that conduct gambling or drug trafficking activities would automatically trigger FailSafe’s transaction blocker).