Andrew Beal on Detecting Real-Time Systemic Threats to Web3 with Forta (Episode 312)
Andrew Beal joins us to discuss on Detecting Real-Time Systemic Threats to Web3 with Forta.
Andrew Beal is the Ecosystem Lead at Forta.
Links:
Website link: https://forta.org/
Twitter link: https://twitter.com/FortaNetwork
Blog link: https://forta.org/blog/
Want more resources around this podcast? Keep up to date on the latest articles here.
The following transcript was created using artificial intelligence. There will be some grammatical errors below.
00:00:19:06 – 00:00:39:18
Richard Carthon: What’s up everyone? Welcome to another episode of Crypto Current, your host here, Richard Carthon. And today I got a very special one for you. We are going to be looking at for the network but likes to go by Florida. But we have really amazing person to kind of break all the amazing things that they have going down. We have Andy, who’s an ecosystem lead over at Florida. How are you doing today?
00:00:41:00 – 00:00:42:06
Andrew Beal: Great, Richard. Thanks for having me.
00:00:43:08 – 00:00:53:14
Richard Carthon: No problem. And we’ll excited to learn more about Florida and the real time security operational monitoring that it has to offer. But before we do that, I want to learn a little bit more about you. Can you give us a little background about yourself?
00:00:55:11 – 00:01:14:08
Andrew Beal: Sure. I’ll go as far back, I guess, as my introduction into into the space. So as we were talking about pre-interview started my career as a corporate lawyer. I graduated law school in 2012 and within a year sort of stumbled on crypto. I had a buddy that I met at a hackathon that ended up starting an exchange and
00:01:17:07 – 00:01:31:15
Andrew Beal: started doing corporate and regulatory work, state and federal regulatory work for some of the early crypto exchanges. This particular one was called Quantum Katie, but I ended up working with an exchange called Poloniex, which was really small back then and then got really big
00:01:33:17 – 00:01:42:23
Andrew Beal: and then worked with some some more sort of retail focused products like Blockfolio that was also based in L.A. at the time.
00:01:44:16 – 00:02:05:07
Andrew Beal: And I did that for three and a half years. That was kind of my introduction into the space through that angle. And then I transitioned to consulting and I worked that UI on their own blockchain team for five years from 2016 to 2021. And we worked primarily with like the top of the market. So whereas when I was an attorney, I was working with smaller startups.
00:02:07:03 – 00:02:13:02
Andrew Beal: Who were raising money and building teams. Sort of typical kind of venture.
00:02:15:13 – 00:02:42:03
Andrew Beal: That is why we were working with banks, fintechs, large private crypto companies, you know, Coinbase, Gemini, Kraken finance, etc. helping them either helping them become more sophisticated financial institutions. And then on the unlike the banking fintech side, we were helping them integrate crypto products and services into their, you know, into their businesses.
00:02:43:18 – 00:02:56:17
Andrew Beal: So and then I left in early 2021 and joined Open Zeppelin. And at the time we were spending what is now to out of Open Zeppelin. So last summer we went through a
00:02:58:03 – 00:03:20:15
Andrew Beal: four year round of funding for, for to officially spun the network out like right after that. And since October 1st for to the for the network has been live and I work for the for the foundation me my colleagues work for the foundation now so we’re the really entity sort of behind the scenes that is kind of the steward of the the network for the time being.
00:03:21:17 – 00:03:44:04
Richard Carthon: And what an interesting journey. So you’ve been in the space for a tremendous amount of time, working with startups, working with the bigger players in the game, and go on to create Florida and be one of the people like leading in in creating this. So first, I just want to go back. What drew you to the world of cryptocurrency? Like what was that first introduction and why did you decide this is the path that I want to go?
00:03:45:07 – 00:03:48:17
Andrew Beal: I was having this conversation with someone last night, a buddy at dinner.
00:03:51:09 – 00:04:29:15
Andrew Beal: So I’m very you know, I’ll be very transparent. Like I don’t have an ideological sort of draw to the space that a lot of people do for me. At the time, it it was I saw it as an opportunity. This was a it was a brand new. Sort of space when I started in 2013. Right. Very, very small. Very, very new, very misunderstood. And I just you know, I think it’s so cliche, but like I it was just it was something that like a 26 year old lawyer, I could kind of fit in in that space.
