Hi HN, I built Argus as a solo developer at Tokamak Network. It's an open-source, self-hosted Ethereum attack detection tool written in Rust.
The problem: existing runtime security tools (Forta, Phalcon, Hexagate) are all SaaS. If the vendor shuts down or changes pricing, you lose your security monitoring. OpenZeppelin Defender is shutting down in July 2026, which is a real example of this risk.
Argus scans every transaction at the receipt level (<30μs/tx) and can do full opcode-level replay on suspicious ones. It's been running on Ethereum mainnet since March 2026 with zero downtime at $7/month on AWS Fargate.
Some honest caveats:
- No confirmed exploit interceptions yet. All alerts so far were false positives (legitimate DeFi activity — flash loan arb, MEV bundles)
- Single developer project (bus factor = 1)
- Ethereum L1 only — no multi-chain support
- Built on ethrex LEVM which has ~0% market share as a client (chose it for its step-by-step debugger hook that revm doesn't expose out of the box; porting to revm is on the roadmap)
The retroactive analyses (Balancer $128M, Bybit $1.5B) show what the pipeline would likely detect, but those are hypothetical.
Built with: Rust (edition 2024), ethrex LEVM, axum, tokio. MIT/Apache-2.0 dual license. ~17K LoC + 864 tests.
Happy to answer questions about the detection heuristics, the architecture, or the tradeoffs in building this solo.
cd4761•2h ago
The problem: existing runtime security tools (Forta, Phalcon, Hexagate) are all SaaS. If the vendor shuts down or changes pricing, you lose your security monitoring. OpenZeppelin Defender is shutting down in July 2026, which is a real example of this risk.
Argus scans every transaction at the receipt level (<30μs/tx) and can do full opcode-level replay on suspicious ones. It's been running on Ethereum mainnet since March 2026 with zero downtime at $7/month on AWS Fargate.
Some honest caveats: - No confirmed exploit interceptions yet. All alerts so far were false positives (legitimate DeFi activity — flash loan arb, MEV bundles) - Single developer project (bus factor = 1) - Ethereum L1 only — no multi-chain support - Built on ethrex LEVM which has ~0% market share as a client (chose it for its step-by-step debugger hook that revm doesn't expose out of the box; porting to revm is on the roadmap)
The retroactive analyses (Balancer $128M, Bybit $1.5B) show what the pipeline would likely detect, but those are hypothetical.
Built with: Rust (edition 2024), ethrex LEVM, axum, tokio. MIT/Apache-2.0 dual license. ~17K LoC + 864 tests.
Happy to answer questions about the detection heuristics, the architecture, or the tradeoffs in building this solo.