Back to Blog

How L2 Blockchains Can Do Better to Protect Their Users

Phalcon
March 27, 2024

Why Security is Important for L2

Security is crucial for Layer 2 (L2) blockchains as they gain popularity. With advancements like the Dencun upgrade, gas prices on L2 are decreasing, making them more attractive. Additionally, the introduction of BTC L2 enhances liquidity in the L2 ecosystem, attracting more users.

Unlike Layer 1 (L1) blockchains that serve as a foundational infrastructure for various decentralized applications (Dapps), L2 chains typically focus on a specific type of application, creating a dedicated ecosystem. Therefore, operators of L2 blockchains need to prioritize the security of top Dapps in their ecosystem, as these applications often hold the majority of the Total Value Locked (TVL) on the chain. An attack on these top apps could lead to a collapse of the chain's ecosystem, as users' assets are concentrated in these applications.

Munchables Incidents

An example of the importance of security in L2 is the Munchables security incident on the Blast chain. On March 21 (UTC), a malicious contract was updated, and five days later, on March 26 (UTC), an attacker exploited the upgraded contract to steal around 62 million USD. The total assets at risk were 97 million USD, nearly 4% of the total TVL on the Blast chain. Fortunately, in this case, the attacker returned all the assets, resulting in a happy ending. However, it's important to note that relying on the attacker's goodwill is not a sustainable security strategy.

How L2 Operators Can Do Better

Layer 2 (L2) chains can implement several measures to enhance the security of top protocols and protect users' assets on the chain. Here are some suggestions from our perspective:

  • Establish a Security DAO: A decentralized autonomous organization (DAO) focused on security should be created to involve reputable security companies and community researchers. This would facilitate communication between the chain, decentralized applications (DApps), and the security community, helping protocols find trusted security providers and handle security incidents professionally.

  • Active Attack Monitoring and Automated Responses: Chain operators and the user community should actively monitor for potential hacks and have mechanisms in place to take automatic actions. For example, in the Munchables incident, there was a five-day window before the actual hack occurred. If the chain operator or the Munchables protocol had adopted a solution like BlockSec Phalcon (or similar), the hack could have been prevented.

  • Develop User-Friendly Security Tools: More intuitive security tools should be developed to help the community quickly understand the root cause of a security incident and take appropriate action. These tools could include transaction virtualization tools to understand complex transactions and fund flow tracking tools to trace the hacker's fund movements. By taking a proactive and responsible approach to security, L2 chain operators can enhance the overall security of their ecosystems and better protect the top protocols and users' assets on the chain.

BlockSec’s Solution

BlockSec, as a comprehensive security provider, offers various security services and tools to ensure the safety of protocols before and after deployment. These tools and services are widely utilized by the security community to analyze security incidents and trace stolen funds.

BlockSec Phalcon

Phalcon is a platform designed for monitoring hacks and automatically taking actions to block them. With Phalcon, users can receive early security intelligence and automate their responses to hacks. The system features flexible rules and templates for easy configuration, assisting Layer 2 (L2) chains in maintaining vigilance over the security of top protocols and fostering a thriving ecosystem. BlockSec is collaborating with leading L2 chains like Manta and Merlin to bolster the security of their ecosystems.

Figure 1: The official website of Phalcon
Figure 1: The official website of Phalcon

Phalcon Explorer

Phalcon Explorer is a transaction virtualization tool that provides detailed information about a transaction, including the invocation flow, storage changes, and transaction simulation. This tool is instrumental in analyzing hacks to understand their root causes. It has become a widely used tool in the security community and is considered the standard for security analysis.

Figure 2: The application of Phalcon Explorer
Figure 2: The application of Phalcon Explorer

MetaSleuth

MetaSleuth is a cryptocurrency tracking and investigation platform that traces fund flows between different addresses. Its intelligent analysis and ability to track cross-chain transactions make it an essential tool for conducting investigations.

Figure 3: The official website of MetaSleuth
Figure 3: The official website of MetaSleuth

Action Now to Protect Users Assets

If you are an operator of an L2 blockchain, contact us ([email protected]) to deploy BlockSec's tools into your chain to enhance the security of your ecosystem, attract more user assets, and protect them effectively.

Sign up for the latest updates
Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield
Security Insights

Tether Freezes $6.76M USDT Linked to Iran's IRGC & Houthi Forces: Why On-Chain Compliance is Now a Geopolitical Battlefield

Looking ahead, targeted freezing events like this $6.76M USDT action will only become more common. On-chain data analysis is improving. Stablecoin issuers are also working closely with regulators. As a result, hidden illicit financial networks will be exposed.

Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Mar 2 – Mar 8, 2026

During the week of March 2 to March 8, 2026, seven blockchain security incidents were reported with total losses of ~$3.25M. The incidents occurred across Base, BNB Chain, and Ethereum, exposing critical vulnerabilities in smart contract business logic, token deflationary mechanics, and asset price manipulation. The primary causes included a double-minting logic flaw during full token deposits that allowed an attacker to exponentially inflate their balances through repeated burn-and-mint cycles, a price manipulation vulnerability in an AMM-based lending market where artificially inflated vault shares created divergent price anchors to incorrectly force healthy positions into liquidation, and a flawed access control implementation relying on trivially spoofed contract interfaces that enabled attackers to bypass authorization to batch-mint and dump arbitrary tokens.

Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Feb 23 – Mar 1, 2026

During the week of February 23 to March 1, 2026, seven blockchain security incidents were reported with total losses of ~$13M. The incidents affected multiple protocols, exposing critical weaknesses in oracle design/configuration, cryptographic verification, and core business logic. The primary drivers included oracle manipulation/misconfiguration that led to the largest loss at YieldBloxDAO (~$10M), a crypto-proof verification flaw that enabled the FOOMCASH (~$2.26M) exploit, and additional token design and logic errors impacting Ploutos, LAXO, STO, HedgePay, and an unknown contract, underscoring the need for rigorous audits and continuous monitoring across all protocol layers.