attack-modeling.html

<!DOCTYPE html>
<html lang="en">
<head>
  <meta charset="utf-8" />
  <meta name="viewport" content="width=device-width, initial-scale=1" />
  <title>Attack Modeling & Simulations — MarceloReFi</title>
  <meta name="description" content="I wanted to know what it actually costs to break a small stablecoin: economically viable attacks on DeFi protocols." />
  <link rel="preconnect" href="https://fonts.googleapis.com">
  <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
  <link href="https://fonts.googleapis.com/css2?family=Courier+Prime:wght@400;700&display=swap" rel="stylesheet">
  <link rel="stylesheet" href="style.css" />
  <style>
    /* Page-specific styles */
    .hero {
      padding: 2rem 1.5rem;
      border: 2px solid var(--black);
      border-radius: 12px;
      background: var(--pink);
      box-shadow: 4px 4px 0 var(--black);
      margin-bottom: 2rem;
    }

    .hero h1 {
      font-size: 2rem;
      font-weight: 700;
      margin-bottom: .5rem;
    }

    .hero p {
      font-size: 1rem;
      margin-bottom: .5rem;
      line-height: 1.6;
    }

    .hero p:last-of-type {
      margin-bottom: 0;
    }

    .hero strong {
      display: block;
      margin-top: .75rem;
      font-size: 1.05rem;
    }

    .nav-chips {
      display: flex;
      flex-wrap: wrap;
      gap: .5rem;
      margin-bottom: 2rem;
      position: sticky;
      top: .5rem;
      background: var(--white);
      padding: .75rem 0;
      z-index: 10;
      border-bottom: 2px dashed var(--black);
    }

    .grid-3 {
      display: grid;
      grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));
      gap: 1rem;
      margin-top: 1rem;
    }

    .protocol-card {
      padding: 1.5rem;
      border: 2px solid var(--black);
      border-radius: 12px;
      background: var(--white);
      box-shadow: 3px 3px 0 var(--black);
      height: 100%;
    }

    .protocol-card h3 {
      font-size: 1.2rem;
      margin-bottom: .5rem;
    }

    .protocol-card .meta {
      font-size: .85rem;
      color: var(--gray);
      margin-bottom: .75rem;
    }

    .protocol-card p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .5rem;
    }

    .protocol-card ul {
      margin: .5rem 0 0 1.25rem;
      font-size: .95rem;
    }

    .protocol-card li {
      margin-bottom: .35rem;
    }

    .adversary-section {
      background: var(--yellow);
      border: 2px solid var(--black);
      border-radius: 12px;
      padding: 2rem 1.5rem;
      box-shadow: 4px 4px 0 var(--black);
      margin: 2rem 0;
    }

    .adversary-section h2 {
      font-size: 1.5rem;
      margin-bottom: 1rem;
    }

    .adversary-section h3 {
      font-size: 1.2rem;
      margin: 1.25rem 0 .75rem;
    }

    .adversary-section p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .75rem;
    }

    .adversary-card {
      background: var(--white);
      border: 2px solid var(--black);
      border-radius: 8px;
      padding: 1rem;
      margin-bottom: .75rem;
    }

    .adversary-card h4 {
      font-size: 1rem;
      font-weight: 700;
      margin-bottom: .5rem;
    }

    .adversary-card p {
      font-size: .9rem;
      margin-bottom: 0;
    }

    .scenario-section {
      border: 2px solid var(--black);
      border-radius: 12px;
      padding: 2rem 1.5rem;
      box-shadow: 4px 4px 0 var(--black);
      margin: 2rem 0;
    }

    .scenario-section.scenario-1 {
      background: #ffdddd;
    }

    .scenario-section.scenario-2 {
      background: #ddffdd;
    }

    .scenario-section.scenario-3 {
      background: #ffddff;
    }

    .scenario-section h2 {
      font-size: 1.7rem;
      margin-bottom: .75rem;
    }

    .scenario-section h3 {
      font-size: 1.3rem;
      margin: 1.25rem 0 .75rem;
    }

    .scenario-section h4 {
      font-size: 1.1rem;
      font-weight: 700;
      margin: 1rem 0 .5rem;
    }

    .scenario-section p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .75rem;
    }

    .scenario-section ul {
      margin: .5rem 0 .75rem 1.25rem;
      font-size: .95rem;
    }

    .scenario-section li {
      margin-bottom: .35rem;
    }

    .data-table {
      width: 100%;
      border-collapse: collapse;
      margin: 1rem 0;
      font-size: .9rem;
      background: var(--white);
      border: 2px solid var(--black);
    }

    .data-table th {
      background: var(--black);
      color: var(--white);
      padding: .75rem .5rem;
      text-align: left;
      font-weight: 700;
      border: 1px solid var(--black);
    }

    .data-table td {
      padding: .75rem .5rem;
      border: 1px solid var(--black);
    }

    .data-table tr:nth-child(even) {
      background: #f9f9f9;
    }

    .highlight-box {
      background: var(--white);
      border: 2px solid var(--black);
      border-radius: 8px;
      padding: .75rem;
      margin: .75rem 0;
    }

    .highlight-box h4 {
      font-size: .9rem;
      font-weight: 700;
      margin-bottom: .5rem;
    }

