Free monitoring for nonce and multisig attack staging
detect the on-chain setup behind signer-compromise and governance-manipulation attacks before execution.
Why this matters
Not every major Solana exploit starts with vulnerable code. Some begin with off-chain signer compromise and rely on on-chain staging, including durable nonce activity and multisig configuration changes, before funds move. These bots are built to catch that staging early.
Three bots. near real-time detection.
Enable all three to monitor the most common attack staging patterns. Learn more
Nonce Creation
Detects
Creation of durable nonce accounts where authority matches monitored keys
Why it matters
Early signal of potential pre-signed transaction attack staging
Nonce Authority Change
Detects
Nonce authority transferred to or from monitored keys
Why it matters
Catches inbound staging and outbound loss of nonce control
Squads v4 Config Change
Detects
Config proposal and execution events, including threshold, timelock, member, config authority, and rent collector changes
Why it matters
Surfaces governance changes that can remove control layers before execution
Who should enable this
Get started in minutes
Create a WatchTower project
Sign up or log in to your Sec3 account
Add your addresses
Add signers, admin keys, or Squads v4 multisig addresses
Enable the three bots
Turn on nonce and governance monitoring
Route alerts to your team
Connect Slack, Discord, or webhook endpoints
Scope and limitations
- Detects on-chain nonce staging
- Monitors multisig governance changes
- Alerts to investigate or freeze operations
- Detect off-chain social engineering itself
- Replace withdrawal controls or circuit breakers
- Provide post-drain fund tracing or recovery