Web3 is developing at an accelerated pace, and Arweave as an infrastructure will be adopted by more developers to create a new and more colorful ecosystem. PermaDAO is a co-builder community established for this purpose. All participants can find their own role here to contribute to the Arweave ecosystem. Any proposals and tasks about Arweave can be published here and receive support and feedback from the entire community. Join PermaDAO and build Web3!

Author: Spike @ Contributor of PermaDAO

Reviewer: Kyle @ Contributor of PermaDAO

Scanning the on-chain security track: the significance of Arweave’s data permanence

The openness of blockchain data has created an infinite prosperity for data analysis. Whether it is the active mining of Dune and Nansen, or the ups and downs of the Mao Party, it shows that data itself has huge economic value.

How to control data security will also become the focus of the industry, especially when the underlying public chain is overwhelmed and has turned to L2 or centralized hosting servers. Data may not last long, and the security it represents will also be questioned.

In the traditional development paradigm, data is only stored on its own server or meta-computing vendor, but in the on-chain world, everyone is actually responsible for data security, even the most ordinary users. Because destroying the credibility of data will cause a serious drop in the price of the currency, but the destroyers are often profitable. This unequal power and responsibility is the fundamental cause of frequent accidents on the chain.

Arweave's data permanence therefore has special significance. It is equivalent to preserving a server that will never crash and an indestructible snapshot for the industry. Especially for the high-security on-chain security industry, its significance has long been underestimated.

Cryptoasset risk classification

From the perspective of all parties involved in designing crypto asset transactions, policy regulation is force majeure. The trend that can be observed at present is to strengthen regulatory capabilities under the premise of legalization to ensure financial innovation while reducing financial system risks.

In terms of entities directly involved in crypto asset transactions, they can be divided into two types: centralized institutions and on-chain assets. The latter is pure DeFi, but centralized institutions are the underlying anchors and source of liquidity for the entire crypto world, and their asset status is not clear.

What can truly be done through complete logical deduction and real-time monitoring are on-chain activities, which can be divided into three processes: pre-emptive defense, on-chain activity tracking, and post-event emergency response. These also constitute the main sub-segments in the security field.

1. Policy supervision

2. Centralization: CEX and CeFi

3. On-chain asset security

  • Beforehand: Audit security, code security, scam

  • On-chain: Attacks, Rug, Cross-chain Bridges, MEV

  • Aftermath: Money Laundering, Privacy Coins, Fiat Currency Deposits and Withdrawals

Major players

For CEX and CeFi, the security prevention and control that can be involved are more in the fields of supervision, auditing and multi-signature wallets, so as to understand the operating principles of the black box as much as possible. The subjects involved are major legal regulatory departments such as SEC and CFTC, as well as mainstream wallets such as Gnosis Safe, and the recently popular exchange asset Merkle tree proof.

From the perspective of on-chain asset security, there are two main modes of pre-emptive defense: code audit and active defense. This article uses Slowmist and BlockSec as examples to illustrate them.

The operation of funds on the chain can be further divided into wallet security and interactive control. This is because wallets have gradually become a sedimentation area for personal and institutional assets, and are the second largest asset distribution center after CEX. On-chain interactive control is to continuously accumulate data on Dapps and addresses to identify their behaviors and reduce their own security factors. This article uses WalletGuard and Go+ Security as examples to illustrate.

Post-event tracking refers to remedial measures that occur after on-chain activities. Overall, this is not a segmented track, but a security measure that requires the joint efforts of project parties, exchanges, and security agencies.

Major players

In terms of product form, security products compete with each other based on the characteristics of "single-point function as a breakthrough, gradually moving towards comprehensive products", and gradually moving towards SaaS-based integrated comprehensive solutions.

  • The auditing platform Certik has also launched Skynet, an automatic monitoring SaaS platform that runs 24/7 after being put on the chain to defend against security threats.

  • In addition to providing security audit services before going online, BlockSec also provides real-time security monitoring service products for blockchain projects after going online.

  • Slowmist not only provides auditing services, but also includes early warning products and post-hacker tracking services. It is the most typical one-stop service platform in the industry.

In terms of target users, plug-ins (browsers, wallets), C-end and B-end middleware, and SDK access have become the three main service methods. It has become an industry consensus that security products are a "function" rather than products directly for mass users.

