Hypernative Security Services to OlympusDAO - Renewal

Aadi-hypernative · 2025-03-12T07:48:06+00:00

Summary

A proposal to renew Hypernative’s 12-month engagement with OlympusDAO on continuous real-time monitoring and proactive threat prevention to enhance the resiliency and security of the OlympusDAO protocol and augment the DAO’s security operations, while minimizing the risk of hacks and exploits, loss of funds and prevent catastrophic loss to create long-term sustainable growth.

The proposal below includes detections of malicious DAO proposals, which have proven to be a significant threat vector as Olympus transitions toward an on-chain governance structure.

The request is to approve a $60K budget expenditure paid in OHM or gOHM for 12 months, approved and released by the DAO contributors.

Results

Since 2023, our real-time monitoring and proactive threat prevention platform has been used by the OlympusDAO team to preemptively detect attacks and attempted exploits prior to actual exploitation on the OlympusDAO contracts, including various attack vectors such as price manipulation, oracle manipulation, reentrancy vulnerabilities, and more.
On Sept. 21, Hypernative detected unusual activity related to one of Olympus DAO's utility contracts. Within 3 minutes early on Saturday morning U.S. time, Hypernative notified the Olympus team. Thanks to the quick response and efficient collaboration between the teams, the damage was limited to $29K. More information here

The Hypernative system is configured to monitor and generate 'out-of-the-box' real-time alerts across Security, Financial, Technical, Governance, and Community categories for OlympusDAO core contracts, multi-sig contracts, treasury contracts, emergency contracts, and periphery & dependencies contracts. Additionally, the OlympusDAO team has configured the system for custom purposes, such as monitoring the treasury balance and the Uniswap V3 OHM 3 pool TVL.

The Hypernative team, together with the OlympusDAO team, built an incident response and mitigation plan to review:
Involved parties
Identity communications channels
Decide on roles and responsibilities in case of events
Conducted testing of triggering response
Hypernative has maintained continuous engagement with the OlympusDAO protocol team through ongoing Discord communication and recurring meetings. This collaboration aims to refine monitoring, response strategies, and necessary adjustments.
Background

About Hypernative

Hypernative actively detects and responds to zero-day cyber attacks, financial risks, on-chain anomalies, and safeguards digital assets, protocols, and Web3 applications from significant threats and losses.

Hypernative today works with some of the leading crypto organizations, such as Balancer, Athena, EtherFi, Starknet, Circle, Chainlink, Galaxy Digital, Karpatkey DAO and more than 200 customers.

Hypernative is an active participant in many crypto security organizations and committees geared towards helping projects and the industry as a whole to create new security solutions and standards.

Hypernative team is well experienced in crypto and cyber security with 10’s of years of combined experience from companies like: Microsoft, IBM, Google, VMware, CyberArk, ChainReaction, Orbs, Intel and others.

Motivation

The overall motivation is to augment security and risk operations and help Olympus DAO team both with our team security and data expertise and with using the Hypernative platform.
It's hard to keep track of all various different security risks and exposures in crypto and Web3, having a dedicated team and a real time platform to mitigate and detect these risks for the community, is of first priority in our vision.

The result of implementing this offer will be to provide real time detection of any security attack vector on Olympus DAO and its participants and prevent that threat by defining together with the community various preventive workflows. (Leveraging the Hypernative Platform)
A security and solidity expert contact in Hypernative which will provide its expertise and help regarding any security incidents, bug/vulnerabilities disclosures or processes.
Real time detection and warning the community/DAO of anomalies and risks in governance proposals, bridges, oracles, participants, phishing or scamming campaigns affecting OHM and its holders. (Leveraging the Hypernative Platform)

Proposal

Below is a preliminary list of features that Hypernative offers for OlympusDAO protocol to establish and ensure protocol security soundness, detect anomalies and malfunctions in 3rd-parties like Oracles, Bridges, and other tokens and protocols, and monitor off-chain and on-chain participants for suspicious behavior

A. Protocol Security

1. Reviewing security framework and response procedure, assigning a contact person for various events

Set standard operational procedure (response & contact points) on category of events and time-sensitivity for any security or operational case
Understand and create pre-incident measures to mitigate risk and react in time (pause contracts, limit/cap protocol, blacklist addresses, move funds to a safe/vault for emergency etc.)
Understand and create post-incident measures

2. Protocol Security Alerts

Leverage Hypernative zero-day detection modules to detect threat and alert in real time on security incidents related to or directed at Olympus DAO contracts

3. Incident Response

Identify root cause(s) and suggest remedies / repairs and communication
War room management and connection with community volunteering help and Olympus team members
Connection to and management of vendors and network of contacts (Circle, Bridges, Zeroshadow,, Chain security teams, etc) to help with recovery of stolen funds and post incident help to the DAO
Community communications and post mortem
Creating best practices based on historical incidents and create playbooks with the learning

4. Security Operations Augmentation

Create a security team for Olympus DAO by receiving and reviewing security disclosures and helping investigate issues as they arise

