mantle

Real-Time Blockchain Agility: Insights From the Industry's Toughest Test

26 Feb, 20259 min read
BlockchainEcosystemMantleWeb3
Real-Time Blockchain Agility: Insights From the Industry's Toughest Test

We thank team members Tim Chen, Group Head of Strategy at Mantle, Brian Trunzo, Chief Growth Officer at Mantle Network, Joshua Cheong, Product Lead at Mantle Network, Ng Yingzhong, Product Lead at mETH Protocol and Francesca Tay, Chief Marketing Officer at Mantle for their insights and contributions to this article.

Real-Time Resilience

Blockchain technology is often celebrated for enabling the decentralization of control, data, and value exchange, but its true strength lies in the interplay between this principle and its capacity for real-time security, transparency, and operational agility — especially under pressure. The recent Bybit hack, one of the largest in crypto history, serves as a defining case study, illuminating how blockchain systems can respond to unprecedented challenges with speed and coordination. Unlike traditional financial systems, where centralized data and opaque processes can delay action, blockchain’s distributed nature offers constant visibility and the potential for immediate response. This moment underscores a pivotal evolution: blockchain is no longer experimental — it’s a battle-tested foundation for the future of finance.

The Power of Real-Time Detection and Response

At the heart of blockchain’s promise is its ability to detect incidents instantly and mobilize responses in real time. When the Bybit exploit struck on Feb. 21, 2025, the industry saw this in action: transaction data, visible on public ledgers, allowed stakeholders to track stolen funds within minutes. This transparency isn’t just theoretical — it’s a practical advantage, enabling rapid triage and coordination among victims, counterparties, and asset providers. Traditional banking systems, with their centralized and private data, often obfuscate risk, leading to prolonged crises and frozen customer funds. In contrast, blockchain’s immutable, public nature drives hyper accountability, pushing ecosystem players to act decisively.

For users, this means funds can remain secure and fully backed, as seen in the swift containment of the Bybit incident’s ripple effects. The ability to act within hours — rather than weeks or months — sets a new standard for financial resilience, one that blockchain-native systems are uniquely positioned to meet.

On Mantle, for instance, funds remained unaffected, fully backed, and secure due to blockchain’s inherent transparency and rapid response capabilities. The team’s swift action not only curtailed potential losses but also demonstrated operational maturity, setting a new industry benchmark for incident response.

A Test of Resilience: How mETH Protocol and the Ecosystem Responded to the Incident

The recent incident was a stark reminder of the challenges in blockchain security, but it also underscored how far the industry has come in building robust, coordinated, and effective response mechanisms. mETH Protocol was the first to recover assets amounting to $42 million — the largest amount recovered from the incident as of the time of writing — thanks to a highly coordinated effort between security professionals, partners, and ecosystem players. This speed and coordination mark a significant advancement, proving blockchain’s evolution from reactive to proactive resilience, drawing on lessons from past experiences to refine security practices.

Overcoming Infrastructure Challenges for Swift Recovery

With Safe services temporarily disabled on Feb. 22, 2025 as a precautionary response to the incident, the mETH Protocol team had to pivot quickly, executing recovery operations manually via contract calls on Etherscan using methods like getTransactionHash, approveHash, and execTransaction. The process was cumbersome, yet it proved crucial in securing stolen cmETH in under 24 hours — a remarkable feat given the circumstances.

Many entities played a crucial role in the recovery efforts, including SEAL911, Hexagate by Chainalysis, Blocksec, and other key security partners. The SEAL911 team played a critical role in providing security advisory, leveraging their expertise and network to coordinate a swift, effective response. Our security partners, Hexagate by Chainalysis and Verilog, demonstrated vigilance with real-time monitoring and provided best practices to guide the recovery process. Both Mudit Gupta, CISO of Polygon, and the Hexagate team commended this as the first recovery from the Bybit hack — and likely the swiftest of its kind. It was remarkable to see how quickly a decentralized group of security professionals mobilized, working tirelessly toward a common goal.

The Role of Blockchain Infrastructure in Rapid Response

This incident also highlighted the growing maturity of blockchain infrastructure. Tools like Etherscan, Chainalysis, and Arkham Intelligence were invaluable in enabling real-time asset tracking and decision-making. The immediate tagging of exploiter addresses on Etherscan saved hours of work, allowing teams to track fund movements seamlessly. Arkham’s visualization dashboard provided critical insights that shaped our recovery approach, proving that blockchain-native tools are becoming indispensable in incident response. Meanwhile, communication channels like @WuBlockchain and @ZachXBT amplified key developments, ensuring the right information reached the right stakeholders at the right time.

A special mention goes to Veda, cmETH’s infrastructure partner, who remained on standby 24/7, swiftly reacting to requests and flagging suspicious fund movements as they happened. Their proactive approach reinforced the critical role of infrastructure partners in maintaining the security and integrity of decentralized systems.

The Communication Imperative: Transparency in Crisis

Beyond technical responses, effective communication is the backbone of trust in any crisis. The Bybit incident saw leaders like Bybit’s CEO Ben Zhou set a gold standard. Across Crypto Twitter, industry leaders praised Bybit's response — not just for the scale of the incident, but for how they owned it without hesitation or excuses. Within hours of the breach, Zhou used livestreams and X updates to maintain transparency, honoring withdrawals and restoring reserves to 100% in less than a day. This approach inspired similar agility elsewhere, including how mETH Protocol demonstrated this by launching a real-time communication plan on Feb. 21, 2025, sharing updates via X to keep its community informed.

