All
Tutorials
Tech And Dev
Case Studies
Features
Security Audits
Security Insights
#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability
Security Insights

#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability

This blog shows the vulnerability and attack caused by Incompatibility of commonly used modules.

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit
Security Insights

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit

On August 3, 2023, an MEV Bot on Arbitrum was attacked, resulting in $800K in loss. The root cause of this attack was **Insufficient User Input Verification**.

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks
Case Studies

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks

On April 9, 2023, SushiSwap became the target of an exploit due to an Unverified External Parameter. The total loss is about $3.3 million.

#7: ParaSpace Incident: A Race Against Time to Thwart the Industry's Most Critical Attack Yet

#7: ParaSpace Incident: A Race Against Time to Thwart the Industry's Most Critical Attack Yet

ParaSpace Incident: A Race Against Time to Thwart the Industry's Most Critical Attack Yet

#6: Hundred Finance Incident: Catalyzing the Wave of Precision-Related Exploits in Vulnerable Forked Protocols
Case Studies

#6: Hundred Finance Incident: Catalyzing the Wave of Precision-Related Exploits in Vulnerable Forked Protocols

On April 16th, 2023, Hundred Finance, a Compound V2 fork, was attacked, leading to a loss of about $7.4 million.

#5: Platypus Finance: Surviving Three Attacks with a Stroke of Luck
Security Insights

#5: Platypus Finance: Surviving Three Attacks with a Stroke of Luck

We show the three attacks to Platypus Finance and how BlockSec rescued 2.4 Million USDC for the protocol.

#4: Curve Incident: Compiler Error Produces Faulty Bytecode from Innocent Source Code

#4: Curve Incident: Compiler Error Produces Faulty Bytecode from Innocent Source Code

Curve Incident: Compiler Error Produces Faulty Bytecode from Innocent Source Code

#3: KyberSwap Incident: Masterful Exploitation of Rounding Errors with Exceedingly Subtle Calculations
Security Insights

#3: KyberSwap Incident: Masterful Exploitation of Rounding Errors with Exceedingly Subtle Calculations

KyberSwap Incident: Masterful Exploitation of Rounding Errors with Exceedingly Subtle Calculations

#2: Euler Finance Incident: The Largest Hack of 2023
Security Insights

#2: Euler Finance Incident: The Largest Hack of 2023

Euler Finance Incident: The Largest Hack of 2023

Demystify the Access Control Mechanism in Puffer Protocol
Security Insights

Demystify the Access Control Mechanism in Puffer Protocol

We reviewed the whole architecture of the access control mechanism and its current configuration in the Puffer protocol.

#1: Harvesting MEV Bots by Exploiting Vulnerabilities in Flashbots Relay
Security Insights

#1: Harvesting MEV Bots by Exploiting Vulnerabilities in Flashbots Relay

MEV bots were exploited due to Flashbots relay vulnerability, the number one security incident in the top ten "awesome" security incidents in 2023.

Top Ten "Awesome" Security Incidents in 2023
Security Insights

Top Ten "Awesome" Security Incidents in 2023

In this blog, we will illustrate the top ten security incidents that are worth mentioning in 2023 and their reasons.

Podcast: How BlockSec Intercepted $15M of Web3 Exploits in Real Time
Case Studies

Podcast: How BlockSec Intercepted $15M of Web3 Exploits in Real Time

Andy Zhou, as a guest on the Scraping Bits podcast, discusses how to block attacks in the Web3 area.

BlockSec’s Perspectives and Solutions on the Security of L2 Blockchains
Security Insights

BlockSec’s Perspectives and Solutions on the Security of L2 Blockchains

We will first systematically review the security challenges of L2 blockchains and then propose our solutions.

Creating Your Own L2 Rollup Testnet on Phalcon Fork
Tutorials

Creating Your Own L2 Rollup Testnet on Phalcon Fork

How to leverage Phalcon Fork as L1 to create a L2 rollup testnet using OP stack.

