Risk Intelligence · Silent Patch Detection

Your models are missing half the data.

More than 50% of open-source security fixes are never publicly disclosed. Your decisions rely on databases built from the other half.

Coverage Gap>50% Hidden Patches
Ecosystems9+ Monitored
Disclosure Rate0.44% Observed
OutputAPI + Reports
PricingPublished Below
RegulatorsComplimentary
Law EnforcementComplimentary

You price risk from databases that are systematically incomplete.

Public CVE databases, audit reports, and disclosed incident histories account for less than half of actual security fixes. According to Chainguard’s 2024 analysis, more than 50% of open-source security fixes are never disclosed publicly. No CVE. No advisory. No changelog entry. The fix ships as a routine update and the vulnerability record never enters your data.

This means every premium priced, every risk assessed, every coverage decision made, every investment thesis validated, and every audit delivered is built on an incomplete foundation.

The problem is structural, not accidental. Protocols have a direct financial incentive to hide vulnerabilities. A known CVE causes risk assessors to reprice. Silence keeps costs low. The entire market subsidizes the silence.

$2.2B
Crypto Losses, 2024
Total value lost to exploits and hacks across the crypto ecosystem in a single calendar year.
70%
Audited Contracts Exploited
Of 2024 crypto exploits targeted contracts that had passed a third-party audit.
0.44%
Observed Disclosure Rate
Across 4,121 security patches analyzed in 9 ecosystems. For every fix disclosed, roughly 227 are not.
48.4%
Market CAGR 2025–2029
DeFi insurance projected to grow from $3.5B to $16.94B. The market is scaling. The risk data is not.

Same bug, four exploits, thirteen months, $31.6 million.

Compound V2’s exchange rate manipulation bug was exploited across four different protocol forks over a thirteen-month window. Total losses: $31.6 million. The vulnerability was known after the first exploit. Three more protocols were hit because no CVE was filed and no downstream notification was issued.

One piece of upstream intelligence would have prevented three of those incidents. Whether you are the underwriter paying claims, the auditor who cleared the protocol, the investor holding the token, or the maintainer running the fork — the missing data cost you.

Case: Compound V2 Exchange Rate Bug
VulnerabilityExchange rate manipulation in forked Compound V2 codebase
Exploit Window13 months across 4 separate incidents
Total Losses$31.6 million
Root CauseNo CVE, no downstream notification after first exploit
Preventable3 of 4 incidents with upstream risk intelligence
Pricing · Published · Per Audience

Get out your calculator.

Every rate is published. Type your number. The math is instant.

Your TVL
$
Monthly + annual shown below
One-Time

Dependency Scan

1basis point
0.01%
of TVL · one-time
Your Cost
  • Full upstream dependency map
  • Silent patch exposure report
  • Severity breakdown per finding
  • Downstream fork impact analysis
Continuous

Upstream Watch

3basis points
0.03%
of TVL · recurring
Monthly
Annual (locked)
  • Everything in Dependency Scan
  • Continuous silent patch feed
  • 48-hour detection SLA
  • API integration for CI/CD
  • Concealment pattern histories
Full Service

Full Advisory

5basis points
0.05%
of TVL · recurring
Monthly
Annual (locked)
  • Everything in Upstream Watch
  • Dedicated analyst
  • Remediation guidance
  • Quarterly security reviews
  • Investor-ready reporting
Monthly — recalculates each billing cycle based on current volume. Your cost tracks your growth in real time.
Annual — volume locked at signing. If you grow $100M mid-contract, your rate stays the same until renewal.
Minimum engagement: $25,000
Regulatory bodies and law enforcement receive complimentary access to this dataset.
Annual Billings
$
Monthly + annual shown below
Dataset

Silent Patch Access

50basis points
0.50%
of annual billings · recurring
Monthly
Annual (locked)
  • Full silent patch database
  • Search by project, ecosystem, CWE
  • Supplement audit findings
  • Historical concealment data
Per-Engagement

Audit Overlay

75basis points
0.75%
of engagement value · per engagement
Per Engagement
  • Targeted scan for audit target
  • Upstream dependency exposure
  • Client-ready findings appendix
  • Silent patch delta report
Full Integration

Integrated Feed

100basis points
1.00%
of annual billings · recurring
Monthly
Annual (locked)
  • Everything in Dataset Access
  • API for workflow integration
  • White-label capability
  • Dedicated analyst
  • Priority SLA
Monthly — recalculates each billing cycle based on current billings.
Annual — billings locked at signing. Growth during the contract doesn’t change your rate until renewal.
Minimum engagement: $30,000
Regulatory bodies and law enforcement receive complimentary access to this dataset.
Last Round Raised
$
Monthly + annual shown below
One-Time

Pre-Launch Scan

2basis points
0.02%
of last round · one-time
Your Cost
  • Dependency exposure report
  • Silent patches in your stack
  • Risk profile before launch
  • Board-ready summary
Continuous

Continuous Monitor

4basis points
0.04%
of last round · recurring
Monthly
Annual (locked)
  • Everything in Pre-Launch Scan
  • Ongoing silent patch alerts
  • 48-hour detection SLA
  • API access
  • Concealment pattern data
Full Service

Full Advisory

6basis points
0.06%
of last round · recurring
Monthly
Annual (locked)
  • Everything in Continuous Monitor
  • Quarterly security reviews
  • Investor-ready risk reports
  • Dedicated analyst
  • Insurance-readiness assessment
Monthly — recalculates if your round size or treasury changes.
Annual — round size locked at signing. Raise a bigger round mid-contract? Same rate until renewal.
Minimum engagement: $15,000
Regulatory bodies and law enforcement receive complimentary access to this dataset.
Crypto AUM
$
Monthly + annual shown below
One-Time

Portfolio Screen

2basis points
0.02%
of crypto AUM · one-time
Your Cost
  • Exposure scan across holdings
  • Per-protocol risk breakdown
  • Silent patch count per position
  • LP-ready summary
Continuous

Due Diligence Feed

4basis points
0.04%
of crypto AUM · recurring
Monthly
Annual (locked)
  • Everything in Portfolio Screen
  • Continuous monitoring of holdings
  • Pre-investment protocol scans
  • Real-time exposure alerts
  • API access
Full Service

Full Intelligence

6basis points
0.06%
of crypto AUM · recurring
Monthly
Annual (locked)
  • Everything in Due Diligence Feed
  • Quarterly portfolio briefings
  • IC-ready risk reports
  • Dedicated analyst
  • Custom coverage by thesis
Monthly — recalculates based on current AUM each billing cycle.
Annual — AUM locked at signing. Portfolio growth mid-contract doesn’t change your rate until renewal.
Minimum engagement: $25,000
Regulatory bodies and law enforcement receive complimentary access to this dataset.
Coverage Volume
$
Monthly + annual shown below
Data Feed

Risk Intelligence Feed

8basis points
0.08%
of coverage volume · recurring
Monthly
Annual (locked)
  • Continuous silent patch detections
  • Protocol-level exposure mapping
  • Severity ratings per finding
  • Concealment pattern histories
  • API access for model integration
  • 48-hour detection SLA
One-Time

Portfolio Assessment

3basis points
0.03%
of coverage volume · one-time
Your Cost
  • Full portfolio exposure analysis
  • Per-protocol risk report
  • Public posture vs. actual patch status
  • Upstream dependency mapping
  • Premium repricing recommendations
  • Structured data appendix
Full Service

Underwriting Intelligence

12basis points
0.12%
of coverage volume · recurring
Monthly
Annual (locked)
  • Everything in Risk Intelligence Feed
  • Pre-binding coverage assessments
  • Real-time exposure change alerts
  • Quarterly underwriting briefings
  • Custom SLAs and reporting
  • Dedicated analyst
Monthly — recalculates based on current coverage book each billing cycle.
Annual — coverage volume locked at signing. Book growth mid-contract doesn’t change your rate until renewal.
Minimum engagement: $50,000
Regulatory bodies and law enforcement receive complimentary access to this dataset.

Public interest. No charge.

Supervisory bodies receive complimentary access to the full silent patch dataset.
Securities regulators, financial supervisory authorities, and government cybersecurity agencies can access the complete risk intelligence feed at no cost. The data exists to make markets transparent. Charging the entities responsible for transparency would defeat the purpose.
Request Access

Investigative support. No charge.

Law enforcement agencies receive complimentary access for active investigations.
Silent patches are evidence. When a maintainer fixes a critical vulnerability without disclosure and downstream protocols lose funds, the patch history documents the timeline of knowledge. We provide that evidence to law enforcement at no cost.
  • Concealment timelines with commit-level precision
  • Evidence of knowledge prior to exploit events
  • Downstream exposure mapping for affected parties
  • Expert consultation on technical findings
  • Chain-of-custody-ready documentation
Fraud, negligence, breach notification failures, securities violations — when concealment causes losses, the patch record is the evidence. We make sure investigators have it.
Request Access
Scope

What the feed covers.

We Monitor

  • Consensus engines (CometBFT, go-ethereum, forks)
  • Smart contract frameworks and their forks
  • DeFi protocol dependencies and upstream libraries
  • Authentication and secrets management platforms
  • Cross-chain bridge infrastructure
  • Layer-1 and Layer-2 blockchain codebases

We Do Not

  • Perform penetration testing or active exploitation
  • Provide legal advice or regulatory representation
  • Guarantee specific coverage or pricing outcomes
  • Disclose raw vulnerability details to non-subscribers
  • Operate as a bug bounty platform or triage service
  • Accept vendor payment to suppress findings
Disclosure gap: Chainguard, “The Hidden Cost of Silent Patches” (2024). Finding: >50% of open-source security fixes lack public disclosure. Crypto losses: Chainalysis, 2024 Crypto Crime Report. $2.2B in total crypto losses for 2024. Audited contract exploits: Halborn Security, 2024 analysis. 70% of exploits targeted previously audited contracts. DeFi insurance market: Market Research Future / Grand View Research. $3.5B (2025) to $16.94B (2029), 48.4% CAGR. Compound V2 exploit chain: Rekt.news incident reports. 4 exploits, 13 months, $31.6M aggregate losses. Internal data: Whitenbaker Labs silent patch detection pipeline. 4,121 patches analyzed, 0.44% disclosure rate across 9 ecosystems.
Get Started

Price risk from complete data.

Pick your tab. Type your number. If the math makes sense, reach out. If it doesn’t, you weren’t the customer.

Email Us View Our Research

Initial consultation free · All prices published · No sales theater