Back to Blog

BlockSec Phalcon 2.0 Unleashed: A New Era of Hack Prevention and Protocol Security Begins

Phalcon Security
November 20, 2024
5 min read
Key Insights

Protocol Security Goes Beyond Code Auditing

Today, code auditing has become an industry standard, with the vast majority of protocols undergoing audits before going live. Yet, why do hackers still frequently succeed, stealing billions of dollars each year? The answer lies in the evolving landscape of protocol security, which demands more than just pre-deployment checks.

According to the BlockSec Security Incidents Dashboard, from January 2023 to the present, there have been 146 major attack incidents, resulting in asset losses exceeding one billion dollars in total. Examples include the Euler Finance Incident ($200M losses), the Curve Incident ($60M losses), the KyberSwap Incident ($46M losses), and the recent Polterfinance attack ($8.7M losses). Notably, the majority of these protocols had successfully passed code audits conducted by well-known firms.

Security incidents dashboard showing major attack incidents and total losses
Security incidents dashboard showing major attack incidents and total losses

Even if a protocol has passed audits and fixed known vulnerabilities, it may still face significant security risks: It may still harbor zero-day vulnerabilities; during bug-fixing, small-scale upgrades, or parameter adjustments, the protocol team may inadvertently introduce new attack vectors; external dependencies can pose new risks; and even oversights related to compilers can lead to attacks.

Moreover, the open-source nature, anonymity, and flashloan mechanisms of blockchain make it easier for hackers to exploit vulnerabilities, and the chance for huge profits gives them strong motivation. Since protocols are transparent and attackers stay hidden, defending against these evolving threats is very challenging. Some project teams may compensate users after attacks to reduce the damage, while financial losses can be recovered, rebuilding trust is much harder once it is lost.

Unfortunately, protocols have long focused mainly on code audits to ensure security, often overlooking an equally important area—security monitoring and automated responses after launch. This is precisely the gap that BlockSec Phalcon 2.0 is designed to fill, offering robust hack prevention capabilities.

What is BlockSec Phalcon and Why is Real-time Attack Blocking Critical?

BlockSec Phalcon is a cutting-edge security monitoring and attack blocking system designed specifically for protocols, covering the vast majority of threats protocols may encounter after going live, such as attack, operational, interaction, and financial risks. It's a comprehensive solution for Web3 security.

Currently, some protocols may have built or purchased monitoring systems, but why do they still suffer losses when facing attacks? The reasons are twofold:

  • First, the project team might not learn about an attack in time or could waste valuable time verifying the accuracy of alerts due to frequent false positives. Meanwhile, hackers could already complete multiple attack transactions.
  • Second, even if the project team quickly detects the attack and takes action, they often cannot respond as fast as the hackers. Many protocols rely on multi-sig wallets, and the need for multiple approvals makes manual responses even slower, making effective attack blocking nearly impossible.

BlockSec Phalcon delivers practical and battle-tested solutions to address these two critical challenges, enabling true hack prevention.

  • Precise Detection: BlockSec Phalcon uses over 200 clearly defined attack characteristics to identify whether a transaction is an attack, ensuring no attacks go undetected while almost eliminating false positives and avoiding disruptions to the team. This precision is crucial for effective security monitoring.
  • Attack-Blocking Capability: BlockSec Phalcon continuously monitors transactions early at the mempool stage. Upon detecting an attack transaction, the system immediately alerts users, automatically initiates a response transaction, and employs a gas-bidding strategy to ensure these system-generated transactions are processed before the attack. This effectively blocks hacker attacks, achieving zero loss. What's more, the platform supports both EOA and multi-sig wallets, enabling projects using Safe{Wallet} to automatically counteract attacks, solidifying its position as a leader in mempool security.

Protect Your Protocol with BlockSec Phalcon

Don't wait for an audit to fail. Implement real-time security monitoring and attack blocking to safeguard your assets. Discover how BlockSec Phalcon can provide unparalleled protection.

Learn More About Phalcon

BlockSec Phalcon 2.0: Tailored Security Solutions for Protocols

This advanced attack-blocking system launched by BlockSec had been running internally for two years before its release, successfully blocking over twenty attacks through whitehat rescues, helping project teams recover over $20 million in potential losses. It's the first and only security product with proven records of hack prevention and has successfully blocked multiple hacking attempts.

BlockSec Phalcon 2.0 dashboard interface showing monitoring and blocking capabilities
BlockSec Phalcon 2.0 dashboard interface showing monitoring and blocking capabilities

“Often, we detected attacks but couldn't reach the project team promptly. This led us to think, why not empower project teams directly with the ability to automatically prevent attacks? This was the very motivation for the creation of BlockSec Phalcon,” said Andy Zhou, the CEO of BlockSec.

In this major upgrade, BlockSec Phalcon 2.0 was redesigned to address the attacks, operational, interaction, and financial risks faced by protocols, and now it covers the vast majority of security risks protocols may encounter after going live. Additionally, we have further optimized the convenience and flexibility of our system configurations. Now users only need to import addresses to complete monitoring configurations with one click, making it very convenient, and they can customize monitoring rules for complex scenarios,” Andy Zhou added.