How to Become a Smart Contract Auditor: Your Guide to Mastering Blockchain Security
Security Insights

How to Become a Smart Contract Auditor: Your Guide to Mastering Blockchain Security

Discover the essential steps to mastering smart contract audits with our comprehensive guide. Learn the skills, tools, and best practices needed to excel in blockchain security and become a pivotal player in the world of DeFi and NFTs

BlockSec’s Retrospective on DeFi Protocol Security in 2023
Security Insights

BlockSec’s Retrospective on DeFi Protocol Security in 2023

New trends in DeFi protocol security in 2023 and BlockSec's perspective on how to secure DeFi protocols

BlockSec Partners with IOC and AЯMRD to Enhance Web 3.0 Security
Tech and Dev

BlockSec Partners with IOC and AЯMRD to Enhance Web 3.0 Security

BlockSec and Intelligence On Chain (IOC) have partnered to provide the 'AЯMRD' suite, delivering robust security solutions for Web 3.0 projects in the evolving blockchain landscape.

Phalcon | Overview of the Web3 Security Landscape in 2023
Features

Phalcon | Overview of the Web3 Security Landscape in 2023

In 2023, losses ranging from $100K to $200M occurred across 69 hacking incidents caused by the exploitation of vulnerabilities.

How Phlacon Block Helped Loot Block 1M USD Hack
Case Studies

How Phlacon Block Helped Loot Block 1M USD Hack

The comprehensive process of how Phalcon Block saved more than 1 Million USD for Loot

Telcoin Security Incident In-Depth Analysis
Case Studies

Telcoin Security Incident In-Depth Analysis

A comprehensive analysis of the security breach Telcoin experienced on Christmas Day 2023.

Recent DeFi Hacks: How Phalcon Block Could Protect User Assets Worth Millions
Security Insights

Recent DeFi Hacks: How Phalcon Block Could Protect User Assets Worth Millions

Recent Hacks Highlight Need for Around-the-Clock Blockchain Security Through Automation

Security Check: Do EVM-Compatible Chains Hold Up?
Security Insights

Security Check: Do EVM-Compatible Chains Hold Up?

Revealing Hidden Security Risks in the EVM: How BlockSec's Automated Tool Helps Take a Closer Look

Phalcon's 2023 Year-End Recap
Tech and Dev

Phalcon's 2023 Year-End Recap

Through the story of Phalcon, let's explore the relentless efforts made by BlockSec to advance Web3 security in 2023.

Blocked Paraspace Attack: Industry's Most Important Block that Rescued $5,000,000
Case Studies

Blocked Paraspace Attack: Industry's Most Important Block that Rescued $5,000,000

In this series of articles, we will present representative stories of our system Phalcon Block. Today let's take a look at the industry's industry's most important block that rescued $5,000,000.

Blocked Platypus Attack: Industry's First Counter-Exploitation of a Hacker's Contract
Case Studies

Blocked Platypus Attack: Industry's First Counter-Exploitation of a Hacker's Contract

In this series of articles, we will present representative stories of our system Phalcon Block. Today let's take a look at the industry's first counter-exploitation of a hacker's contract.

Blocked TransitSwap Attack: Industry's First "Hacking Back" to Rescue $300,000
Case Studies

Blocked TransitSwap Attack: Industry's First "Hacking Back" to Rescue $300,000

In this series of articles, we will present representative stories of our system Phalcon Block. Today let's take a look at the industry's first "hacking back" that rescued $300,000.

Blocked Saddle Finance Attack: Industry's First Influential Blocking to Rescue $3,800,000
Case Studies

Blocked Saddle Finance Attack: Industry's First Influential Blocking to Rescue $3,800,000

In this series of articles, we will present representative stories of our system Phalcon Block. Today let's take a look at the industry's first influential blocking that rescued $3,800,000.

Ten Most Frequently Asked Questions About Phalcon Block
Features

Ten Most Frequently Asked Questions About Phalcon Block

We have found that users are particularly interested in the following questions about Phalcon Block...

Blocked HomeCoin Attack: Industry's First Successful Blocking Story
Case Studies

Blocked HomeCoin Attack: Industry's First Successful Blocking Story

In this series of articles, we will present representative stories of our system Phalcon Block. Let's start with the game-changing story in Web3: the industry's first successful defense against hacks.

