Since BlockSec’s debut in 2021, we have long maintained that code auditing alone cannot solve Web3 security issues. Therefore, we have been investing in exploring new paradigms for Web3 security. Thus we created Phalcon, the world's first crypto hack-blocking system.
Before the launch of Phalcon, the system had been running internally for 2 years, successfully blocking over 20 hacks, and rescuing more than 15 million USD worth of assets, including 3.8 million for Saddle Finance, 2.4 million for Platypus, 5 million for ParaSpace, and more.
In this series of articles, we will present representative successful stories of our system Phalcon. Today let's take a look at the industry's first counter-exploitation of a hacker's contract that rescued $2,400,000.
How We Blocked the Attack Against Platypus
On Feb 16, 2023, Platypus Finance suffered an attack and lost $9 million. Interestingly, the attacker made a huge mistake—they forgot to code the logic that would withdraw the funds from the attack contract. Fortunately, we found a way to leverage the attack contract to rescue $2M.
The attacker's contract has a function (flashloan's callback) that, when called, approves the transfer of USDC to the Platypus's contract. Although initially used for attack, now we can use it to approve the transfer of USDC from the attacker's contract to Platypus' contract.
Next, we wrote a PoC and verified that this rescue scheme works! We shared this solution with Platypusdefi and worked closely with them, successfully recovering $2.4 million USDC in this transaction.
We have successfully recovered the 2.4 million USDC from the attacked contract: https://t.co/lpDYQtu9bf
— Platypus 🔺 (🦆+🦦+🦫) (@Platypusdefi) February 17, 2023
We would like to express our gratitude to @BlockSecTeam for their time and effort in helping us achieve a successful outcome. We are truly thankful for their assistance!
BlockSec has always been at the forefront of crypto security. We work tirelessly to analyze and research every security incident and do everything we can to safeguard funds. Because we know that we're not just protecting numbers, we're protecting the lives of crypto users.
On July 12th, the Platypus faced another attack and the team responded quickly to minimize the damage. Immediate response is key! Yet, automated defenses like Phalcon can further minimize the damage.
How to Access the Service
Since the launch of Phalcon in November, we have gradually opened access to the system. The access process is as follows:
- Book a demo presentation
- We will reach out to you to schedule a demo meeting
- Our security experts will complete the integration of your protocol
Let Phalcon build a defense line for your protocol. It doesn't require much work on the protocol side and would never bring in additional risk. It's just like a shield providing an additional layer of safety. Book a demo now!
About Phalcon
Phalcon is an attack monitoring and automated blocking platform launched by BlockSec. The platform is capable of accurately identifying attacks and automatically blocking them. Phalcon aims to provide comprehensive post-launch security protection for Web3 projects, including continuous monitoring, attack blocking, and emergency response, safeguarding on-chain assets for protocol providers, LPs, and DAO organization participants.
To date, Phalcon has successfully blocked over 20 hacker attacks, rescuing more than $14 million in assets. Even in the early customer stage, Phalcon gained recognition and a grant from the top DeFi protocol Compound and established an attack-blocking platform for it.
Website: https://blocksec.com/phalcon/block
Twitter: @Phalcon_xyz
Telegram: https://t.me/BlockSecTeam
See More Success Stories of Phalcon
- Blocked HomeCoin Attack: Industry's First Successful Blocking Story
- Blocked Saddle Finance Attack: Industry's First Influential Blocking to Rescue $3,800,000
- Blocked TransitSwap Attack: Industry's First "Hacking Back" to Rescue $300,000
- Blocked Platypus Attack: Industry's First Counter-Exploitation of a Hacker's Contract