David Zong, Head of Risk at Bybit, stated, "We are big fans of BlockSec and have been deeply involved from the inception of BlockSec to the use of each of its products. BlockSec Phalcon is a very good security tool, to help Bybit achieve on-chain tracking and web3 contract security monitoring. We will have more cooperation with BlockSec in the future."

BlockSec Phalcon 2.0 represents a significant leap forward in smart contract security. Continuously refining our security solutions to protect the assets of projects and users is our top priority at BlockSec. We are not only committed to code security but also to safeguarding trust and innovation. By ensuring the security of protocols throughout their entire lifecycle, we protect every user's dream to bravely move forward in the Web3 world.

Get Started with BlockSec Phalcon 2.0 for Enhanced Web3 Security

BlockSec Phalcon is an invitation-only SaaS platform, accessible only to invited users. This exclusivity ensures tailored support and maximum effectiveness for our partners.

Interested users can schedule a demo to learn more about the product's features, and have the opportunity to speak directly with security experts to discuss customized security solutions for their specific needs.

Book Demo: https://calendly.com/blocksec/phalcon-demo

Learn More: https://blocksec.com/phalcon

Schedule a Demo of BlockSec Phalcon 2.0

Ready to experience the next level of protocol security? Book a personalized demo with our experts to see BlockSec Phalcon 2.0 in action and discuss your specific security requirements.

Book Your Demo Today

About BlockSec

BlockSec is a full-stack Web3 security service provider. The company is committed to enhancing security and usability for the emerging Web3 world in order to facilitate its mass adoption. To this end, BlockSec provides smart contract and EVM chain security auditing services, the BlockSec Phalcon platform for security monitoring and attack blocking, the MetaSleuth platform for fund tracking and investigation, and MetaSuites extension for Web3 builders surfing efficiently in the crypto world.

To date, the company has served over 300 clients such as Uniswap Foundation, Compound, Forta, and PancakeSwap, and received tens of millions of US dollars in two rounds of financing from preeminent investors, including Matrix Partners, Vitalbridge Capital, and Fenbushi Capital.

Official website: https://blocksec.com/

Official Twitter account: https://twitter.com/BlockSecTeam

Sign up for the latest updates
The Decentralization Dilemma: Cascading Risk and Emergency Power in the KelpDAO Crisis
Security Insights

The Decentralization Dilemma: Cascading Risk and Emergency Power in the KelpDAO Crisis

This BlockSec deep-dive analyzes the KelpDAO $290M rsETH cross-chain bridge exploit (April 18, 2026), attributed to the Lazarus Group, tracing a causal chain across three layers: how a single-point DVN dependency enabled the attack, how DeFi composability cascaded the damage through Aave V3 lending markets to freeze WETH liquidity exceeding $6.7B across Ethereum, Arbitrum, Base, Mantle, and Linea, and how the crisis forced decentralized governance to exercise centralized emergency powers. The article examines three parameters that shaped the cascade's severity (LTV, pool depth, and cross-chain deployment count) and provides an exclusive technical breakdown of Arbitrum Security Council's forced state transition, an atomic contract upgrade that moved 30,766 ETH without the holder's signature.

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026

This BlockSec weekly security report covers four attack incidents detected between April 13 and April 19, 2026, across multiple chains such as Ethereum, Unichain, Arbitrum, and NEAR, with total estimated losses of approximately $310M. The highlighted incident is the $290M KelpDAO rsETH bridge exploit, where an attacker poisoned the RPC infrastructure of the sole LayerZero DVN to fabricate a cross-chain message, triggering a cascading WETH freeze across five chains and an Arbitrum Security Council forced state transition that raises questions about the actual trust boundaries of decentralized systems. Other incidents include a $242K MMR proof forgery on Hyperbridge, a $1.5M signed integer abuse on Dango, and an $18.4M circular swap path exploit on Rhea Finance's Burrowland protocol.

Weekly Web3 Security Incident Roundup | Apr 6 – Apr 12, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Apr 6 – Apr 12, 2026

This BlockSec weekly security report covers four DeFi attack incidents detected between April 6 and April 12, 2026, across Linea, BNB Chain, Arbitrum, Optimism, Avalanche, and Base, with total estimated losses of approximately $928.6K. Notable incidents include a $517K approval-related exploit where a user mistakenly approved a permissionless SquidMulticall contract enabling arbitrary external calls, a $193K business logic flaw in the HB token's reward-settlement logic that allowed direct AMM reserve manipulation, a $165.6K exploit in Denaria's perpetual DEX caused by a rounding asymmetry compounded with an unsafe cast, and a $53K access control issue in XBITVault caused by an initialization-dependent check that failed open. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Get Real-Time Protection with Phalcon Security

Audits alone are not enough. Phalcon Security detects attacks in real time and blocks threats mid-flight.

phalcon security