Blocked Paraspace Attack: Industry's Most Important Block that Rescued $5,000,000

In this series of articles, we will present representative stories of our system Phalcon Block. Today let's take a look at the industry's industry's most important block that rescued $5,000,000.

Blocked Paraspace Attack: Industry's Most Important Block that Rescued $5,000,000

Since BlockSec’s debut in 2021, we have long maintained that code auditing alone cannot solve Web3 security issues. Therefore, we have been investing in exploring new paradigms for Web3 security. Thus we created Phalcon, the world's first crypto hack-blocking system.

Before the launch of Phalcon, the system had been running internally for 2 years, successfully blocking over 20 hacks, and rescuing more than 14 million USD worth of assets, including 3.8 million for Saddle Finance, 2.4 million for Platypus, 5 million for ParaSpace, and more.

Over the past four days, we have proudly shared the extraordinary success stories of our system Phalcon. As the grand finale of this series, today let's dive into the industry's most important block, the one that rescued a staggering $5,000,000.

In sharing these cases, we aim to do more than validate the effectiveness of our system. We also want to demonstrate the transformative effect of proactive defense measures. In the face of threats, we are not powerless. Together, we can usher in a new era of Web3 security.

How We Blocked the Attack Against Paraspace

In March 2023, Paraspace was attacked. Luckily, we managed a rescue in the nick of time, recovering all losses: over 2900 Ether.

Click here to read the tweet

In this article, we will reveal an insider story of the rescue without giving you any complicated tech details.

Paraspace is a top NFT lending protocol on Ethereum. For any lending protocol, ensuring collateral value is higher than lent funds is key. Many attacks on lending protocol manipulate the collateral value, and this attack on Paraspace was no exception.

On March 17, 2023, the attacker deployed the attack contract and completed the setup. He made three unsuccessful attacks from 3:51:23 UTC to 4:36:23 UTC.

Post-analysis revealed the attacker's main failure was due to the 'Gas Limit' not being enough to execute this "complex" attack. During the three failed attacks, the attacker was gradually increasing the gas limit, and by the third attempt, they were very close to success. (Gas Limit: 6,721,975 -> 9,000,000 -> 13,000,000)

Luckily for us, the three failed transactions used up the funds he had prepared for the attack. Now he needed to find some more funds to continue the attack. That gave us some time.

We detected the attack when the attacker sent the first tx, even though the tx failed. At 5:47:11 UTC on March 17, 2023, our rescue contract was ready. We immediately sent the rescue transaction and successfully saved 2906 Ether.

The following image shows after failing to steal the funds, the hacker left an on-chain message that asked our team to return some of the gas fees expended for the hack.

Install MetaDock to enable GPT-powered tx explanation on Etherscan

If the attacker had given one more try ahead of us, he would have stolen the money. It was Phalcon that played a pivotal role in securing our victory in the battle with the attacker. That was the victory of justice!

How to Access the Service

Since the launch of Phalcon in November, we have gradually opened access to the system. The access process is as follows:

  1. Book a demo presentation
  2. We will reach out to you to schedule a demo meeting
  3. Our security experts will complete the integration of your protocol

Let Phalcon build a defense line for your protocol. It doesn't require much work on the protocol side and would never bring in additional risk. It's just like a shield providing an additional layer of safety. Book a demo now!

About Phalcon

Phalcon is an attack monitoring and automated blocking platform launched by BlockSec, a leading Web3 security company. The platform is capable of accurately identifying attacks and automatically blocking them. Phalcon aims to provide comprehensive post-launch security protection for Web3 projects, including continuous monitoring, attack blocking, and emergency response, safeguarding on-chain assets for protocol providers, LPs, and DAO organization participants.

To date, Phalcon has successfully blocked over 20 hacker attacks, rescuing more than $14 million in assets. Even in the early customer stage, Phalcon gained recognition and a grant from the top DeFi protocol Compound and established an attack-blocking platform for it.

Website: https://blocksec.com/phalcon/block

Twitter: @Phalcon_xyz

Telegram: https://t.me/BlockSecTeam

See More Success Stories of Phalcon

Sign up for the latest updates
Join Our Free Hack Defense Game and Block REAL Attacks with Phalcon

Join Our Free Hack Defense Game and Block REAL Attacks with Phalcon

Ready for a LIFE-AND-DEATH battle against hackers?

How Phishing Websites Bypass Wallet Security Alerts: Strategies Unveiled

How Phishing Websites Bypass Wallet Security Alerts: Strategies Unveiled

Explore the two common methods phishing websites use to circumvent the blacklist mechanism of Web3 security wallets.

How to Use Phalcon Fork to Learn the Re-entrancy Attack

How to Use Phalcon Fork to Learn the Re-entrancy Attack

How to use Phalcon Fork to learn Solidity by Example: the Re-entrancy attack as an example