The FixedFloat exploit on February 16, 2024, which resulted in the theft of $26 million across Bitcoin and Ethereum networks, underscores a critical reality for advanced cryptocurrency users: passive security is insufficient. The attacker completed the Ethereum portion of the breach in 34 minutes and the Bitcoin phase in under 20 minutes, demonstrating that response time is measured in minutes, not hours. For users managing significant DeFi portfolios across multiple chains, building a proactive on-chain monitoring system is no longer optional. This advanced tutorial walks through the technical implementation of a cross-chain security dashboard.
With Bitcoin trading at $52,160 and Ethereum at $2,803, the total value locked in DeFi protocols continues to grow, making real-time monitoring essential for protecting substantial holdings. The tools and techniques described here leverage publicly available blockchain data and open-source software to create a monitoring system that can alert you to suspicious activity before it results in catastrophic losses.
The Objective
The goal is to construct a monitoring system that tracks wallet activity across Ethereum, Bitcoin, and major layer-2 networks, providing real-time alerts when predefined risk conditions are detected. This includes monitoring for unauthorized transactions, tracking whale movements that may indicate market manipulation, and detecting smart contract interactions with known malicious addresses.
The system architecture consists of three components: a blockchain data ingestion layer that connects to node providers, a rule engine that evaluates transaction patterns against risk criteria, and a notification layer that delivers alerts through your preferred channels. The entire system can be self-hosted for maximum privacy and control over your monitoring data.
Prerequisites
Before building the monitoring system, ensure you have the following technical foundations in place. You will need access to blockchain RPC endpoints for Ethereum and any layer-2 networks you wish to monitor. Services like Alchemy, Infura, or self-hosted nodes provide the necessary API access. For Bitcoin monitoring, Electrum server connections or blockchain.info API access is required.
A basic understanding of JavaScript or Python is necessary for implementing the monitoring scripts. Node.js runtime environment should be installed for JavaScript-based implementations, along with the ethers.js or web3.js library for Ethereum interaction. For Bitcoin monitoring, the python-bitcoinlib library provides the necessary transaction parsing capabilities.
Additionally, you should have a notification system ready for alerts. Options include Telegram Bot API for mobile notifications, webhook integrations for Slack or Discord, or email alerts through SMTP. The notification system should support rich formatting to include transaction details and risk assessments in alert messages.
Step-by-Step Walkthrough
Step 1: Configure blockchain data feeds. Set up WebSocket connections to your Ethereum RPC endpoint using ethers.js. The WebSocket provider enables real-time monitoring of pending transactions and new blocks without the overhead of polling. Configure separate connections for each network you want to monitor, including Ethereum mainnet, Arbitrum, Optimism, and other relevant chains. For each connection, establish filters for your monitored addresses and any smart contracts you interact with regularly.
Step 2: Implement transaction filtering logic. Create a rule engine that evaluates each incoming transaction against your risk criteria. Basic rules should include monitoring for any outgoing transactions from your wallets that exceed a configurable threshold, detecting interactions with smart contracts not on your whitelist, and flagging transactions that interact with addresses associated with known exploits or sanctioned entities. The SlowMist and Chainalysis threat intelligence feeds provide regularly updated lists of suspicious addresses.
Step 3: Build the cross-chain correlation engine. The FixedFloat attacker demonstrated sophisticated cross-chain movement, draining both Ethereum and Bitcoin wallets in a coordinated operation. Your monitoring system should correlate activity across chains, flagging patterns such as large withdrawals from multiple chains within short time windows or unusual routing through mixing services. Implement a time-windowed analysis that groups transactions across chains within configurable intervals to detect coordinated attacks.
Step 4: Configure alert escalation tiers. Not all alerts require the same response urgency. Implement a tiered system where low-risk observations are logged for periodic review, medium-risk events generate immediate notifications, and high-risk alerts trigger urgent notifications through multiple channels simultaneously. Define clear criteria for each tier based on transaction value, address reputation, and deviation from your typical activity patterns.
Step 5: Set up automated response triggers. For the highest-risk scenarios, implement automated responses that can execute without human intervention. This might include automatically disabling withdrawal functionality on connected DeFi protocols, triggering emergency withdrawals to preconfigured safe addresses, or activating circuit breakers that halt all monitored activity pending manual review.
Troubleshooting
Common issues with blockchain monitoring systems include WebSocket connection instability, which can be mitigated through automatic reconnection logic with exponential backoff. False positives from legitimate but unusual transactions can be reduced by implementing machine learning-based anomaly detection that learns your typical activity patterns over time. RPC rate limiting can be addressed by distributing requests across multiple endpoint providers and implementing request caching for non-time-sensitive queries.
If you encounter gaps in monitoring coverage, verify that your address watch lists are comprehensive and include not just your primary wallets but also any smart contracts, delegation contracts, and third-party protocol addresses that have permission to move your funds. The FixedFloat incident demonstrated that operational wallets can be compromised even when the primary platform interface appears normal.
Mastering the Skill
Advanced on-chain monitoring extends beyond simple transaction tracking. Consider integrating on-chain analytics tools like Dune Analytics or The Graph protocol to build custom dashboards that visualize your portfolio risk exposure across protocols and chains. Machine learning models can be trained on historical exploit patterns to predict and flag emerging attack vectors before they are widely recognized.
The ultimate goal is to achieve a security posture where you can detect and respond to threats within minutes rather than hours, matching the speed at which sophisticated attackers operate. As the DeFi ecosystem grows more complex with cross-chain aggregators, restaking protocols, and AI-driven trading agents, the monitoring systems protecting your assets must evolve proportionally.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Always conduct your own research before making any financial decisions.
34 min ETH drain and 20 min BTC drain. if your monitoring is not sub-minute you are already too late. good walkthrough though
response time is everything. built something similar with grafana last year and it saved me during the mango markets chaos
finally someone writing about proactive monitoring instead of how to recover after you lose everything. the webhooks section is solid