Holistic Security for DeFi Securing Your Smart Contracts
Secure your code pre-launch and block attacks in real-time. Safeguard both user assets and your reputation.
Find and fix critical issues in your smart contracts before you launch.
Make sure your business logic is sound and free of flaws.
Always monitor mempool and on-chain transactions for suspicious activities.
Receive instant alerts on new threats such as oracle manipulation and flash loan attacks.
Block confirmed exploits in real-time to prevent them from draining funds.
Start on-chain responses, such as pausing contracts, to neutralize active threats.
Understand complex attack vectors to gain actionable intelligence. Help you proactively harden your protocol against emerging threats.
Secure Your Protocol Across Its Entire Lifecycle
“Partnering with BlockSec has been crucial to Tokenlon's mission of preserving the openness of DeFi while leveraging technology to create a safer, more trustworthy space for all. BlockSec's cutting-edge on-chain analytics allow us to identify high-risk addresses across multiple blockchains and navigate complex global regulations with confidence. Their expertise helps us safeguard our liquidity partners and consistently deliver a seamless, reliable DeFi experience for genuine users.”
#2 Bybit Incident: A Web2 Breach Enables the Largest Crypto Hack in History
The largest crypto hack ever, the February 21, 2025 Bybit breach stole about $1.5B after attackers used social engineering to compromise a Safe{Wallet} workflow, injected malicious JavaScript into an AWS S3 bucket, tampered with the transaction signing process, and upgraded Bybit’s Safe{Wallet} contract to a malicious implementation that drained funds across multiple chains.
#1 Cetus Incident: One Unchecked Shift Drains $223M in the Largest DeFi Hack of 2025
Cetus Protocol, the largest concentrated-liquidity DEX on Sui, was exploited on May 22, 2025, resulting in an estimated ~$223M loss across multiple liquidity pools. The attacker leveraged a flaw in checked_shlw(), a custom overflow-prevention helper used in fixed-point u256 math, where an incorrect constant and comparison failed to block unsafe left shifts and caused silent truncation of high bits during liquidity delta calculations. By crafting specific liquidity and tick/price-range parameters, the exploit made required deposits appear near-zero while minting an oversized liquidity position, which was later withdrawn to drain real pool reserves.
Weekly Web3 Security Incident Roundup | Jan 25 – Feb 1, 2026
During the week of January 25 to February 1, 2026, six blockchain security incidents were reported with total losses of ~$18.05M. These involved improper input validation, token design flaws, key compromises, and business logic errors across DeFi protocols on multiple chains. The primary causes included unchecked user inputs enabling arbitrary calls, flawed burn mechanisms allowing price manipulation, compromised developer tools, and missing solvency checks in lending functions.
For 500+ clients, from Web3 leaders to global regulators
