The start of the new year 2024 is not easy, and we have observed a couple of hacks in the past few days, causing several millions in losses, including incidents happened to Radiant, Gamma, and Telcoin.
This raises several questions:
- Are they aware of an ongoing attack in real-time?
- Even after receiving intelligence, why are they unable to immediately halt the attacks?
- Are they equipped with effective attack monitoring and blocking systems?
Challenges of Incident Response
It's a fair assumption that most security-savvy projects have some form of threat intelligence system in place.
However, they struggle to effectively prevent attacks and the challenges they face are quite straightforward:
- Limited staff, unable to support around-the-clock emergency responses.
- Time-consuming decision-making processes even after receiving alerts.
Last year, BlockSec unveiled BlockSec Phalcon—an automated defense system that revolutionizes incident response by instantly detecting and blocking hacks in real-time, no matter the attack vectors.
With BlockSec Phalcon, DeFi protocols could protect users' assets automatically, offering a new paradigm of security in an increasingly vulnerable DeFi world. This blog will explore the potential of BlockSec Phalcon to fortify DeFi against the evolving threat landscape.
A Retrospection of Recent DeFi Hacks: Gamma, Radian, and Telcoin
| Project | Date (UTC) | Number of attack tx | Attack Duration | Losses |
|---|---|---|---|---|
| GammaStrategies | 2024/01/04 | 37 | 69 mins 34 seconds | ~3.5M |
| Radiant | 2024/01/02 | 3 | 11 seconds | ~4M |
| Telcoin | 2023/12/25 | 4,958 | ~16 hours | ~6.6M |
Table above shows the summary of recent security incidents, including the protocol, the number of attack transactions, and the attack duration (the time between the first attack transaction to the last one). We also summarize the rough loss of each incident.
Radiant’s $ 4,000,000 Loss
Radiant's commitment to security has always been evident, yet the unexpected still occurred. The first attack transaction to the Radiant protocol happened on 2024/01/02 at 18:53:38 (UTC), and it was immediately flagged by our system. This attack caused the loss of around 90 Ether (~213k). Within a span of mere seconds, subsequent attacks followed, each resulting in over $2 million in losses.
If BlockSec Phalcon is adopted by the protocol, our system can automatically take action to either pause the protocol or front-run the following hack transactions, saving the following 4 million USD in the latter two attack transactions, rather than the delayed 43-minute response time.
Telcoin’s $ 6,600,000 Loss
For the attack on the Telcoin wallet, the hack lasted more than 16 hours, involving 4,958 transactions by six accounts. This sophisticated attack left the Telcoin team overwhelmed and unprepared. In the absence of "Pause" mechanism, the only recourse was to swiftly engage security firms to investigate the breach, diagnose the vulnerability, and implement fixes, all of which took precious time while the attack continued unabated.
BlockSec Phalcon could have offered a custom "front-running" defense, acting quickly to protect assets even without a pause mechanism.
Gamma’s $ 3,500,000 Loss
GammaStrategies was hit by hackers for over an hour, with 37 attacks happening one after the other. BlockSec Phalcon spotted these attacks and could have stopped them right away, potentially saving $3.5 million. People need sleep, but machines don't. This shows that even the most careful projects can get caught off guard. We can't rely only on people to stop these attacks; automated systems like BlockSec Phalcon are essential for round-the-clock protection.
BlockSec Phalcon is More Than Just a Security Watchdog
We have heard about many threat-monitoring tools available in the market. What are the distinct differences between BlockSec Phalcon and them, and why can BlockSec Phalcon help in security incidents?
Immediate Action is Key
BlockSec Phalcon is merely a threat monitoring system; it can automatically take actions to save users' assets. During a security incident, time is crucial. The actions should be automatic without manual intervention. In the Radiant case, only 11 seconds from the first attack transaction to the last one. If the action needs to be manually executed, it’s too late. In fact, it takes the protocol more than 40 minutes to pause the protocol.
Concerns About Automated Defense
Sure, the idea of automatic blocking sounds great, but can you trust it? What if it makes a mistake and shuts down everything, causing panic? BlockSec Phalcon tackles these worries head-on by focusing on three areas:
- Speed: The system should be fast enough to listen to attack transactions and detect the malicious ones, usually in milliseconds. As we said, time matters, even a few seconds determine the security of millions of assets.
- Accuracy: Only a system with high precision can achieve the goal of automatic action. If a system reports too many false alarms, it cannot be used as the feed to trigger the protocol’s automatic action, such as pausing the protocol.
- Compatibility: The system needs to be compatible with the protocol’s existing security infrastructure. For instance, the protocol’s privileged behaviors may be controlled by a multisig wallet, and the automatic actions need to be signed through this wallet.
BlockSec Phalcon: From Whitehat Rescues to a Standard SaaS Product
If BlockSec Phalcon can stop attacks without pre-approval, why not empower projects to save themselves? We've refined our techniques, saving over $14 million during 20+ whitehat rescues.
And here's how:
- First, BlockSec Phalcon has the capability to monitor and detect instant hacks with high precision, backed up by academic papers published in prestigious security conferences and over two years of internal running. The past track record of blocking more than 20 hacks demonstrated our system’s capability.
- Second, BlockSec Phalcon is compatible with the security infrastructure, e.g., the multisig wallet. We ensure the wallet can automatically respond in an instant without compromising the protocol’s security design.
BlockSec Phalcon is proactive, not just a monitoring tool, providing immediate, reliable, and compatible defense for your digital assets.
Partner with BlockSec for Full-Stack Security
In the realm of DeFi, security is multi-faceted and ever-evolving. By collaborating with BlockSec and incorporating BlockSec Phalcon into your protocol, you unlock a suite of full-stack security services that cater to all your security needs.
Here's how you benefit:
-
Expert Code Audits: BlockSec's top-tier code auditing services provide ongoing review as your protocol evolves, ensuring security keeps pace with development.
-
Tailored Security Rules: Using what we learn from our detailed audits, we set up BlockSec Phalcon with security rules made just for your protocol. This means better protection without the need to deal with different companies for different services, saving you both time and money.
-
Swift Vulnerability Response: With BlockSec's expertise in identifying root causes, we can rapidly pinpoint vulnerabilities and establish a dedicated war room for immediate and effective mitigation.
Choosing BlockSec means opting for a robust, integrated security solution. You're not just getting a tool; you're gaining a partner dedicated to safeguarding your protocol's integrity and your users' assets every step of the way.
