Back to Blog

What Is BlockSec Phalcon? How Does Phalcon Accurately Identify and Rapidly Block Hacker Attacks?

Phalcon
April 19, 2024

With the rapid evolution of decentralized finance (DeFi), more investors are venturing into blockchain transactions, drawn by the promising opportunities it offers. However, with greater opportunity also comes heightened risk. Hack attacks are becoming increasingly frequent and sophisticated, with hackers capable of siphoning off millions or even hundreds of millions of dollars in a single incident. These security breaches not only result in significant financial losses for users but also pose existential threats to the stability and growth of various DeFi protocols.

BlockSec Phalcon emerges as a robust solution designed to enhance the security of blockchain protocols by monitoring and blocking potential hacks. This threat detection and mitigation platform caters to a wide range of users including protocol operators, traders, exchanges, and liquidity providers, ensuring the integrity and safety of their operations.

What is BlockSec Phalcon?

BlockSec Phalcon is an innovative platform specifically designed to monitor and block hacking attempts in real-time. It helps users and protocol operators detect suspicious transactions, receive instant alerts, and take automatic actions to prevent or minimize damage. This system is vital for maintaining the security and trustworthiness of blockchain applications and their underlying financial activities.

Applications of BlockSec Phalcon

Phalcon's use cases
Phalcon's use cases

Why Protocols Need Phalcon

Risks and Challenges Faced by Protocols Post-Launch

Once a DeFi protocol is live, it's exposed to numerous external and internal security risks:

  • External Dependencies: Many protocols rely on external services and smart contracts, which can be compromised or act maliciously.
  • Zero-Day Attacks: These are vulnerabilities unknown to the developers and the public, thus unpatched and open for exploitation.
  • Unaudited Contract Upgrades: Sometimes, contract updates are pushed live without thorough audits, leaving them vulnerable to attackers who exploit these gaps.

Challenges in Timely Response to Hacker Attacks

Responding effectively to hacks is often hindered by several factors:

  • Immediate Assessment Needs: Protocols must quickly evaluate the attack's nature and decide on countermeasures.
  • Consensus and Coordination: Effective response often requires multi-party consultation and agreement, which can be time-consuming.
  • Execution of Response: Implementing a response often needs multiple authorized signatures, further delaying action.

For example, Kyberswap started suspending operations across various blockchain networks 100 minutes after the initial attack was detected, but despite these measures, the protocol still incurred a loss of $46 million. With Phalcon, the response could have been immediate and potentially limited the loss to $860,000 (the loss of the first attack transaction).

BlockSec's Proactive Security Solutions

Since 2022, we have possessed the capabilities to monitor and block attacks. Over the past two years, we have successfully launched more than twenty white-hat rescues and blocked numerous attack transactions, saving project teams over $15 million in potential asset losses.

Related Reading:

Despite these achievements, we have also detected many more attacks that we were unable to counteract due to the inability to contact the project teams and legal risks involved. Consequently, we introduced the SaaS platform Phalcon, designed to empower more protocol operators and investors with the tools needed to protect their protocols and secure their crypto assets.

How Phalcon Works Technically

Phalcon's detection engine scans every mempool and on-chain transaction for malicious proposals and contracts, among other potential threats. It detects transactions into three risk levels: Attack, Suspicious, and Regular, complemented by user-defined trigger rules. When a transaction meets both the specified risk levels and trigger rules, a predefined response action is automatically initiated.

When initiating response actions (i.e. blocking transactions), Phalcon employs our exclusive gas-bidding strategy to speed up our blocking transactions, thereby frontrunning the attack transactions.

Currently, Phalcon supports Ethereum, BSC, and Arbitrum, with support for other EVM chains also in our pipeline. If you would like to accelerate Phalcon's support for a specific chain, please contact us at [email protected].

Key Advantages of Phalcon

  • Early and Precise Attack Monitoring: The system's early detection capabilities monitor transactions from the Mempool stage, identifying issues before they reach the blockchain. Utilizing advanced AI and DeFi semantics, it has verified over 99% of reported attacks as genuine over the past two years. Customizable trigger rules allow further precision, significantly minimizing false positives by ensuring alerts meet specific user-defined criteria.
  • Operational Risk Monitoring: Monitors administrative changes and key variable modifications to preemptively identify risks like private key leaks or unauthorized privilege grants.
  • Automated Attack Blocking: On identifying a transaction that triggers the set conditions, Phalcon can automatically execute predefined actions within one block time. This includes support for multi-signature wallets and can be customized according to user requirements.
  • Low-Code Configuration: Users can easily set up monitoring and response actions using a variety of pre-set templates without needing extensive coding knowledge.

