BlockSec

THE BREACH: 2025 Complete $1.9B+ stolen across 10 incidents. Audits passed. Bugs shipped. Exploits executed. BlockSec protects what matters via @Phalcon_xyz. The next breach is brewing. Thank you for following #TheBreach！ 🧵 Full series 👇

🗓 Weekly Web3 Security Roundup | Mar 23 - Mar 29 8 incidents | ~$1.53M lost this week Full analysis with vulnerability breakdown 👇 blocksec.com/blog/weekly-we… #Web3Security

Try it now: app.blocksec.com/phalcon/compli…

Excited to deepen our collaboration with @Cobo_Global on cross-border payment infrastructure. By integrating BlockSec's KYT risk engines with Cobo's Payment API, we're delivering an all-in-one solution covering payments, risk control, and compliance for global platforms. We look forward to empowering more payment businesses to scale securely and compliantly worldwide. 🙌 #WaaS #MPC #Cobo #AML

.@DriftProtocol on #Solana was exploited several hours ago. According to its public statement, this incident was not caused by a bug in its programs or smart contracts, and there is no evidence of compromised seed phrases. The attacker appears to have tricked multisig signers into approving durable-nonce pre-signatures, enabling admin takeover and parameter abuse. Specifically, the attacker obtained approvals through phishing or misleading signing flows and prepared malicious admin-transfer transactions in advance. At execution, the attacker sent a transaction beginning with AdvanceNonceAccount, which advanced the durable nonce and enabled delayed execution of the pre-signed flow on-chain, rather than expiring like a standard recent-blockhash transaction. The flow then proceeded through proposalApprove and vaultTransactionExecute, triggered UpdateAdmin, and completed the admin takeover. After that, the attacker: 1. created a malicious or illiquid collateral market, identified on-chain as CVT, with permissive risk parameters; 2. switched to an attacker-controlled oracle and inflated CVT pricing; 3. raised or removed withdrawal guardrails across major real-asset markets. The attacker then posted large amounts of CVT as collateral, borrowed against the inflated value, and withdrew real assets including USDC, wETH, dSOL, JLP, and cbBTC. Based on currently traceable on-chain activity, this was the primary value-extraction path. The current loss estimate is $285,279,417. Admin transfer transaction: solscan.io/tx/4BKBmAJn6Td… Loss-tracking reference: #transfers" target="_blank" rel="nofollow noopener">solscan.io/account/HkGz4K…

ALERT! Our system detected a suspicious exploit targeting an unknown contract, reportedly the LML/USDT staking protocol, on #BSC hours ago, resulting in an estimated loss of ~$950K. While the victim contract is not open-source, our analysis suggests a likely pricing-design flaw: claimable rewards appear to have been calculated using a TWAP/snapshot-based price, while the attacker was able to sell the rewarded tokens at a manipulated spot price. This inconsistency may have enabled the attacker to extract profit through price manipulation and reverse swaps. Specifically, the attacker first used swaps, including a path with receiver = address(0), to push up the LML price in the pool. They then invoked claim through attacker-controlled addresses that had deposited earlier, making them eligible to claim directly during the attack. Example deposit TX: app.blocksec.com/phalcon/explor… Attack TX: app.blocksec.com/phalcon/explor… 🟦 Found by #PhalconSecurity, 🟦 Analyzed via #PhalconExplorer.

Weekly Web3 Security Incident Roundup | Mar 16 – Mar 22, 2026 During the past week, BlockSec detected and analyzed seven attack incidents, with total estimated losses of ~$82.7M. 🟦 Detected by #PhalconSecurity, 📷 Analyzed via #PhalconExplorer.

🗓 Weekly Web3 Security Roundup | Mar 9 - Mar 15 Full analysis with vulnerability breakdown 👇 blocksec.com/blog/weekly-we… #Web3Security

@Zai_org @OpenAI Our paper: arxiv.org/abs/2603.10795

One surprise from our data: GLM-5 from @Zai_org ranked 25th on @OpenAI's EVMbench (20.8%) but jumped to 7th on real-world incidents (42.9%), outperforming Gemini 3.1 Pro. Model rankings shift dramatically across datasets.

Yet AI adds real value when guided by humans. With human context, exploit scores jump from 65% to 95.7% (EVMbench's own data). We @BlockSecTeam have built LLM-powered detectors and static analyzers since 2023. The future of smart contract security is human-in-the-loop.

Rankings are also fragile. Swapping the scaffold alone shifts scores by up to 5 percentage points, enough to move a model several positions. EVMbench does not control for this variable, so some "model differences" may just be tooling differences.

Are AI agents ready for detecting and exploiting smart contract vulnerabilities? We re-evaluated @OpenAI's EVMbench with a contamination-free dataset of real-world hacks. Our data shows different results. 🧵 Paper: arxiv.org/abs/2603.10795

@RektHQ @yajinzhou See you in Cannes 🤝

Speaker announcement: @yajinzhou CEO & Co-Founder, BlockSec 70+ papers in top security venues, 10,000+ citations, recognized as one of the Most Influential Scholars in security research for three consecutive years. Now building Web3 security infrastructure at @BlockSecTeam.

"Audit and pray" is not a security strategy. @yajinzhou will be at REKT Security Summit to talk about what real-time incident response actually looks like through @Phalcon_xyz. See you there. @RektHQ 🤝

Excited to announce @BlockSecTeam has joined the @MorphNetwork Payment Accelerator as an official audit partner! Security is the foundation of every great payment product. Payment Accelerator projects now can get access to our audit services. 👉 blocksec.com/audit

Our Transaction Simulation API now supports Story. See exactly what a transaction will do before it's signed: Full on-chain simulation with USD-denominated balance changes. Story joins: Ethereum · BNB Smart Chain · Base · Optimism · Polygon 👇bit.ly/3P2HNnG

Story @StoryProtocol is now live on Phalcon Explorer @Phalcon_xyz ! And with full Pro features unlocked 🎉 Dive into any Story transaction with State Changes, Simulator, and Advanced Debugger. Try this tx example👇 bit.ly/4ll4L5p

Scams. Hacks. Drug networks. Human trafficking. #ThePhalconReport maps where crypto crime converges, and where enforcement can hit hardest. Chapter III is live. Full open-source report → bit.ly/4r6c820