Since BlockSec’s debut in 2021, we have long maintained that code auditing alone cannot solve Web3 security issues. Therefore, we have been investing in exploring new paradigms for Web3 security. Thus we created Phalcon, the world's first crypto hack-blocking system.
Before the launch of Phalcon, the system had been running internally for 2 years, successfully blocking over 20 hacks, and rescuing more than 20 million USD worth of assets, including $3.8 million for Saddle Finance, $2.4 million for Platypus, $5 million for ParaSpace, and more.
In this series of articles, we will present representative successful stories of our system Phalcon. Today let's take a look at the industry's first counter-exploitation of a hacker's contract that rescued $2,400,000.
How We Blocked the Attack Against Platypus
On Feb 16, 2023, Platypus Finance suffered an attack and lost $9 million. Interestingly, the attacker made a huge mistake—they forgot to code the logic that would withdraw the funds from the attack contract. Fortunately, we found a way to leverage the attack contract to rescue $2M.
The attacker's contract has a function (flashloan's callback) that, when called, approves the transfer of USDC to the Platypus's contract. Although initially used for attack, now we can use it to approve the transfer of USDC from the attacker's contract to Platypus' contract.
Next, we wrote a PoC and verified that this rescue scheme works! We shared this solution with Platypusdefi and worked closely with them, successfully recovering $2.4 million USDC in this transaction.
BlockSec has always been at the forefront of crypto security. We work tirelessly to analyze and research every security incident and do everything we can to safeguard funds. Because we know that we're not just protecting numbers, we're protecting the lives of crypto users.
On July 12th, the Platypus faced another attack and the team responded quickly to minimize the damage. Immediate response is key! Yet, automated defenses like Phalcon can further minimize the damage.
How to Access the Service
- Phalcon is a SaaS platform. You can log in to our website to explore features, view pricing, and subscribe directly.
- You can also book a demo to learn more about Phalcon and receive expert security advice.
See More Success Stories of Phalcon
- Blocked HomeCoin Attack: Industry's First Successful Blocking Story
- Blocked Saddle Finance Attack: Industry's First Influential Blocking to Rescue $3,800,000
- Blocked TransitSwap Attack: Industry's First "Hacking Back" to Rescue $300,000
- Blocked Paraspace Attack: Industry's Most Important Block that Rescued $5,000,000
- Blocked Loot Attack: How Phalcon Saved $1.2M from Malicious Proposal
About Phalcon
Phalcon is an attack monitoring and automated blocking platform launched by BlockSec. The platform is capable of accurately identifying attacks and automatically blocking them. Phalcon aims to provide comprehensive post-launch security protection for Web3 projects, including continuous monitoring, attack blocking, and emergency response, safeguarding on-chain assets for protocol providers, LPs, and DAO organization participants.
To date, Phalcon has successfully blocked over 20 hacker attacks, rescuing more than $20 million in assets. Even in the early customer stage, Phalcon gained recognition and a grant from the top DeFi protocol Compound and established an attack-blocking platform for it.
Website: https://blocksec.com/phalcon
Twitter: @Phalcon_xyz
Telegram: https://t.me/BlockSecTeam