00:04:29:17 – 00:05:04:12
Andrew Beal: Right? Yeah. I didn’t need to have a lot of prior experience. Everyone was learning on the fly, right? And I thought that was that was neat because I had had I spent time in any other sort of aspect of tech. Lawyers with 20 years of experience were way better than me at their job, right than I was because I was fresh out of I was fresh out of law school. Right. But crypto was sort of this great equalizer in that like, no one knew anything about it back then, especially in especially in the legal world. And so I felt I felt as knowledgeable as anybody else about it, even though I was just scratching the surface then.
00:05:04:14 – 00:05:11:09
Andrew Beal: So. So that was really it for me. It created an opportunity for a young, very young lawyer to sort of, you know,
00:05:13:17 – 00:05:19:23
Andrew Beal: kind of carve out a niche. And then as I’ve gotten as I’ve sort of, you know, progressed,
00:05:21:08 – 00:05:25:01
Andrew Beal: the people are really what keep me engaged now.
00:05:26:22 – 00:05:44:24
Andrew Beal: So much of my professional and social circles are the same now. And so I can’t I can’t leave even if I wanted to, because I alienate all my I would alienate all my friends. And I think like a more the deeper point there is the people that are in the space to so many of them are so
00:05:46:23 – 00:06:18:27
Andrew Beal: intellectually curious and smart. And, you know, it’s great to be surrounded by people like that because you’re constantly learning, constantly being challenged. And I think for anyone who’s listening, who’s not in the space that maybe thinking about getting into crypto. You know, you’ve seen me change careers in this industry three times, right? I started as a lawyer. Then I became a consultant. Now I’m, you know, I’m doing essentially business development and strategy work for a for a cybersecurity project. So you can kind of reinvent yourself.
00:06:18:29 – 00:06:37:28
Andrew Beal: But but also, like, there are there are just so many opportunities if you’re willing to spend the time to learn and then put in the work, you know, to to to meet the people. The space grows and evolves so fast, like there’s so many new corners of it emerging all the time. And.
00:06:41:07 – 00:06:43:21
Andrew Beal: You know, if you’re hungry and you can, you can.
00:06:45:06 – 00:06:56:08
Andrew Beal: You can get in there and really make an impact quickly. So that’s the great space that you have for people who are looking for opportunities. I can’t think of a better industry to work in.
00:06:57:06 – 00:07:27:12
Richard Carthon: Our agreement and the opportunities continue to present themselves. And just like you said, you’ve you’ve had three career changes even within this space. And a lot of people think that when you work in the world of crypto, everything is they don’t realize just how many different facets of business that you can still participate in and kind of carve in your own nation and knowledge base, and that we’re still very early to this space, that you can still come in and become an expert in in a short amount of time than you have on some of the traditional markets.
00:07:27:14 – 00:08:09:10
Richard Carthon: But definitely appreciate you sharing that sentiment. But I’m fast forwarding up to, you know, last October you officially launch for two and. You have been in this space long enough to see a lot of the various challenges that are within the world of web3 and security happens to be one of those large challenges. You see a lot of scams, you see a lot of people losing money, all these different things. Talk to us about one, why you created Fauda and how has Fauda been able to help a lot of the different organizations and companies that you’re working with? I mean, one of the things on the website right now is that you have 36 billion in total value locked, monitored by borders, decentralized network, which is a lot which is tremendous.
00:08:09:19 – 00:08:12:10
Richard Carthon: Can you talk to us about that journey of how you got it there?
00:08:13:20 – 00:08:15:12
Richard Carthon: Yeah, sure. So.
00:08:17:23 – 00:08:45:12
Andrew Beal: I’m assuming, you know, I wasn’t a security expert when I joined Ford. And I assume most people listening are not as well. So really simple. I’m going to lay out a really simple framework kind of how to kind of think about the smart contract, how to think about like the Web three security stack or call it, and where we fit in that. So you can have a, you know, a framework or a point of reference as we talk more so
00:08:47:17 – 00:09:04:27
Andrew Beal: for the monitors on chain activities. So we monitor smart contracts activity. There’s an off chain component as well, which is more like the Web two aspect of security. But every Web three project has a as a web two component to it, Right? And so you can’t ignore that. And we can talk about that a little bit, too.
