Real-Time Exploit Intelligence
TxRay: Real-Time Postmortems for Live Blockchain Attacks
Security teams rarely get the luxury of days to understand an exploit. TxRay is built around the opposite constraint: start with limited evidence, reconstruct the attack, and ship something reproducible fast enough to matter.
The paper frames postmortem work as an agentic system problem. Instead of manually collecting traces, code, and state transitions, TxRay orchestrates tool calls to recover the exploit lifecycle, explain the root cause, and produce a runnable PoC with checks that verify the incident-specific claims.
- Starts from minimal evidence. TxRay can begin with one or more seed transactions and recover the exploit lifecycle from there.
- Produces reproducible incident artifacts. The system generates an evidence-backed root cause and a runnable PoC instead of stopping at narrative analysis.
- Fast enough for live response. In the live deployment reported on arXiv, TxRay reaches median latencies of 40 minutes for validated root causes and 59 minutes for PoCs.
Why this matters
The interesting shift here is operational, not just academic. Better exploit intelligence is about compressing the time between a suspicious transaction and a defensible explanation.
- Shorter loop from alert to understanding. Analysts can move from a transaction hash to a rooted explanation without rebuilding the case from scratch every time.
- Better postmortems, not just faster ones. Because the output includes executable PoCs and semantic checks, the result is more useful for responders, auditors, and engineering teams.
- Directly aligned with Clara. This is the same problem Clara is built around: live exploit intelligence with PoCs and postmortems teams can act on immediately.
Clara turns live exploit signals into real-time intelligence, including the artifacts responders actually need. Visit clarahacks.com or email [email protected].