Phalcon

Phalcon

148 Twitter followers

Follow

Security Development Suite for DeFi Projects. Powered by @BlockSecTeam Phalcon Browser: http://phalcon.xyz

Posts

.@DriftProtocol on #Solana was exploited several hours ago. According to its public statement, this incident was not caused by a bug in its programs or smart contracts, and there is no evidence of compromised seed phrases. The attacker appears to have tricked multisig signers into approving durable-nonce pre-signatures, enabling admin takeover and parameter abuse. Specifically, the attacker obtained approvals through phishing or misleading signing flows and prepared malicious admin-transfer transactions in advance. At execution, the attacker sent a transaction beginning with AdvanceNonceAccount, which advanced the durable nonce and enabled delayed execution of the pre-signed flow on-chain, rather than expiring like a standard recent-blockhash transaction. The flow then proceeded through proposalApprove and vaultTransactionExecute, triggered UpdateAdmin, and completed the admin takeover. After that, the attacker: 1. created a malicious or illiquid collateral market, identified on-chain as CVT, with permissive risk parameters; 2. switched to an attacker-controlled oracle and inflated CVT pricing; 3. raised or removed withdrawal guardrails across major real-asset markets. The attacker then posted large amounts of CVT as collateral, borrowed against the inflated value, and withdrew real assets including USDC, wETH, dSOL, JLP, and cbBTC. Based on currently traceable on-chain activity, this was the primary value-extraction path. The current loss estimate is $285,279,417. Admin transfer transaction: solscan.io/tx/4BKBmAJn6TdsENij...… Loss-tracking reference: solscan.io/account/HkGz4KmoZ7Z...… twitter.com/Phalcon_xyz/status...

Blacklisted by @circle. Deposited 150K USDT to Binance 35hrs later. Linked to http:/Nobitex.ir (Iran). @nobitexmarket This is 1 of 549 Tron addresses USDC froze Mar 24, 90 are now USDT-frozen too, 28–42hrs behind. The gap between stablecoin blacklists is real.

#ThePhalconReport Chapter IV — The Drug Cartel Ledger Drug money is going on-chain — not as a workaround, but as core financial infrastructure. Two cases reveal how cartels and professional launderers are replacing cash with USDT. Final chapter ↓ twitter.com/Phalcon_xyz/status...

ALERT! Our system detected a suspicious transaction targeting an unknown contract (the AM/USDT pool) on #BSC hours ago, resulting in an estimated loss of ~$131K. The root cause was a flawed burn mechanism, which was abused to manipulate the pool’s AM reserves and artificially inflate the token price. In this incident, the attacker first manipulated toBurnAmount, then triggered the burn logic after adjusting the pool’s AM balance. This reduced the AM reserve to an abnormally low level, allowing the attacker to sell AM back into the pool at an artificially inflated price and realize profit. Attack TX: app.blocksec.com/phalcon/explo...… 🟦 Found by #PhalconSecurity, 🟦 Analyzed via #PhalconExplorer.

A labor guarantee platform's on-chain activity across 2025. The pattern: crackdown → contraction. Adaptation → rebound. Sustained pressure → structural decline. