Fireblocks expands DeFi suite with threat detection features

Fireblocks introduced new security features to its DeFi suite: dApp Protection and Transaction Simulation.

As the DeFi sector experiences unprecedented growth, the need for proactive security measures has never been more critical. With attackers taking advantage of DeFi’s technical and opaque characteristics, Fireblocks’ new security features aim to empower institutional firms with real-time threat detection, clear insights into contract calls, and preventative measures against malicious activities.

Navigating the surge in DeFi: Innovations, adoptions, and security challenges

Decentralized finance (DeFi) is experiencing a renewed wave of retail adoption and institutional capital allocation. From restaking and tokenized real-world assets to meme coins and perpetual futures, the new investment opportunities have pushed DeFi’s total value locked (TVL) to over $100 billion for the first time since May 2022.

Concurrently, the institutional DeFi volume on Fireblocks has risen by more than 75% in 2024 alone, nearing $4.5 billion monthly volume.

However, this influx of capital to DeFi applications has also drawn the attention of sophisticated threat actors. The early months of 2024 have seen attackers exploit a range of vulnerabilities to drain over $500 million from wallets, including phishing websites, dApp takeovers, and advanced supply chain attacks.

The inherent obscurity and complexity of DeFi transactions present significant challenges for traders in identifying potential security risks and for operations teams in understanding the impact of each transaction on their funds.

A new proactive security approach for DeFi is required — one where traders and operations teams can automatically monitor malicious activity, identify high-risk threats across common attack vectors, and gain context into the impact of a contract call, all before approving a transaction or connecting with a dApp.

That’s why, Fireblocks launched new threat-detection features within DeFi suite: dApp Protection and Transaction Simulation. dApp Protection provides real-time threat detection alerts to prevent interacting with suspicious smart contracts, phishing websites, and compromised dApps, while Transaction Simulation lets you preview the estimated token balance change when interacting with a smart contract, so you always know the impact of what you’re signing.

“Deploying onchain trading strategies presents new security considerations. Fireblocks dApp Protection and Transaction Simulation empower our team to stay ahead of evolving onchain threat vectors while providing everyone in the transaction approval workflow with visibility and clarity into what they’re approving,” said Andrew Taubman, Deputy Chief Operations Officer at Galaxy.

Fireblocks dApp Protection

Protection against malicious dApps and smart contracts

Trading on a DeFi app begins by connecting your wallet to a dApp interface, which allows the dApps’ smart contracts to communicate with your wallet. This step is seemingly straightforward but fraught with risks due to the prevalence of phishing attacks, with $1.1 billion in lost funds from 2023 mostly attributed to phishing.

Threat actors leverage phishing websites to trick users into connecting their wallet to a seemingly legitimate dApp and then sign a wallet permissions request, granting the attacker access to the wallet funds. The two main ways that attackers exploit wallet connections are:

• Compromises the dApp server and takes over the website
• Typosquats the dApp URL (uniswap.org → uniiswap.org) and copies the interface to seem legitimate

Fireblocks’ dApp Protection feature automatically detects suspicious smart contracts, phishing websites, and compromised dApps, alerting users before they interact with a potential threat. Leveraging real-time threat detection, dApp Protection analyzes key threat vectors to identify malicious patterns such as imitative URLs, harmful javascript elements, and suspicious registrars.

Beyond the front end, dApp Protection also assesses smart contract characteristics for signs of low reputation or patterns indicative of common attack vectors.

Since dApp Protection moved to Early Access at the end of 2023, it has detected numerous threat campaigns including the Ledger Connect Attack, a compromised Ledger package that allowed attackers to inject malicious code into dApp interfaces. Fireblocks customers have experienced the power of proactive security capabilities that provide traders and operations teams with real-time threat detection alerts that prevent the adverse impact of malicious dApps and contracts.

Fireblocks Transaction Simulation

Always know the impact of what you’re signing

With conventional blockchain transfers, users only need to validate the transfer amount and deposit address. But with DeFi, users are directly interacting with a smart contract, adding another layer of complexity to onchain operations. After connecting with the dApp, the contract sends a signature request to your wallet that authorizes the contract to access your wallet funds and execute the transaction.

The challenge is that contract calls are not human-readable. So trading firms must either rely on technical users to decode and validate the contract call or trust that the dApp is not malicious and blindly sign the transaction.

The inability for traders and operations teams to validate that the output of signing a contract calls will have the expected outcome introduces a critical risk for institutional firms. Threat actors are aware of the opaque and technical nature of contract calls and use this attack vector to trick users into unsuspectingly signing a malicious contract call to gain access to their wallet funds.

Fireblocks Transaction Simulation solves exactly this by translating complex contract call information into a human-readable message. Simulation enables every user to validate the contract’s intent and preview the impact on their wallet balance before signing, so they can confidently authorize transactions with full context.

Transaction Simulation is not only powerful for advanced DeFi traders, but operations teams who are often not crypto natives themselves, yet responsible for authorizing and signing transactions.

Now, every user along the DeFi transaction lifecycle can gain the same level of visibility into DeFi operations and prevent interacting with malicious smart contracts that compromise their wallet funds.

“The ability to validate that we’ve connected with the intended dApp and easily verify the impact of a contract call before signing, is truly a game changer. Fireblocks dApp Protection and Transaction Simulation provide our team with much more clarity into our onchain operations and add another layer of protection against DeFi threats,” said Paul Bognor, COO at Flowdesk.

A proactive defense-in-depth approach

With the introduction of these new security features, Fireblocks has extended our Multi-Layer Security with proactive defenses that protect customers against evolving DeFi attack vectors while providing clarity to confidently interact onchain.