Today, I'm officially launching
@0xGroomLake
.
It's no secret that DeFi is a massive target for lone wolf hackers and nation-state actors alike.
That’s why we're going to equip you with operatives formed in that crucible.
🧵Thread:
The DeFi Security Wars are coming.
Regulation will require risk transfer.
Your internal build systems will be obsolete.
@DroseraNetwork
is early to the battlefield.
If you would’ve told me a year ago I would be imaged as a cartoon bull conducting a No-Knock Raid on a home that chose a Kim Jong Un state portrait as living space decor, I would have politely asked if you were on substances.
Enter
@0xGroomLake
😎
As
@FDRosera
calls it, "the private military corporation for DeFi."
Groom Lake is a custom-tailored cybersecurity and intelligence operations company.
They provide everything from structuring, frameworks, crisis response plans and compliance 🤝
@DroseraNetwork
is the first objective incident response product in the space and it’s focused on 3 pillars:
1. Approachability
2. Affordability
3. Activity
Every project has a right to an easy-to-use, cost efficient, dynamic security solution.
Our industry depends on it.
What if I told you that
@0xGroomLake
could predict a compromise before it occurs and leverage decentralized response actions to mitigate or altogether stop it, and that those response actions are incentivized?
Drosera could have contained or mitigated 90% of exploits based on YOY data spanning from 2020.
If we apply that to the total for 2022, that number means a security impact on around $3.44 billion.
Thus,
@DroseraNetwork
.
Europe is an extremely attractive space for adoption of
@DroseraNetwork
.
If you’re an EU-based crypto project, would love to have a discussion on how
@DroseraNetwork
gets you to compliance before MiCA cybersecurity requirements put you in the crosshairs of regulators.
In my opinion, Europe will be the leading Web3 region in the next decade. Here's why: 🧵 ↓ 👀
- It is the only region that had increased total $ VC investments in 22 compared to 21.
- Europe has seen a higher number of newly incorporated Crypto Startups than any other region.
-
Can’t wait to see the dynamism between Operators <> Users <>
@eigenlayer
Restakers in the
@DroseraNetwork
ecosystem.
We are pushing the boundary of ZK tech, creating new economies of scale, and simultaneously introducing an entirely new discipline of security engineering.
@0xGroomLake
is currently investigating and tracking the suspected exploiter.
We are contacting our auxiliaries in EU/ME, the suspect’s region, to get a fix on position and mobilize authorities on the ground.
If you have information that can assist, please DM me.
We're happy to share that the EigenLayer ecosystem is early but growing!
Today we highlight 12 early projects building/benefiting from EigenLayer, including actively validated services (AVSs) and users of AVSs such as EigenDA, the first AVS coming soon.
If you are an American protocol lead and aren’t willing to take some level of your product and fight to the public policy process….
You’re doing your industry and the ecosystem a disservice.
Cost to build internal monitoring and incident response pipelines:
3-5 devs, 6-12 months, 6-7 figures.
Cost to use
@DroseraNetwork
for an entire year:
Mouse click, 10-15 minutes, 1/10th of the price of a junior developer.
Thus,
@DroseraNetwork
.
"For I was envious at the foolish, When I saw the prosperity of the wicked. For there are no bands in their death: But their strength is firm. They are not in trouble as other men; Neither are they plagued like other men. Therefore pride compasseth them about as a chain; Violence
I have awful news.
After 18 hours, multiple build swaps, and my abandonment of him due to transition to Baldur’s Gate 3 EA,
@Bobafetador
’s Lvl 38 necromancer succumbed to his wounds in Diablo 4
F to pay respects
I have to say my experience so far in DeFi has been nothing but love, respect, transparency, and cooperation.
It’s crazy how good things can be when you aren’t greedy and find ways to build a network by making sure everybody in your circle eats.
This Veterans Day I want to remember 1SG Frank Estrada from my time at the Cyber Training Battalion.
He unfortunately took his own life earlier this year but made an incredible impact in my life that I will forever be grateful for.
Fly high Nightstalker. Death Waits In The
@0xGroomLake
gang has been in the studio for the last few months ironing out a number of different products - I don't really fuck with overly produced marketing and hypebeast Twitter threads but I've been quiet so here are some updates.
