Nectar tokens (NCT) will be available for purchase exclusively with Ether (ETH).
If you plan to participate in the Nectar token sale, we recommend acquiring ETH well in advance of the sale start date to ensure your ability to contribute.
Participants will complete a brief registration process that will be launching in advance of the token sale.
Please follow us on Twitter and other social media (links at the bottom of the page) or sign up for our newsletter to stay up to date!
How do I purchase Nectar tokens (NCT)?
Nectar tokens (NCT) will be available for purchase exclusively with Ether (ETH). If you plan to participate in the Nectar token sale, we recommend acquiring ETH well in advance of the sale start date to ensure your ability to contribute.
What are PolySwarm's minimum and maximum funding levels?
A lot of work goes into the creation of a viable marketplace - well beyond the engineering work of developing smart contracts and reference implementations. In order for PolySwarm to be a success, substantial community engagement must take place to ensure a sufficiently thick market in terms of Enterprises, Ambassadors and Experts. See funding level tranches for a rough breakdown of categories of costs inherent to bootstrapping the PolySwarm Market.
PolySwarm's minimum funding level is set at $5,000,000 USD equivalent in ETH. PolySwarm's maximum funding level (cap) is set at $50,000,000 USD equivalent in ETH. For the purpose of minimum funding calculation, the exchange rate as specified on https://coinmarketcap.com/ at the beginning of the Creation Period (February 20, 2018 at 19:00 UTC) will be used.
What happens if PolySwarm's minimum funding level is not reached?
If PolySwarm does not meet its minimum funding level, all ETH contributions will be refunded to the contributors' addresses.
How many Nectar tokens will be created? Will more be created later?
The amount of Nectar created will be determined by the total ETH contributed during the token sale. Please refer to PolySwarm's Terms of Token Sale document for exchange rates between ETH and NCT during different tranches.
After the token sale closes, no more NCT will be created.
When does the sale start? How long is the sale open?
The token sale opens on February 20th, 2018 19:00 UTC and will close on March 22nd, 2018 19:00 UTC
How is PolySwarm Pte. Ltd. ensuring the security of the token sale contracts and subsequently funded PolySwarm contracts?
We're glad you asked! We're security people ourselves, so this would be one of the first questions we would ask if we were in your shoes.
At a high level, we will take the following precautions:
1. Nectar's token sale contract will be very simple and will draw heavily from well-studied ConsenSys and OpenZeppelin contracts. No reinventing the wheel here.
2. PolySwarm Pte. Ltd. will run a bug bounty program to crowdsource vulnerability identification in contracts developed with token sale funding.
3. PolySwarm Pte. Ltd. will engage with Trail of Bits for a professional audit using cutting-edge EVM tools.
The two latter items deserve more discussion; head over to our Security page to learn more!
Do Nectar token holders participate in PolySwarm governance?
The PolySwarm Market is a market and specifically does not function like a Distributed Autonomous Organization (DAO). PolySwarm's Nectar tokens are designed to be purely utilitarian: participants exchange threat intelligence for NCT - end of story.
PolySwarm token holders (and PolySwarm Pte. Ltd.) will not earn any manner of dividends or "return" for Nectar holdings, nor are PolySwarm token holders entitled to any equity, voting rights, or any other right beyond NCT's utility for engaging in PolySwarm Market transactions. Fees are not remitted to holders (including PolySwarm Pte. Ltd..
PolySwarm is specifically designed to avoid token holder control over the market, as this would be anathema to PolySwarm's goals for fostering an open, fair and distributed marketplace for threat intelligence.
Why does PolySwarm need a token?
Nectar serves to isolate PolySwarm from external market forces including the value of Ether (ETH) and the performance of applications that transact in Ether.
Token-enabled market isolation is not a uniquely PolySwarm concern; many other applications have chosen to use tokens for the same reason. Nectar-based isolation will allow for more consistency in PolySwarm market behavior, enabling participants to transact with greater confidence and reducing perverse incentives that would otherwise harm the PolySwarm Market.