    .highlight-box p {
      font-size: .9rem;
      margin-bottom: .5rem;
    }

    .highlight-box p:last-child {
      margin-bottom: 0;
    }

    .highlight-box ul {
      margin: .5rem 0 0 1rem;
      font-size: .9rem;
    }

    .highlight-box li {
      margin-bottom: .25rem;
    }

    .defense-section {
      background: var(--green);
      border: 2px solid var(--black);
      border-radius: 12px;
      padding: 2rem 1.5rem;
      box-shadow: 4px 4px 0 var(--black);
      margin: 2rem 0;
    }

    .defense-section h2 {
      font-size: 1.5rem;
      margin-bottom: 1.5rem;
    }

    .defense-section h3 {
      font-size: 1.2rem;
      margin: 1.25rem 0 .75rem;
    }

    .defense-section p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .75rem;
    }

    .defense-section ul {
      margin: .5rem 0 .75rem 1.25rem;
      font-size: .95rem;
    }

    .defense-section li {
      margin-bottom: .35rem;
    }

    .insight-card {
      background: var(--white);
      border: 2px solid var(--black);
      border-radius: 8px;
      padding: 1rem;
      margin-bottom: 1rem;
      box-shadow: 2px 2px 0 var(--black);
    }

    .insight-card:last-child {
      margin-bottom: 0;
    }

    .insight-card h3 {
      font-size: 1.1rem;
      margin-bottom: .5rem;
    }

    .insight-card p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .5rem;
    }

    .insight-card p:last-child {
      margin-bottom: 0;
    }

    .alert-box {
      background: #fff3cd;
      border: 2px solid var(--black);
      border-radius: 8px;
      padding: 1rem;
      margin: 1rem 0;
    }

    .alert-box strong {
      display: block;
      margin-bottom: .5rem;
      font-size: 1rem;
    }

    .alert-box p {
      margin-bottom: 0;
      font-size: .95rem;
    }

    .pcc-profile {
      background: var(--yellow);
      border: 2px solid var(--black);
      border-radius: 12px;
      padding: 2rem 1.5rem;
      box-shadow: 4px 4px 0 var(--black);
      margin: 2rem 0;
    }

    .pcc-profile h2 {
      font-size: 1.7rem;
      margin-bottom: 1rem;
    }

    .pcc-profile h3 {
      font-size: 1.25rem;
      margin: 1.5rem 0 .75rem;
    }

    .pcc-profile p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .75rem;
    }

    .pcc-profile ul {
      margin: .5rem 0 .75rem 1.25rem;
      font-size: .95rem;
    }

    .pcc-profile li {
      margin-bottom: .35rem;
      line-height: 1.5;
    }

    .pcc-profile a {
      text-decoration: underline;
    }

    .pcc-data-card {
      background: var(--white);
      border: 2px solid var(--black);
      border-radius: 8px;
      padding: 1rem 1.25rem;
      margin-bottom: .75rem;
    }

    .pcc-data-card h4 {
      font-size: 1rem;
      font-weight: 700;
      margin-bottom: .5rem;
    }

    .pcc-data-card p {
      font-size: .9rem;
      margin-bottom: .5rem;
    }

    .pcc-data-card p:last-child {
      margin-bottom: 0;
    }

    .vulnerability-section {
      background: #ffdddd;
      border: 2px solid var(--black);
      border-radius: 12px;
      padding: 2rem 1.5rem;
      box-shadow: 4px 4px 0 var(--black);
      margin: 2rem 0;
    }

    .vulnerability-section h2 {
      font-size: 1.7rem;
      margin-bottom: 1rem;
    }

    .vulnerability-section h3 {
      font-size: 1.25rem;
      margin: 1.5rem 0 .75rem;
    }

    .vulnerability-section p {
      font-size: .95rem;
      line-height: 1.6;
      margin-bottom: .75rem;
    }

    .vulnerability-section ul {
      margin: .5rem 0 .75rem 1.25rem;
      font-size: .95rem;
    }

    .vulnerability-section li {
      margin-bottom: .35rem;
      line-height: 1.5;
    }

    .vulnerability-section a {
      text-decoration: underline;
    }

    .attack-comparison {
      display: grid;
      grid-template-columns: 1fr 1fr;
      gap: 1rem;
      margin: 1rem 0;
    }

    .attack-comparison .comparison-card {
      background: var(--white);
      border: 2px solid var(--black);
      border-radius: 8px;
      padding: 1rem;
    }

    .attack-comparison .comparison-card h4 {
      font-size: .95rem;
      font-weight: 700;
      margin-bottom: .5rem;
    }

    .attack-comparison .comparison-card p {
      font-size: .9rem;
      margin-bottom: .35rem;
    }

    .critical-finding {
      background: var(--black);
      color: var(--white);
      border-radius: 8px;
      padding: 1.25rem;
      margin: 1.25rem 0;
      font-size: 1rem;
      line-height: 1.6;
    }

    .critical-finding strong {
      color: var(--yellow);
    }

    @media (max-width: 720px) {
      .attack-comparison {
        grid-template-columns: 1fr;
      }
      .hero h1 {
        font-size: 1.5rem;
      }
      