00:09:06:20 – 00:09:38:05
Andrew Beal: But in terms of sort of on chain monitoring smart contract security, I, I want everything into two buckets. You have pre-deployment and post-deployment. So pre-deployment is like things you do from a security standpoint before your contracts are deployed on main that right there is an example and then there are things you do from a security standpoint after you deploy your contracts. So pre-deployment is dominated by using templates.
00:09:39:12 – 00:09:59:18
Andrew Beal: Opens up on has the biggest smart contracts library. The vast majority of Defi projects at least building on building with solidity use open Zeppelin contracts. Right. Very few people, very few devs now are like building contracts from scratch. Unless it’s something truly novel. Like if you’re building an amp, you’re building a you know,
00:10:01:04 – 00:10:20:21
Andrew Beal: you’re introducing like a governance module into your system or, you know, multi things or whatever it is, right? Like these are all template contracts, not right. You don’t need to reinvent the wheel. So using templates is one way to improve security, right? The second thing you do, free deployment is you get one or more audits,
00:10:22:08 – 00:10:25:05
Andrew Beal: and that’s looking at the code, right? That’s a point in time assessment of your code.
00:10:27:00 – 00:10:50:18
Andrew Beal: Fast forward to. Okay, now those contracts are live. What are you doing? Best practice is to have a bug bounty program in place, right? You’re essentially incentivizing whitehat hackers to find vulnerabilities in your in your in your system and point those out to you before something bad happens. So bug bounty program, there’s great platforms out there like unify that host these bug bounty programs for teams.
00:10:52:06 – 00:11:15:25
Andrew Beal: And then the other two pillars of post-deployment security are real time monitoring and alerting and then incident response. So I’ll break these two things down real quick. So real time monitoring and alerting or runtime runtime monitoring is watching your system in real time as it’s working. Okay. So you know, a.
00:11:18:09 – 00:11:39:21
Andrew Beal: A decent analogy here is like the instrumentation panel on a plane. Or a race car, right? Like, you know, one of my fuel levels, it’s the wind speed. You know, what’s my altitude? All these things that the pilot, whoever’s responsible for this thing, knows what’s going on with all the different component parts, Right? In real time.
00:11:40:05 – 00:11:40:20
Richard Carthon: Right.
00:11:40:27 – 00:12:18:21
Andrew Beal: Do you have the same thing for software systems? Right. And you want to watch all these components in real time. You’re watching for two things. One, you want to make sure that things are working like they’re supposed to. And then you’re also looking for threats and malicious activity. Right. Which in Defi is very important because these software systems are, you know, oftentimes controlling billions of dollars, as you pointed out. Right. There’s, you know, tens of billions of dollars of TVL that these contracts are responsible for. So you need to you need to you need to have security cameras basically, like pointed at those contracts, watching everything that happens.
00:12:20:04 – 00:12:52:02
Andrew Beal: And then the second piece and this is a long intro, but hopefully it’s a helpful framework. The second thing there, and it’s very closely related to real time monitoring and alerting is something called incident response, which is let’s say you’re watching an aspect of a protocol and you get an alert that’s like blinking red. Okay. What do you do with that? Right. Is it can you dismiss it quickly? Is it a false positive or is that red alert saying, hey, your system is getting hacked Right now, funds are being drained like you need to do something right away.
00:12:52:18 – 00:13:23:20
Andrew Beal: In the incident that would kick off some emergency response plan. Right. Maybe you’re maybe you need deposit protocol. Maybe you need to try and run a transaction, whatever it is. Right. And there’s a whole host of things you can do, but you can’t do anything if you’re not watching. Right? Right. And unfortunately. A lot of teams today don’t have good monitoring in place, so they don’t know when something bad is happening. And because they don’t know when something something bad is happening, they can’t react quickly to it.
00:13:24:00 – 00:13:55:10
Andrew Beal: They’re sitting sitting ducks effectively. So anyway, that’s the framework. Where does four to sit in for to lives in this real time monitoring and alerting layer. Right. We’re we’re a we’re a network so you can think about it like this We’re like this layer that sits above D5. So we’re thinking about like the web, you know, the tech stack, right? You have like Etherium on the bottom and then you have the protocols at the next layer, right? Uniswap compound, etc..
