Back to Blog

Lead in: Phalcon's Hack Blocking Saga

April 23, 2024
3 min read

Since BlockSec's debut in 2021, we have long maintained that code auditing alone cannot solve all Web3 security issues. Therefore, we have been investing in exploring new paradigms for Web3 security. Thus we created Phalcon, the world's first crypto hack-blocking system.

Before the launch of Phalcon, the system had been running internally for 2 years, successfully blocking over 20 hacks, and rescuing more than 20 million USD worth of assets, including $3.8M for Saddle Finance, $2.4M for Platypus, $5M for ParaSpace, and more.

In this series of articles, we will present representative stories of our system Phalcon. In sharing these cases, we aim to do more than validate the effectiveness of our system. We also want to demonstrate the transformative effect of proactive defense measures.

In the face of threats, we are not powerless. Together, we can usher in a new era of Web3 security.

Breaking Down: A Comprehensive Overview

About Phalcon

Phalcon is a security platform developed by BlockSec to monitor and block hacks. The system detects suspicious transactions, instantly alerts users, and takes automated actions in response.

Use cases of Phalcon
Use cases of Phalcon

Phalcon is a SaaS platform where users can directly log in through our official website to view different pricing plans and features, and subscribe immediately (supporting both credit card and crypto payments). For any questions, feel free to book a demo with our security experts who will address your concerns.

Support Tool: Phalcon Explorer

Phalcon Explorer is a support tool for the Phalcon platform. This powerful transaction explorer is designed for the DeFi community. It provides comprehensive data on call flows, balance changes, and transaction fund flows, as well as supports transaction simulation. This helps developers, security researchers, and traders to more intuitively understand transactions.

Sign up for the latest updates
Newsletter - June 2026
Security Insights

Newsletter - June 2026

This monthly report covers the three largest security incidents in June 2026, totaling approximately $22M in confirmed losses. A sophisticated honeypot attack drained ~$15M from JaredFromSubway's MEV bot by exploiting unchecked token allowances. Two legacy Aztec rollup deployments lost ~$4.35M through proof-settlement boundary gaps. SecondFi's Ed25519 implementation flaw exposed wallet private keys, resulting in ~$2.4M drained from 374 wallets. All three incidents share a common pattern: security guarantees that appeared intact on the surface but were never actually enforced.

Crypto Payment Security & Compliance: The Controls to Confirm Before Going Live

Crypto Payment Security & Compliance: The Controls to Confirm Before Going Live

BlockSec and NOWPayments built a Crypto Payment Security & Compliance Checklist covering the controls every payment operator should confirm before going live.

~$4.1M Lost: Taiko, SecondFi Exploits | BlockSec Weekly
Security Insights

~$4.1M Lost: Taiko, SecondFi Exploits | BlockSec Weekly

This weekly blockchain security report covers two notable incidents from June 22-28, 2026, with approximately $4.1M in confirmed losses across Ethereum and Cardano. The Taiko bridge exploit combined an exposed SGX enclave signing key with an incomplete attestation policy that failed to reject debug enclaves, allowing the attacker to register a malicious prover and forge L2 state proofs on Ethereum. The SecondFi wallet vulnerability stemmed from a cryptographic implementation flaw in Ed25519 nonce derivation that removed the secret input, enabling offline private key recovery from public Cardano transaction data.