Why Is Automated Incident Response Crucial in Web3 Security?
Case Studies

Why Is Automated Incident Response Crucial in Web3 Security?

What if KyberSwap had used Phalcon Block...

Yet Another Tragedy of Precision Loss: An In-Depth Analysis of the KyberSwap Incident
Case Studies

Yet Another Tragedy of Precision Loss: An In-Depth Analysis of the KyberSwap Incident

This article dives deep into the attacks targeting KyberSwap and gives a detailed analysis of the root cause of the issue: precision loss.

Security Audit Report for Cakepie Contracts
Security Audits

Security Audit Report for Cakepie Contracts

This is the security audit report that we conducted for Cakepie Contracts in November 2023.

Unveiling BlockSec's Large-Scale TxPHISH Website Detection System
Tech and Dev

Unveiling BlockSec's Large-Scale TxPHISH Website Detection System

BlockSec's latest study on transaction-based phishing on Ethereum has been accepted for full paper publication at ACM CCS!

Lethal Integration: Vulnerabilities in Hooks Due to Risky Interactions
Security Insights

Lethal Integration: Vulnerabilities in Hooks Due to Risky Interactions

In this article, we explore the vulnerabilities that arise during hook interaction logic, specifically concentrating on two scenarios: flawed access control and improper input validation.

BlockSec Launches Phalcon Block: The World's First Crypto Hack Blocking System for Web3 Security
Tech and Dev

BlockSec Launches Phalcon Block: The World's First Crypto Hack Blocking System for Web3 Security

Phalcon Block will revolutionize the fight against hackers in the Web3 world.

As an LP, How to Withdraw Funds Timely Before Protocol Pauses
Tech and Dev

As an LP, How to Withdraw Funds Timely Before Protocol Pauses

BlockSec and Cobo have collaborated to develop a solution that assists LPs in withdrawing funds before the protocol pauses and the liquidity pool freezes.

Thorns in the Rose: Exploring Security Risks in Uniswap v4's Novel Hook Mechanism
Security Insights

Thorns in the Rose: Exploring Security Risks in Uniswap v4's Novel Hook Mechanism

This is the first article of our series exploring security risks in Uniswap v4’s hook mechanism! In this article, we provide a comprehensive overview and foundational understanding for our readers.

Tiny Rounding Down, Big Fund Losses: An in-depth analysis of the recent Balancer incident
Tech and Dev

Tiny Rounding Down, Big Fund Losses: An in-depth analysis of the recent Balancer incident

A comprehensive analysis of the Balancer attack, which occurred on August 27 2023

Unlocking Web3 Security: Battling the Dark Side
Tech and Dev

Unlocking Web3 Security: Battling the Dark Side

In the ever-evolving world of Web3, the significance of security cannot be overstated. Despite bear market conditions, the alarming surge in DeFi hacks and scams has raised concerns.

Factors Making Web3 More Vulnerable to Hacks and Our Mitigation Strategies
Security Insights

Factors Making Web3 More Vulnerable to Hacks and Our Mitigation Strategies

In a world where blockchain hacks and capital exploitation seem to occur almost weekly, the question arises: Can we effectively prevent these security breaches?

BlockSec Phalcon Explorer: Empowering TVL Growth for the EVM Chain
Features

BlockSec Phalcon Explorer: Empowering TVL Growth for the EVM Chain

L1/L2 competition is becoming increasingly fierce. According to DefiLlama, there are currently over 200 chains, with 120 of them being EVM chains, including star projects like Arbitrum, Optimism, and Base.

Use Phalcon Fork to Learn Uniswap V2
Tutorials

Use Phalcon Fork to Learn Uniswap V2

In this article, we will show how to build and deploy Uniswap V2 contracts, including the uniswap-v2-core and uniswap-v2-periphery, into Phalcon Fork.

Collaborative Testing with Phalcon Fork — “Damn Vulnerable DeFi” as an Example
Tutorials

Collaborative Testing with Phalcon Fork — “Damn Vulnerable DeFi” as an Example

Phalcon Fork is a specialized tool designed for Web3 developers and security researchers to conduct collaborative testing with private mainnet states.

Beyond 7 Days: Exploring the Endless Possibilities of BlockSec Phalcon
Features

Beyond 7 Days: Exploring the Endless Possibilities of BlockSec Phalcon

We were thrilled to receive so much positive feedback and engagement from both longtime users and new followers after launching our 7 Days of Phalcon journey on Twitter.

Public transfer vulnerability of the Tether Gold smart contract
Case Studies

Public transfer vulnerability of the Tether Gold smart contract

Describe a public transfer vulnerability in Tether Gold smart contract

How to Use Phalcon Debug to Dive into a Transaction
Tutorials

How to Use Phalcon Debug to Dive into a Transaction

Phalcon supports the debugging of a transaction, a powerful feature that can significantly improve the analysis efficiency for complex transactions.

Systematic Approach to Maintaining EVM Compatibility and Security
Security Insights

Systematic Approach to Maintaining EVM Compatibility and Security

EVM (Ethereum Virtual Machine) compatible blockchains are designed to be compatible with the Ethereum blockchain’s smart contract functionality, programming language (Solidity), and tooling ecosystem.

Security Testing Report for Radiant V2
Security Audits

Security Testing Report for Radiant V2

This is the security testing report that we conducted for Radiant V2 in March 2023.

Proactive Threat Prevention: A New Web3 Security Paradigm
Tech and Dev

Proactive Threat Prevention: A New Web3 Security Paradigm

On 2023–03–17 05:48:59 (UTC), BlockSec successfully blocked an attack attempt on ParaSpace (a top NFT lending protocol) and protected crypto assets worth $5M.

DeFi Exploit Analysis: The Root Cause of Euler's $200M Loss
Security Insights

DeFi Exploit Analysis: The Root Cause of Euler's $200M Loss

Uncovering the root cause of Euler Finance’s $200 million loss

BonqDAO Exploited on Polygon: $120M Stolen Due to Flawed Logic
Security Insights

BonqDAO Exploited on Polygon: $120M Stolen Due to Flawed Logic

BonqDAO on Polygon suffered a $120M attack due to flawed logic, resulting in significant losses and highlighting the importance of DeFi security.

Securing Web3 Through Proactive Threat Prevention
Tech and Dev

Securing Web3 Through Proactive Threat Prevention

In the past three years, we have observed several security incidents in the DeFi ecosystem. To defend the threats, code-centric methods, e.g., static code auditing, smart contract scanning tool, or dynamic fuzzing, are adopted by the community.

Getting Started with BlockSec Phalcon 2.0
Features

Getting Started with BlockSec Phalcon 2.0

Phalcon is a powerful transaction explorer designed for DeFi community. It provides comprehensive data on invocation flow, balance changes, and fund flows for transactions. It also supports transaction simulation.

Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract
Security Insights

Beyond the market risk: a logic bug identified in SushiSwap’s KashiPairMediumRiskV1 contract

Understanding the Impact of SushiSwap's Contract Flaw: Dozens of pools on Ethereum and BSC were at risk due to the KashiPairMediumRiskV1 contract's logic bug

How we recover the stolen funds for TransitSwap and BabySwap
Security Insights

How we recover the stolen funds for TransitSwap and BabySwap

Swift Recovery of Stolen Funds: How we efficiently recovered stolen funds from the TransitSwap and BabySwap attack on the BSC network using a vulnerability in the attacker's bot

Our Short Analysis of the Accusation Against the Wintermute Project
Security Insights

Our Short Analysis of the Accusation Against the Wintermute Project

Analyzing the Wintermute Hack: No Concrete Evidence of an Inside Job

The Two Sides of the Private Tx Service (on Binance Smart Chain)
Security Insights

The Two Sides of the Private Tx Service (on Binance Smart Chain)

The article explores privacy and security challenges of private transaction technologies in protecting users

Reveal the “Message’’ Replay Attacks on EthereumPoW
Security Insights

Reveal the “Message’’ Replay Attacks on EthereumPoW

Learn about recent attacks on EthereumPoW involving message replay, highlighting the vulnerability in the Omni bridge and the need for chainId verification

A new memory overwrite vulnerability discovered in Wyvern Protocol
Security Insights

A new memory overwrite vulnerability discovered in Wyvern Protocol

Wyvern Protocol Vulnerability Alert: Potential for Exploit Leads to Security Concerns

Secure Smart Contract Development — Code Reentrancy in NFT Contracts
Security Insights

Secure Smart Contract Development — Code Reentrancy in NFT Contracts

Explore the critical security concerns in NFT smart contracts, focusing on the reentrancy vulnerability and its impact on the Ethereum ecosystem

Attack Analysis | How Unchecked Mapping Makes $200,000,000 Losses of Nomad Bridge
Security Insights

Attack Analysis | How Unchecked Mapping Makes $200,000,000 Losses of Nomad Bridge

How Nomad Bridge's Security Was Compromised: Analysis of the code that led to Nomad Bridge's vulnerability and the subsequent exploit of nearly $200M

Our Take on the Inverse Finance Security Incident: Price Manipulation Attack
Security Insights

Our Take on the Inverse Finance Security Incident: Price Manipulation Attack

Flashloan Exploit in Inverse Finance: Attacker Profits Nearly $100k USDT and 53.2 WBTC

How a Critical Bug in Solana Network was Detected and Timely Patched
Security Insights

How a Critical Bug in Solana Network was Detected and Timely Patched

Solana Vulnerability: Contract Execution Path Affected by rBPF Bug

How the Mirror Protocol got Exploited
Security Insights

How the Mirror Protocol got Exploited

Revealing How an Attacker Exploited Mirror Protocol by Manipulating mETH and USTC Values

The Analysis of FEGtoken Security Incident: Devil’s in the Details
Security Insights

The Analysis of FEGtoken Security Incident: Devil’s in the Details

How a Subtle Contract Flaw Led to a Million-Dollar FEGtoken Heist on Multiple Blockchains

How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you get
Security Insights

How to exploit the same vulnerability of MetaPool in two different ways (Nerve Bridge / Saddle Finance) — What you see is not what you get

Exploring the Repeat Exploitation of MetaPool's Flaw in Nerve Bridge and Saddle Finance Incidents" – uncovering the persistence of a crypto vulnerability

How Akutar NFT loses $34,000,000 USD
Security Insights

How Akutar NFT loses $34,000,000 USD

Uncovering serious logic vulnerabilities in @AkuDreams contracts, leading to a potential DoS attack and permanent locking of project funds

Security Audit Report for LiNEAR
Security Audits

Security Audit Report for LiNEAR

This is the security audit report that we conducted for LiNEAR in April 2022.

Revest Finance Vulnerabilities: More than Re-entrancy
Security Insights

Revest Finance Vulnerabilities: More than Re-entrancy

Securing the Future of DeFi: Lessons Learned from Revest Finance's Vulnerabilities

LI.FI Attack: a Cross-chain Bridge Vulnerability? No, It’s Due to Unchecked External Call!
Security Insights

LI.FI Attack: a Cross-chain Bridge Vulnerability? No, It’s Due to Unchecked External Call!

"LI.FI's Cross-Chain Bridge Vulnerability: A Lesson in External Call Security for DeFi" - Offering insights into the need for better security practices in DeFi coding

Secure the Solana Ecosystem (2) — Calling Between Programs
Security Insights

Secure the Solana Ecosystem (2) — Calling Between Programs

Master the art of cross-program invocation in Solana with our comprehensive guide and hands-on examples, taking your smart contract development to the next level

The short analysis of the flashloan attack to the APE AirDrop
Security Insights

The short analysis of the flashloan attack to the APE AirDrop

Analysis of an attack that manipulated the spot price of assets to profit from an APE token airdrop

Secure the Solana Ecosystem (1) — Hello Solana
Security Insights

Secure the Solana Ecosystem (1) — Hello Solana

BlockSec's Mission for a Secure DApp Ecosystem: Discover how BlockSec aims to enhance the security of the DApp ecosystem with a focus on Solana smart contract security.