THREAD.
@DroseraNetwork
> literally used in nanobiotechnology
> Charles Darwin shout out
> decentralized plant
> actually eats bugs for breakfast
> nutrients maxi
Source:
I regret to inform the space that
@0xGroomLake
does not offer free services or 14-day trials for intelligence ops/forensics/fund recovery for stolen funds routed to the People’s Republic of China.
We do charge for these types of things - I know, shocking.
Here
@FDRosera
explains why he thinks there are so many exploits in crypto
Because of this, he's building
@DroseraNetwork
"the world's first Decentralized Automated Responder Collective (DARC)" 🌼
Crypto offers the promise of an open financial system, but security incidents are far too frequent for DeFi’s potential to be actualized
With this in mind, we’re thrilled to formally announce the creation of
@NascentSecurity
If you’re traveling to Istanbul and would like a personal security retinue plz let the
@0xGroomLake
fellas know.
have a pretty expansive network in Turkey because Turkish chads love hacking.
See you at DevConnect
Guys, I promise, we will have a logo - it’s just that the marketing budget has been used for
@Bobafetador
’s Iowa moonshine operation as an early revenue generator.
If you’d like to order some, please visit the link provided:
(6) To solve this,
@Bobafetador
is joining as CTO to help develop DROSERA, our proprietary decentralized incident detection and response technology that leverages democratized incentive as a core mechanic of community-triggered response actions to exploits.
(11) If you want to get in touch, follow the white rabbit.
MS4gVmlzaXQgd3d3Lmdyb29tbGEua2UKMi4gQ2xpY2sgdGhlIF
RlbGVncmFtIGxpbmsKMy4gU2VuZCBhIG1lc3NhZ2UgdGhhdCBz
YXlzICJyYXZpb2xpIHJhdmlvbGkgZ2l2ZSBtZSB0aGUgZm9ybW
lvbGki
Happy hunting.
Not to worry guys, once we cross the $80 billion threshold for funds lost since 2014, someone will have an AI/ML subjective heuristics security product with a new UI/UX to fix everything… right…
(8) To really kick things off with a bang, we're proud to announce
@QuasarFi
as early partners.
We're excited to provide round-the-clock security and intelligence services for their products as we grow and develop our in-house suite of offerings.
OPERATION KOSHER RYE
[REDACTED] engaged
@0xGroomLake
operatives in pursuit of more than $10 million in exploit recovery.
Result: White hat returns of funds was successfully negotiated after escalation ops within the immediate footprint of the exploit.
(5) After countless hours of research, discussion, and community input from technical leaders in the space, it's extremely clear that the problem isn't one of capability or community willingness.
The problem is incentive - democratized incentive.
@chrisdior777
Hell nah, but think it would be a major bet for auditors to cover their ass with
@DroseraNetwork
post-launch.
We have to adopt a total supply chain security schema.
(2) Now, we're assembling those same professionals post-transition and challenging them with one of the most daunting technical and strategic undertakings of our time: securing and safeguarding the decentralized datasphere.
Our mindset: Who else but us?
1. Approachability
No 3 month onboardings, fat SLAs, 180 pages of technical documentation or programmatic setup reqs.
Go order a Quarter Pounder at McDonalds - my vision is a
@DroseraNetwork
job posting going from idea to active in half the time.
The 24hr Guarantee ⏳
In an active situation its all about time and leverage ⚖️
@FDRosera
guarantee's
@0xGroomLake
can get an operative across the globe, deployed live in person, and complete an operation within 24-48 hours 🌍
If you’re a bounty hunter, it’s not
@immunefi
’s fault that the protocols are rugging you - but it will continue to happen unfortunately.
If you get paid running an operator on
@DroseraNetwork
, there is no rug.
Last night I found a criticial in a live protocol at 4am. Spend 4 hours writing PoC and report and successfully submitted the vuln at 8am.
I just woke up and the project is already removed from Immunefi 😃
2. Affordability
@immunefi
data on 321 participants shows an average reward per asset of $65,000+ per payout on criticals.
@DroseraNetwork
complements static security solutions like Bug Bounties/audits at a fraction of the price:
$18k/year projected.
