0G APAC Hackathon 2026

Autonomy without safety
is just chaos.

0guard is a read-only, pre-wallet safety layer that uses 60+ real exploit signatures from 2020-2026 to detect and block crypto hacks before an AI agent ever reaches a signing key.

View on GitHub See How It Works HackQuest Proof Packet
0
Incidents Covered
2020-2026
$0B+
Historical Losses
Detected
0
Attack Vectors
Tracked
0
Known IOCs
Blocked
0
Suspicious
Selectors

The Problem

April 2026 was the worst month on record for DeFi hacks — but it was not an anomaly. It was part of a $3.5B+ historical pattern of operational-security failures.

$0M
Stolen in April 2026
0
Major Incidents
0%
Attribution: Lazarus Group
  • $635M+ stolen across 28 DeFi / DEX incidents in April 2026 alone — the worst month on record.
  • $3.5B+ in historical losses detected across 60+ incidents from 2020-2026, with the same attack vectors repeating.
  • 76% of April losses were attributed to North Korea's Lazarus Group using social engineering, bridge misconfiguration, and admin-key compromise.
  • The two largest exploits involved zero smart-contract bugs; they were pure operational-security failures.
  • AI agents operating on fast L1s / L2s can make wallet mistakes instantly — there is no pre-flight safety layer designed specifically for autonomous agents.

The Solution

0guard gives every AI agent a pre-wallet security copilot. Every intent is evaluated as allow, review, or deny before it ever touches a signing key.

Intent Received
Signature Scan
Behavioral Check
Allow
Review
Deny

🔥 Intent Firewall

Evaluates every action as allow, review, or deny before it reaches a wallet. Zero trust by default.

🎯 Hack Signature Detection

Built-in IOCs, calldata selectors, and behavioral sequences derived from 60+ real exploits (2020-2026).

OSINT Evidence Layer

Tracks source owners, URLs, rights caveats, freshness, record hashes, and detector gaps across public incident and threat-intel feeds.

📝 Content Engine

Generates alert tweets, thread breakdowns, and incident summaries from detected signatures for review or confirmed publishing.

🤖 X Bot

Generates threat-intel drafts from matched signatures; live X posting stays behind explicit workflow confirmation.

🔗 0G-Native Proofs

Reads live 0G status, prepares policy receipt hashes, and includes public mainnet receipt-anchor proof while keeping workbench writes operator-controlled.

Cross-Chain Fabric

Catalogs Virtuals/Base, x402, Arbitrum, Polygon, MegaETH, Monad, HyperEVM, Tempo, Lighter/LIT, and Celestia/TIA as read-only integration targets with no live launches, trades, or money movement.

🛡️ Zero Trust by Default

Refuses signing, raw transactions, bridges, swaps, and approvals unless explicitly cleared by policy.

Detection Matrix

0guard detects 10 distinct attack vectors across 60+ historical incidents. Every vector is encoded as a testable signature.

Reentrancy
Recursive external calls drain funds before state updates complete.
The DAO, Curve, Cream
Flash Loan
Borrow massive capital without collateral to manipulate prices or drain pools.
Harvest, bZx, Alpha, Euler
Oracle Manipulation
Corrupt price feeds to trigger false liquidations or inflate collateral.
Rhea, BonqDAO, Mango
Bridge Exploit
Forge or replay cross-chain messages to mint unbacked assets.
Ronin, BNB, Wormhole, Nomad, Poly, Kelp
Admin Key
Compromised deployer or multisig keys used to upgrade or drain contracts.
Wasabi, Volo, PlayDapp
Governance
Flash-loan governance tokens to pass malicious proposals instantly.
Beanstalk
Social Engineering
Trick teams into pre-signing transactions or revealing private keys.
Drift, Radiant
Signature Replay
Reuse valid signatures across domains or chains to drain balances.
Giddy, Wormhole
MEV / Sandwich
Front-run and back-run user transactions for guaranteed profit extraction.
General vector
Compiler Bug
Exploit vulnerable compiler output to bypass reentrancy guards.
Curve Vyper

Historical Signatures

Every major exploit from 2020-2026 is encoded as a detectable signature inside 0guard. Historical incidents plus April 2026's worst hits.

