Recent DeFi Hacks: How Phalcon Block Could Protect User Assets Worth Millions
Jan 9 2024

The start of the new year 2024 is not easy, and we have observed a couple of hacks in the past few days, causing several millions in losses, including incidents happened to Radiant, Gamma, and Telcoin.

This raises several questions:

  • Are they aware of an ongoing attack in real-time?
  • Even after receiving intelligence, why are they unable to immediately halt the attacks?
  • Are they equipped with effective attack monitoring and blocking systems?

Challenges of Incident Response

It's a fair assumption that most security-savvy projects have some form of threat intelligence system in place.

However, they struggle to effectively prevent attacks and the challenges they face are quite straightforward:

  • Limited staff, unable to support around-the-clock emergency responses.
  • Time-consuming decision-making processes even after receiving alerts.

Last year, BlockSec unveiled Phalcon Block—an automated defense system that revolutionizes incident response by instantly detecting and blocking hacks in real-time, no matter the attack vectors.

With Phalcon Block, DeFi protocols could protect users' assets automatically, offering a new paradigm of security in an increasingly vulnerable DeFi world. This blog will explore the potential of Phalcon Block to fortify DeFi against the evolving threat landscape.

A Retrospection of Recent DeFi Hacks: Gamma, Radian, and Telcoin

Project Date (UTC) Number of attack tx Attack Duration Losses
GammaStrategies 2024/01/04 37 69 mins 34 seconds ~3.5M
Radiant 2024/01/02 3 11 seconds ~4M
Telcoin 2023/12/25 4,958 ~16 hours ~6.6M
A Recap of Recent Security Incidents

Table above shows the summary of recent security incidents, including the protocol, the number of attack transactions, and the attack duration (the time between the first attack transaction to the last one). We also summarize the rough loss of each incident.

Radiant’s $ 4,000,000 Loss

Radiant's commitment to security has always been evident, yet the unexpected still occurred. The first attack transaction to the Radiant protocol happened on 2024/01/02 at 18:53:38 (UTC), and it was immediately flagged by our system. This attack caused the loss of around 90 Ether (~213k). Within a span of mere seconds, subsequent attacks followed, each resulting in over $2 million in losses.

If Phalcon Block is adopted by the protocol, our system can automatically take action to either pause the protocol or front-run the following hack transactions, saving the following 4 million USD in the latter two attack transactions, rather than the delayed 43-minute response time.

Telcoin’s $ 6,600,000 Loss

For the attack on the Telcoin wallet, the hack lasted more than 16 hours, involving 4,958 transactions by six accounts. This sophisticated attack left the Telcoin team overwhelmed and unprepared. In the absence of "Pause" mechanism, the only recourse was to swiftly engage security firms to investigate the breach, diagnose the vulnerability, and implement fixes, all of which took precious time while the attack continued unabated.

Phalcon Block could have offered a custom "front-running" defense, acting quickly to protect assets even without a pause mechanism.

Gamma’s $ 3,500,000 Loss

GammaStrategies was hit by hackers for over an hour, with 37 attacks happening one after the other. Phalcon Block spotted these attacks and could have stopped them right away, potentially saving $3.5 million. People need sleep, but machines don't. This shows that even the most careful projects can get caught off guard. We can't rely only on people to stop these attacks; automated systems like Phalcon Block are essential for round-the-clock protection.

Phalcon Block is More Than Just a Security Watchdog

We have heard about many threat-monitoring tools available in the market. What are the distinct differences between Phalcon Block and them, and why can Phalcon Block help in security incidents?

Immediate Action is Key

Phalcon block is merely a threat monitoring system; it can automatically take actions to save users' assets. During a security incident, time is crucial. The actions should be automatic without manual intervention. In the Radiant case, only 11 seconds from the first attack transaction to the last one. If the action needs to be manually executed, it’s too late. In fact, it takes the protocol more than 40 minutes to pause the protocol.

Concerns About Automated Defense

Sure, the idea of automatic blocking sounds great, but can you trust it? What if it makes a mistake and shuts down everything, causing panic? Phalcon Block tackles these worries head-on by focusing on three areas:

  • Speed: The system should be fast enough to listen to attack transactions and detect the malicious ones, usually in milliseconds. As we said, time matters, even a few seconds determine the security of millions of assets.
  • Accuracy: Only a system with high precision can achieve the goal of automatic action. If a system reports too many false alarms, it cannot be used as the feed to trigger the protocol’s automatic action, such as pausing the protocol.
  • Compatibility: The system needs to be compatible with the protocol’s existing security infrastructure. For instance, the protocol’s privileged behaviors may be controlled by a multisig wallet, and the automatic actions need to be signed through this wallet.

Phalcon Block: From Whitehat Rescues to a Standard SaaS Product

If Phalcon Block can stop attacks without pre-approval, why not empower projects to save themselves? We've refined our techniques, saving over $14 million during 20+ whitehat rescues.

And here's how:

  • First, Phalcon Block has the capability to monitor and detect instant hacks with high precision, backed up by academic papers published in prestigious security conferences and over two years of internal running. The past track record of blocking more than 20 hacks demonstrated our system’s capability.
  • Second, Phalcon Block is compatible with the security infrastructure, e.g., the multisig wallet. We ensure the wallet can automatically respond in an instant without compromising the protocol’s security design.

Phalcon Block is proactive, not just a monitoring tool, providing immediate, reliable, and compatible defense for your digital assets.

Partner with BlockSec for Full-Stack Security

In the realm of DeFi, security is multi-faceted and ever-evolving. By collaborating with BlockSec and incorporating Phalcon Block into your protocol, you unlock a suite of full-stack security services that cater to all your security needs.

Here's how you benefit:

  • Expert Code Audits: BlockSec's top-tier code auditing services provide ongoing review as your protocol evolves, ensuring security keeps pace with development.

  • Tailored Security Rules: Using what we learn from our detailed audits, we set up Phalcon Block with security rules made just for your protocol. This means better protection without the need to deal with different companies for different services, saving you both time and money.

  • Swift Vulnerability Response: With BlockSec's expertise in identifying root causes, we can rapidly pinpoint vulnerabilities and establish a dedicated war room for immediate and effective mitigation.

Choosing BlockSec means opting for a robust, integrated security solution. You're not just getting a tool; you're gaining a partner dedicated to safeguarding your protocol's integrity and your users' assets every step of the way.

Sign up for the latest updates
#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability
Security Insights

#10: ThirdWeb Incident: Incompatibility Between Trusted Modules Exposes Vulnerability

This blog shows the vulnerability and attack caused by Incompatibility of commonly used modules.

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit
Security Insights

#9: MEV Bot 0xd61492: From Predator to Prey in an Ingenious Exploit

On August 3, 2023, an MEV Bot on Arbitrum was attacked, resulting in $800K in loss. The root cause of this attack was **Insufficient User Input Verification**.

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks
Case Studies

#8: SushiSwap Incident: A Clumsy Rescue Attempt Leads to a Series of Copycat Attacks

On April 9, 2023, SushiSwap became the target of an exploit due to an Unverified External Parameter. The total loss is about $3.3 million.

BlockSec uses cookies and other identifiers to analyze our traffic in accordance. We also share information about your use of our site with our analytics partners. By remaining on this website, you consent to our use of cookies and the Privacy Policy.