      .grid-3 {
        grid-template-columns: 1fr;
      }

      .nav-chips {
        position: relative;
        top: 0;
      }

      .data-table {
        font-size: .8rem;
      }

      .data-table th,
      .data-table td {
        padding: .5rem .35rem;
      }
    }
  </style>
</head>
<body>
  <div class="wrap">

    <!-- Home button -->
    <a href="index.html" class="chip home-btn">🏠 Home</a>

    <!-- Hero section -->
    <div class="hero">
      <h1>Attack Modeling & Simulations</h1>
      <p>
        I wanted to know what it actually costs to break a small stablecoin. Can a $372K stablecoin be profitably 
        attacked with just $100K in capital? We modeled economically viable attacks on three interconnected 
        DeFi protocols.
      </p>
      <strong>Critical Finding: We discovered a profitable attack that existing security measures fail to prevent. 
      Defense cost: $5K-10K. Attack profit: $8K-31K.</strong>
      <p style="margin-top: .75rem; font-style: italic;">
        Something I came to believe: vulnerabilities don't get exploited because they're possible, they get exploited when they're worth it. Once economics change, 
        attacks emerge.
      </p>
    </div>

    <!-- Breadcrumb -->
    <div style="margin-bottom: 1.5rem;">
      <a href="defi-research.html" class="chip pink">← Back to DeFi Research</a>
    </div>

    <!-- Sticky navigation chips -->
    <nav class="nav-chips">
      <a href="#protocols" class="chip yellow">Protocols</a>
      <a href="#adversaries" class="chip pink">Adversaries</a>
      <a href="#scenarios" class="chip green">Scenarios</a>
      <a href="#defense" class="chip yellow">Defense</a>
      <a href="#insights" class="chip pink">Insights</a>
    </nav>

    <div style="margin: 24px 0;">
      <iframe width="100%" height="166" scrolling="no" frameborder="no" allow="autoplay" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/soundcloud%253Atracks%253A2273714180&color=%23ff5500&auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&show_teaser=true"></iframe><div style="font-size: 10px; color: #cccccc;line-break: anywhere;word-break: normal;overflow: hidden;white-space: nowrap;text-overflow: ellipsis; font-family: Interstate,Lucida Grande,Lucida Sans Unicode,Lucida Sans,Garuda,Verdana,Tahoma,sans-serif;font-weight: 100;"><a href="https://soundcloud.com/marcelo-silva-548700728" title="Marcelo Silva" target="_blank" style="color: #cccccc; text-decoration: none;">Marcelo Silva</a> · <a href="https://soundcloud.com/marcelo-silva-548700728/stealing-crypto-infrastructure" title="Stealing Crypto infrastructure without harming funds" target="_blank" style="color: #cccccc; text-decoration: none;">Stealing Crypto infrastructure without harming funds</a></div>
    </div>

    <!-- Context -->
    <section class="section">
      <h2>Why Optimism?</h2>
      <div class="card">
        <p>
          Mature ecosystem with recent precedent: Sonne Finance $20M exploit (May 2024), SVB crisis (March 2023). 
          This provides real-world validation for our attack models.
        </p>
      </div>
    </section>

    <!-- The Three Protocols -->
    <section id="protocols" class="section">
      <h2>The Three Protocols</h2>
      
      <div class="grid-3">
        <div class="protocol-card">
          <h3>Mento Protocol</h3>
          <p class="meta">Celo | $372K cReal market cap</p>
          <p><strong>Type:</strong> Hybrid stablecoin</p>
          <p><strong>Attack surface:</strong></p>
          <ul>
            <li>Oracle manipulation</li>
            <li>Reserve depletion</li>
            <li>Small market vulnerability</li>
          </ul>
        </div>

        <div class="protocol-card">
          <h3>Sonne Finance</h3>
          <p class="meta">Optimism | Proven exploit history</p>
          <p><strong>Characteristics:</strong> No audits, 2/3 multisig</p>
          <p><strong>Attack surface:</strong></p>
          <ul>
            <li>Known vulnerabilities</li>
            <li>Governance capture</li>
            <li>Historical precedent</li>
          </ul>
        </div>

        <div class="protocol-card">
          <h3>Velodrome Finance</h3>
          <p class="meta">Optimism | $128M TVL</p>
          <p><strong>Type:</strong> Critical infrastructure</p>
          <p><strong>Attack surface:</strong></p>
          <ul>
            <li>Liquidity nexus</li>
            <li>Cascade risk</li>
            <li>Ecosystem dependency</li>
          </ul>
        </div>
      </div>

      <div class="alert-box" style="margin-top: 1.5rem;">
        <strong>The Fragile Web</strong>
        <p>
          All three protocols share: USDC/DAI foundation, Chainlink oracles, Velodrome liquidity. 
          <strong>Cascade risk:</strong> Sonne exploit → Velodrome panic → Mento depeg → System-wide instability.
        </p>
        <p style="margin-top: .5rem;">
          <strong>Key Finding:</strong> Efficiency creates fragility through correlated failure modes.
        </p>
      </div>
    </section>

    <!-- Adversary Profiles -->
    <section id="adversaries" class="adversary-section">
      <h2>Adversary Profiles</h2>
      <p>
        We modeled <strong>realistic adversaries</strong> with actual capabilities, not theoretical "all-powerful"
        attackers. Each profile reflects real-world constraints and incentives.
      </p>