Major Historical Incidents
Ronin Network
$625M
Bridge validator compromise via social engineering. Lazarus Group gained control of 5 of 9 validator keys.
Signature
bridge_validator_compromise + social_engineering
Poly Network
$611M
Cross-chain interoperability exploit. Attacker swapped keeper public keys to forge withdrawal messages.
Signature
keeper_key_swap + cross_chain_forge
BNB Chain
$570M
Bridge exploit forged proof to mint 2M BNB. Weak verification in the cross-chain messaging layer.
Signature
bridge_proof_forge + mint_unbacked
Wormhole
$326M
Signature verification bypass on Solana-Ethereum bridge. Attacker minted 120k wETH without deposit.
Signature
signature_verify_bypass + bridge_mint
Beanstalk
$182M
Governance attack via flash loan. Bought majority voting power, passed malicious proposal, drained protocol.
Signature
flash_governance + malicious_proposal
Nomad
$190M
Replica contract initialized with zeroed root allowed arbitrary message proofs. Copycat frenzy followed.
Signature
zeroed_root + arbitrary_proof
Euler Finance
$197M
Flash-loan attack via recursive donation and liquidation. Exploited permissioned minting logic.
Signature
recursive_donation + flash_liquidation
Curve Finance
$73M
Vyper compiler bug (versions 0.2.15-0.3.0) broke reentrancy locks, enabling pool drains.
Signature
compiler_reentrancy_fail + vyper_bug
Mango Markets
$115M
Oracle price manipulation via large spot positions. Inflated collateral to borrow beyond protocol limits.
Signature
oracle_inflate + overborrow
April 2026 Incidents
Drift Protocol
$285M
Durable nonce social engineering. Attacker asked the team to pre-sign a transaction transferring admin powers to a quote trading partner.
Signature
durable_nonce_admin_transfer
Kelp DAO
$293M
LayerZero bridge forged with a 1-of-1 DVN. The config only required one validator to approve a cross-chain release of 116,500 rsETH.
Signature
single_dvn_bridge + lzReceive
Wasabi Protocol
$5M
UUPS proxy upgrade via compromised deployer key. Attacker combined grantRole and upgradeTo in a single transaction batch.
Signature
sequence_grant_upgrade
Rhea Finance
$18.4M
Flash-loan attack using fake collateral. A classic DeFi exploit sequence executed at high speed.
Signature
sequence_flash_swap_withdraw
Giddy Finance
$1.3M
EIP-712 signature replay attack. Malformed approve calls were replayed to drain user balances.
Signature
critical_selector (malformed approve)
HyperBridge
$2.5M
MMR proof replay. A cross-chain messaging vulnerability allowed reuse of previously valid proofs.
Signature
lzReceive critical selector
Aftermath Perps
$1.14M
Signedness mismatch in perpetuals pricing logic led to incorrect liquidations and fund extraction.
Signature
high_value + risk_pair
Sweat Foundation
$3.5M
Refund logic drain. Exploited a flawed refund mechanism to siphon bridged assets continuously.
Signature
drain_language
Volo Protocol
$3.5M
Admin key leak enabled unauthorized grantRole and transferOwnership calls to seize protocol control.
Signature
grantRole / transferOwnership

Production Pipeline

From public-source intelligence to detector coverage, policy receipts, and explicit operator-controlled proof paths.

OSINT Lead
🎯 Signature Engine
📝 Evidence Card
🤖 Human Review
🔗 0G Chain
💾 0G Storage

HackQuest Proof Packet

Copy-ready form fields, provenance readbacks, and a prepared screenshot asset for the final 0G APAC Hackathon submission.

0
Source-Matched Incidents of 28
0
Detector-Matched Incidents of 28
0
High-Confidence Provenance Matches
0
Research-Only Detector Gap
  • Public proof hub: `docs/hackathon-0g/index.html` embeds the demo video and shows 28/28 provenance, 27/28 detector coverage, and the 0G mainnet anchor.
  • Copy/paste packet: `docs/hackathon-0g/submission-form-fields.md` maps HackQuest fields to ready text and proof URLs.
  • Machine-readable packet: `/api/hackathon/submission-packet` returns track choice, form fields, proof points, X commands, and submit order.
  • Readiness audit: `scripts/submission_readiness.py` and `/api/hackathon/readiness` currently report `Submittable now: true` with no operator blockers.
  • Threat receipt passport: `docs/hackathon-0g/threat-receipt-passport.md` and `/api/hackathon/threat-passport` give judges a proof drill with intent, verdict, provenance, receipt hash, and 0G proof slots.
  • Cross-chain fabric: `/api/integrations/cross-chain` and `/api/integrations/virtuals-facilitator` prepare Virtuals/Base and x402 expansion without claiming live settlement or agent launch.
  • Proof-first story: live 0G readback, mainnet receipt anchor, Storage-ready root hashes, and canonical provenance evidence with no raw upstream payload mirroring.
  • Mainnet proof: contract `0xBaC59b...2abc` and anchored deny receipt `0x9739...afd1` are public on 0G Explorer.
  • Prepared media: the final MP4 and `docs/hackathon-0g/assets/0guard-workbench-provenance.png` are ready for the required X post or demo thumbnail.
Open Submission Fields Final Checklist Receipt Passport Proof Page Mainnet Proof View Screenshot Asset

Live API Demo

Real endpoints. Real signatures. Block threats before they reach a wallet.

