The start of the new year 2024 is not easy, and we have observed a couple of hacks in the past few days, causing several millions in losses, including incidents happened to Radiant, Gamma, and Telcoin.
This raises several questions:
- Are they aware of an ongoing attack in real-time?
- Even after receiving intelligence, why are they unable to immediately halt the attacks?
- Are they equipped with effective attack monitoring and blocking systems?
It's a fair assumption that most security-savvy projects have some form of threat intelligence system in place.
However, they struggle to effectively prevent attacks and the challenges they face are quite straightforward:
- Limited staff, unable to support around-the-clock emergency responses.
- Time-consuming decision-making processes even after receiving alerts.
Last year, BlockSec unveiled Phalcon Block—an automated defense system that revolutionizes incident response by instantly detecting and blocking hacks in real-time, no matter the attack vectors.
With Phalcon Block, DeFi protocols could protect users' assets automatically, offering a new paradigm of security in an increasingly vulnerable DeFi world. This blog will explore the potential of Phalcon Block to fortify DeFi against the evolving threat landscape.
|Number of attack tx
|69 mins 34 seconds
Table above shows the summary of recent security incidents, including the protocol, the number of attack transactions, and the attack duration (the time between the first attack transaction to the last one). We also summarize the rough loss of each incident.
Radiant's commitment to security has always been evident, yet the unexpected still occurred. The first attack transaction to the Radiant protocol happened on 2024/01/02 at 18:53:38 (UTC), and it was immediately flagged by our system. This attack caused the loss of around 90 Ether (~213k). Within a span of mere seconds, subsequent attacks followed, each resulting in over $2 million in losses.
If Phalcon Block is adopted by the protocol, our system can automatically take action to either pause the protocol or front-run the following hack transactions, saving the following 4 million USD in the latter two attack transactions, rather than the delayed 43-minute response time.
For the attack on the Telcoin wallet, the hack lasted more than 16 hours, involving 4,958 transactions by six accounts. This sophisticated attack left the Telcoin team overwhelmed and unprepared. In the absence of "Pause" mechanism, the only recourse was to swiftly engage security firms to investigate the breach, diagnose the vulnerability, and implement fixes, all of which took precious time while the attack continued unabated.
Phalcon Block could have offered a custom "front-running" defense, acting quickly to protect assets even without a pause mechanism.
GammaStrategies was hit by hackers for over an hour, with 37 attacks happening one after the other. Phalcon Block spotted these attacks and could have stopped them right away, potentially saving $3.5 million. People need sleep, but machines don't. This shows that even the most careful projects can get caught off guard. We can't rely only on people to stop these attacks; automated systems like Phalcon Block are essential for round-the-clock protection.
We have heard about many threat-monitoring tools available in the market. What are the distinct differences between Phalcon Block and them, and why can Phalcon Block help in security incidents?
Phalcon block is merely a threat monitoring system; it can automatically take actions to save users' assets. During a security incident, time is crucial. The actions should be automatic without manual intervention. In the Radiant case, only 11 seconds from the first attack transaction to the last one. If the action needs to be manually executed, it’s too late. In fact, it takes the protocol more than 40 minutes to pause the protocol.
Sure, the idea of automatic blocking sounds great, but can you trust it? What if it makes a mistake and shuts down everything, causing panic? Phalcon Block tackles these worries head-on by focusing on three areas:
- Speed: The system should be fast enough to listen to attack transactions and detect the malicious ones, usually in milliseconds. As we said, time matters, even a few seconds determine the security of millions of assets.
- Accuracy: Only a system with high precision can achieve the goal of automatic action. If a system reports too many false alarms, it cannot be used as the feed to trigger the protocol’s automatic action, such as pausing the protocol.
- Compatibility: The system needs to be compatible with the protocol’s existing security infrastructure. For instance, the protocol’s privileged behaviors may be controlled by a multisig wallet, and the automatic actions need to be signed through this wallet.
If Phalcon Block can stop attacks without pre-approval, why not empower projects to save themselves? We've refined our techniques, saving over $14 million during 20+ whitehat rescues.
And here's how:
- First, Phalcon Block has the capability to monitor and detect instant hacks with high precision, backed up by academic papers published in prestigious security conferences and over two years of internal running. The past track record of blocking more than 20 hacks demonstrated our system’s capability.
- Second, Phalcon Block is compatible with the security infrastructure, e.g., the multisig wallet. We ensure the wallet can automatically respond in an instant without compromising the protocol’s security design.
Phalcon Block is proactive, not just a monitoring tool, providing immediate, reliable, and compatible defense for your digital assets.
In the realm of DeFi, security is multi-faceted and ever-evolving. By collaborating with BlockSec and incorporating Phalcon Block into your protocol, you unlock a suite of full-stack security services that cater to all your security needs.
Here's how you benefit:
Expert Code Audits: BlockSec's top-tier code auditing services provide ongoing review as your protocol evolves, ensuring security keeps pace with development.
Tailored Security Rules: Using what we learn from our detailed audits, we set up Phalcon Block with security rules made just for your protocol. This means better protection without the need to deal with different companies for different services, saving you both time and money.
Swift Vulnerability Response: With BlockSec's expertise in identifying root causes, we can rapidly pinpoint vulnerabilities and establish a dedicated war room for immediate and effective mitigation.
Choosing BlockSec means opting for a robust, integrated security solution. You're not just getting a tool; you're gaining a partner dedicated to safeguarding your protocol's integrity and your users' assets every step of the way.