Next-Generation Security for L1 & L2 Chains
Protect your infrastructure before launch. Block attacks at the source to shield your ecosystem and reputation.
Audit core infrastructure, including the VM, bridges, and consensus.
Monitor all on-chain and mempool activities for threats.
Get instant alerts on attacks targeted dApps in your ecosystem.
Track illicit funds to maintain your chain's compliance posture.
Block large-scale hacks before attackers execute them on-chain.
Protect all ecosystem protocols and users with native, real-time defense.
Receive detailed post-mortem reports that deconstruct the full attack vector.
Implement actionable insights to harden your chain against future incidents.
Protect Your Chain Infrastructure at the Core
“Phalcon is an effective tool that helps project teams complete core monitoring in a very short period. Additionally, Phalcon is backed by a highly professional technical team that can provide timely support, solution discussions, development, and testing.”
#2 Bybit Incident: A Web2 Breach Enables the Largest Crypto Hack in History
The largest crypto hack ever, the February 21, 2025 Bybit breach stole about $1.5B after attackers used social engineering to compromise a Safe{Wallet} workflow, injected malicious JavaScript into an AWS S3 bucket, tampered with the transaction signing process, and upgraded Bybit’s Safe{Wallet} contract to a malicious implementation that drained funds across multiple chains.
#1 Cetus Incident: One Unchecked Shift Drains $223M in the Largest DeFi Hack of 2025
Cetus Protocol, the largest concentrated-liquidity DEX on Sui, was exploited on May 22, 2025, resulting in an estimated ~$223M loss across multiple liquidity pools. The attacker leveraged a flaw in checked_shlw(), a custom overflow-prevention helper used in fixed-point u256 math, where an incorrect constant and comparison failed to block unsafe left shifts and caused silent truncation of high bits during liquidity delta calculations. By crafting specific liquidity and tick/price-range parameters, the exploit made required deposits appear near-zero while minting an oversized liquidity position, which was later withdrawn to drain real pool reserves.
Weekly Web3 Security Incident Roundup | Jan 25 – Feb 1, 2026
During the week of January 25 to February 1, 2026, six blockchain security incidents were reported with total losses of ~$18.05M. These involved improper input validation, token design flaws, key compromises, and business logic errors across DeFi protocols on multiple chains. The primary causes included unchecked user inputs enabling arbitrary calls, flawed burn mechanisms allowing price manipulation, compromised developer tools, and missing solvency checks in lending functions.
For 500+ clients, from Web3 leaders to global regulators