      <div class="adversary-card">
        <h4>Nation-State (DPRK)</h4>
        <p>
          <strong>Budget:</strong> $500K-5M |
          <strong>Capabilities:</strong> DeFi expertise, flash loans, MEV infrastructure, sophisticated tooling |
          <strong>Motivation:</strong> Sanctions evasion, state funding
        </p>
      </div>

      <h3>Circuit Breaker Vulnerability</h3>
      <p>Mento's circuit breakers have a <strong>blind spot:</strong></p>
      <ul>
        <li>✓ Monitor oracle prices (internal)</li>
        <li>✗ Don't monitor external market prices (DEX, CEX)</li>
        <li>✗ Don't detect slow distributed attacks</li>
        <li>✗ Zero trading limits on cReal smartcontract, while keeping high defenses within Mento ecosystem </li>
      </ul>
      <p style="margin-top: .75rem;">
        This enabled three attack scenarios, ranging from immediately profitable to catastrophic.
      </p>
    </section>

    <!-- PCC Adversary Profile -->
    <section class="pcc-profile">
      <h2>Adversary Profile: PCC (Primeiro Comando da Capital)</h2>

      <p>
        The Party represents something DeFi protocols have never modeled: a
        <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">$27B annual revenue organization</a>
        with zero extraction pressure and complete offramp infrastructure already embedded in legitimate Brazilian capitalism.
        This is not a hacker group. Not a cartel in the traditional sense. PCC operates as a
        <a href="https://insightcrime.org/brazil-organized-crime-news/first-capital-command-pcc-profile/">parallel state</a>
        with corporate governance, diversified revenue, and financial infrastructure that rivals mid-size banks.
      </p>

      <p>
        Every DeFi threat model assumes adversaries need to <em>exit</em>. PCC doesn't. They already control the exit.
      </p>

      <h3>Revenue &amp; Operations</h3>

      <p>
        <strong>Annual Revenue:</strong> ~$27B USD —
        <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">Federal Revenue estimate via Small Wars Journal</a>
      </p>

      <p>
        <strong>Structure:</strong>
        <a href="https://en.wikipedia.org/wiki/Primeiro_Comando_da_Capital">40,000 lifetime members + 60,000 contractors</a>.
        Not a gang. A workforce. Independent squads run day-to-day operations. The Party provides governance, dispute resolution, and financial infrastructure.
      </p>

      <div class="pcc-data-card">
        <h4>Revenue Breakdown</h4>
        <p><strong>Drug trafficking:</strong> <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">$2.8B/year</a></p>
        <p><strong>Fuel sector:</strong> <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">$11.3B/year through 1,000+ gas stations</a></p>
        <p><strong>Tax evasion:</strong> <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">$1.4–1.6B/year (2020–2024)</a></p>
        <p><strong>Controlled assets:</strong> <a href="https://www.riotimesonline.com/assassinations-money-laundering-urban-strongholds-brazils-pccs-unstoppable-rise/">$5.7B portfolio</a></p>
      </div>

      <h3>Infrastructure Advantage</h3>

      <p>
        PCC's financial layer is the threat. Between 2020 and 2024,
        <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">$10B moved through fuel distribution</a>
        alone. Not criminal infrastructure—registered businesses generating legal revenue.
      </p>

      <div class="pcc-data-card">
        <h4>Financial Infrastructure</h4>
        <p><strong>Investment funds:</strong> <a href="https://interlira-reports.com/featured/how-organized-crime-infiltrated-brazils-businesses-and-the-financial-sector/07/11/2025/">40+ funds managing $5.7B</a></p>
        <p><strong>BK Bank:</strong> <a href="https://x.com/allanldsantos/status/1961113977196273924">$9B moved (2020–2024)</a></p>
        <p><strong>4TBank:</strong> <a href="https://www.latintimes.com/brazils-largest-cartel-laundering-drug-money-through-fintech-company-public-transport-contracts-567687">allegedly $1.5B laundered through fintech</a></p>
      </div>

      <p>
        Business penetration runs deep.
        <a href="https://interlira-reports.com/featured/how-organized-crime-infiltrated-brazils-businesses-and-the-financial-sector/07/11/2025/">Organized crime has infiltrated Brazil's financial sector</a>
        through legitimate investment vehicles, registered companies, and compliant banking relationships.
        The line between PCC capital and Faria Lima capital is deliberately blurred.
      </p>

      <h3>Geographic Reach</h3>

      <p>
        <a href="https://en.wikipedia.org/wiki/Primeiro_Comando_da_Capital">Present in all 26 Brazilian states and 16+ countries</a>.
        PCC controls an estimated
        <a href="https://en.wikipedia.org/wiki/Primeiro_Comando_da_Capital">50%+ of cocaine flowing from Brazil to Europe</a>,
        with <a href="https://en.wikipedia.org/wiki/Primeiro_Comando_da_Capital">1,000+ associates operating in Lisbon</a> alone.
      </p>

      <p>
        The European network runs through a
        <a href="https://www.eurojust.europa.eu/news/ndrangheta-mafia-members-arrested-investigation-belgium-italy-and-germany">partnership with 'Ndrangheta</a>,
        giving PCC access to Southern European financial systems.
        <a href="https://insightcrime.org/news/portugal-becoming-key-hub-cocaine-europe/">Portugal has become a key hub</a>
        for cocaine entering Europe—and for capital flowing back.
      </p>

