Links

Hack Investigation Department

Callisto Network's Security Department was created in 2018 with a clear idea of its mission: "contribute to securing the smart contract ecosystem to promote its widespread adoption."
Since then, the Callisto Security auditors have been true to their mission and have contributed to securing more than 320 projects in all major blockchain platforms without a single one ever being hacked. The combined experience of Callisto Security auditors is unparalleled to this day and makes them an undisputed authority when it comes to smart contracts and blockchain security issues in general.
As blockchain and smart contract technologies are embraced, we see that the number of hacks is rising and has never been higher!
Indeed, hacks have cost the community more than 1,9 billion dollars in 2022 alone. Our experience tells us that these hacks could have been avoided to a large extent if developers and users/investors had a better knowledge of good practices.
It is time to raise awareness among investors and developers alike!
It all started with the Luna hack. Facing the disarray of the community (and also at its request), Callisto Network took the case and produced an analysis, which was the "most read and commented on" during the Luna hard fork. Unfortunately, the analysis is no longer available on the Luna forum but is still available on the Gitbook of Callisto Network.

The Importance of an Independent Expert

While the ecosystem is intended to be decentralized, it still relies on centralized platforms where communication can be censored (such as forums...) but also depends on mechanisms that are not transparent and whose DAOs can eventually be manipulated.
The example of Luna made it evident to us that the ecosystem needs to have independent experts whom the community can rely on in case of a lack of trust and transparency.
​
Callisto has taken on a new mission to raise cyber security awareness.
First, with a giveaway to the crypto community, which has reached over 6 million entries on Gleam and continues with the AbsoluteWallet referral program until September 22, 2022. And second, with the foundation of the Hack Investigation Department, which consists of a group of smart-contract security experts responsible for investigating the hacks on the community request.
The hack investigation department will be charged with identifying the exact feature of the smart contract that led to the hack, creating a hack investigation report and making it publicly available.

Actions

  • Publishing guidance on the cyber-security best practices.
Security starts with the developers; too many projects are launched based on ready-made templates, which often do not fit the actual use cases. More so, developers are still frequently testing their code "in production" without considering the impact a hack may have on the investors. We aim to provide them with a series of documents such as the "Security Department Best Practices" to strengthen the ecosystem and significantly reduce the risk of hacking.
Perform hacking analysis and report findings on a regular basis.
We will publish reviews of 2 hacks per month. The community will be encouraged to take part in deciding which hacks should be reviewed via a vote held on Twitter.
The Callisto Security hack reports are structured as follows:
  • What happened: Description of the hack as perceived by the community and the crypto-press, as well as the context and amount of funds involved.
  • What Failed: Technical description of the hack and review of possible causes.
  • Conclusion: Reminder of security’s best practices to prevent this from happening again in the future.

Transparency

As an independent expert, it is important to adopt the highest level of transparency in each step of the analysis process.
  • The selection of the case to be analyzed will be made via Twitter allowing everyone the opportunity to participate in the voting.
  • If the hacked project audit report is available, it will be compared to the report made by Callisto Security.
To ensure the highest level of transparency, both reports will be made publicly available and securely stored in a censorship-proof data system.

Why Callisto Security Dept is doing this?

By design, Callisto Securitycontributes to other projects. After having audited 320 smart contracts, mostly without charge. Our auditors are undoubtedly among the most experienced security experts and it is only natural to share our experience with the community. Only together can we promote the adoption of the best practices in the ecosystem and finally create a better world for all of us through decentralization.