Date: 24.05.2024

Requested Amount:

• 275,000 ASTR ($2,000 USD/mo) for 1 Year Contract

Objective:

ChainPatrol is a Real-Time Security Platform that aims to detect, block and manage takedowns of active malicious threats targeting the Astar Network, keeping the community and organization safe from bad actors.

Description:

As Astar Network continues to grow and scale, bad actors have an increasing incentive to target the community, organization, and staff members. Online threats vary in nature across each platform and ChainPatrol specializes in detecting, blocking, and taking down these active threats (impersonations, phishing links, wallet drainers).

Our aim is to get the support of the Treasury to become a valued security partner that works closely with Astar Network to protect its community, users, and builders through all of the key roadmap events, mitigating the impact of these potential threats on community members.

Background:

Hi Astarians,

My name is Dave Scalzo and I am the BD Lead and Head of Customer Success for ChainPatrol (a Web3 Cybersecurity company). We started our company approximately 2 years ago with the vision of making the Web3 Space safer.

Everyday, there are new online threats targeting organizations and users in the crypto industry. Our mission is to constantly adapt to these new threat vectors and ensure that our customers and their communities are protected from a variety of different threats across platforms.

ChainPatrol is a very accessible and transparent team supporting security 24/7 across all timezones.

Website: https://chainpatrol.io

This proposal will serve as the next step in complementing the security efforts of Astar Network.

Service Offering:

Platform

ChainPatrol’s Security Platform will support the Astar Network team in responding to threats and mitigating their impact by blocking within minutes of detection and managing takedowns.

Reporting Staff

ChainPatrols Reporting team will safeguard the Astar Network ecosystem. Our comprehensive security suite offers a robust dashboard and auto-detection system to report online threats targeting your brand across domains, social platforms, and marketplaces.

Service Excellence

By mitigating the risks of phishing, impersonation, and fake advertisements, ChainPatrol employs blocking approaches and takedown expertise to protect your community from malicious actors. Our proven success with leading projects such as Arbitrum, The Graph, Starknet, CoW Swap, Linea, and Curve Finance underscores our capability to prevent the loss of community funds swiftly and effectively. ChainPatrol can block malicious domains within 15 minutes across 20 leading crypto wallets, including Metamask, Coinbase Wallet, and Phantom.

Security Dashboard

Implementing ChainPatrol’s Security Suite will make Astar Network’s Web3 community significantly safer, increasing the operational costs for bad actors over time. Our enterprise protection features include the ChainPatrol Dashboard for viewing reports, active threats, metrics, and takedowns, as well as 24/7 automated monitoring for new threats across domains and social platforms.

Our takedown service covers domains, social platforms, and app stores, with social takedowns spanning across X.com, Discord, Telegram, Reddit, Instagram, YouTube, LinkedIn, TikTok, Facebook, and decentralized social platforms. Additionally, ChainPatrol Reporting Bots (for Discord and Slack) facilitate easy reporting from your team and community. By partnering with ChainPatrol, Astar Network can ensure a secure, trusted environment for its users and stakeholders.

Astar Case Study:

Since April 26th, ChainPatrol has worked closely with the Astar Network team to identify and preliminarily train our systems with the appropriate social profiles and organizational assets to begin our protection efforts.

Over this trial period, we have identified 266 potential threats to the Astar Network brand, including hundreds of fake X profiles. We have blocked domains across our Wallet Network, providing protection to the end user within 15 minutes of detection versus traditional approaches that take as long as 3 days.

image1920×2154 97.6 KB

While this is a great start to our brand protection efforts, after the approval of this proposal we will proceed with taking the threats down. This will be done by receiving the authorised representation of the Astar Network through the signing of key legal documents (Power of Attorney, Letter of Aurhorization, etc.)

We have tremendous experience in taking down 1000s of malicious social assets across (X, Discord, Telegram, App Stores, Medium, Farcaster, etc.),

image960×240 84.9 KB

Next Steps:

Once approved, ChainPatrol’s first action with Astar will be to work closely with staff to add all of the required assets necessary to train our systems.

Below are the initial key steps to the onboarding process:

1. Collect Legal Documents

• Power of Attorney
• Letter of Authorization
• Trademarks Details

2. Add all brand assets and URLs to the dashboard
3. Add Social Profiles of key Astar Network Staff Members
4. Add Discord or Slack Reporting Bot for the Community.

• Staff and community members will be able to both check and report suspected malicious assets, using the /check and /report commands

Ongoing Support in 2024

The success of our service comes from ensuring that we maintain an open and honest flow of communication between our team and the Astar community and staff. As such, after completion of onboarding, ChainPatrol will provide continuous support through the following actions:

• 24/7 Triaging of Threats Shared through Communication Channels (Telegram, Discord, Slack)
  • Our team will maintain open daily communication with Astar to address threats detected by community and staff
• Monthly Threat Snapshot Reports
  • Provides transparency to the metrics associated with our protection efforts
• Regular Touchpoint Meetings
  • Stay up-to-date on key roadmap events upcoming, ensuring any new brand assets are appropriately added to our systems

Links & Contact Info:

ChainPatrol Website - https://chainpatrol.io
Introduction to ChainPatrol - https://chainpatrol.notion.site/Introduction-to-ChainPatrol

ChainPatrol Contact: Davide Scalzo

E-mail - davide@chainpatrol.io

Telegram - @dschainpatrol

image580×679 46.4 KB

ChainPatrol looks forward to being a trusted security partner of the Astar Network.

Thank you all for your consideration!

Being part of the core team, I see daily threats to our community on social platforms. While we work hard to address these, integrating ChainPatrol would greatly enhance our security. Their Real-Time Security Platform is excellent at detecting, blocking, and managing malicious threats.

