Protecting the Compound Community from Online Threats w/ ChainPatrol

Background:

ChainPatrol is a Real-Time Security Platform that aims to detect, block and manage takedowns of active malicious threats targeting Compound Protocol, keeping the community and organization safe from bad actors.

Website - https://chainpatrol.io/

Introduction to ChainPatrol - Notion – The all-in-one workspace for your notes, tasks, wikis, and databases.

Related Forum Post - [AlphaGrowth] Enhancing Security and Trust with ChainPatrol

Service Description:

Service Cost: ($3K USD/mo starting with a 1 month paid trial, with the goal to continue into a 1-Year Contract after a successful trial). We will be paid directly by AlphaGrowth from their Growth Program Budget.

As Compound continues to grow and scale, bad actors have an increasing incentive to target the community, organization, and staff members. Online threats vary in nature across each platform and ChainPatrol specializes in detecting, blocking, and taking down these active threats (impersonations, phishing links, wallet drainers).

Our takedown service covers domains, social platforms, and app stores, with social takedowns spanning across X.com, Discord, Telegram, Reddit, Instagram, YouTube, LinkedIn, TikTok, Facebook, and decentralized social platforms. Additionally, ChainPatrol Reporting Bots (for Discord and Slack) facilitate easy reporting from your team and community. By partnering with ChainPatrol, Compound can ensure a secure, trusted environment for its users and stakeholders.

We have proven success with leading projects such as Arbitrum, zkSync, The Graph, Starknet, CoW Swap, Consensys,underscoring our capability to prevent the loss of community funds swiftly and effectively. ChainPatrol can block malicious domains in as little as 15 minutes across 20 leading crypto wallets, including Metamask, Coinbase Wallet, and Phantom.

Action Items/Next Steps:

Our aim for this snapshot vote is to get the support of the Compound Community to become a valued security partner that works closely with Compound to protect its community, users, and builders through all of the key roadmap events, mitigating the impact of these potential threats on community members.

In addition, voting “Yes” to this proposal, will also serve as permission from the Compound Community for ChainPatrol to act on the DAO’s behalf for the purpose of initiating takedowns of malicious content across all socials (see Addendums below. These are presented to the platforms we petition with takedown requests to prove we are authorized by the community to work on its behalf.)

Addendum 1 → Power of Attorney

Addendum 2 → X.com Letter of Authorization

Additional steps in the onboarding process will include:

1. Gathering Trademarks Details

2. Add all brand assets and URLs to the dashboard

3. Add Social Profiles of key Compound Protocol Staff Members

4. Add Discord or Slack Reporting Bot for the Community.

5. Staff and community members will be able to both check and report suspected malicious assets, using the /check and /report commands

ChainPatrol looks forward to being a trusted security partner of Compound and its community!

Thank you all for your consideration!

Hello! We’re a little confused about what the service still does. Could you give some more examples or in depth summary of all the possible takedowns or methods you are providing? From this, I’m understanding its constant monitoring for malicious links? What else; and how are the links taken down?

Additionally, has AlphaGrowth agreed to use part of their budget to fund this from their Growth Program Budget?

Maybe it’s worth jumping on a community call that @adam hosts?

Hi @PGov - ChainPatrol is a CyberSecurity Company, and we provide brand impersonation protection in the Web3 space.

We run automated scans that are trained on your key brand assets, profiles and URLs, and do a crawl across all domains and social profiles for impersonators. Any fake domains or social profiles that are looking to impersonate the brands we protect (as they try to get users to click phishing links or be exposed to wallet drainer code), are blocked at the domain level, and at the wallet level through a Warning Sign. Our integrations with major wallets (Metamask, Coinbase, Phantom, and 20+ other wallets) allows this to be the fastest warning currently in the Web3 Space.

Ultimately, these sites can still be accessed if a user proceeds through the Warning Sign, which is why we also process the takedowns of these malicious sites by gathering the legal authority from the companies/organizations/DAOs and doing this service on their behalf.

We have been working with the AlphaGrowth team, and they have agreed to fund this from their budget, starting with a 1 month trial.

Our team placed a vote here last week to get the approval from the Compound Team to begin the takedowns and would appreciate any support to the voting process - Snapshot

We would also be happy to jump on a community call with @adam and explain further, if necessary!