00:13:55:12 – 00:14:27:21
Andrew Beal: Right. And then above that. Is fauna and flora is like this layer that is looking down onto defy, right? And the way the network works is developers. You can be an individual developer, you can be a core developer on a protocol team. You can install the equivalent of like security cameras on the floor to network. And it’s. We call them bots, but it’s just a piece of code piece of like a script that you can publish onto the network.
00:14:29:06 – 00:14:29:24
Andrew Beal: And
00:14:31:14 – 00:15:02:28
Andrew Beal: each bot is tasked with watching something specific. Maybe it’s watching for, you know, large movements of a particular token. Maybe it’s watching for withdrawals or deposits inside of a multisig. Maybe it’s monitoring for like ownership changes of a contract, maybe it’s monitoring for tornado cash activity because that’s usually associated with exploits. Maybe it’s watching for phishing related attacks. Right. It’s looking for like mass token approvals from a specific address, right.
00:15:03:00 – 00:15:11:07
Andrew Beal: Where people are going to like a fake website and like giving it unknowingly, giving it approval to, you know, access that the assets in their wallet. Right. Which happens all the time.
00:15:12:29 – 00:15:13:14
Andrew Beal: So.
00:15:15:09 – 00:15:45:09
Andrew Beal: You know, our job as the for the network is to be as flexible as possible and support all these use cases, developers both independently and on teams, but can use this network to basically deploy, you know, virtual cameras and whatever they want to watch. And then what happens is when those cameras find something that they’re looking for, the network emits alerts about that. So like every block, there’s like a big alert emission that happens. Right. And, you know, thousands of alerts are broadcast publicly.
00:15:46:28 – 00:15:54:05
Andrew Beal: And what those alerts are signaling is sort of based on the the bots that are running on the network. Right.
00:15:55:27 – 00:16:18:17
Andrew Beal: And so you mentioned, you know, there are there’s 30 whatever, you know, 30 plus billion monitored TV are being monitored by 40 right now. What that means is that there are there are bots on the network that are that are watching those protocols, who have that who have control over those assets. Right.
00:16:21:06 – 00:16:34:19
Andrew Beal: And, you know, Ford is sort of like this alarm system, security camera, an alarm system that’s sort of, you know, trying to identify threats, malicious activity or other like operational issues
00:16:36:04 – 00:16:38:12
Andrew Beal: in real time. And then hopefully.
00:16:40:11 – 00:17:12:08
Andrew Beal: You know, those alerts are being received by those teams, Right. So if you’re, you know, someone at Maker and you get an alert that something’s not working right or you get an alert that you know. Liquidity or collateral is being drained from some. But then hopefully you can respond quickly enough to either prevent that from happening or to mitigate the damage caused by it. So that’s the idea. Yeah, big giant, pretty similar alarm system for Defi.
00:17:12:27 – 00:17:49:26
Richard Carthon: Which is really cool. And just so I can recap a lot of that. So there’s there’s basically two ways you look at security. One is real time seeing what’s going on and making sure you’re aware of what’s going on. Then once something is happening, it’s responding. How do you then take care of once you are now being notified and alerted that something is happening to have some sort of response in place to go and address it? So what Florida is doing is kind of a layer three, if you will, above your layer one like in a theory, and then you have a protocol. Then for it is above that, looking at everything that’s happening below, making sure that first is giving you a real time view of what’s happening.
00:17:50:01 – 00:17:59:11
Richard Carthon: And then if something happens, it then it’s allowing alerts for these developers who are then building these, these bots to monitor certain things. So if I’m a
00:18:01:04 – 00:18:16:17
Richard Carthon: dev on maker and I have a certain defi protocol that I want to watch, and then all of a sudden, like you said, collateral is being drained from it, I get alerted and now I can immediately go and address this because I have an alert in place to make sure that I can go to address it as soon as it happens.
00:18:18:04 – 00:18:26:22
Andrew Beal: That’s right. Yeah. And it’s know this problem for those listening, this probably sounds like very intuitive, right? Like, of course you of course you watch what’s going on in real time. Right?
00:18:28:21 – 00:18:29:18
Andrew Beal: But in reality.
00:18:31:17 – 00:18:54:16
Andrew Beal: It’s you know, a lot of teams don’t have good monitoring. They don’t have comprehensive monitoring in place. Maybe they’re watching for TiVo or they’re watching for large token movements, but they’re not watching for that specific sort of once in a blue moon invariant that like no one really expects. But when it happens, it’s a really big deal. Right.