During demo testing, ChainPatrol’s team proved professional and dedicated to their mission. Their commitment to safety and willingness to tailor their services to our needs truly stood out.

I fully support this proposal, as partnering with ChainPatrol will greatly enhance the security of our community, users, builders, and the team members.

Welcome!
Sounds intresting have not heard of this type of service before and glad to see already a lot of big partners on the website!
2000$ a year seems like a good offer, but I wanted to ask if you could share some more info about the Case study you have done with Astar. If I understand correctly most of the threats are fake/scam websites, social media profiles etc.

Hey!

I’m really happy to see ChainPatrol joining the community.

I got to chat with the ChainPatrol team a couple of times now and have a good impression about their ability to execute. Now the the results of the trial period have further impressed me.

In my opinion, 1 year is a long contract for the web3 industry. * @DSChainPatrol I would like your team to consider modifying the proposal to 6 months, with an option to extend an additional 6 months at the end of the term.*

This will be long enough for you to comfortably start taking down threats and, in 6 months, share a general report of your successful results. It will reassure the community of your capability to take down threats. It will be a check-in with everyone.

Again, glad to see you in the forums!

Jerad

Thanks Sequaja! We are very excited about the opportunity to bring our protection efforts to Astar and look forward to being a member of the community.

Our proposal would be for $2000 USD/month (in equivalent ASTR) for a full year contract. This is the typical length of contract that we agree upon with our customers, as it gives us the ability to align our protection with their roadmap for the upcoming year (ie. all major announcements, TGE, etc.). The scope of the work that we cover includes bringing threats across all browsers and social mediums from initial detection as a malicious threat, to being blocked in real-time by our Wallet Network, to handling the legal proceedings for takedowns.

The case study results that we provided above highlights a preliminary assessment of the threat environment that we have been able to observe since starting our work with the Astar team, which included 261 active threats, of which 31 domains have already been blocked. With the permission of the Treasury to move forward, we will be able to address the broader array of threats that we have scanned and ensure full takedowns across all domains and social mediums.

Thanks Jerad, really appreciate your support and glad you have had a chance to connect with the team personally and assist in our initial efforts!

Our goal behind 1 Year Vendor Agreements is to ensure that we have a full understanding of the different key roadmap events that the Astar team has planned, and can properly plan for these events by having our systems up-to-date with all new Astar Assets (ie new links, brand imaging, projects, etc.). As mentioned in our discussions with the Astar team, the threat environment that we face is sporadic in nature (and centered around moments of high community engagement), and we believe full year agreements allow us to showcase the value of our work and partnership.

To ensure that both the community and Astar team have transparency, we provide monthly Threat Snapshots that outline the following:

• Key Metrics of Threat Activity
• Individual Case Studies of More Malicious Threats
• ChainPatrol Product Improvements

Thanks for the explanation. Have checked the docs aswell.
So the “Wallet Network” is from a technical perspective an API which gets integrated in an Wallet to do security checks? As I have found in the docs it already supports Metamask (commonly used for L2s, so great for Astar Network). Would this service only be for the L2 and not for the Polkadot Ecosystem (just trying to understand)?

That’s exactly correct. We have integrations with Metamask, Coinbase, Phantom and over 20+ wallets to consume our blocklist data directly. We have also integrated with Sub Wallet in the Polkadot ecosystem.

Our aim is to continue to grow our Wallet Network with further integrations (including Polkadot) so that our blocklist data can be spread across as many wallets, and subsequent users as possible!

I think it’s a good initiative for Astar Network.
As Jerad said, I agree with the idea of modifying the length to six months and then submitting the report.

This seems like an interesting thing, because security is also equally important. Anyway, I fully support it. =)

You are really on the ball here, and I fully appreciate the Monthly Threat Snapshots.

Again, I prefer the 6 month term, with the option to extend for these reasons:

• Our community will come together to review ChainPatrol’s success at one time
• We create a more active governance with a 6-month check-in’s
• Astar ecosystem is rapidly growing and there may be new demands in the future. We’ll have a chance to meet, reevaluate needs, and make sure that ChainPatrol receives adequate compensation and the Astar community is fully protected.

I hope that you understand that I want long-term cooperation here and support bringing your products to Astar.

Thanks again

Hi Jerad,

Thank you for the ongoing discussion and rationale behind your thought process!

I spoke with the co-founders, and we have agreed as a team to go ahead with a 6 month contract, upon approval from the Treasury.

Our team is very happy that we are aligned on the goal to maintain a long term, co-operative effort and are appreciative of all support here!

You have my support!

Hello @DSChainPatrol

If you agree to opt for a period of 6 months instead of one year, please update your proposal and all terms before we can proceed with the vote.

Thank you

Hi @DSChainPatrol ,

As part of the Astar security team, I have to say I was impressed by a number of detections; I was aware that there are a lot of scams, but I was not expecting that much. I see a big benefit of ChainPatrol, with detection, but also takedown and blocking, which is automated and fast as it can be. Security is a neverending chase, but with this tool, we can be right behind them and quickly react. With quick reaction, we are protecting users from being victims of scams (It can happen to everyone).

You have my support!

Like to see proposals like this one Security comes first , I will support this proposal

Thanks for the info! I believe this could be helpful!

Updated the post here. Please let me know if this will suffice!

This proposal from ChainPatrol to the Astar Network is all about boosting security by tackling online threats. They’ve already had some promising results in a trial period, and their plan includes some strong tools to handle things like phishing. It seems like ChainPatrol is really dedicated to keeping Astar safe and responding quickly to any threats that pop up.