5. Security Advisory Services

Explore and research tools (open source and commercial) to be used in the process and suggest to the DAO
Create educational material and sessions with the community and developers teams
Hypernative will explore OlympusDAO's operational security procedures and create a threat report with suggested recommendations to be considered by the DAO
Help with security vendors assessment and conduct security/risk due diligence for any vendor or 3rd-party
Presenting the research and market assessments on demand from security standpoint to the DAO and community
Help with total security budget planning, negotiations and proposing the budget to the DAO for decision making

6. Security detections on third-party protocols:

On Sept. 21, Hypernative detected unusual activity related to one of Olympus DAO's utility contracts. Within 3 minutes early on Saturday morning U.S. time, Hypernative notified the Olympus team. Thanks to the quick response and efficient collaboration between the teams, the damage was limited to $29K. More information here
The Hypernative system will be used to monitor and detect hacks in third-party protocols that Olympus is integrated with or invested in.
Olympus was supposed to invest in the Blueberry protocol (although it didn't eventually due to a timing issue).
On February 23, the Blueberry protocol was exploited for approximately $1.3 million. The Hypernative system detected the attack on the Blueberry protocol four minutes prior to the first hack transaction.
If Olympus had invested, Hypernative could have alerted Olympus to withdraw their funds before the attack occurred.

B. Oracles, Bridges, and related Tokens

7. Oracle Reliability

Offer:
Detect deviations between two updates of an oracle
Detect deviations between two updates on two different chains
Detect deviations between on-chain and off-chain prices
Detect a lack of updates and staleness
Assist in evaluation of different oracle providers and share historical data

8. Bridge Security Monitoring
Offer:
Provide security alerts related to bridge security incidents and risks

9. Related Token Monitoring

Offer:
Monitor tokens dependent on or related to Olympus DAO for anomalies, market economic conditions, security, holdings concentration and supply changes (mints / burns)

C. Phishing and Scamming Detection

10. On-chain detection

Offer:
Detect phishing campaigns targeted at OHM token holders and provide alerts to warn the community

11. Off-chain detection. (* Roadmap item)

Offer:
Detect phishing and scamming campaigns on the web
Detect phishing campaigns on social media (Discord, Telegram, Twitter) and alert related parties

D. On-Chain Governance

12. Monitor Governance Decisions

Offer:
Monitor OlympusDAO governance proposals on-chain and apply Hypernative models to detect suspicious proposals
Simulate governance proposals and add relevant automated testing of invariants/conditions for every proposal
Monitor proposers history and risk parameters
Example: Tornado Cash exploit through on-chain governance proposal:
On 2023.05.20 Hypernative system detected an attack on Tornado Cash through a malicious DAO proposal which resulted in ~$2.7M exploit. This attack spanned across 3 transactions within a couple of hours, $25,000, $39,000, and $2.7 million were stolen. Hypernative flagged the malicious proposal creation through its proprietary ML bytecode model which analyzed the contract automatically upon deployment.
Through the proposal, the attacker managed to acquire 1,200,000 votes, surpassing the legitimate votes of approximately 700,000, and by that gaining control over the Tornado Cash governance.
The attacker's address was funded via Tornado Cash. The attacker crafted a malicious proposal, cunningly stating that it followed the same logic as a previously approved proposal. However, the attacker had introduced an additional function into their proposal, which allowed them to self-destruct the contract. Approximately 430 ETH were laundered by the attacker through Tornado Cash.
Later, the attacker submitted a proposal to reverse the hostile takeover, restoring governance control to the DAO.

13. Monitor Governance token holders

Offer:
Monitor government token transfers
Alert on governance token concentration

14. Monitor lockdown policies

Offer:
Apply a policy to verify lockdown of token holders based on their wallet addresses ( for example, vendors, employees, special participants, etc.)

D. Participants Monitoring

15. Monitor suspicious users

Offer:
Monitor large transfers or movements of funds from participants in the protocol
Monitor suspicious or illicit activity, or illicit funds holdings for protocol participants

16. Monitor blacklisted addresses

Offer:
Monitor addresses from OFAC lists or that were part of a hack/exploit/fraud

E. Protocol Operations Monitoring

17. Monitor protocol treasury and wallets

Offer:
Monitor large transfers or movements of funds from protocol treasury
Monitor protocol multi sig wallets for anomalies and suspicious transactions
Pre transaction API that can simulate a transaction outcome before applying it on-chain

18. Monitor protocol defined parameters / invariants

Offer:
Monitor specific invariants, functions and events as specified by OlympusDAO team

F. Front-end Monitoring
Offer:
Detect Web application security incidents like DNS hijacks, DNS provider compromises, compromised plugins and backends
Provide real time alerts on any suspicious change to the web application
Related examples that could have been early detected using the suggested frontend monitoring:
Balancer DNS attack, September, 2023
Ledger Connect compromised javascript library, December 2023
Velodrome DNS attacks, November and December 2023
Trader Joe’s compromised plugins attack, November 2023
BadgerDAO
Convex Finance

The request is to approve a $60K budget expenditure paid in OHM for 12 months, approved and released by the DAO contributors.

Relwyn · 2025-03-12T17:24:22+00:00

In support. Hypernative is a critical infrastructure partner.

hOHMwardbound · 2025-03-13T01:45:14+00:00

I am in favor of this proposal as well, have enjoyed working with the hypernative team and feel it is an important layer to our protocol security.