我们很高兴地宣布,BlockSec 已完成由 Fenbushi Capital 领投的种子轮融资,A&T Capital、Qulian、Impossible Finance、Incuba Alpha 和 NEAR MetaWeb Ventures 参投。
BlockSec 成立于 2021 年,今年已为超过 50 个客户提供服务,并保护了价值数千亿美元的数字资产。公司拥有用于 BSC 和以太坊的在线交易虚拟化系统(https://tx.blocksecteam.com)以及用于以太坊和 Cronos 的闪电贷监控系统(https://versatile.blocksecteam.com/flashloan)。
BlockSec 团队专注于区块链生态系统的安全,并与领先的 DeFi 项目合作,以保护其产品。该团队由学术界和业界的顶尖安全研究人员和经验丰富的专家组成。他们曾在著名会议上发表了多篇区块链安全论文,报告了多个 DeFi 应用的零日攻击,并发布了高影响力安全事件的详细分析报告。
~$15.9M Lost: Trusted Volumes & More | BlockSec Weekly
This BlockSec bi-weekly security report covers 11 notable attack incidents identified between April 27 and May 10, 2026, across Sui, Ethereum, BNB Chain, Base, Blast, and Berachain, with total estimated losses of approximately $15.9M. Three incidents are analyzed in detail: the highlighted $1.14M Aftermath Finance exploit on Sui, where a signed/unsigned semantic mismatch in the builder-fee validation allowed an attacker to inject a negative fee that was converted into positive collateral during settlement; the $5.87M Trusted Volumes RFQ authorization mismatch on Ethereum; and the $5.7M Wasabi Protocol infrastructure-to-contract-control compromise across multiple EVM chains.
Newsletter - April 2026
In April 2026, the DeFi ecosystem experienced three major security incidents. KelpDAO lost ~$290M due to an insecure 1-of-1 DVN bridge configuration exploited via RPC infrastructure compromise, Drift Protocol suffered ~$285M from a multisig governance takeover leveraging Solana's durable nonce mechanism, and Rhea Finance incurred ~$18.4M following a business logic flaw in its margin-trading module that allowed circular swap path manipulatio
~$7.04M Lost: GiddyDefi, Volo Vault & More | BlockSec Weekly
This BlockSec weekly security report covers eight attack incidents detected between April 20 and April 26, 2026, across Ethereum, Avalanche, Sui, Base, HyperLiquid, and MegaETH, with total estimated losses of approximately $7.04M. The highlighted incident is the $1.3M GiddyDefi exploit, where the attacker did not break any cryptography or use a flash loan but simply replayed an existing on-chain EIP-712 signature with the unsigned `aggregator` and `fromToken` fields swapped out for a malicious contract, demonstrating how partial signature coverage turns any historical signature into a generic permit. Other incidents include a $3.5M Volo Vault operator key compromise on Sui, a $1.5M Purrlend privileged-role takeover, a $413K SingularityFinance oracle misconfiguration, a $142.7K Scallop cross-pool index injection, a $72.35K Kipseli Router decimal mismatch, a $50.7K REVLoans (Juicebox) accounting pollution, and a $64K Custom Rebalancer arbitrary-call exploit.