Phalcon Block|Attention LPs, Please Check Your Must-Have Security Defense Tool

6 min readOct 8, 2023

On September 11, Professor Yajin Zhou, the CEO of BlockSec, delivered a speech titled “How to Take Action in a Security Incident: From LP and Exchange’s Perspective” at Cobo’s “Singapore DeFi Day”. During the event, Prof. Zhou shared insights on how BlockSec utilizes its exclusive attack interception tech, Phalcon Block, to assist LPs and exchanges in promptly securing funds during security incidents.

The following is the script of the speech:

My name is YaJin Zhou. I’m the CEO and co-founder of BlockSec. Today I’m going to talk about our solutions to secure the blockchain space.

The DeFi ecosystem involves multiple parties, including liquidity providers (LPs), DeFi protocols, and centralized exchanges. LPs invest their money into DeFi protocols, which issue tokens that are then listed on centralized exchanges.

When discussing security in the blockchain space, we always talk about the security incidents from the DeFi protocols’ perspective, like how DeFi protocols handle security incidents, and how to secure DeFi protocols through security auditing, monitoring, and other solutions. However, today, I am going to talk about security from another perspective — from the perspective of LPs and exchanges.

If you are an LP investing in a DeFi protocol, typically, you solely rely on the protocol to secure your funds. Well, can we have confidence in DeFi protocols to take the security of our funds seriously? In fact, when security incidents occur, some DeFi protocols are unable to identify what happened, comprehend the root cause of security vulnerabilities, or know how to patch the security vulnerabilities.

Therefore, if you are an LP and put your money on DeFi protocols, you will lose money when security incidents occur. That’s because most DeFi protocols do not understand security very well. They use manual intervention to pause the protocol, but it’s already too late, as your investment in the DeFi protocols has been drained by the attackers. If you are a centralized exchange, you may also lose money. That’s because the tokens listed on the exchange may become worthless, and you do not know about that. As a result, arbitrageurs can exploit the opportunity to sell these worthless tokens on exchanges at a much higher price.

Let me give you two examples.

Example 1 (from the perspective of LPs):

There was a security incident called the Ankr & Helio incident last year. In this incident, attackers minted a large amount of aBNBc tokens. Because these tokens are minted without any cost, their value will fall.

Unfortunately, the Helio protocol did not know about this and still accepted aBNBc tokens as collateral. Attackers were able to deposit these worthless tokens into the Helio protocol as collateral to borrow other tokens, such as native tokens. As a result, an exploiter deposited 183,884 aBNBc into the Helio protocol and withdrew over 16 million HAY, worth about 16.7 million dollars. There was nearly one hour for the Helio protocol to respond, but they didn’t because they did not understand the consequences of security incidents. If you are an LP who puts your money into the Helio protocol, you will lose money because the DeFi protocols do not take action.

Example 2 (from the perspective of CEXs):

Another example is the pGala incident that occurred last year. In this incident, a hacker minted a significant quantity of GALA tokens. The hacker dumped GALA on PancakeSwap. The liquidity ran out and caused the price of GALA on the BSC chain to plummet by 99%. However, the Huobi exchange did not know about the security incident. It wasn’t until 167 minutes after the incident occurred that Huobi suspended the deposit and withdrawal services for the GALA token. The incident not only caused Huobi to lose millions, but also resulted in significant reputational damage and user disputes. Under the circumstances, exchanges fail to take prompt action because they are not informed of the security incident in a timely manner, do not fully comprehend its root cause, and do not know how to take appropriate action.

To solve the above mentioned issues, we face several challenges.

  1. Firstly, LPs and exchanges must be aware of the occurrence of such security incidents. They need an on-chain monitoring system to detect ongoing attacks and then take automatic action. So the first challenge is how to detect these ongoing attacks on the blockchain.
  2. Another challenge is how to maintain the balance between false positives and false negatives when detecting attacks. A system that generates too many false positives won’t be favored because it will alert you every day to an attack that isn’t taking place.
  3. The third challenge is how to make an automated response. We cannot rely on manual intervention to stop such attacks. If you are an LP, you need some automated actions to withdraw all your money from DeFi protocols. If you are an exchange, you need some automated actions to stop listing these affected tokens. Therefore, you need to take automated action when a security incident happens.

Last year, we started the development of a system called Phalcon Block. The basic idea of Phalcon Block is to monitor transactions on the blockchain. With our highly accurate detection engine, we can identify whether these transactions are malicious or not. If the transaction is malicious, our system allows users to configure what response actions to take when an attack occurs. For instance, users can configure to withdraw all their money from specific protocols. Phalcon Block has two primary usage scenarios: DeFi protocols and LPs. LPs can configure response actions in the event of a security incident.

Our system offers several key advantages.

  1. Firstly, we have a highly precise attack detection engine that maintains a balance between false positives and false negatives.
  2. Secondly, our system is designed to respond automatically in the event of a security incident. If users have properly configured the response actions, our system will automatically take the actions without any human intervention.
  3. As previously mentioned, the response actions are configurable. Users can configure different strategies to withdraw their money from the affected protocols; exchanges can stop listing such tokens on the system when something bad happens.

We are pleased to announce that the beta version of our system will be released in October. Also, our collaboration with Cobo on “Security Frontrun Bots” will help LPs on the Cobo Argus safeguard their assets. That is all I will talk about today. Thanks very much.

About Phalcon Block

Phalcon Block is a flagship product within our comprehensive security development suite, Phalcon. It offers the ultimate last line of defense to safeguard you against imminent attacks. The revolutionary significance of Phalcon Block sets us apart as the first and only firm to successfully prevent attacks within the industry. Acting faster than attackers, we have intercepted ongoing attacks and rescued over $14,000,000 assets.

Excitingly, the beta version of Phalcon Block will be released soon. Learn more about the product and join the waitlist right now!




The BlockSec Team focuses on the security of the blockchain ecosystem and the research of crypto hack monitoring and blocking, smart contract auditing.