00:18:56:02 – 00:19:05:04
Andrew Beal: And there’s a couple of reasons why there isn’t really good comprehensive like in-depth monitoring across the board.
00:19:07:14 – 00:19:14:22
Andrew Beal: One is that most defi teams are small. By nature, right?
00:19:16:17 – 00:19:33:05
Andrew Beal: They’re you know, they’re meant to be like decentralized projects. Right. And so, you know, they don’t they’re never going to have most of them are never going to have like in-house full time security teams like you would at a traditional company. Right? Right. Well, when you don’t have that function,
00:19:34:28 – 00:20:07:01
Andrew Beal: you know, you end up you know, what you do have are like or product people. And you know, you have smart contract engineers, right. Who are who are maintaining the protocol, but who may not be security experts. And so, you know, they’re doing they’re doing some operational monitoring, but they’re not doing a lot of really complicated, thorough sort of threat detection. Right. Um, so we lack a lot of security specialty on teams today because they’re small.
00:20:08:28 – 00:20:14:26
Andrew Beal: The second thing is it’s also hard to do and there aren’t great tools for it today.
00:20:16:19 – 00:20:53:26
Andrew Beal: You know, there are there are a few tools where you can do some really basic monitoring. But in terms of like doing like really advanced like threat detection type stuff, there’s nothing that’s widely available to protocol teams today. Right. There are a couple of auditors out there who have in-house things that they’ve built that are proprietary that they’ll sell as part of a service. But there’s nothing that a team can just sort of like take off the shelf and like deploy or deploy really, really easily. So because there aren’t great tools, no one does it because you need to build it in-house and test it and you need a full time team to maintain it like it’s you know, it’s just it’s a lot of a lot of effort.
00:20:54:07 – 00:21:20:23
Andrew Beal: So we didn’t we didn’t realize this in the beginning. You know, it took us six months, eight months of talking with teams to realize like, okay, no one’s really doing security monitoring right now. And so for us, really feeling that gap in the market today. And so we’re seeing more and more teams like deploy bots that are specifically monitoring for threats. Right. Right.
00:21:21:26 – 00:21:55:10
Richard Carthon: Well, let’s stay there because I think it’s really cool about this right now is that you brought up a really good point. There’s a lot of teams that are building right now, spare time. So there’s a lot of people building. They’re staying lean. They’re not really growing teams. And unfortunately, a lot of the time they’re so focused on building out the product and get it out to market everything else that not the security isn’t a focus, but it might not be as thorough as it could be while it’s still in its nascent and growing. So for someone who’s listening to this, they’re like, Yup, I have this on my roadmap. I know this is somebody to get to and I want to like get to it as my TVL in in our protocol grows.
00:21:56:08 – 00:21:59:09
Richard Carthon: What can they do to start utilizing for the.
00:22:00:24 – 00:22:21:08
Andrew Beal: Yeah, great question. So there are a couple of ways to onboard to the network. The easiest way to to do it is to just some you can subscribe to bots that are already running on the network. So for example, like if you if you are if you’re a user.
00:22:22:24 – 00:22:53:19
Andrew Beal: I use Leidos as an example because Lytro has a lot of really good monitoring running on Ford today. You can find all the light robots that are that are currently running on Ford. It’s like it’s like having a public security camera feed. Like anyone can tap into and be like it. It’s like having a security camera feed for like your local bank as a TV channel on your, you know, at home that you can just like you can flip through and be like, okay, I can watch the security camera. There’s this that same concept applies here, right? There’s a lot of it’s all this is all public monitoring.
00:22:53:21 – 00:23:04:18
Andrew Beal: So anyone who wants to watch it can watch it. So that’s one easy way is just go subscribe to an existing bot. If you know, if it’s monitoring something that you care about,
00:23:06:06 – 00:23:34:09
Andrew Beal: If you’re a developer working for a protocol team, uh, there’s the sort of low friction way of onboarding, and then there’s the sort of high friction way of onboarding, and both are really valuable. So low friction, we have something called like a, like a bot wizard, which is basically like a no code way to, to build and deploy really, really simple bots. You can get basic monitoring for like function calls, events, balances, you know, Oracle Brush or things like that.
00:23:35:24 – 00:23:44:18
Andrew Beal: And you can get some really simple bots up and running for your protocol without doing any custom coding. It’ll take you literally take you five or 10 minutes to do this.
