Solutions for DeFi Protocols

An exploit settles in milliseconds. Catch it in the mempool.

AuditKey monitors your smart contracts and treasury addresses in real time, flags suspicious transactions before they confirm, and clears legitimate privacy-pool users without forcing them off shielded networks. Security and compliance that runs at the speed of the chain.

DTCC AI Hackathon winner. OpenAML contributor at Linux Foundation FINOS.

The security gaps DeFi teams face today

What security looks like for DeFi protocols right now.

By the time your alert fires, the funds are gone.

On-chain monitors read confirmed transactions only. Exploits execute and confirm in a single block.

Your compliance tooling is blind to privacy networks.

Institutional volume is moving into shielded networks. Legacy tools cannot read those transfers.

A flagged address on your protocol is regulatory exposure.

Regulators expect screening regardless of custody. A sanctioned address is exposure you inherit.

Real-time defense, from the mempool to the compliance record.

Mempool Defense

AuditKey monitors your contracts and treasury addresses in real time. Pending transactions are screened before they reach the next block: counterparties are checked against sanctions lists and entity labels, contract methods are inspected for known attack patterns, and proximity to conflicted or suspicious transactions in the queue is scored. Suspicious transactions are flagged with an agent signal before they confirm.

Why post-finality monitoring cannot protect a DeFi protocol.

DeFi exploits are not slow. Flash loan attacks, reentrancy exploits, and oracle manipulation attacks are designed to execute atomically, often within a single block, sometimes within a single transaction. A monitoring tool that reads confirmed events is reading a record of what already happened. It cannot intervene in what is happening.

Mempool monitoring changes the position in the transaction lifecycle. A transaction that has been broadcast but not yet mined is still stoppable, or at minimum detectable with enough lead time to trigger an automated response. AuditKey's Mempool Defense module is designed around this window: screening pending transactions, scoring their proximity to other suspicious activity in the queue, and surfacing agent signals before the next block.

On privacy networks the problem is different but equally architectural. A forensic tool that reads public event logs cannot read a shielded transaction because no public log exists. Forcing all privacy-pool users off your protocol is not a compliance solution, it is a product decision that costs you a growing user segment. Proof of Innocence is the only path that preserves both compliance and access.

Why teams trust AuditKey

Why security teams trust AuditKey.

DTCC AI Hackathon.

AuditKey's prototype won the DTCC AI Hackathon, demonstrating real-time compliance screening at institutional scale against a field of 42 teams, drawing over 250 participants from the financial infrastructure industry.

The threat landscape DeFi protocols are operating in.

Mempool-level attacks

Sandwich attacks, front-running, and certain flash loan patterns are visible in the mempool before they confirm. A transaction broadcasting a large swap into a low-liquidity pool, for example, can be identified as a potential sandwich target before the block is mined.

Flash loan exploits

Flash loan attacks borrow and repay within a single transaction, making post-finality detection useful only for forensics. Detection at the mempool level, combined with counterparty and contract method screening, is the earlier intervention point.

Privacy-pool exposure

Funds originating from zero-knowledge privacy networks such as Railgun may include both legitimate users and those attempting to obscure illicit origins. Proof of Innocence is the mechanism that distinguishes them without requiring full transaction history disclosure.

Sanctions exposure

A sanctioned address transacting through a non-custodial protocol creates regulatory exposure for the protocol operator in an increasing number of jurisdictions. Screening at the mempool level, before the transaction confirms, is the only point at which that transfer can be stopped rather than reported.

What they say.

Working with compliance and product teams across the United States, Brazil, Argentina, Colombia, and Latin America.

For real-world investigations, the most critical part of AuditKey is its transparent address labeling process and its comprehensive VASP and Travel Rule directory. There is no black-box guesswork here; it relies on a deterministic database built on clear behavioral data. Knowing the exact institutional endpoints and counterparty classifications is the real key to mapping out an on-chain case.
Claudio CostaClaudio Costa, Police Officer & Founder of Cilada Cripto

Add your contracts to active surveillance today.

Create a free account, add your smart contract or treasury address, and monitor in real time. No sales call, no credit card.

Free tier included. Upgrade when you are ready for production monitoring at scale.

FAQ

Questions DeFi security and compliance teams ask us.

Straight answers on mempool detection, exploit response, and privacy-pool screening.

How early in the transaction lifecycle does AuditKey detect threats?

AuditKey monitors the mempool, the pool of broadcast transactions that have not yet been mined into a block. This is before finality, giving your team the earliest possible signal on a suspicious or malicious transaction targeting your contracts.

What types of attacks can AuditKey detect in the mempool?

AuditKey screens counterparties against sanctions and entity databases, inspects contract methods for known patterns, scores proximity to other suspicious transactions in the pending queue, and flags high-risk gas and nonce configurations. Confirm the current detection ruleset in the product documentation.

Can AuditKey stop an exploit automatically, or does it only alert?

AuditKey surfaces an agent signal before the transaction confirms. The automated response to that signal depends on your integration: the platform supports alerting, case creation, and workflow escalation. Fully automated blocking requires integration with your protocol's transaction management layer. Confirm your integration requirements with the team.

How does AuditKey handle privacy-pool transactions without exposing user data?

AuditKey triggers a Proof of Innocence request for transfers originating from zero-knowledge privacy networks. The sender submits a view key or cryptographic proof demonstrating their funds do not originate from sanctioned sources. AuditKey verifies the proof without accessing the full transaction history. The user's privacy is preserved and your compliance record is maintained.

Does AuditKey work with non-custodial protocols?

Yes. AuditKey monitors addresses and contracts regardless of custody model. The compliance record it produces is relevant even for non-custodial protocols operating in jurisdictions where regulators are extending screening obligations to protocol operators.

Which chains does AuditKey support for smart contract monitoring?

AuditKey currently supports Ethereum and EVM-compatible chains, Tron, Solana, and Bitcoin for address monitoring. Confirm the current supported chain list and mempool monitoring availability per chain in the product documentation.

Is there a free tier for DeFi protocols?

Yes. You can create a free account and add addresses to monitoring with no credit card required. Production-volume monitoring and full Mempool Defense are available on paid tiers.