      <p>
        This is a transnational financial network with
        <a href="https://setadvisory.com/pcc-brazilrisk/">documented risk profiles</a>
        that most DeFi compliance frameworks have never encountered.
      </p>
    </section>

    <!-- Critical Vulnerability: Liquidity Control Attack -->
    <section class="vulnerability-section">
      <h2>Critical Vulnerability Discovery: Liquidity Control Attack</h2>

      <h3>Why Traditional Models Fail</h3>

      <p>
        DeFi security models threat actors as external agents who exploit, extract, convert, and offramp.
        Compliance teams watch for offramp activity. Chain analysis flags extraction patterns.
        Circuit breakers trigger on rapid withdrawals.
      </p>

      <p>
        PCC breaks every assumption in that model. They don't need to extract. They don't need to convert.
        They already own the offramp.
      </p>

      <div class="attack-comparison">
        <div class="comparison-card">
          <h4>Traditional Threat Actor</h4>
          <p><strong>Step 1:</strong> Exploit protocol vulnerability</p>
          <p><strong>Step 2:</strong> Extract funds to controlled wallet</p>
          <p><strong>Step 3:</strong> Convert through mixers/bridges</p>
          <p><strong>Step 4:</strong> Offramp to fiat</p>
          <p style="margin-top: .5rem;"><strong>Gets caught at steps 3–4.</strong></p>
        </div>
        <div class="comparison-card">
          <h4>PCC Threat Model</h4>
          <p><strong>Step 1:</strong> Accumulate liquidity position</p>
          <p><strong>Step 2:</strong> Control pool dynamics</p>
          <p><strong>Step 3:</strong> Transact through owned infrastructure</p>
          <p style="margin-top: .5rem;"><strong>No extraction. No offramp bottleneck. No flag.</strong></p>
        </div>
      </div>

      <h3>Strategic Distinction: Squads vs. The Party</h3>

      <p>
        Independent PCC squads run street-level operations—drug sales, extortion, local territory.
        These operators look like conventional organized crime and behave like it.
        Chain analysis can flag them. Compliance tools can catch them.
      </p>

      <p>
        <strong>The Party is different.</strong> The Party manages
        <a href="https://interlira-reports.com/featured/how-organized-crime-infiltrated-brazils-businesses-and-the-financial-sector/07/11/2025/">40+ investment funds</a>,
        runs <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">1,000+ gas stations</a>,
        and moves capital through
        <a href="https://x.com/allanldsantos/status/1961113977196273924">banking infrastructure</a>
        that processes billions annually. The Party doesn't need to hack anything. It needs liquidity pools to exist.
      </p>

      <h3>The Liquidity Domination Model</h3>

      <p>
        <strong>Objective:</strong> Control enough liquidity in a pool to dictate pricing, slippage, and exit conditions for every other participant.
      </p>

      <p>
        <strong>Method:</strong> Deposit capital from legitimate business revenue into DeFi liquidity pools.
        No exploit required. No suspicious transactions. Revenue from
        <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">fuel distribution ($11.3B/year)</a>
        enters the financial system through registered businesses, then flows into DeFi as "institutional liquidity."
      </p>

      <p>
        <strong>Economics:</strong> For a protocol with &lt;$50M TVL, controlling 30–40% of liquidity requires $15–20M.
        PCC's <a href="https://www.riotimesonline.com/assassinations-money-laundering-urban-strongholds-brazils-pccs-unstoppable-rise/">$5.7B asset portfolio</a>
        makes this a rounding error. The cost of dominating a small protocol's liquidity is less than what
        <a href="https://x.com/allanldsantos/status/1961113977196273924">BK Bank moves in a single week</a>.
      </p>

      <h3>The Security Boundary Illusion</h3>

      <p>
        DeFi protocols draw a security boundary around their smart contracts. Audits check code.
        Monitoring watches transactions. Governance guards parameters.
      </p>

      <p>
        PCC's Faria Lima infrastructure sits <em>outside</em> that boundary but controls what happens <em>inside</em> it.
        When
        <a href="https://interlira-reports.com/featured/how-organized-crime-infiltrated-brazils-businesses-and-the-financial-sector/07/11/2025/">organized crime has infiltrated the financial sector</a>,
        the offramp isn't a suspicious exchange withdrawal—it's a quarterly dividend from a registered investment fund.
      </p>

      <p>
        Protocol compliance tools scan for sanctioned addresses and flagged wallets.
        They don't scan for capital originating from a gas station network that
        <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">evaded $1.4–1.6B in taxes over four years</a>
        while operating as a legal business.
      </p>

      <h3>Protocol Binding</h3>

      <p>
        Once PCC controls dominant liquidity in a pool, every other participant is bound to PCC's position.
        Traders pay PCC fees. LPs compete against PCC capital. Protocols depend on PCC liquidity for their TVL metrics.
        Governance tokens accumulated through LP rewards shift voting power.
      </p>

      <p>
        The protocol doesn't get hacked. It gets <em>captured</em>. And the capture looks identical to organic growth.
      </p>