We are the Third Way.
3// Drosera - The Big Chungus
Drosera is a decentralized incident detection *and response* tool that we're preparing to unveil sometime in early-mid July.
We've iterated on design considerations with advisors and stakeholders and feel like we're close to an initial schema.
🔥 NEW 🔥
@union_build
is making huge strides in connecting the Interchain and Ethereum ✨
ZK infrastructure powers permissionless and trust minimized message passing
w/
@0xkaiserkarel
Watch the full conversation 👉
(9) With
@0xGroomLake
, we intentionally want to provide a tailored experience that is truly bespoke to each project we work with.
To preserve this quality, for FY2023, we're only offering 10 slots for retainer-based engagements - 8 are left.
3. Activity
@DroseraNetwork
is an active application of security resources.
Security in DeFi hinges on more than having a stamp from an audit firm and a 22% delta from audit to launch.
Drosera is always present, always watching - and it’s already built.
2// Mythic - Data Visibility for Metrics & Security
Mythic is something that *comes* with a partnership between
@0xGroomLake
and your business.
We essentially take what would normally be a 3-6 month internal roadmap item and give it to you out of the box.
Again, included.
Somewhere on a South American border.. may or may not have dropped drone in the sea.. drone may or may not have had expensive equipment duct taped/3M’d to it. Coffee time.
Even internal buildouts are 3-5 man engineer teams, 6-10 months of structuring, and still plagued with false positives from their heuristics.
You’re paying $800k~ a year for shit and a headache you have to keep alive. No more.
(3)
@0xGroomLake
operatives remain anonymous by design, and we adhere to strict standards.
For example, operatives are expected to maintain a high level of physical fitness and are constantly placed in fierce competition during threat hunting ops.
We are Spartan in our ethic.
Istanbul is absolutely beautiful. The food, vibes and company have been immaculate. I’m feeling very blessed today.
The
@DroseraNetwork
team and I evangelized the tech and received very positive feedback. We cultivated important relationships and had constructive conversations.
(7) We plan to initially offer DROSERA prototypes exclusively through our service partnerships with projects in the coming months.
While we are self-funding, we will be working with our partners and early adopters to open investment opportunities in the coming months.
South America needs more attention from up and coming crypto projects and companies.
@cosmos
opened my eyes to this in Medellin last year.
Cultural fit, money talks, bullshit walks, under the radar - SA is Mos Eisley. Wya?
(7) Before joining us at
@0xGroomLake
,
@Bobafetador
spent considerable time developing in the EVM space and formerly worked for
@RaytheonTech
/
@BAESystemsplc
.
I had the privilege of working with him extensively on previous DeFi projects. He is truly a special talent.
if you got rugged and they are LARPing anon hmu and
@0xGroomLake
will find them
this isn’t free i’m not
@zachxbt
trust me guys it will be fun - you can pull a Frank Hassle/
@Boogie2988
(not recommended)
send me a few selectors
lmk
@0xGroomLake
views 'security' as table stakes - it's expected.
The vision I have is to create a small, agile unit that can work to transform data from this security posture into something that generates *value* for your business - with investors, partners, and community.
Pre-compromise risk mitigation can be accomplished for on-chain events, in a multi-chain schema, using automated response actions that are granular and don’t halt operations for other participants.
Just be patient. It’s coming.
1/ During a journey to learn more about restaking, it became apparent that there was potential centralization risk of operators. To help reduce this risk,
@swp0x0
,
@jasnoodle
,
@RobinDotETH
,
@DroseraNetwork
, and I discuss an Optimistic Delegation Framework.
There are so many smart people in this industry that it shouldn't come as a surprise when I say that the problem with security in Web3 is a *financial* one, not a technical one.
More on Drosera to come in the next few days, as we're preparing pieces for the true homie investors.
@BanklessHQ
@Ledger
can’t rely on the dev i just tomahawked with a tire iron in an Estonian coffee shop to have a ledger on him anymore .. smh what kind of world do we live in
(10) As an added bonus, the first 5 projects that we agree to partner with receive a 30% discount on our service retainer - for life.
Our guarantee: You get a team of trained cybersecurity and intelligence professionals for less than you'd spend on *one* internal security hire.