By Feb. 23, 2025 — just two days after the incident — its post-mortem report was published on X, as noted by industry voices like @WuBlockchain and @ZachXBT. This speed, faster than many industry norms, reflects a deep understanding of blockchain security, DeFi/CeFi dynamics, and the need for immediate, clear messaging to sustain trust. It’s a model of how mature organizations can connect technical expertise with real-world impact, ensuring stakeholders feel confident even amid chaos.

A Bullish Signal for Blockchain’s Future

Reflecting on past exploits and how the industry responded this time, it’s clear that blockchain infrastructure is evolving towards greater resilience and maturity. The speed and effectiveness of this coordinated recovery signal that decentralized systems are no longer experimental; they are battle-tested and ready to support traditional use cases at scale.

Mantle is positioned at the forefront of this evolution, leveraging a strong network of partners, robust security practices, and cutting-edge infrastructure. As blockchain continues to mature, Mantle, together with its partners, is leading the charge in making it more secure, scalable, and reliable for the future.

Blockchain technology demonstrates ongoing security readiness.

Bybit's and Mantle's response times demonstrated a blockchain-based system’s technological advantages over the traditional finance system in its immutable transparency and vigilant security. However, in crypto, security risk is an ongoing conversation and the recent hack shows there is still room for improvement.

Information Transparency

Since transaction data remains fully transparent and available in public, the ability to triage and coordinate security incidents among the victim, payment counterparties, and the asset provider is much faster than if each player was only visible to transactions they were involved in. Even if the malicious attacker chooses to move the funds an unlimited number of times across the blockchain, the trace would be visible.

Effective Countermeasures

With the transaction data visible in public, the following countermeasures can be executed more effectively and quickly in blockchain architecture as compared with legacy banking systems.

  • Blacklist malicious accounts: Identified account addresses of the hacker can be immediately flagged as malicious and further actions prevented across multiple levels instantaneously. OFAC lists and associated blacklists can include these addresses to discourage their transactions from being included in the network.
  • Freeze asset transfers: If the asset is centrally issued, such as stablecoins, the respective asset issuers can immediately freeze the movement of the asset from these flagged addresses (See Tether in this most recent example here and an older example here)
  • Layer 2 rollup architecture: Attack-related transactions can be identified at the sequencer level, quarantined, and rejected at the mempool before finalization. In extreme cases, governance mechanisms can facilitate fund recovery through controlled intervention, such as irregular state changes under well-defined security protocols.

Mantle has demonstrated a blockchain-based system’s technological advantages over the traditional finance system in its immutable transparency and vigilant security. This allows real-time responses to reduce risk and protect assets. However, the recent hack highlighted a few key security flaws:

Room for Improvement

(1) The need for better data representation in DeFi to reflect risk, pricing, and underlying collateral (proof-of-reserves). Mantle’s flagship assets already provide dashboards for underlying TVL/collateral values, setting a higher transparency standard.

(2) Enhancing security practices to mitigate blind signing and transaction verification risks:

  • Cross-verification between web and mobile apps before signing transactions to prevent phishing attacks.
  • Optimizing hardware wallet configurations to improve transaction visibility, reducing risks tied to unreadable signature messages (e.g., using MetaMask/Rabby with Ledger instead of direct Ledger connections, enabling data debug option on Ledger).
  • Strengthening multisig security by separating signers between high-security and high-frequency multisigs to prevent cascading risks.
  • Encouraging the use of open-source transaction verification tools, as well as developing and deploying self-managed tools to decode and verify transaction details before signing.
  • Reducing reliance on centralized multisig infrastructure by implementing offline partial signatures, pre-configured allowlists, and AI-powered risk detection.
  • Exploring automated policy-based bot signers to prevent human errors in complex transactions.

(3) Lowering risk exposure through diversified custody strategies, combining self-custody with commercial custody solutions for large assets.

Blockchains power the next generation of finance.

The global financial system’s adoption of blockchain is now a matter of when. Under President Trump's administration, the U.S. is quickly adopting crypto-friendly regulations and policies starting with a stablecoin bill. Bringing the world's largest capital market and financial systems on-chain is also driving other countries to embrace crypto through actions such as policies or buying Bitcoin with their sovereign wealth fund.

At Mantle, we are building an interconnected ecosystem to redefine on-chain finance. Our vision is a banking system that operates with full transparency, and is accessible to anyone, anywhere, anytime. Our team’s response to this most recent incident showcases our commitment to thoughtful design and operational rigor. The robustness of mETH and cmETH stands as a testament to our commitment to security, efficiency, and user trust. These core tenets drive the ethos of six pillars of innovation, each underpinned by the MNT token and its $5b+ in FDV, which include existing category-leading products: Mantle Network, the leading modular Layer 2 on Ethereum with over $1.5b in total value secured; mETH, institutional-grade liquid staking and restaking protocol with over $1b TVL; and Function BTC (fBTC), an institutional Bitcoin yield infrastructure with over $1b TVL.

Our upcoming roadmap includes launching enhanced index funds, expanding into retail banking, and implementing AI. The first will bring the vast liquidity potential of on-chain markets to traditional investors; the second will focus on revolutionizing value transfer, delivering fast, efficient and user-friendly payment solutions tailored for both on-chain and real-world applications; and the third will explore how artificial intelligence can unlock new possibilities in decentralized finance, creating intelligent systems that optimize decision-making, automate workflows, and enhance user experiences.

This is the future of on-chain finance. This will require Mantle to continue forging real-time resilient, adaptive systems that translate blockchain innovations into real-world products that empower users globally. We are up to the task.