> For the complete documentation index, see [llms.txt](https://docs.guardrail.ai/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.guardrail.ai/use-cases/threat-intel.md). # Threat Intelligence Guardrail's security research team tracks DeFi exploits and attack patterns. Here are highlights from recent years showing how real-time monitoring could have prevented major losses. ## 2025 Highlights **Cetus Protocol ($224M) — June 2025** A concentrated liquidity DEX on Sui exploited through price calculation manipulation. Attackers drained multiple pools by exploiting arithmetic in the swap logic. Guardrail's pool manipulation and balance anomaly guards detect this pattern by monitoring for abnormal price movements and liquidity changes within single transactions. **Silo Finance ($500K+) — June 2025** An unreleased leverage feature was exploited during testing. Even test deployments need monitoring—Guardrail's event and function guards would have detected unexpected interactions with the vulnerable contracts. ## 2024 Highlights **Radiant Capital ($50M) — October 2024** Not a code bug—compromised developer machines displayed fake transaction data to multisig signers. Guardrail's multisig threshold guard would have flagged the signing requirements, and admin event monitoring would have detected the ownership change before fund drainage. **Penpie ($27M) — September 2024** Reentrancy attack on the reward calculation logic. The attacker used fake Pendle market contracts to manipulate deposits mid-transaction. Guardrail's reentrancy guard and function sequence validation detect this pattern. **Ronin Bridge ($12M) — August 2024** A proxy upgrade without initialization allowed anyone to withdraw tokens. Guardrail's proxy uninitialized upgrade guard specifically detects when upgrades occur without accompanying initialization calls. ## Attack Pattern Coverage | Pattern | Guardrail Detection | | ----------------------- | ------------------------------------------ | | Reentrancy | Reentrancy Guard, Function Sequence Guard | | Flash Loan Manipulation | Flash Loan Guard, Pool Manipulation Guard | | Oracle Attacks | Price Deviation Guard, Oracle Health Guard | | Governance Exploits | Multisig Threshold, Admin Event Guards | | Uninitialized Proxies | Proxy Upgrade Guard | | Private Key Compromise | Balance Drop Guard, Admin Change Detection | *** --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.guardrail.ai/use-cases/threat-intel.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.