Suppose PolySwarm participants transacted directly in Ether (ETH). In a hypthotical Ether-based PolySwarm, Ambassadors are incentivized to buffer a number of Enterprises' artifacts until the value of Ether diminishes sufficiently to minimize the Ambassador's Bounty placement cost and in turn maximize his / her profit. This selfish behavior might be good for the Ambassador in the short term, but triggers a tragedy of commons condition in the long term, potentially causing gridlocks via delayed Bounties (or even delayed Assertions placed on Bounties). When considering the ground truth feedback mechanism, we expect PolySwarm bounties to operate on day or week timescales: orders of magnitude longer than minute fluctuations in ETH value.
In a Nectar-based PolySwarm, we are able to peg the price of Bounty placement (in terms of NCT required) independently of ETH value fluctuations, unlocking stability strategies and diminishing return on micro timing choices that would otherwise amount to perverse incentive.
How do I complete the KYC (Know Your Customer) to get prepared for the token sale prior to Feb 20th?
We will have series of KYC questions that have to be answered when you register for the token sale. This should be ready around 15 Jan 2018.
How would you prevent a rogue team of say 100-200 hackers, who are sponsored and don’t care about losing money, from building up their reputation as trustworthy experts over a lengthy period of time, say a year or two, and who may then become trusted by a large firm for example, only to want to flip on them after a while and suggest that certain malware that this firm might be asking about is in fact harmless, when in reality it isn’t?
If it takes 100-200 well financed hackers to build reputation over time and ultimately risk burning that reputation to hide some malware from a subset of ambassadors, I'd say we've won. That bar is far higher than today's status quo - this is a much more costly endeavor that what is required to evade AV today.
No system can be 100% perfect, including PolySwarm, but PolySwarm is far better than today's environment if such resources are required to pull off such an attack.
As a single user at home, how exactly would PolySwarm help me? I mean if I didn’t want to go through a known anti-virus company, like AVAST or any of the other scores of firms out there, how would I tap into the PolySwarm network on my PC?
End users will benefit from PolySwarm by being exposed to better-valued services. We don't expect most end users to directly interact with the PolySwarm network; this is the role that Ambassadors fill.
PolySwarm Ambassadors will be today's familiar, existing AV companies (like AVAST) as well as new companies made possible by PolySwarm’s economic model.
We expect to see new companies acting as Ambassadors that serve as a direct conduit to the PolySwarm network. These new companies will exchange end user subscription fees for a convenient link to the PolySwarm network, handling Bounties and Offers on behalf of their end user customers. This new type of company will almost certainly have lower cost relative to monolithic offerings seen today. We believe this will translate into a better value for the end user.
In short: most end users will continue to engage with a subscription-based service, but will get more protection for less money due to the efficiencies made possible by PolySwarm's crowdsourced, distributed design.
What strategies are PolySwarm planning to use to bootstrap the various actors/services required for the network to function effectively from day one?
We have a multi-pronged approach, targeting enterprise, ambassador and security expert onboarding, respectively.
At a high level, we will foster a network effect, playing enterprise interest toward security experts (more bounties available) and then security expert interest toward ambassadors and enterprises (increasingly quality threat intelligence). This two-sided effect will naturally encourage uptake on the opposite side.
1. Sponsor PolySwarm integration into existing incident response (IR) and defensive toolkits.
PolySwarm will offer Nectar bounties (from PolySwarm Pte. Ltd.s holding) as reward for open source contributions to widely used IR, defense and forensics toolkits. Specifically, we will target open source projects like Facebook’s osquery , and The Sleuth Kit / Autopsy. By making it trivial to use PolySwarm with these tools, PolySwarm seamlessly plugs into existing workflows. Some users will choose to leverage PolySwarm and any such leverage will help create a network effect.
2. Partnership with existing threat intelligence vendors, offering early Arbitership as incentive to plug into the network.
