The decentralized finance market is a lucrative target for all sorts of shady characters that are looking to get a quick buck. Hence you’ll often hear about major losses by various blockchain companies caused by attacks such as:
- flash loans,
- exchange hacks,
- wallet hacks,
- token minting,
- intentional rug-pulls,
- evil contracts.
Attackers swarm the space like moths to the flame, drawn by the sheer amount of money passing hands, the existence of vulnerabilities, as well as the lack of traditional regulation. As a result, they get away with billions of dollars worth of assets per year.
We noticed there are a lot of cybersecurity companies and products in the general online space aiming to address this issue. However, there has been no solution out there that can freeze and reverse hacks. Yes, Tether can freeze and destroy its tokens, but its approach compromises the core characteristic of the market — its decentralization.
So far, the best ways to address these hacks have been either through hack mitigation (like audits) or post-hack solutions (e.g. insurance or money tracking). Other methods include hack or one-off bug bounty programs. Unfortunately, none of these have been particularly successful and can work only in specific situations.
Lossless as the ideal solution
Pros:
- Incentivized hack-spotting community
- Proof-of-stake concept
- Fully decentralized
- Can freeze and revert transaction
Cons:
- Hasn’t shown up sooner
Seeing the situation on the ground, we realized that there was a need for a suitable hack prevention and mitigation method that would combine the best of centralized and decentralized spheres. Hence, the idea of Lossless was born.
Lossless provides token creators with a piece of code that they can insert into their tokens, equipping them with our capable hack protection. From there on, a community of white-hat hackers and hack-spotting bots is constantly on the lookout for any unusual activities, on-chain events, or third-party reports.
If a hack has occurred involving a token with the Lossless hack protection, the spotter has the power to freeze a suspicious transaction for a limited amount of time. They can only do so if they stake a specific amount of their LSS (Lossless) tokens.
The matter is then handed over to the higher level — the Lossless Decision-Making Body consisting of the Lossless committee, Lossless company, and the token creator. This body reviews the frozen address and determines whether the hack is valid or not.
If it’s valid, the finder will receive their fee, the address is frozen for another 14 days, and the Lossless committee will make a proposal for permanent address freezing and reversing the transaction. If it’s not valid, then the finder’s staked LSS tokens are slashed and the suspected address is unfrozen.
The Lossless committee will include key public figures like select private investors, auditing companies, and founders of renowned DeFi projects.
Other solutions in the blockchain sphere
With its protocol, Lossless aims to provide an alternative to existing cybersecurity solutions that are powerless in freezing fraudulent transactions and reverting them. Some of these existing solutions include:
Kaspersky Blockchain Security
Pros:
- Experienced cybersecurity company
- Has solutions for ICOs/STOs
Cons:
- Can’t freeze fraudulent transactions
- Isn’t decentralized
The cybersecurity giant offers different options for companies running an ICO (Initial Coin Offering) or STO (Security Token Offering) and for crypto exchanges. For ICOs/STOs, there’s a solution called Kaspersky Smart Contract Audit. It guarantees an in-depth audit of the smart contract code to identify logic errors, vulnerabilities, and undeclared functionalities.
If you’re running a crypto exchange, then you can make use of Kaspersky Application Security Assessment or Kaspersky Penetration Testing. The former aims to discover vulnerabilities in crypto exchange applications, including white-box audit (based on source code review), grey-box audit (based on access to privileged user account), and black-box (emulating an experienced external attacker).
Kaspersky Penetration Testing identifies weak spots in the crypto exchange infrastructure by combining three different approaches: external (emulating an attacker with no knowledge of your system), internal (based on limited systems access such as a visitor), and social engineering attacks (such as phishing, pseudo-malicious links in emails, attachments).
However, despite its valiant attempts at reducing the risks of hacks occurring, it ultimately fails at offering a solution that would stop the fraudulent transactions as they happen. If the hacker somehow manages to get through its security mechanisms, there’s no way to mitigate the consequences and the hacker(s) will probably run off with the stolen assets.
This is where such a platform differs from Lossless. Lossless can not only freeze and revert a transaction, but it deploys decentralized methods to do so — relying on community-based hack-spotting and committee-based hack mitigation.