/api/evaluate
/api/hack-check
CLI Demo
# Block an unlimited approval attempt
curl -X POST http://127.0.0.1:8109/api/evaluate \
  -H "Content-Type: application/json" \
  -d '{"intent":{"action":"approve","mode":"live_transaction","requires_signature":true,"calldata":"0x095ea7b3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"},"enable_0g_anchor":true,"enable_0g_storage":true,"agent_id":"agent-7857-demo"}'

# Response
{
  "decision": "deny",
  "severity": "critical",
  "blockers": ["Unlimited ERC-20 approval (max uint256) detected."],
  "receipt_hash": "9739db...afd1",
  "zero_g": {"chain_anchor": {"status": "preflight"}, "storage_receipt": {"stored": true}}
}
# Detect a Drift-style social-engineering attack
curl -X POST http://127.0.0.1:8109/api/hack-check \
  -H "Content-Type: application/json" \
  -d '{"action":"approve","calldata":"0x095ea7b3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"}'

# Response
{
  "blockers": [
    "Critical selector detected: approve(address,uint256) (0x095ea7b3)",
    "Unlimited ERC-20 approval (max uint256) detected."
  ],
  "signatures_matched": ["critical_selector:approve(address,uint256)", "unlimited_approval"],
  "iocs_hit": []
}
# CLI: evaluate a transaction file
$ 0guard evaluate --intent-json '{"action":"approve","mode":"live_transaction","requires_signature":true,"calldata":"0x095ea7b3ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"}' --anchor --storage --agent-id agent-7857-demo

{
  "decision": "deny",
  "severity": "critical",
  "zero_g": {
    "chain_anchor": {"status": "preflight", "chain_id": 16602},
    "storage_receipt": {"stored": true, "root_hash": "43fd61...b8bb"}
  }
}

# Summary
Decision: deny | Chain anchor: preflight | Storage root: ready | Live writes: operator-only

Content Engine

Draft threat intel from every detected signature: tweets, threads, and summaries ready for review or confirmed publish workflows.

Alert Tweet
Thread Breakdown
Summary Post
2026-04-15 09:23 UTC — Auto-generated by 0guard Content Engine

🚨 0guard Alert

Flash-loan attack sequence detected on Ethereum mainnet.

Matched signature: sequence_flash_swap_withdraw
Historical precedent: Rhea Finance ($18.4M)
Risk score: 94/100

Intent blocked before signing. Receipt prepared for 0G Chain anchoring; no live broadcast in demo mode.

#0guard #DeFiSecurity #FlashLoan
2026-04-15 09:24 UTC — Auto-generated by 0guard Content Engine

🧵 Thread: How 0guard blocked this attack

1/ An AI agent attempted a high-value swap preceded by a flash-loan borrow. This exact sequence was used in the Rhea Finance ($18.4M) exploit.

2/ The Signature Engine matched sequence_flash_swap_withdraw within 12ms of intent submission.

3/ The Content Engine generated this draft; live posting stays behind explicit workflow confirmation.

4/ A SHA-256 policy receipt was produced locally with anchor_status=preflight, and the deny receipt is anchored on 0G mainnet for judge verification.

5/ A deterministic storage payload/root hash was prepared for 0G Storage; external writes remain opt-in for the demo.

#0guard #ThreatIntel #AutonomousSecurity
2026-04-15 09:25 UTC — Auto-generated by 0guard Content Engine

📋 Incident Summary

Incident ID: 0guard-2026-0415-0923
Vector: Flash Loan
Risk Score: 94/100
Verdict: DENY
Historical Match: Rhea Finance ($18.4M)
Signatures Matched: sequence_flash_swap_withdraw, high_value_swap
Chain: Ethereum
Receipt: preflight SHA-256 policy receipt, with matching 0G mainnet anchor proof
Alert Channel: Draft only; no live X send in demo mode

The agent's intent was intercepted at the firewall layer. No signing key was exposed. The forensic trace is serializable for 0G Storage once a storage node is configured.

Built on 0G

0guard integrates with 0G through live read-only RPC status, a public mainnet receipt anchor, and explicit opt-in paths for future chain/storage writes.

0G Chain

Public 0G mainnet PolicyReceiptAnchor proof plus SHA-256 policy receipt hashes from the read-only workbench.

Agentic Infrastructure

0G Storage

Deterministic threat-intel payloads and root hashes prepared for 0G Storage once the storage endpoint is configured.

Privacy & Sovereign Infra

0G Compute

Pluggable AI inference layer for behavioral anomaly detection on agent prompts. Future TEE-sealed scoring.

Agentic Infrastructure

Architecture

A single evaluation flow from AI agent intent to policy decision, proof receipt, content draft, and explicit operator-controlled publish paths.

AI Agent OpenClaw, LangChain 0guard Intent Evaluation Engine Wallet / RPC Only if allow Crypto Hack Guard (Signatures) • IOC blocklist (Lazarus wallets, 19 IOCs) • Selector analysis (32 selectors: approve, upgradeTo, grantRole, lzReceive) • Behavioral sequences (flash-loan → swap → withdraw) • Social-engineering language detection Content Engine Tweets, Threads, Summaries X Bot Auto-publish threat intel 0G Compute AI Anomaly Model 0G Chain Receipt Anchor (SHA-256) 0G Storage Threat Intel KV + Log Public Archive X Threads + Summaries

Team

Built by security engineers and product strategists who believe autonomous finance must be safe by default.

SS

Sapphire Security

Security & Engineering

AE

arigatoexpress

Product & Strategy