  • MetaShield and WalletGuard are both working on integrating browsers or wallet plugins, trying to maintain the lowest promotion and R&D costs while leveraging the traffic of existing mature products;

  • Exponential DeFi can conduct a security assessment on the wallet’s investment portfolio, helping retail investors to obtain authoritative reports in the security field without understanding the technology;

  • Go+ Security is a typical B-side SDK or middleware, which provides reusable APIs to help applications avoid chain risks as much as possible and maintain normal product operations to the greatest extent.

In terms of the business models of various products, they are currently in the early stages of industry construction. Code auditing is relatively mature, but the concentration of players is dispersed. On-chain activities rely on continuous labeling and database construction, which is time-consuming and labor-intensive. Post-event tracking and on-chain insurance tracks are still in the manual and embryonic stages.

  • Code audit: Automated verification is still under development, and formal verification cannot guarantee 100% security.

  • On-chain activities: Database construction is highly homogenized and cannot generate effective C-end traffic and B-end purchasing power.

  • On-chain insurance: Currently, the industry’s TVL is less than $300 million and is still in a long dark night.

Market size

The market size of the security track should be estimated as a whole based on the amount of losses and the financing amount of related projects. In the first half of 2022, the entire industry suffered losses of more than US$2 billion and recorded US$3.6 billion for the whole year.

From 2016 to 2021, the figures were 900 million, 1.2 billion, 2.1 billion, 5.5 billion, 4.3 billion and 9.7 billion respectively. It can be found that it is highly correlated with the bull-bear cycle, and its overall market size can also be estimated to be around 5 billion to 10 billion US dollars. Overall, it is a "technically difficult, mainly B-side customers, and a relatively niche market."

Judging from the valuation amounts of the more well-known projects at present, BlockSec raised 50 million RMB (about 7 million US dollars) and Certik raised a total of 148 million US dollars in 2022. It can be said that there is large-scale financing comparable to GameFi and public chain-level financing, and the expected market size of institutions can be adjusted upward to more than 10 billion US dollars.

But in general, the security track is not a direct traffic entrance, but more of a functional service scenario. Its future needs to be highly integrated with the overall encryption market, and then its market value can be inferred as a whole.

Competitive product analysis

Focusing on the core of the security track - on-chain addresses. We can compare the ability of major competitors to judge behavior based on on-chain addresses. We can understand it as rating the technical strength of the on-chain analysis capabilities of major competitors based on sufficient label data and sufficient time accumulation.

Go+ Security

1. Number of addresses: Supports public chains such as Ethereum, BSC, Polygon, Arbitrum, Avalanche, Heco, Fantom, OKC, etc., supports 99,036 malicious token addresses, and 6.5 million malicious addresses.

2. Product form: SaaS, providing a variety of API development kits

3. Main functions: Token/NFT/malicious address, smart contract, signature, dApp security and other services

4. User-oriented: B-side projects, such as BitKeep and zkSync

5. Charging model: free quota limit and API special call charging model

OKLink SkyEye 2.0

1. Number of addresses: Supports mainstream public chains such as BTC, ETH, EVM-compatible chains, OKC, etc., currently including 91,900 traced and analyzed addresses, 391 million address tags and 2,500+ tag types.

2. Product form: web page and platform

3. Main functions: address analysis, transaction graph, NFT traceability, address health, and on-chain monitoring: exchange address, amount threshold, transfer, clearing, etc.

4. User-oriented: C-end + G-end (Public Security Department)

5. Payment model: Free to use the web page for basic operations, Pro version needs to be purchased

Slowmist MistTrack

1. Number of addresses: Supports more than 10 mainstream public chains such as BTC, ETH, EOS, XRP, TRX, etc., including more than 1K+ entities, 200 million address tags and 90 million risk addresses.

2. Product form: web page, system platform and API

3. Main functions: AML Risk Score, address labeling, transaction analysis, time analysis, visualization, address collection, monitoring and warning, investigations

4. For users: retail investors, whales, institutions and government departments

5. Charging model: Basic package 99U/M, standard package 299U/M, commercial version customized on demand

0xScope

1. Number of addresses: Supports EVM chains such as BTC, ETH, Polygon, BSC, and mainstream public chains such as Solana and Cosmos, including 84 million entities, 1.4 million tag types, 640,000 tokens, 5 million address behavior tags, 11,000 protocols, 17 million risky address tags, 51 million contract analyses, and 31 million transaction access data.