How to Make the Blockchain Attack “Blockable”
Tech and Dev

How to Make the Blockchain Attack “Blockable”

In the past two years, we have observed a couple of security incidents in the DeFi ecosystem. Not surprisingly, there exist several cases of attacked contracts that have been audited by multiple companies.

When “SafeMint” Becomes Unsafe: Lessons from the HypeBears Security Incident
Security Insights

When “SafeMint” Becomes Unsafe: Lessons from the HypeBears Security Incident

Understanding the security vulnerability of the 'SafeMint' function in ERC721 contracts.

When “SafeTransfer” Becomes Unsafe: lessons from the QBridge security incident
Security Insights

When “SafeTransfer” Becomes Unsafe: lessons from the QBridge security incident

The QBridge Exploit: How Non-Standard Code Practices Led to a Major Cryptocurrency Theft

New Integer Overflow Bug Discovered in Solana rBPF
Security Insights

New Integer Overflow Bug Discovered in Solana rBPF

Integer Overflow Bug Found in Solana's Virtual Machine That Puts the Network at Risk

Security Audit Report for NearOinDao
Security Audits

Security Audit Report for NearOinDao

This is the security audit report that we conducted for NearOinDao in December 2021.

The analysis of Nerve Bridge Security Incident

The analysis of Nerve Bridge Security Incident

Exploring the similarities between the Nerve Bridge and Synapse incidents, shedding light on the attacker's modus operandi

A short analysis of the wild exploitation of CVE-2021–39137
Security Insights

A short analysis of the wild exploitation of CVE-2021–39137

Explore the security breakdown of the CVE-2021-39137 exploit and its impact on Ethereum's blockchain

Tradeoff Between Convenience and Security: Unlimited Approval in ERC20
Security Insights

Tradeoff Between Convenience and Security: Unlimited Approval in ERC20

Exploring the Risks of Unlimited Approval in Ethereum's ERC20 Token Standard.

The analysis of the DAOMaker attack
Security Insights

The analysis of the DAOMaker attack

Explore the step-by-step breakdown of the DAOMaker attack, examining the smart contract vulnerabilities that led to unauthorized admin role assignments and illicit fund withdrawals

The Further Analysis of the Poly Network Attack
Security Insights

The Further Analysis of the Poly Network Attack

Delve into the attack flow on Ethereum, revealing a cross-chain exploit spanning Ontology, Poly, and Ethereum chains

The initial analysis of the PolyNetwork Hack
Security Insights

The initial analysis of the PolyNetwork Hack

PolyNetwork Hack: Exploit Analysis of the Root Cause of the 300 Million USDs Attack on Multiple Chains

The Analysis of the Popsicle Finance Security Incident
Security Insights

The Analysis of the Popsicle Finance Security Incident

Attack Flow Unveiled: The Steps Taken by the Attacker to Exploit Popsicle Finance

The Analysis of the Sanshu Inu Security Incident
Security Insights

The Analysis of the Sanshu Inu Security Incident

Ethereum Blockchain Exploit: Sanshu Inu Suffers Smart Contract Attack Revealed by DeFiRanger

The Analysis of the Array Finance Security Incident
Security Insights

The Analysis of the Array Finance Security Incident

Exploring the Array Finance Exploit: A Step-by-Step Attack Analysis" - A detailed breakdown of the malicious transactions that compromised Array Finance, offering insights into DeFi vulnerabilities

Price manipulation attack in reality (again): RariCapital incident
Security Insights

Price manipulation attack in reality (again): RariCapital incident

Exploring Indirect Price Manipulation: Understanding the Attack on RariCapital

Deposit Less, Get More: yCREDIT Attack Details
Security Insights

Deposit Less, Get More: yCREDIT Attack Details

Exploiting yCREDIT: How Attackers Minted Excess Tokens for Profit" – Discover the vulnerability that disrupted yCREDIT's token balance

BlockSec uses cookies and other identifiers to analyze our traffic in accordance. We also share information about your use of our site with our analytics partners. By remaining on this website, you consent to our use of cookies and the Privacy Policy.