A Platform to Monitor and Block Hacks

is a new paradigm for securing protocols and LP assets. It helps users, protocol operators, traders, and everyone to perceive suspicious transactions, get instant alerts, and take automatic actions. Its battle-tested capability has been proven by successfully thwarting 20+ real-world hacks and rescuing over $14,000,000 worth of assets.

Highlights of BlockSec Phalcon

  • Get early access to precise attack intelligence

  • Automated attack blocking with Customized Actions

  • No-code, flexible monitoring rules configuration

  • Meet both security and operational monitoring requirements

How to Use

BlockSec Phalcon can be accessed when launching and logging into the BlockSec App Suite.

To use Phalcon, you need to subscribe to the Phalcon product. We provide different pricing plans according to features enabled or disabled.

Three Steps to Use Phalcon

  • Add protocol. Add the protocols (smart contracts) you want to monitor.

  • Add monitor: Configure the monitor rules based on Phalcon's attack detection engine and user-configured rules.

  • Add actions (optional): Configure the automatic actions (transactions that will be sent) when the monitor is triggered. Note that our system supports transactions sent from EoA addresses or Safe Wallets. For instance, some protocols can only be paused when transactions are sent from Safe Wallet, which is naturally supported in our system.

Supported Chains

Currently, Phalcon supports Ethereum, BNB Smart Chain, Arbitrum, Merlin, and Manta Pacific. If you are a chain operator and want Phalcon support, please get in touch with us (contact@blocksec.com).

Phalcon Architecture

As shown in the Figure, Phalcon monitors mempool and on-chain transactions and leverages the in-house attack detection engine to determine a transaction's risk level. This risk level is combined with user-configured monitors. If a monitor's rules are satisfied, it will trigger further operations, sending notifications to various channels and (or) performing other automatic actions set by the user. Such automatic actions can pause the protocol, withdraw the funds, etc. Our gas-bidding strategy can help speed up the process of sending out the transactions on the blockchain.

Note that automatic actions are only triggered when such actions are configured in Phalcon. Users can use Phalcon as an attack intelligence and leverage their computing infrastructure for automatic actions, e.g., use Webhook (or other channels) to get notifications and perform the operations on the notification.

  • Use Phalcon to trigger the automatic action. In this case, the users add protocols that they want to be monitored, add monitors and configure the rules, and add automated actions that will be triggered. If the action is to automatically pause the protocol (when the attack is detected), users can pre-sign the pause transactions and configure them into our system. Users can use our Safe Module to send the transaction if the pause transaction can only be sent from a Safe Wallet. Note that fine-grained access control is embedded inside the Safe Module to ensure that only the pause transaction (nothing other than this transaction) can be sent from this module.

  • Use Phalcon as the attack intelligence. In this case, users add protocols and monitors as the previous one. But no automatic actions will be added. Instead, users can use Webhook (or Telegram, Slack, and others) to get notified when the monitor is triggered. Follow-up operations can be performed as needed.

Use Cases

DeFi Protocol Operator

The protocol operator can use Phalcon to monitor attacks on its protocol (smart contracts) and configure Phalcon to automatically pause the protocol when an attack is detected in the mempool or on the blockchain to prevent further losses.

Also, the protocol operator can use Phalcon to monitor sensitive operations related to its protocol, including updating critical configuration, changing admin roles, adding new owners to critical multisig wallets, withdrawing funds from the protocol by admins, and others. Awareness of such sensitive operations (can take corrective actions) is critical to maintaining the protocol's security since inside attackers (or private key leakage) can lead to significant loss to the protocol.

LPs (Liquidity Providers)

LPs are the people who deposit (or stake) many assets into some protocols. When a protocol is hacked, the LP's assets will be drained (not the protocols). Using Phalcon, LPs can get notifications when their investment protocols are hacked and automatically withdraw funds before others (or other strategies) to reduce loss.

L2 Chains

L2 chain operators can collaborate with BlockSec to support Phalcon in its L2 chains. This can help secure the top protocols on the L2 chains, which uphold a thriving ecosystem. Besides, L2 chains can integrate Phalcon deeply inside the chain (e.g., the sequencer) to create an even more secure ecosystem from the root.

Centralized Exchanges

Centralized exchanges (CEX) can automatically use Phalcon to delist tokens affected by hacks. Otherwise, the valueless tokens can be sold in exchanges, which causes loss.

Want to Know More

You can book a demo to talk with our technical support engineers before subscribing to Phalcon.

The detailed user manual of Phalcon can be accessed after subscribing to Phalcon.

Last updated