
KelpDAO, Drift, Balancer—the list of high-profile DeFi exploits keeps growing, and the attacks are getting more sophisticated. Social engineering, compromised developer devices, AI-assisted intrusion: the threat surface has expanded well beyond smart contract bugs.
And as traditional financial institutions accelerate their move on-chain, they are walking into the same environment—one where settlement is atomic, transactions are irreversible, and the margin for error is zero.
Defending both worlds simultaneously is exactly what Hypernative does, working across numerous institutions from native DeFi protocols to regulated asset managers and stablecoin issuers.
Shawn Lim, VP of Asia at the company, sits at that intersection. In this interview, he unpacks the human-layer vulnerabilities driving the latest wave of attacks, explains how pre-execution threat detection intercepts exploits before they land, and lays out what it actually takes to make security a foundation for institutional adoption rather than its biggest obstacle.
DeFi exploits have intensified recently, with incidents like Drift and KelpDAO drawing significant attention. What’s the most common factor behind these attacks, and why do they keep happening?
From our perspective, the Drift and KelpDAO incidents were targeted attacks carried out through social engineering and the compromise of web2 elements—specifically the personal devices of personnel operating key infrastructure within these protocols. What we’ve seen is that attackers are no longer only targeting smart contract vulnerabilities; they’re targeting the human layer. The weakest link in any protocol is the person who may be exposed to phishing scams or malware on their devices. Often they’re completely unaware, and these threats creep slowly into their systems—creating openings that exploiters act on at precisely the right moment.
Can you explain what pre-execution defense is and how Hypernative predicts and neutralizes threats before transactions become irreversible? What role does AI play?
Our product called Transaction Guard sits above the wallet infrastructure layer, scanning and analyzing every transaction before it’s executed on-chain. We can detect whether a transaction is anomalous relative to a preset policy. Teams using Transaction Guard set very granular policies paired with our in-house threat detection systems—so if someone is about to sign a drainer contract or interact with a known phishing address, that intelligence is already embedded in the policy engine.
As for how we predict and neutralize threats: we’re fully integrated across more than 80 blockchains, reading data on a block-by-block basis. We use machine learning and AI models to analyze state changes down to the byte code level and run simulations to identify patterns that indicate a potential threat. We don’t just simulate whether a smart contract opens a vulnerability—we also look at behavioral patterns: how exploiters fund or deploy contracts, links to mixers, connections to known phishing addresses. Large language models power much of this detection, enabling significantly higher accuracy for our users.
How does Hypernative maintain a high threat detection rate while minimizing false positives?
We invest heavily in robust infrastructure and battle-tested machine learning models, now paired with AI capabilities for real-time analysis. Because we serve more than 350 institutions, the transaction flows and data running through our platform continuously sharpen our detection models.
This matters because our users—large asset managers, exchanges, major protocols—face real opportunity costs. A solution with high false positives either disrupts operations or forces premature unwinding of positions at a financial loss. Timing and precision are everything. We also have a strong public track record of detecting threats and triggering automated on-chain responses that have saved client funds—something very few solutions in this space can demonstrate with verifiable evidence.
How much in client funds has Hypernative helped protect to date? Can you share an example where early detection prevented a major loss?
Based on our estimations, we’ve saved more than $3 billion worth of funds across clients and protocols through our detections.
A notable public example is the Balancer exploit last year, where over $100 million was lost. We detected the potential exploit early. The contracts that were directly hit were legacy unpausable pools—there was no mechanism to stop those losses. But for the newer composable pools that did have a pause function, we were able to save approximately $20 million. Without our solution in place for those pools, the losses would have been far larger. We have many similar cases where asset managers avoided significant losses thanks to our risk detection.
The Asia-Pacific region sees both high levels of on-chain fraud and rapid institutional adoption. How is Hypernative responding, and who is most exposed to these risks?
Fraud is multifaceted and defined differently across institutions, but the most exposed participants are exchanges, payment providers, stablecoin issuers, and financial institutions serving retail customers. Their end users face investment scams, romance scams, and phishing websites—and the challenge is enabling detection before wallets are drained or assets are lost to these networks. We offer an industry-leading fraud detection solution that allows large exchanges to minimize investigation overhead while maintaining a high degree of accuracy in preventing customer losses.
Traditional financial institutions entering Web3 often have compliance covered but can struggle operationally on-chain. When one comes to Hypernative, where do you typically start?
I wouldn’t say they lack an operational layer—they’ve built solid operations on traditional rails, with stopgap measures and policy procedures that allow intervention at multiple points in a process. But on the blockchain, we’re dealing with atomic settlement. Once a transaction executes, it’s essentially final. That means detection and response speed become far more critical than anything they’ve had to manage before.
When we implement runtime defense for these institutions, we’re protecting core infrastructure and smart contracts deployed on-chain from exploits in real time. The bigger gap, honestly, is education—getting them up to speed on the new threat landscape they’re entering. That’s where we spend a significant amount of time working closely with them.
When working with a stablecoin issuer or tokenized asset platform rather than a native DeFi protocol, do their security requirements differ? Are there specific capabilities Hypernative provides to meet those needs?
Top-tier DeFi protocols actually have very strong security requirements—institutions aren’t necessarily more demanding. Many DeFi protocols have years of experience, and we work closely with them to implement robust threat detection and position monitoring.
The difference with institutions is that they carry highly specific additional requirements: regulatory reporting obligations, reputational risk considerations, and accountability to regulators and stakeholders. Their threat detection frameworks often need to be pre-configured around those constraints, which differs significantly from a DeFi protocol’s needs.
Because we work closely with both profiles, we’ve developed strong frameworks and playbooks tailored to each. We also work directly with the regulatory jurisdictions where institutions are issuing assets—requirements vary considerably by region—and translate those into actual monitoring frameworks within our platform.
What still needs to happen for Web3 security to no longer be the biggest barrier to mainstream institutional adoption—and how is Hypernative moving in that direction?
Institutions are growing their capacity and capabilities to operate on-chain, and it’s critical that they invest in scalable, battle-tested solutions with a strong track record in the crypto-native space. We’ve demonstrated that track record, and we’ve also built institutional-grade features that these organizations require: separation of roles and responsibilities, full audit trails, SOC 2 certification, and redundancy planning from a business continuity standpoint. Those are the things that genuinely move the needle for large institutions.
What’s your outlook for Hypernative over the next few years?
The threat landscape is intensifying. One concern we’re actively tracking is the role of AI—including frontier models like Anthropic’s Mythos—in enabling far more sophisticated and invasive attack strategies against protocols and infrastructure. We’re advising clients to implement robust runtime defense and clear security measures in anticipation of that.
AI is also enabling teams to build their own detection tools in-house, but what we’ve observed is that those solutions don’t scale well. The proprietary IP we’ve developed over years—our ability to detect threats before they can be executed—is what sets us apart. It goes well beyond surface-level transaction tracing; it’s the depth of experience embedded in our models that makes the difference.
The post Hypernative Has Saved Over $3B In Client Funds—Here’s How It Keeps Institutions Ahead Of Attackers appeared first on Metaverse Post.