      <h3>Economic Analysis: Protocols Under $50M</h3>

      <div class="pcc-data-card" style="background: #fff3cd;">
        <h4>Attack Economics</h4>
        <p><strong>Capital required to control 40% liquidity in a $30M TVL protocol:</strong> ~$12M</p>
        <p><strong>PCC annual legitimate revenue available for deployment:</strong> <a href="https://smallwarsjournal.com/2025/08/30/from-drug-trafficking-to-faria-lima-the-pccs-metamorphosis-into-a-corporate-conglomerate-and-the-threat-to-the-economy/">$27B</a></p>
        <p><strong>Ratio:</strong> 0.04% of annual revenue</p>
        <p><strong>Detection probability:</strong> Near zero (capital enters as legitimate business deposits)</p>
        <p><strong>Extraction required:</strong> None (revenue earned through LP fees, governance capture, and business-layer transactions)</p>
      </div>

      <h3>Defense Implications</h3>

      <p>
        Protocols cannot defend against this with smart contract audits, transaction monitoring, or circuit breakers.
        The attack vector is economic, not technical. Defense requires:
      </p>

      <ul>
        <li><strong>Liquidity concentration limits</strong> — cap single-entity share of pool liquidity</li>
        <li><strong>Source-of-funds verification</strong> — KYC/KYB for liquidity providers above threshold</li>
        <li><strong>Governance power distribution</strong> — prevent LP-derived voting concentration</li>
        <li><strong>Cross-protocol liquidity monitoring</strong> — track correlated positions across DeFi</li>
        <li><strong>Off-chain intelligence integration</strong> — connect on-chain activity to corporate ownership structures</li>
      </ul>

      <div class="critical-finding">
        <strong>The attack surface isn't the protocol. It's the assumption that controlling liquidity requires extraction.</strong>
        PCC accumulates until everyone else does business with them. The greatest money laundering vulnerability in DeFi
        isn't technical—it's that protocols assume adversaries need to exit.
      </div>
    </section>

    <!-- Scenario 1 -->
    <section id="scenarios" class="scenario-section scenario-1">
      <h2>Scenario 1: "Slow Bleed" Attack (Work at small scale) </h2>
      
      <div class="highlight-box">
        <h4>Attack Parameters</h4>
        <p><strong>Target:</strong> Mento cReal ($372K market cap)</p>
        <p><strong>Method:</strong> 50-100 wallets, micro-redemptions over 2-4 weeks</p>
        <p><strong>Why it works:</strong> Stays below circuit breaker velocity thresholds, evades vAMM slippage through distribution</p>
      </div>

      <h3>Economic Analysis — Five Simulations</h3>
      
      <table class="data-table">
        <thead>
          <tr>
            <th>Simulation</th>
            <th>Market %</th>
            <th>Buy Price</th>
            <th>Profit</th>
            <th>ROI</th>
            <th>Success Rate</th>
          </tr>
        </thead>
        <tbody>
          <tr style="background: #ffdddd;">
            <td><strong>Micro</strong></td>
            <td>10%</td>
            <td>$0.16</td>
            <td><strong>$2.8K</strong></td>
            <td>8.3%</td>
            <td><strong>60-70% ✓ WORKS NOW</strong></td>
          </tr>
          <tr>
            <td><strong>Lean</strong></td>
            <td>20%</td>
            <td>$0.155</td>
            <td><strong>$8K</strong></td>
            <td>12.1%</td>
            <td>50-60%</td>
          </tr>
          <tr>
            <td><strong>Deep Depeg</strong></td>
            <td>25%</td>
            <td>$0.14</td>
            <td><strong>$11K</strong></td>
            <td>14.1%</td>
            <td>40-50%</td>
          </tr>
          <tr>
            <td><strong>No Offramp</strong></td>
            <td>25%</td>
            <td>$0.155</td>
            <td><strong>$10K</strong></td>
            <td>15.4%</td>
            <td>55-65%</td>
          </tr>
          <tr style="background: #ffffdd;">
            <td><strong>Patient</strong></td>
            <td>30%</td>
            <td>$0.15</td>
            <td><strong>$31K</strong></td>
            <td>40.4%</td>
            <td><strong>60-70%</strong></td>
          </tr>
        </tbody>
      </table>

      <div class="highlight-box">
        <h4>Profitability Zones</h4>
        <p><strong>Profitable:</strong> Buy at &lt;$0.155</p>
        <p><strong>Highly Profitable:</strong> Buy at &lt;$0.145</p>
      </div>

      <h3>Critical Insight</h3>
      <p>
        <strong>Attack scales with market cap.</strong> At $3M (8x growth), profit becomes $248K—justifying 
        sophisticated attacks from nation-states and organized crime.
      </p>
      <p>
        The currency (cReal) is paradoxically protected by being "too small to care about" — but this protection 
        disappears as adoption grows.
      </p>
    </section>

    <!-- Scenario 2 -->
    <section class="scenario-section scenario-2">
      <h2>Scenario 2: "Flash Crisis" (Failed attempt) </h2>
      
      <div class="highlight-box">
        <h4>Attack Parameters</h4>
        <p><strong>Target:</strong> Mento cUSD ($16.9M market cap)</p>
        <p><strong>Method:</strong> Oracle manipulation + flash loans + single-block redemption</p>
        <p><strong>Why it DOESN'T work:</strong> Circuit breakers specifically designed to prevent this</p>
      </div>