How Can I Subscribe to Phalcon?

  • Pricing: Phalcon's prices range from $1,200 to $7,100 per month. You can simply log in to the Phalcon official website to see the prices for different feature options.
  • Subscription: Phalcon is a SaaS platform, and users can subscribe directly to the Phalcon system after logging in. Currently, we support payment via credit card and crypto. Of course, if you have any questions about Phalcon, feel free to book a demo, and our security experts will address your security concerns.
  • Trial: We invite you to participate in the Phalcon Virtual Experience Journey, where you can truly experience how BlockSec Phalcon an attack transaction! After this, you will receive a coupon that allows you to try Phalcon for 7 days for $9 (regular price $4,600 per month).

In conclusion, as blockchain technologies and DeFi continue to grow, so does the complexity and sophistication of attacks. BlockSec Phalcon represents a pivotal advancement in blockchain security, providing protocols and their users with robust tools to detect, alert, and block potential threats swiftly and effectively, safeguarding assets against the evolving landscape of cyber threats.

About BlockSec

BlockSec is a pioneering blockchain security company established in 2021 by a group of globally distinguished security experts. The company is committed to enhancing security and usability for the emerging Web3 world in order to facilitate its mass adoption. To this end, BlockSec provides smart contract and EVM chain security auditing services, the Phalcon platform for security development and blocking threats proactively, the MetaSleuth platform for fund tracking and investigation, and MetaSuites extension for web3 builders surfing efficiently in the crypto world.

To date, the company has served over 300 esteemed clients such as MetaMask, Uniswap Foundation, Compound, Forta, and PancakeSwap, and received tens of millions of US dollars in two rounds of financing from preeminent investors, including Matrix Partners, Vitalbridge Capital, and Fenbushi Capital.

Official website: https://blocksec.com/

Official Twitter account: https://twitter.com/BlockSecTeam

Sign up for the latest updates
Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation
Security Insights

Drift Protocol Incident: Multisig Governance Compromise via Durable Nonce Exploitation

On April 1, 2026 (UTC), Drift Protocol on Solana suffered a $285.3M loss after an attacker exploited Solana's durable nonce mechanism to delay the execution of phished multisig approvals, ultimately transferring administrative control of the protocol's 2-of-5 Squads governance with zero timelock. With full admin privileges, the attacker created a malicious collateral market (CVT), inflated its oracle price, relaxed withdrawal protections, and drained USDC, JLP, SOL, cbBTC, and other assets through 31 rapid withdrawals in approximately 12 minutes. This incident highlights how durable nonce-based delayed execution can decouple signer intent from on-chain execution, bypassing the temporal assumptions that multisig security implicitly relies on.

Weekly Web3 Security Incident Roundup | Mar 23 – Mar 29, 2026
Security Insights

Weekly Web3 Security Incident Roundup | Mar 23 – Mar 29, 2026

This BlockSec weekly security report covers eight DeFi attack incidents detected between March 23 and March 29, 2026, across Ethereum and BNB Chain, with total estimated losses of approximately $1.53M. Incidents include a $679K flawed burn mechanism exploit on the BCE token, a $512K spot-price manipulation attack on Cyrus Finance's PancakeSwap V3 liquidity withdrawal, a $133.5K flash-loan-driven referral reward manipulation on a TUR staking contract, and multiple integer overflow, reentrancy, and accounting error vulnerabilities in DeFi protocols. The report provides detailed vulnerability analysis and attack transaction breakdowns for each incident.

Newsletter - March 2026
Security Insights

Newsletter - March 2026

In March 2026, the DeFi ecosystem experienced three major security incidents. Resolv Protocol lost ~$80M due to compromised privileged infrastructure keys, BitcoinReserveOffering suffered ~$2.7M from a double-minting logic flaw, and Venus Protocol incurred ~$2.15M following a donation attack combined with market manipulation.