Blocked Saddle Finance Attack: Industry's First Influential Blocking to Rescue $3,800,000
Dec 19 2023

Since BlockSec’s debut in 2021, we have long maintained that code auditing alone cannot solve Web3 security issues. Therefore, we have been investing in exploring new paradigms for Web3 security. Thus we created Phalcon Block, the world's first crypto hack-blocking system.

Before the launch of Phalcon Block, the system had been running internally for 2 years, successfully blocking over 20 hacks, and rescuing more than 14 million USD worth of assets, including 3.8 million for Saddle Finance, 2.4 million for Platypus, 5 million for ParaSpace, and more.

In this series of articles, we will present representative successful stories of our system Phalcon Block. Today let's take a look at the industry's first influential blocking that rescued $3,800,000.

How We Blocked the Attack Against Saddle Finance

On April 30th, 2022, Saddle Finance was targeted by an attacker. In total, 4,900 Ether were at risk during the attack. Fortunately, we were able to successfully secure 1,360 Ether, which was worth $3.8 million at that time.

The root cause analysis of the vulnerability and the way to launch the attack can be found in our previous report.

The attacker followed the same pattern for each attempt. First, they created an attack contract and then invoked the function 0xaf8271f7 of the deployed contract to launch the attack. In total, the attacker made three attempts; the first one was successful, while the second one failed at block 14684432 due to an out-of-gas issue. Consequently, the attacker launched a third attempt.

At that time, our system was still a bit green when the first attempt slipped through, but it was ready and waiting for the second one. Just in the nick of time, it spotted the failed transaction, put on its superhero cape, and successfully sent a rescue transaction at block 14684434 to stymie the subsequent attempt. And just like that, the attacker's third attempt was thwarted, leaving them with far less loot than they'd hoped for.

Fund flow of the rescue transaction (click for larger image)

Not perfect, but it certainly marked a milestone as the industry's first influential blocking action to proactively fend off ongoing threats. This triumph reinforced our confidence and motivated us to pursue even greater progress. The experience, particularly the setbacks, shed light on areas for improvement and guided us in refining our system. Fear not, for a more sophisticated and powerful system is just around the corner!

How to Access the Service

Since the launch of Phalcon Block in November, we have gradually opened access to the system. The access process is as follows:

  1. Book a demo presentation
  2. We will reach out to you to schedule a demo meeting
  3. Our security experts will complete the integration of your protocol

Let Phalcon Block build a defense line for your protocol. It doesn't require much work on the protocol side and would never bring in additional risk. It's just like a shield providing an additional layer of safety. Book a demo now!

About Phalcon Block

Phalcon Block is an attack monitoring and automated blocking platform launched by BlockSec, a leading Web3 security company. The platform is capable of accurately identifying attacks and automatically blocking them. Phalcon Block aims to provide comprehensive post-launch security protection for Web3 projects, including continuous monitoring, attack blocking, and emergency response, safeguarding on-chain assets for protocol providers, LPs, and DAO organization participants.

To date, Phalcon Block has successfully blocked over 20 hacker attacks, rescuing more than $14 million in assets. Even in the early customer stage, Phalcon Block gained recognition and a grant from the top DeFi protocol Compound and established an attack-blocking platform for it.


Twitter: @Phalcon_xyz


See More Success Stories of Phalcon Block

Sign up for the latest updates
#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability
Security Insights

#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability

This blog shows the vulnerability and attack caused by Incompatibility of commonly used modules.

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit
Security Insights

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit

On August 3, 2023, an MEV Bot on Arbitrum was attacked, resulting in $800K in loss. The root cause of this attack was **Insufficient User Input Verification**.

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks
Case Studies

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks

On April 9, 2023, SushiSwap became the target of an exploit due to an Unverified External Parameter. The total loss is about $3.3 million.

BlockSec uses cookies and other identifiers to analyze our traffic in accordance. We also share information about your use of our site with our analytics partners. By remaining on this website, you consent to our use of cookies and the Privacy Policy.