Existing threat intelligence companies will desire to become Arbiters in the PolySwarm ecosystem. PolySwarm will offer designated arbitership to chosen Arbiters to help bootstrap the network. This will be limited time offer, after which Arbiter must maintain high ecosystem throughput to maintain their status.
3. Hackathons, competitions and sponsorship directed toward information security expertise, with an emphasis toward markets that already participate heavily in vulnerability bug bounty programs.
This one is pretty self-explanatory. We will target information security conferences in Eastern Europe, Asia, Latin and South America in particular.
What gives Swarm the confidence that they will be able to attract thousands of Experts to become part of the network?
This was alluded to a little in the previous question / response.
In addition to the response above, PolySwarm plans to host a Nectar-for-artifact bounty program to help build a corpus of “swarmed” artifacts in the network and get initial people onboard. Security experts will receive Nectar in response to “swarming” malicious artifacts during this Beta period. Prior to Arbiter establishment, malintent determination will be outsourced.
Beyond this mass market approach, all of the founders and many of our friends and colleagues work in the Information Security industry. Many of them have custom malware analysis tools that they develop for their work or hobbies that could be reconfigured to work as micro-engines.
We speak with graduate and PhD students at conferences and events that have the technical skills to build and run micro-engines, but cannot get jobs at cyber security companies due to their nationality or choice of home location.
The quality security experts are out there, and we are giving them the means to participate.
Is the Hacken project a competitor of PolySwarm? How are they similar/different? Why would a Security Expert want to be involved with PolySwarm vs Hacken?
It’s a different market and we wish them success. Hacken is decentralizing bug (vulnerability) bounties against corporate sites and software, basically security experts doing manual analysis against unique targets.
We’re pretty familiar with the bug bounty market: average transaction value is 400-500 USD per bounty. Hacken’s market requires manual review to evaluate if bounties are won or not. There’s probably on the order of 1000’s of transactions a year.
Conversely, PolySwarm deals with the sort of threat intelligence that can be automated, such as anti-virus. Anti-virus companies, worldwide, see billions of samples a day and probably 10’s of millions are unique. Transaction value ranges 0.0025-0.015 USD per file/url/artifact scan. All micro-engines and the vast majority of ground truth determination in PolySwarm will be automated.
Manual review of a smallish binary takes the better part of a day or two. Larger applications, we are talking many days or even weeks.
Does Polyswarm protect a company's corporate network similar to how a Palo Alto Networks device does?
PolySwarm will enable companies like Palo Alto to enhance their offerings by being able to solicit crowdsourced opinion on files they're unsure of. Today, they reach out to VirusTotal (and pay handsomely to do so). Tomorrow, with PolySwarm, they'll get access to a broader set of security expertise without a middle man (VirusTotal is owned by Google).
From the enterprise perspective, should Palo Alto plug into PolySwarm, the enterprise will see better detection rates. Palo Alto will save money and ideally those savings will be passed down to the customer. In the PolySwarm ecosystem, Palo Alto (PA) is an "Ambassador".
Is PolySwarm a Marketplace?
Yes. More specifically, it's a set of smart contracts that define how threat intelligence is sourced and how good threat intelligence is rewarded at the expense of bad (inaccurate) threat intelligence.
We expect some larger enterprises to participate directly in the marketplace (bypassing Ambassadors) and one of our big goals is make Ambassadorship as accessible as possible -- today you need funding rounds, marketing, HR, etc, etc, to build a company like Palo Alto Networks. Tomorrow, we hope that the raw statistics surrounding each Ambassadors’ performance, coupled with the autonomous nature of the market will allow for more streamlined operations - mini-Ambassadors if you will - that wouldn't fit into today's market, but would thrive in PolySwarm.
In other words, only few can get listed as a vendor on VirusTotal, but anyone can call themselves an Ambassador on PolySwarm. Ambassadors will have to maintain their quality of service and reputation to attract enterprises and end users as customers.