00:23:46:07 – 00:24:04:08
Andrew Beal: Then once you get that in place and you’re more familiar with it and you’re ready to start doing some more sophisticated things, then you can actually like develop your own bots from scratch. You can leverage some of our templates, but you can actually start to sort of code your own. And
00:24:06:01 – 00:24:38:11
Andrew Beal: most of the DEFI teams that are using Forte today, whether it’s Maker or Leidos or Balancer divide, and so that whoever have built their own custom bots right there are devs on the team that have used our SDK and they know what they want to watch for, right? So maybe they’ve figured that out or they’ve worked with their auditor and collectively they’ve, they’ve, they’ve identified all the risks they need to pay attention to. And then based on those risks they’re creating, monitoring to watch those things.
00:24:39:15 – 00:24:51:12
Andrew Beal: That’s kind of the flow that I would recommend any team, you know, go through and figure out what you need to watch first and then build monitoring to watch it. So, so yeah, yeah, those are.
00:24:51:17 – 00:25:22:29
Richard Carthon: Great first steps. And as a reminder for everyone listening, if you go to Fauda dot org, you can get more information on that and find some more great things that you can be doing to improving your security and things that you want to be monitoring. But you know, Andy, since we have such a great security expert, I do want to ask just one final security question around where do you see security evolving in Web three from where when you first started to where it is now and where it’s headed? Like, how do you see security continue to evolve into the future?
00:25:26:02 – 00:25:30:02
Andrew Beal: Yeah, I’ll make. I’ll make two. Predictions.
00:25:33:27 – 00:25:46:04
Andrew Beal: None of these are actually like sort of my original ideas. We’ve got a great head of research at the Ford Foundation, Christian Siefert. And so I’m going to borrow I’m going to borrow some of his perspective here. So I think he’s right. So one of them is that.
00:25:49:16 – 00:26:35:12
Andrew Beal: Because we have so much public data available, right? All the transaction data is publicly available on chain. Right. So like, Web3 has this really unique kind of dynamic where you have data availabilities like 100 credits, it’s everywhere. Anyone can get it. We all have access to the same thing, but the structure of that data and like extracting the signal out of all that noise is, is the hard part, right? Whereas like in Web two, you have really structured data, but it’s also it’s all like most of it’s very private, right? Because you have a bunch of centralized sort of tech companies and infrastructure companies that are very siloed and kind of how they maintain that, right? So that’s the difference in dynamic between like Web two and Web three data, right? So Web three, everything’s open.
00:26:35:24 – 00:27:14:27
Andrew Beal: Everyone can everyone can look at the same data set, right? We all have access to the same thing. So that means data scientists and machine learning engineers have everything they need at their disposal to analyze. Detect patterns, predict behavior. Right. And get really, really sophisticated in terms of what you can what you can sort of watch and discern from, you know, on chain transactions and user behavior because it’s all public. Right. So all that leading up to my first prediction, you’re going to see a lot of data scientists, machine learning, engineers moving into the space and sort of starting to dominate the security conversation, I think.
00:27:14:29 – 00:27:15:14
Andrew Beal: Right.
00:27:17:01 – 00:27:20:26
Andrew Beal: Is that fair? That’s their field, right? The second thing is that
00:27:22:24 – 00:27:24:20
Andrew Beal: security is going to get
00:27:26:26 – 00:27:58:07
Andrew Beal: the response process, like how you respond to it. Right now. If a team gets notified about a hack. They cannot respond fast enough to prevent it. Because teams have like a multisig in place that is. Like me that has the authority to, like, posit protocol, Right? So you have to get the multisig has to approve something. Well, what’s a multisig? What’s It’s a bunch of people, right, who all need to get brought up to speed on what’s going on, and then they all need to sign a transaction.
00:27:58:09 – 00:28:04:14
Andrew Beal: Right? And that takes time, I think. Way too long, too. Right. So by the time you’ve done all that Pax happened, money’s gone.
00:28:06:14 – 00:28:43:28
Andrew Beal: And so moving from a manual, moving from manual like threat response to automated, where like the second an alert fires, something triggers in the system, right? It’s either a circuit breaker that slows the system down just like a stock market, right? When the stock market crashes 7%, 30%, 20% right there, those are triggers that the market will literally stop automatically If, you know, if if things are declining that fast or that at that scale. And we don’t really have circuit breakers in crypto or in defi and we need them, we desperately need them.
