Why Do You Need Phalcon Block?
As a crypto project owner, security is paramount. Despite the burning desire to launch, obtaining thorough audits often feels like an endless wait. And even after seeking multiple audit firms, can you truly be confident in your protocol's impenetrability? As a final measure, you might resort to bug bounties, entrusting the ethical hackers to spot any missed vulnerabilities.
So, after all that effort and diligence, can you genuinely believe your protocol is bulletproof?.
🤯 The unsettling answer? Probably not.
It extends beyond your code and involves external factors. Incidents occur from time to time due to third-party dependencies, governance flaws, vulnerabilities in EVM programming languages, and other contributing factors.
- Act after reviewing the root cause of an attack. Nah, it's too late.
- Get precise alerts before malicious transactions are executed, and take automated actions promptly.
We witness an increasing number of protocols, even highly renowned ones, falling victim to hacker attacks, resulting in irreparable negative consequences for the entire industry. Numerous DeFi users have suffered significant financial losses.
We feel called to productize our exclusive attack monitoring, alerting, and blocking capabilities.
In this condition, Phalcon Block is released, with the mission to safeguard as many protocols as possible by blocking attacks instantly.
In the following videos, we will review BlockSec's keynote speech at DeFi Security Summit 2023, where we will systematically break down this issue.
DeFi hacks are everyday today due to several reasons.
- First, attackers have economic incentives to perform these hacks, as they can profit substantially from such actions.
- Secondly, the lack of enough security-qualified developers contributes to the vulnerabilities in the protocols. Many developers focus on functionalities rather than security and lack adequate training in blockchain security.
- Additionally, universities have limited courses on blockchain security, leading to a shortage of qualified experts in the community.
- Lastly, some hacks are initiated by organized hacking groups or countrywide organizations. These groups are highly covert and persistent, specifically targeting financial institutions, military organizations, and cryptocurrency exchanges to seek huge profits. Their advanced attack methods and abundant resources pose an even greater threat to DeFi projects.
To ensure the security of DeFi protocols, a proactive approach is crucial. This means that protocols cannot simply be deployed and left unattended. They need to actively monitor the ongoing activities within the protocol and be prepared to respond automatically to any potential attacks.
The importance of this proactive approach is heightened in Web3 compared to Web2, for the following reasons.
- First, Web3 introduces more attack vectors, and blockchain's openness makes it easier for both good and bad users to access and analyze the source code of smart contracts.
- Second, exploiting vulnerabilities becomes lucrative for attackers, especially due to the anonymous nature of blockchain transactions, which makes tracking their activities challenging.
- Third, the availability of flash loans allows attackers to amplify their financial capabilities, unlike in Web2 where launching attacks required significant capital.
- Last but not least, certain private transaction services can be abused to conceal malicious transactions. Consequently, the unique properties of Web3 make it easier for harmful attacks on protocols and users to happen while simultaneously making it harder to trace and identify the attackers.
We have developed a prototype system called Phalcon Block in the blockchain industry. Since February 2022, we have been actively exploring ways to overcome certain challenges associated with DeFi hacks, going beyond code audits.
Phalcon Block empowers us to monitor transactions in the blockchain closely. By monitoring these transactions and automatically responding to them, we can reconstruct the underlying technology by replaying the attack transactions and replicating the essential logic of the attack contract.
This process allows us to synthesize a new rescue smart contract. We can then send rescue transactions to ensure that our transactions are faster and placed on the blockchain ahead of the attack transactions.
By leveraging this approach, we have the potential to completely block the attack transactions by acting faster and gaining a leading position within the blockchain.