Back to Blog

Introducing ThreatChain: Real-Time Threat Mitigation on the Blockchain

February 23, 2026 • Setec Astronomy Team
announcementthreatchainblockchain

Today we're publicly launching ThreatChain, a real-time threat intelligence platform built on a permissioned blockchain. It's the culmination of months of work combining a distributed ledger, nftables, BIRD 2, WireGuard, and FastAPI into a system that can detect, publish, propagate, and enforce security threats in under 10 seconds.

The Problem

If you've managed firewall rules across multiple servers, you know the pain. An attacker hits one machine, gets banned by fail2ban, and then continues attacking your other servers for hours until someone manually updates the rules or a slow feed propagates the block.

Traditional threat feeds are centralized, delayed, and create single points of failure. There's no shared, auditable source of truth that every node in your network can trust.

Our Solution

ThreatChain uses a permissioned blockchain as a distributed, immutable threat registry. Here's the flow:

  1. Detection: fail2ban, threat feeds (AbuseIPDB), or manual API calls identify a malicious IP
  2. Publication: The threat is published to the blockchain with full metadata (severity, TTL, source, category)
  3. Propagation: All nodes receive the threat within 5 seconds via blockchain consensus over encrypted IPv6 P2P links
  4. Enforcement: nftables rules and BGP blackhole routes are applied automatically on every node

Every action is recorded on the blockchain. Every block, every revocation, every node heartbeat — fully auditable, fully immutable.

What's Included

  • 4 blockchain streams: threats, threat-meta, nodes, audit
  • nftables enforcer: polls the chain every 5 seconds, applies block/monitor rules
  • BGP blackhole routing: critical threats announced via BIRD 2 to upstream peers
  • WireGuard mesh: encrypted tunnels between all nodes over IPv6
  • REST API + SSE: full threat management with real-time streaming
  • fail2ban integration: automatic threat publication from any node
  • Live dashboard: SOC-style real-time threat visualization

How to Get Started

Head to our Services page to see our subscription plans. The Community tier is free forever — you get dashboard access and 100 API calls per day. Professional and Enterprise plans add real-time SSE streaming, BGP peering, and WireGuard tunnels.

We're excited to share this with the security community. If you have questions, contact us or check out the API documentation.

Too Many Secrets.

Back to Blog