When it comes to securing decentralized protocols, there is no single silver bullet. Vulnerabilities can still slip through the cracks. What matters is how prepared you are when they do.
That truth was underscored this week when the Panoptic team, supported by our Incident Command program and SEAL 911, successfully performed a rescue operation to secure user funds across 10 smart contracts spanning 3 chains.
A Layered Security Approach
Cantina worked with Panoptic in a multi-layered security approach, optimized to meet their team’s budget considerations. Together, we designed a layered security plan that included:
- A traditional code review engagement
- A code review competition
- A bug bounty on the Cantina platform
- Integration into Cantina’s Incident Command program for continuous monitoring, rapid response, and crisis coordination
How Incident Command Worked
On Monday, August 25, a researcher disclosed the vulnerability to Cantina’s bounty program. Within minutes, the Panoptic team activated Cantina Incident Command, spinning up coordinated war rooms with Cantina and SEAL 911 experts.
Through triage, investigation, and coordinated actions, the team was able to:
- Confirm the scope and severity of the issue
- Support precautionary withdrawals, which ultimately secured ~90% of user funds before any operation was necessary
- Execute a rescue across all affected contracts before an attacker could strike
As of today, all funds are secure and under custody, with a redistribution plan already in progress.
Why This Matters
This case demonstrates the reality of Web3 security: no single measure is enough. A multi-layered strategy ensures risks are caught and mitigated before they become catastrophic.
Cantina’s Incident Command is designed for exactly this - empowering teams to respond quickly and effectively under real-world conditions. For Panoptic, it made the difference between a vulnerability report and a multimillion-dollar exploit.
Looking Ahead
We’re grateful to the researcher who disclosed this issue responsibly through the Cantina bounty program, and to Panoptic and SEAL 911 for executing such a disciplined response.
For teams building in Web3, Panoptic’s story reinforces a simple lesson: layered defenses save projects and protect users.