Common Defense grew up defending Web3, where attackers are patient, capital sits on-chain, and a single compromise is irreversible. That red-team intuition now protects protocols, their teams, and their treasuries.
The stakes are different on-chain
When your infrastructure guards a treasury, every gap is worth exploiting. There is no chargeback and no undo. Attackers are well-funded, patient, and willing to spend weeks on a single target. A compromise that would be a bad day for a SaaS company is final for a protocol.
How protocols actually get drained
The exploit is rarely the smart contract. It’s the operation around it. A signer gets reached through a fake job offer. A multisig quorum gets captured. A front end gets poisoned to trick an approval. We harden the identity, access, signing, and communication paths that lead to funds, and we respond when an incident is live.
Multisig and treasury operations
The treasury is the target, so the controls around it get the most scrutiny. We review your signer setup, quorum policy, and signing hygiene, along with the custody and movement controls between an attacker and the funds. When something does go wrong, on-chain incidents move fast and don’t reverse. We contain the exposure, trace the funds, and work exchanges and partners to freeze what is still reachable. On-chain, the response has to move in minutes, because the transfer won’t reverse. We help your team rehearse that day before it arrives, so no one is improvising when the treasury is exposed.
Common Defense helped protect us during a severe incident, diagnosed the root cause rapidly, and set up systems in place to prevent future attacks and reassure our stakeholders. — CEO, multi-billion protocol
