Back to Blog

DeFi and Stablecoin Security: A discussion with Dr. Andy Zhou, CEO of BlockSec

Phalcon CompliancePhalcon Security
November 11, 2025

Read the original article at Chaintech

A secure, compliant, and trustworthy ecosystem is crucial for web3 fintech technologies, such as DeFi apps and stablecoins to scale. BlockSec, a blockchain security company, is at the leading edge of this juncture. I recently spoke with Dr. Andy Zhou, co-founder and CEO of BlockSec about the company’s origins, security and compliance challenges in DeFi, and his leadership philosophy of a fast growing start up. The following is a summary of our discussion, which has been edited for brevity and clarity.

— J.Michael Bradley, Sr. Advising Partner at Chaintech

A Personal Summary of BlockSec’s Journey

I’m Dr. Andy Zhou, and I can tell you that BlockSec is, at its core, a blockchain security company. My co-founder, Dr. Wu, and I launched the company in 2021. We were both university professors at Zhejiang University in China with extensive backgrounds in cybersecurity systems and blockchain research. Our "genesis story" is simple: we saw how billions were being lost in on-chain hacks, and we felt a moral obligation to protect users, developers, and institutions. That's why we created products like Phalcon Security, which is our real-time monitoring platform that automatically spots and responds to hacks, and MetaSleuth, a fund tracking tool that’s actually used by law enforcement to investigate scams. We also offer auditing and consulting. I’m proud to say we’re venture-backed, already sustainable, and serving over 500 global clients, including DeFi protocols and major institutional customers like the Hong Kong SFC and main exchanges like Coinbase, OKX, Bybit, and etc. The product matrix of BlockSec

Vision for the Decentralized Future

The way I see it, the vision for BlockSec is to become the absolute security backbone of the decentralized world. My goal is to allow developers to innovate without the constant headache of worrying about security risks. But our future is actually about more than just protection—it’s where security and compliance merge. With stablecoins becoming such a massive and critical piece of the financial infrastructure, especially as they move into real-world use cases, the need for compliance is only going to get more serious.

When I look at industry trends, I notice that some of the earlier Web3 applications like SocialFi and GameFi still haven’t found their widespread usage scenario. Instead, I’m seeing real momentum in two major areas: prediction markets and the massive emergence of stablecoins. I recently shared a fascinating observation from China: while traditional banks are still holding back due to unclear government policy, big Chinese companies are already moving to better understand how stablecoin based payments may help their businesses! Specifically, they’re researching potential stablecoin payment systems to handle their overseas business. They’re basically lining up to be first when the regulatory dust settles, and that says much about where the market is headed.

BlockSec’s Unique Position and Competitive Edge

BlockSec is perfectly positioned to address these trends because we sit right at that intersection of security and compliance. A typical DeFi protocol mainly needs security, but a stablecoin absolutely needs both. The screening result of a risky address in Phalcon Compliance That’s why we’ve heavily invested in our compliance services, specifically our KYT (Know Your Transaction) and KYA (Know Your Address) solutions for our payment customers. Our product, Phalcon Compliance, automatically screens incoming cryptocurrencies for illicit funds, allowing customers to isolate the money before their main address gets frozen. The flow of illicit cryptocurrencies involved in human trafficking in South Asia We have two key advantages: first, we possess unique intelligence related to illicit funds in key Asian markets (for example, Cambodia) that our Western competitors often lack; and second, our pricing is extremely competitive due to our strong R&D resources in mainland China.

What BlockSec Looks Like in Five Years

In five years, I plan for BlockSec to be truly global. We’ve already opened offices in Hong Kong and Singapore, and Europe and the United States are next on our list for expansion. From a technical standpoint, I want our services to be far more intelligent and autonomous. I envision an automatic mechanism that can detect, analyze, and respond to threats—whether it’s a hack or illicit money flow—across multiple blockchains in real-time. This focus on innovation is why over 70% of our team is dedicated to research and development, and among the RD team, 70% have a master’s or PhD degree.

Core Leadership Philosophy

When it comes to leadership philosophy, I’m deeply inspired by a quote from game developer John Carmack, who essentially said you don't need huge capital to start something grand—you just need dedication, a cheap PC, and the courage to go through with it. This philosophy that "if you want to do something, just do it" has shaped my own focus on execution. I constantly encourage my team to move past just talking and have the courage to turn their curiosity and great ideas into real-world solutions that solve a real-world problem. Don’t just ask hard questions - go ahead, solve the problem, and just do it!

Sign up for the latest updates
Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation
Security Insights

Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation

On April 1, 2026 (UTC), Drift Protocol on Solana suffered a $285.3M loss after an attacker exploited Solana's durable nonce mechanism to delay the execution of phished multisig approvals, ultimately transferring administrative control of the protocol's 2-of-5 Squads governance with zero timelock. With full admin privileges, the attacker created a malicious collateral market (CVT), inflated its oracle price, relaxed withdrawal protections, and drained USDC, JLP, SOL, cbBTC, and other assets through 31 rapid withdrawals in approximately 12 minutes. This incident highlights how durable nonce-based delayed execution can decouple signer intent from on-chain execution, bypassing the temporal assumptions that multisig security implicitly relies on.

Weekly Web3 Security Incident Roundup | Mar 23 – Mar 29, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Mar 23 – Mar 29, 2026

This BlockSec weekly security report covers eight DeFi attack incidents detected between March 23 and March 29, 2026, across Ethereum and BNB Chain, with total estimated losses of approximately $1.53M. Incidents include a $679K flawed burn mechanism exploit on the BCE token, a $512K spot-price manipulation attack on Cyrus Finance's PancakeSwap V3 liquidity withdrawal, a $133.5K flash-loan-driven referral reward manipulation on a TUR staking contract, and multiple integer overflow, reentrancy, and accounting error vulnerabilities in DeFi protocols. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Newsletter - March 2026
Security Insights

Newsletter - March 2026

In March 2026, the DeFi ecosystem experienced three major security incidents. Resolv Protocol lost ~$80M due to compromised privileged infrastructure keys, BitcoinReserveOffering suffered ~$2.7M from a double-minting logic flaw, and Venus Protocol incurred ~$2.15M following a donation attack combined with market manipulation.

Start Real-Time AML with Phalcon Compliance

Turn Phalcon Network alerts into actions with Phalcon Compliance. Use verified blockchain intelligence to screen wallets, monitor transactions and investigate risks. This helps you respond quickly and stay compliant in the digital assets ecosystem.

Get Started with Phalcon Compliance
Contact Sales
Phalcon Compliance

Get Real-Time Protection with Phalcon Security

Audits alone are not enough. Phalcon Security detects attacks in real time and blocks threats mid-flight.

phalcon security