      <h3>Defenses That Win</h3>
      <ul>
        <li><strong>MedianDeltaBreaker:</strong> 5% velocity threshold blocks rapid oracle manipulation</li>
        <li><strong>ValueDeltaBreaker:</strong> 10% bounds threshold prevents extreme deviations</li>
        <li><strong>1-hour OSM delay:</strong> Prevents single-block manipulation attacks</li>
      </ul>

      <h3>Economic Analysis</h3>
      <p>
        <strong>Theoretical profit:</strong> $120K-200K<br>
        <strong>Actual probability:</strong> 0-5%<br>
        <strong>Expected value:</strong> Strongly negative
      </p>

      <div class="alert-box" style="background: #d4edda; border-color: #28a745;">
        <strong>Strategic Recommendation: NOT VIABLE</strong>
        <p>
          Exclude from realistic attack portfolio. Circuit breakers are effective against flash attacks. 
        </p>
      </div>
    </section>

    <!-- Scenario 3 -->
    <section class="scenario-section scenario-3">
      <h2>Scenario 3: "Systemic Cascade" Attack</h2>
      
      <div class="highlight-box">
        <h4>Attack Parameters</h4>
        <p><strong>Target:</strong> cReal </p>
        <p><strong>Method:</strong> Amplify Brazilian - USA crisis into contagion</p>
        <p><strong>Why it works:</strong> Organic crisis + coordinated attack + shared dependencies = unstoppable momentum</p>
      </div>

      <h3>Six-Phase Cascade (Theory)</h3>
      <ul>
        <li><strong>T+0hr:</strong> Brazilian crisis catalyst (economic shock, political instability, (happens every 4y during the election, if the guy on the right is winning, dolar will fall, if the guy on the left is winning dolar will rise)</li>
          <li><strong>T+6hr:</strong> PCC can pump cReal turning it into a attractive asset, just to dump it during the crisis</li>
        <li><strong>T+6hr:</strong> cReal depegs 10-15% as Brazilian users panic-sell</li>
        <li><strong>T+48hr:</strong> Protocol interdependencies break down across ecosystem</li>
        <li><strong>T+72hr:</strong> System-wide instability, multiple protocol failures</li>
      </ul>

      <h3>Economic Analysis</h3>
      <p>
        <strong>Profit potential:</strong> $5M-20M (short positions + direct arbitrage)<br>
        <strong>Success probability:</strong> 70-80% IF catalyst occurs<br>
        <strong>Historical precedent:</strong> SVB crisis (March 2023), Sonne exploit (May 2024)
      </p>

      <div class="alert-box" style="background: #f8d7da; border-color: #dc3545;">
        <strong>Strategic Recommendation: Maximum Threat</strong>
        <p>
          Most profitable scenario for patient, well-capitalized adversaries. Requires external catalyst but 
          offers extraordinary returns. Cannot be prevented by protocol-level defenses alone—requires ecosystem 
          coordination and stress testing.
        </p>
      </div>
    </section>

    <!-- Strategic Assessment -->
    <section class="section">
      <h2>Strategic Assessment</h2>
      
      <div class="card">
        <h3 style="font-size: 1.2rem; margin-bottom: 1rem;">Attack Hierarchy</h3>
        
        <div style="background: #fff3cd; padding: 1rem; border: 2px solid var(--black); border-radius: 8px; margin-bottom: .75rem;">
          <p style="margin: 0;"><strong>🔴 Immediate Threat:</strong> Scenario 1 "Micro" — works NOW, $2.8K profit, 60-70% success</p>
        </div>
        
        <div style="background: #ffe0e0; padding: 1rem; border: 2px solid var(--black); border-radius: 8px; margin-bottom: .75rem;">
          <p style="margin: 0;"><strong>💰 High-Profit Threat:</strong> Scenario 1 "Patient" — wait for $0.15, $25-35K profit</p>
        </div>
        
        <div style="background: #ffe0ff; padding: 1rem; border: 2px solid var(--black); border-radius: 8px; margin-bottom: .75rem;">
          <p style="margin: 0;"><strong>💥 Maximum Threat:</strong> Scenario 3 "Cascade" — $5M-20M potential, catalyst-dependent</p>
        </div>
        
        <div style="background: #e0ffe0; padding: 1rem; border: 2px solid var(--black); border-radius: 8px;">
          <p style="margin: 0;"><strong>✓ Non-Viable:</strong> Scenario 2 "Flash Crisis" — circuit breakers prevent, &lt;5% success</p>
        </div>
      </div>

      <div class="card" style="margin-top: 1.5rem;">
        <h3 style="font-size: 1.1rem; margin-bottom: .75rem;">Why "Too Small" for Sophisticated Actors</h3>
        <p>
          Absolute returns ($8K-31K) are insufficient for nation-states or large teams with operational overhead. 
          However, these attacks are viable for:
        </p>
        <ul style="margin-left: 1.25rem; margin-top: .5rem;">
          <li>Individual security researchers</li>
          <li>Small opportunistic teams</li>
          <li>Phase 1 of larger, multi-stage attacks</li>
        </ul>
        <p style="margin-top: .75rem;">
          <strong>Critical threshold:</strong> Once cReal reaches $1-2M market cap, attacks become viable for 
          sophisticated adversaries with professional infrastructure.
        </p>
      </div>
    </section>