00:28:44:10 – 00:29:08:04
Andrew Beal: But how you build those circuit breakers in. Keeping in mind that like. This is a global market now it’s 24 seven, right? Like you can shut down one lending protocol like compound, but like the rest of the but every other protocol is still going to be working. And a bunch of other protocols are built on top of compound. Right. And rely on C tokens and so how do you how do you very like.
00:29:09:19 – 00:29:11:06
Andrew Beal: How do you. Very carefully.
00:29:12:26 – 00:29:45:21
Andrew Beal: Introduced circuit breakers into protocols, knowing that, like, there’s so much composability and so much integration with other systems, right? Like, are you going to break something else because you cause something? And then how do you how do you deal with someone taking advantage of that, like a bad act or taking advantage of that and basically continuing to shut down your system over and over and over again, like Adidas could be a competitor, right? AMS could try and shut each other down by sending malicious transactions to each other all the time.
00:29:46:09 – 00:29:59:23
Andrew Beal: So there’s all those things you need to consider when you’re building it. But I don’t think that those should stop people from experimenting with more automated mechanisms for responding to threat. So I think anyway, both those things will happen, you know, and we’re already starting to see them happen. So that’s exciting.
00:30:00:20 – 00:30:36:27
Richard Carthon: That’s great. I mean, those are really two cool things you’re going to see. Just to recap that, going to see a lot of data scientists start to come over to the library security space and dominate, and then you’re going to see some automated response happen instead of it having to be a manual multisig situation that’s in place. And I’m sure it’s going to take some time for those two things to happen. But as they do, I think we’re going to the entire Web3 market’s going to be better for it. So Andy, you’ve given us a lot of gems. I think you did a really good job of just giving us some really good basic knowledge of security and what Ford is doing to help us solve some of those challenges.
00:30:36:29 – 00:30:40:12
Richard Carthon: But for everyone here, what is the final thought that you want to leave today?
00:30:43:23 – 00:30:49:11
Andrew Beal: My final thought. I’ll stick with, you know, security, obviously, but it’s that.
00:30:52:05 – 00:31:29:22
Andrew Beal: Anyone who’s building anyone who’s who’s building smart contracts or works for a works for a protocol team or some projects in Web3. Just keep in mind that security is a continuous thing, right? You don’t just get an audit and then close the book on that and assume you’re safe, Right? There are things you need to be doing constantly to protect your your your infrastructure, your users. Real time monitoring and alerting on fraud is just one piece of the piece of the puzzle. But it really is a continuous thing with a bunch of different parts and you need to keep them all moving at the same time, you know, to to be to be effective.
00:31:29:26 – 00:31:30:11
Andrew Beal: So.
00:31:31:08 – 00:31:41:17
Richard Carthon: That’s a great final thought again, for everyone listening. Ways that you can keep in touch. You can go to Florida dot org. But Andy, what are other ways that people can learn more about Florida and learn more about you?
00:31:43:06 – 00:32:01:04
Andrew Beal: Yeah. So as Richard mentioned, our website spotted an org. You can find some basic information there. You can also follow us on Twitter at for the network. And you can also reach out to me directly if you want to get in touch and talk about how you can use the use the network. I’m able on Twitter and my DMS are open.
00:32:02:03 – 00:32:07:29
Richard Carthon: Perfect. Well, Andy, again, thank you so much for spending time with us and for everyone listening, stay cryptocurrency.
00:32:08:19 – 00:32:32:04
Richard Carthon: Thank you for joining us for another episode of cryptocurrency. Cryptocurrency is a cryptocurrency and blockchain education platform that’s bridging the gap between curious newcomers for just discovering the space and the thought leaders for shaping its future. All opinions expressed by Richard Carthon, the cricket team and their guests on this show are exclusively their own opinions. This show and any other crypto print production is exclusively for informational purposes.
Crypto Current will be guiding all of you who are new to the cryptocurrency world to becoming a cryptocurrency and blockchain expert. Crypto Current was founded to give access to information to everyone on current events occurring in cryptocurrency and blockchain in a digestible way. Since its creation, we have created content that impacted thousands of people through its podcast, blog, and social media.