SlowMist
Pros:
- Lots of security tools
- Combines threat discovery and defense
Cons:
- Doesn’t actively block transactions
- Isn’t decentralized
SlowMist Technology’s security solutions include audits, bug bounty, Blockchain Threat Intelligence (BTI), defense deployment, security consultancy, and other services. Its platform is equipped with anti-money laundering (AML), false top-up scanner, vulnerability monitoring, smart contract firewall, Safe Staking, and other SaaS products.
The company claims to be a top international blockchain security company with a security solution that integrates threat discovery and threat defense. While all this sounds great, SlowMist still only focuses on lowering the risks of hacks, without offering a solution in the case of a successful hack. It’s also one company running the entire gig, without giving much thought to the concept of decentralization.
Lossless, on the other hand, doesn’t just reduce the risks of hacking. It actively blocks any suspicious transaction activities through an incentivized community of white hat hackers and hack-spotting bots. After a hack has been verified, a committee decides on how to proceed. This way, the platform fully adheres to the principles of decentralization.
ABDK Consulting
Pros:
- Various blockchain consulting services
- Excellent track record
Cons:
- No active chain monitoring
- Lacks transaction freezing capabilities
This blockchain consulting company offers a suite of solutions for various requirements — security included. Its security mechanisms mostly revolve around audits, aiming to discover critical flaws, issues, and bugs that hackers might exploit.
The company says its smart contracts are safe and have never been broken. We say — never say never. Lossless doesn’t rely on promises but on providing efficient hack protection and mitigation tools. Its community actively monitors on-chain events, unusual token activities, and third-party reports to identify any fraudulent transactions.
If any such thing happens to a token with the Lossless hack protection in its code, steps are taken to stop the transaction in its tracks, validate the hack, and mitigate its effects — freezing the offending address and reversing the transaction.
Bugcrowd
Pros:
- Crowdsourced workforce
- Beyond classic cybersecurity service
Cons:
- Not many hack mitigation features
- Can’t revert a hack once it’s happening
This company aims to lower hacking risks through its crowdsourced cybersecurity platform. Its original approach goes beyond vulnerability scanners and traditional penetration tests and offers trusted and scalable security expertise, promising to discover critical issues faster.
Specifically, its offering includes penetration testing, bug bounty, vulnerability disclosures, and attack surface management — all provided by a crowdsourced workforce.
Much like Lossless, the platform is decentralized, incentivized, and community-based, harnessing white hat security researchers to find and eliminate vulnerabilities.
However, it doesn’t go much further than that — it can’t freeze and revert the fraudulent transactions like Lossless can (and does).
Chainalysis
Pros:
- Proven efficacy in solving cybercrime
- Provides active monitoring and investigation
Cons:
- Can’t freeze or reverse transactions
- Isn’t decentralized
Focusing on blockchain analysis, Chainalysis devotes part of its services to security. Its data platform provides investigation, compliance, and risk management tools that have helped solve some of the most top-level cybercrime cases in the world. These tools have also helped grow safe consumer access to cryptocurrency — just like Lossless guarantees.
Its Kryptos software helps clients navigate risks in cryptocurrency, while the Reactor product connects suspicious cryptocurrency transactions to real-world entities, which allows combating criminal activity on the blockchain.
The software scans thousands of forums and darknet sites to extract open-source intelligence. It also allows the user to monitor future transactions and trace the flow of funds through an unlimited number of “hops”.
That said, Chainalysis still can’t freeze or reverse a transaction, like Lossless can. It can only help you present your case to investigators who will then attempt to find the perpetrator. You can then involve the authorities to get your money back (or at least some of it) but the chances are very slim.
Lossless as the missing piece of the puzzle
Although worthwhile and efficient to a point, existing solutions trying to solve the hacking problems in the crypto security sphere still fail to address every area. Mostly, they focus on risk assessments and vulnerability detections, with some only using in-house researchers to do it.
The complex Lossless ecosystem covers every step of the hack mitigation process, bringing in incentivized experts to a proof-of-stake hack-finding platform. Decision-making is also a decentralized and transparent process involving key figures from the space, major investors, and auditors, as well as the Lossless company and token creators.
If you’re aware of the importance of such a platform existing in today’s high-risk crypto world and wish to contribute to its success, you’re very welcome to join us at our:
