The decentralized incident response protocol trying to give Ethereum an immune system - one Trap at a time.
A logo shaped like a carnivorous plant, sitting quietly on a page about billion-dollar hacks. The sundew waits. So does the Trap. Nobody in DeFi wants to find out which one moves first.
DeFi's security industry mostly sells you a document. Drosera wants to sell you a nervous system.
Here is a fact about decentralized finance that everyone knows and almost nobody has solved: the money moves faster than the humans guarding it. A protocol gets audited, the auditors file a tidy PDF, the PDF says "looks good," and then eight months later an attacker finds the one function nobody thought about at 3 a.m. and drains it in a single block. The post-mortem thread goes viral. The funds do not come back.
Drosera Network, an eleven-person company founded in 2023, has decided this is fundamentally a timing problem. Their thesis, roughly: security that only looks backward is not really security. What you want is something that watches the protocol while it runs and does something the instant it smells trouble. They call the something a "Trap," and they call the overall pitch "an immune system for Ethereum," which is a good metaphor because immune systems do not wait for a committee - they detect, contain, and respond.
The clever part is what a Trap actually is. It is a smart contract that defines an emergency condition, but it is not deployed on-chain in the usual, readable-by-everyone way. It lives mostly off-chain, gathering the relevant on-chain data, watching the protocol's state, and staying invisible until it needs to fire. Drosera describes this as using "hidden security intents," and if you think about it for a second you will see why that matters: if your defensive logic is sitting on-chain in plain sight, a sufficiently motivated attacker can simply read it and route around it. A hidden Trap is a mousetrap the mouse cannot see.
"Unlike traditional security that reacts after an attack, Drosera works preemptively - identifying risks before they become exploits."
When a Trap detects an anomaly - a suspicious state change, a pattern that looks like the opening move of an exploit - it triggers an automated response. Maybe it pauses a function. Maybe it alerts operators. The point is that a machine, not a sleepy engineer, is the thing standing between "hack begins" and "hack finishes." That gap, measured in blocks, is where the entire game of DeFi security is actually decided, and Drosera's whole product is an attempt to own it.
There is a second, quietly important design decision here, which is decentralization. It would be easy to build a single bot that watches everything and presses the pause button. It would also be a single point of failure, a single admin key, a single thing to bribe or break. Instead Drosera runs a network of independent node "Operators" who watch the deployed Traps, evaluate the on-chain and off-chain data, and push verified responses on-chain. The developers who write Traps are sometimes called "Trappers." It is a marketplace with two sides - people who need defending and people who do the watching - and the coordination between them is the actual protocol.
The name, by the way, is not an accident. Drosera is the botanical genus of the sundew, a carnivorous plant that lures and traps insects. A company whose flagship product is called "Traps" naming itself after a plant that traps things is the sort of detail that suggests somebody in the founding room was paying attention. It is also faintly menacing in exactly the way a security company probably wants to be.
Four moving parts, one goal: shrink the window between detection and defense to as close to zero as the chain allows.
A developer writes a Trap in Solidity describing the emergency condition - the thing that should never happen.
The Trap gathers on-chain data and continuously watches the protocol's live state, off-chain and hidden.
Operators evaluate the data. When the pattern matches an exploit's opening move, the Trap is triggered.
An automated response fires on-chain - pause a function, alert operators - before funds can leave.
Drosera ships developer tooling in the same language your protocol already speaks - Solidity.
Small smart contracts that define emergency conditions off-chain, monitor on-chain state, detect anomalies, and trigger automated responses like pausing functions.
A decentralized set of node Operators that watch deployed Traps, evaluate the data, and push verified responses on-chain - no single point of failure.
Write, test, and deploy Traps in Solidity with a Foundry-based starter template, example Traps, and a command-line workflow.
A dashboard to explore and monitor every active Trap across the network - the map of who is currently being watched.
Fernando Reyes (FDR) is founder and CEO; Samuel Glenn - known in the community as Bobafetador - is co-founder and CTO. The team is small, technical, and crypto-native, building in public across an active Discord, X account, and a stack of open-source GitHub repositories.
The money arrived in two waves. A pre-seed of roughly $1.5M in early 2024, then a $3.25M seed round in February 2025 led by Greenfield Capital, with Anagram, Paper Ventures, Arrington Capital, UDHC, and Pulsar participating - alongside a long list of angels. Total raised to date: $4.75M.
Drosera Network founded around a decentralized incident response thesis for Ethereum.
Closes an early pre-seed round of roughly $1.5M from a group of funds and angels.
Testnet program grows to 25+ committed protocols, including EtherFi, Ion Protocol, and Gravita.
$3.25M seed round led by Greenfield Capital; total funding reaches $4.75M and the "immune system for Ethereum" framing goes public.
Mainnet goes live; the early supporters initiative opens.
The blunt case for Drosera is arithmetic. DeFi has lost billions of dollars to exploits, and the losses tend to happen in the narrow window between an attack starting and anyone with authority noticing. Audits, bug bounties, and monitoring dashboards all live before or after that window. Drosera is trying to live inside it.
Whether it works at scale is genuinely an open question - runtime response is hard, false positives are annoying, and a security network is only as good as the Operators watching it. But the direction is coherent. If the last decade of DeFi security was about finding bugs before launch, Drosera is a bet that the next one is about responding to them at runtime. That is a different product, a different discipline, and - if the metaphor holds - a different organ entirely.