Back to Blog

How did BlockSec Save $5M Worth of Crypto Assets in Successful ParaSpace Attack Blocking

Phalcon
March 17, 2023

On 2023–03–17 05:48:59 (UTC), BlockSec successfully blocked an attack attempt on ParaSpace (a top NFT lending protocol) and protected crypto assets worth $5M.

As mentioned in the previous blog, we always believe a more proactive threat prevention solution can help to defend against the threats. We have deployed such a system internally in 2022. As of this writing, our system successfully blocked multiple attacks and saved around 14 million USD users’ assets.

See our perspective on proactive threat prevention in this article.

The feasibility and practice of our solution have been widely recognized by the community, and we have collaborated with some top-notch partners in the community. For example, we are working with Compound to develop a risk prevention system for Compound V3 smart contracts.

We always try to build blockchain security infrastructure for the Web3 community, including Phalcon Explorer (a transaction analysis tool for Web3 developers and security researchers), MetaDock (a security toolbox for Web3 users), and MetaSleuth (a fund tracing tool for Web3 users).

Phalcon Explorer
Phalcon Explorer
MetaDock
MetaDock
MetaSleuth
MetaSleuth

Learn more about BlockSec: Website | Document | Twitter | Medium | TG Group

Sign up for the latest updates
Newsletter - April 2026
Security Insights

Newsletter - April 2026

In April 2026, the DeFi ecosystem experienced three major security incidents. KelpDAO lost ~$290M due to an insecure 1-of-1 DVN bridge configuration exploited via RPC infrastructure compromise, Drift Protocol suffered ~$285M from a multisig governance takeover leveraging Solana's durable nonce mechanism, and Rhea Finance incurred ~$18.4M following a business logic flaw in its margin-trading module that allowed circular swap path manipulatio

~$7.04M Lost: GiddyDefi, Volo Vault & More | BlockSec Weekly
Security Insights

~$7.04M Lost: GiddyDefi, Volo Vault & More | BlockSec Weekly

This BlockSec weekly security report covers eight attack incidents detected between April 20 and April 26, 2026, across Ethereum, Avalanche, Sui, Base, HyperLiquid, and MegaETH, with total estimated losses of approximately $7.04M. The highlighted incident is the $1.3M GiddyDefi exploit, where the attacker did not break any cryptography or use a flash loan but simply replayed an existing on-chain EIP-712 signature with the unsigned `aggregator` and `fromToken` fields swapped out for a malicious contract, demonstrating how partial signature coverage turns any historical signature into a generic permit. Other incidents include a $3.5M Volo Vault operator key compromise on Sui, a $1.5M Purrlend privileged-role takeover, a $413K SingularityFinance oracle misconfiguration, a $142.7K Scallop cross-pool index injection, a $72.35K Kipseli Router decimal mismatch, a $50.7K REVLoans (Juicebox) accounting pollution, and a $64K Custom Rebalancer arbitrary-call exploit.

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Apr 13 – Apr 19, 2026

This BlockSec weekly security report covers four attack incidents detected between April 13 and April 19, 2026, across multiple chains such as Ethereum, Unichain, Arbitrum, and NEAR, with total estimated losses of approximately $310M. The highlighted incident is the $290M KelpDAO rsETH bridge exploit, where an attacker poisoned the RPC infrastructure of the sole LayerZero DVN to fabricate a cross-chain message, triggering a cascading WETH freeze across five chains and an Arbitrum Security Council forced state transition that raises questions about the actual trust boundaries of decentralized systems. Other incidents include a $242K MMR proof forgery on Hyperbridge, a $1.5M signed integer abuse on Dango, and an $18.4M circular swap path exploit on Rhea Finance's Burrowland protocol.