2. Product form: web page

3. Main functions:

  • Exploration mode: wallet analysis, token analysis, project exploration, NFT browser;

  • Due-diligence mode: VC observation, whale tracking, entity discovery, entity tracking, high-risk entity identification:

  • Investigations mode: address clustering, capital flow, coin holding address analysis, early warning. Exploration mode: wallet analysis, token analysis, project exploration, NFT browser;

4. User-oriented: free and paid users, as well as commercial plans

5. Charging model:

TRM Labs

1. Number of addresses: Supports 23 public chains, covering the vast majority of current public chains, as well as more than 1 million risk address data and 80 types of risk data

2. Product form: one-stop system, SaaS

3. Main functions: Forensics: address and transaction tracking, supporting graphical display Know-Your-VASP: virtual asset service provider information query Transaction monitoring: comprehensive coverage of addresses and entities banned by the US government.

  • Forensics: address and transaction tracking, support for graphical display

  • Know-Your-VASP: Virtual Asset Service Provider Information Query

  • Transaction monitoring: comprehensive coverage of US government banned addresses and entities

4. For users: financial institutions, Crypto companies, government departments

5. Charging model: customized on demand

TrustCheck

  1. Number of addresses: Millions, mainly Ethereum chain.

  2. Product form: browser plug-in and B-side solution

  3. Main functions: monitor address security, ensure the security of users browsing and interacting with dApps, support DeFi and NFT

  4. For users: C-end and B-end project parties

  5. Charging model: Free for C-end, customized for B-end

Harpy

  1. Product form: API, SaaS

  2. The main function:

  • Malicious Transaction API: Helps projects identify malicious addresses

  • Eagle RPC Router: Wallet RPC, which can provide early warning services similar to bank fraud notifications

  1. For users: B-side institutions and project parties, not individuals

  2. Charging model: The current promotional price is 0.01 ETH, which is 7% of the recovered assets. Subsequent commercial services need to be customized on demand.

BlowFish

  1. Number of addresses: 207 million transactions scanned, 18,000 fraud protections, support for Ethereum, Polygon, and Solomon

  2. Product form: API

  3. Main function: fraud address detection and protection

  4. User-oriented: Project parties, especially wallets

  5. Charging model: B-end institutions, personal services are under development

MetaShield

1. Number of addresses: Undisclosed. Currently, the list is updated by users uploading phishing websites.

2. Product form: Browser plug-in incubated by Buidler DAO

3. Main functions:

  • High-risk behavior monitoring

  • Blacklist and whitelist verification

  • Full information transmission

4. User-oriented: C-end retail investors

5. Payment model: Free

Decentralized security track

At this point, we can summarize the future trends of the security track, mainly in the following three points:

  1. Cross-border. It not only includes DeFi, but also covers asset types such as NFT, as well as comprehensive cross-chain capabilities.

  2. Substantiation: Starting from the address on the chain, it eventually falls to the relevant entity, and then its behavior is determined.

  3. Integration. Address behavioral analysis, combined with comprehensive security data tools, to sell the ability to discern, rather than the data itself.

In fact, the core competitiveness of the security track is the ability to store and utilize data, but its operating processes revolve around centralized service platforms or entities. It can be said that decentralized security is built on centralized recognition.

Similar to our consistent view, this situation represents the early and weak status quo of decentralization. If we imagine that its data can be seamlessly migrated to Arweave for storage, it can effectively eliminate the monopoly of centralized institutions on data, and truly unleash the organizational capabilities of decentralized security.

It can be said that Dune has lowered the threshold for ordinary people to access on-chain data, provided that they understand and master SQL statements. SlowMist and other institutions have demonstrated through long-term practice that data can be used as safe oil, provided that it undergoes a persistent labeling process. Furthermore, the decentralization of data itself is still in the historical process.

🔗 About PermaDAO: Website | Twitter | Telegram | Discord | Medium | Youtube