Fuzzland Prevents $15 Million Crypto Theft

Web3 security and smart contract auditing firm Fuzzland has prevented the loss of over $15 million in stolen crypto from approximately a dozen different exploits, co-founder Chaofan Shou revealed during the Science of Blockchain conference in New York City.

Founded in early 2023, Fuzzland has developed two main strategies to recover funds: “hijacking” and “backrunning.”

Strategies Explained

• Attack Hijacking: Fuzzland uses bots to identify when a blockchain contract is being exploited, effectively hijacking the malicious actor’s efforts.
• Backrunning: This process involves identifying potential victims and preemptively draining their funds to thwart bad actors.

The largest exploit disrupted by Fuzzland was on DeFi protocol Sonne Finance, leading to a savings of about $10 million in crypto during attacks on both the Base and Optimism Layer 2 networks. They also prevented multi-million dollar hacks targeting AllianceBlock, Dough Finance, and Nexera.

According to Fuzzland’s analysis, 57% of funds can be rescued through backruns, while 26% can be rescued via hijacking. Shou estimates that Fuzzland’s efforts have generated $1.5 million in bug bounties.

Earlier this year, the firm raised $3 million in seed funding, led by 1kx with contributions from HashKey Capital, SNZ, and Panga Capital. Fuzzland employs around 30 employees, most of whom hold PhDs or are candidates.

Fuzzland derives its name from fuzzing, an automated process for discovering vulnerabilities in smart contracts. Shou has open-sourced the “ItyFuzz” fuzzing bot on GitHub, initially proposed with fellow Ph.D. student Shangyin Tan at Berkeley.