Back to Blog

Recent DeFi Hacks: How BlockSec Phalcon Could Protect User Assets Worth Millions

Phalcon
January 9, 2024

The start of the new year 2024 is not easy, and we have observed a couple of hacks in the past few days, causing several millions in losses, including incidents happened to Radiant, Gamma, and Telcoin.

This raises several questions:

  • Are they aware of an ongoing attack in real-time?
  • Even after receiving intelligence, why are they unable to immediately halt the attacks?
  • Are they equipped with effective attack monitoring and blocking systems?

Challenges of Incident Response

It's a fair assumption that most security-savvy projects have some form of threat intelligence system in place.

However, they struggle to effectively prevent attacks and the challenges they face are quite straightforward:

  • Limited staff, unable to support around-the-clock emergency responses.
  • Time-consuming decision-making processes even after receiving alerts.

Last year, BlockSec unveiled BlockSec Phalcon—an automated defense system that revolutionizes incident response by instantly detecting and blocking hacks in real-time, no matter the attack vectors.

With BlockSec Phalcon, DeFi protocols could protect users' assets automatically, offering a new paradigm of security in an increasingly vulnerable DeFi world. This blog will explore the potential of BlockSec Phalcon to fortify DeFi against the evolving threat landscape.

A Retrospection of Recent DeFi Hacks: Gamma, Radian, and Telcoin

Project Date (UTC) Number of attack tx Attack Duration Losses
GammaStrategies 2024/01/04 37 69 mins 34 seconds ~3.5M
Radiant 2024/01/02 3 11 seconds ~4M
Telcoin 2023/12/25 4,958 ~16 hours ~6.6M
A Recap of Recent Security Incidents

Table above shows the summary of recent security incidents, including the protocol, the number of attack transactions, and the attack duration (the time between the first attack transaction to the last one). We also summarize the rough loss of each incident.

Radiant’s $ 4,000,000 Loss

Radiant's commitment to security has always been evident, yet the unexpected still occurred. The first attack transaction to the Radiant protocol happened on 2024/01/02 at 18:53:38 (UTC), and it was immediately flagged by our system. This attack caused the loss of around 90 Ether (~213k). Within a span of mere seconds, subsequent attacks followed, each resulting in over $2 million in losses.

If BlockSec Phalcon is adopted by the protocol, our system can automatically take action to either pause the protocol or front-run the following hack transactions, saving the following 4 million USD in the latter two attack transactions, rather than the delayed 43-minute response time.

Telcoin’s $ 6,600,000 Loss

For the attack on the Telcoin wallet, the hack lasted more than 16 hours, involving 4,958 transactions by six accounts. This sophisticated attack left the Telcoin team overwhelmed and unprepared. In the absence of "Pause" mechanism, the only recourse was to swiftly engage security firms to investigate the breach, diagnose the vulnerability, and implement fixes, all of which took precious time while the attack continued unabated.

BlockSec Phalcon could have offered a custom "front-running" defense, acting quickly to protect assets even without a pause mechanism.

Gamma’s $ 3,500,000 Loss

GammaStrategies was hit by hackers for over an hour, with 37 attacks happening one after the other. BlockSec Phalcon spotted these attacks and could have stopped them right away, potentially saving $3.5 million. People need sleep, but machines don't. This shows that even the most careful projects can get caught off guard. We can't rely only on people to stop these attacks; automated systems like BlockSec Phalcon are essential for round-the-clock protection.

BlockSec Phalcon is More Than Just a Security Watchdog

We have heard about many threat-monitoring tools available in the market. What are the distinct differences between BlockSec Phalcon and them, and why can BlockSec Phalcon help in security incidents?

Immediate Action is Key

BlockSec Phalcon is merely a threat monitoring system; it can automatically take actions to save users' assets. During a security incident, time is crucial. The actions should be automatic without manual intervention. In the Radiant case, only 11 seconds from the first attack transaction to the last one. If the action needs to be manually executed, it’s too late. In fact, it takes the protocol more than 40 minutes to pause the protocol.

Concerns About Automated Defense

Sure, the idea of automatic blocking sounds great, but can you trust it? What if it makes a mistake and shuts down everything, causing panic? BlockSec Phalcon tackles these worries head-on by focusing on three areas:

  • Speed: The system should be fast enough to listen to attack transactions and detect the malicious ones, usually in milliseconds. As we said, time matters, even a few seconds determine the security of millions of assets.
  • Accuracy: Only a system with high precision can achieve the goal of automatic action. If a system reports too many false alarms, it cannot be used as the feed to trigger the protocol’s automatic action, such as pausing the protocol.
  • Compatibility: The system needs to be compatible with the protocol’s existing security infrastructure. For instance, the protocol’s privileged behaviors may be controlled by a multisig wallet, and the automatic actions need to be signed through this wallet.

BlockSec Phalcon: From Whitehat Rescues to a Standard SaaS Product

If BlockSec Phalcon can stop attacks without pre-approval, why not empower projects to save themselves? We've refined our techniques, saving over $14 million during 20+ whitehat rescues.

And here's how:

  • First, BlockSec Phalcon has the capability to monitor and detect instant hacks with high precision, backed up by academic papers published in prestigious security conferences and over two years of internal running. The past track record of blocking more than 20 hacks demonstrated our system’s capability.
  • Second, BlockSec Phalcon is compatible with the security infrastructure, e.g., the multisig wallet. We ensure the wallet can automatically respond in an instant without compromising the protocol’s security design.

BlockSec Phalcon is proactive, not just a monitoring tool, providing immediate, reliable, and compatible defense for your digital assets.

Partner with BlockSec for Full-Stack Security

In the realm of DeFi, security is multi-faceted and ever-evolving. By collaborating with BlockSec and incorporating BlockSec Phalcon into your protocol, you unlock a suite of full-stack security services that cater to all your security needs.

Here's how you benefit:

  • Expert Code Audits: BlockSec's top-tier code auditing services provide ongoing review as your protocol evolves, ensuring security keeps pace with development.

  • Tailored Security Rules: Using what we learn from our detailed audits, we set up BlockSec Phalcon with security rules made just for your protocol. This means better protection without the need to deal with different companies for different services, saving you both time and money.

  • Swift Vulnerability Response: With BlockSec's expertise in identifying root causes, we can rapidly pinpoint vulnerabilities and establish a dedicated war room for immediate and effective mitigation.

Choosing BlockSec means opting for a robust, integrated security solution. You're not just getting a tool; you're gaining a partner dedicated to safeguarding your protocol's integrity and your users' assets every step of the way.

Sign up for the latest updates
~$4.72M Lost: TAC, Transit Finance & More | BlockSec Weekly
Security Insights

~$4.72M Lost: TAC, Transit Finance & More | BlockSec Weekly

This BlockSec weekly security report covers 3 notable attack incidents identified between May 11 and May 17, 2026, across TRON, TON, and Ethereum, with total estimated losses of approximately $4.72M. Three incidents are analyzed in detail: the highlighted $1.88M Transit Finance exploit on TRON, where a deprecated swap bridge contract with lingering token approvals was exploited through arbitrary calldata forwarding; the $2.8M TAC TON-to-EVM bridge exploit caused by missing canonical wallet verification in the jetton deposit flow; and the $46.75K Boost Hook exploit on Ethereum, where spot price manipulation on a Uniswap V4 hook-based perpetual protocol forced the protocol to buy tokens at inflated prices using its own reserves.

~$15.9M Lost: Trusted Volumes, Wasabi & More | BlockSec Weekly
Security Insights

~$15.9M Lost: Trusted Volumes, Wasabi & More | BlockSec Weekly

This BlockSec bi-weekly security report covers 11 notable attack incidents identified between April 27 and May 10, 2026, across Sui, Ethereum, BNB Chain, Base, Blast, and Berachain, with total estimated losses of approximately $15.9M. Three incidents are analyzed in detail: the highlighted $1.14M Aftermath Finance exploit on Sui, where a signed/unsigned semantic mismatch in the builder-fee validation allowed an attacker to inject a negative fee that was converted into positive collateral during settlement; the $5.87M Trusted Volumes RFQ authorization mismatch on Ethereum; and the $5.7M Wasabi Protocol infrastructure-to-contract-control compromise across multiple EVM chains.

Newsletter - April 2026
Security Insights

Newsletter - April 2026

In April 2026, the DeFi ecosystem experienced three major security incidents. KelpDAO lost ~$290M due to an insecure 1-of-1 DVN bridge configuration exploited via RPC infrastructure compromise, Drift Protocol suffered ~$285M from a multisig governance takeover leveraging Solana's durable nonce mechanism, and Rhea Finance incurred ~$18.4M following a business logic flaw in its margin-trading module that allowed circular swap path manipulatio