    <!-- Defense Recommendations -->
    <section id="defense" class="defense-section">
      <h2>Defense Recommendations</h2>

      <h3>What's Working</h3>
      <ul>
        <li>Over-collateralization (190% reserve ratio)</li>
        <li>vAMM slippage (0.4-0.8%) limits large redemptions</li>
        <li>Circuit breakers (oracle monitoring)</li>
        <li>Small market cap (paradoxically protective for now)</li>
      </ul>

      <h3>Critical Vulnerabilities</h3>
      <div class="highlight-box">
        <p><strong>1. Zero Trading Limits in the currency smartcontract </strong> → Unlimited drain possible</p>
        <p><strong>2. External Price Blind Spot</strong> → Circuit breakers don't watch DEX prices</p>
        <p><strong>3. Low Liquidity</strong> → $28K TVL for $372K market (easy to manipulate)</p>
      </div>

      <h3>Immediate Actions (High Priority)</h3>
      
      <div class="highlight-box" style="background: #d4edda;">
        <h4>Priority 1: Trading Limits | Cost: $5K-10K</h4>
        <p><strong>RENDERS ALL ATTACKS UNPROFITABLE</strong></p>
        <ul>
          <li>L0: $50K per 6 hours</li>
          <li>L1: $150K per 24 hours</li>
          <li>LG: $300K global weekly cap</li>
        </ul>
      </div>

      <div class="highlight-box">
        <h4>Priority 2: External Price Monitoring | Cost: $10K-15K</h4>
        <ul>
          <li>Monitor Velodrome, Uniswap, CEX prices</li>
          <li>Pause if external price &lt;90% of oracle for &gt;1 hour</li>
          <li>Detects attacks in accumulation phase</li>
        </ul>
      </div>

      <div class="highlight-box">
        <h4>Priority 3: Pattern Detection | Cost: $15K-20K</h4>
        <ul>
          <li>Wallet clustering analysis</li>
          <li>Timing anomaly detection</li>
          <li>Volume spike alerts</li>
        </ul>
      </div>

      <h3>Medium-Term (6-12 months)</h3>
      <ul>
        <li>Dynamic vAMM slippage (increases during stress)</li>
        <li>Liquidity incentives (target $100K+ TVL)</li>
        <li>Reserve ratio-based restrictions</li>
      </ul>

      <h3>Long-Term (12+ months)</h3>
      <ul>
        <li>Multi-oracle system (Chainlink + Redstone + Pyth)</li>
        <li>Insurance fund (10-15% protocol reserves)</li>
        <li>Cross-chain circuit breaker coordination</li>
      </ul>
    </section>

    <!-- Key Insights -->
    <section id="insights" class="section">
      <h2>Key Insights</h2>

      <div class="insight-card">
        <h3>1. Economic Viability ≠ Technical Feasibility</h3>
        <p>
          Defense should prioritize making attacks <strong>unprofitable</strong>, not impossible. Scenario 2 is 
          technically possible but economically non-viable — this is good defense design.
        </p>
      </div>

      <div class="insight-card">
        <h3>2. Slow Attacks Evade Fast Defenses</h3>
        <p>
          Circuit breakers detect rapid changes. Sophisticated attacks are slow (weeks-long, distributed, 
          multi-phase), staying below velocity thresholds. Defense must account for patient adversaries.
        </p>
      </div>

      <div class="insight-card">
        <h3>3. Small Markets Are Deceptively Vulnerable</h3>
        <p>
          Lower defense budgets + easier manipulation. Attack costs scale DOWN with market cap, while defense 
          costs scale UP. Critical lesson: <strong>Implement defenses BEFORE growth.</strong>
        </p>
      </div>

      <div class="insight-card">
        <h3>4. Defense ROI is Asymmetric</h3>
        <p>
          $5K-10K investment (trading limits) prevents $8K-31K+ in attack profit. Small defensive investments 
          have massive returns. The best security spending has extraordinary ROI.
        </p>
      </div>
    </section>

    <!-- Responsible Disclosure -->
    <section class="section">
      <h2>Responsible Disclosure</h2>
      <div class="card" style="background: #f0f0f0;">
       
        <p>
          <strong>No attacks were executed.</strong> All analysis is theoretical/simulated. This research was 
          conducted to improve protocol security, not to exploit vulnerabilities.
        </p>
      </div>
    </section>

    <!-- Full Document Link -->
    <section class="section">
      <h2>Full Research Document</h2>
      <div class="card">
        <p>
          For complete attack simulations, detailed economic models, and technical vulnerability analysis, reach out to <a href="https://x.com/MarceloReFi" target="_blank">@MarceloReFi</a> on X or connect on <a href="https://www.linkedin.com/in/marcelo-silva-0581b9216/" target="_blank">LinkedIn</a>.
        </p>
      </div>
    </section>

  </div>

  <footer>
    <div class="footer-inner">© <span id="y"></span> Marcelo Silva.</div>
  </footer>

  <script>
    document.getElementById('y').textContent = new Date().getFullYear();
  </script>
</body>
</html>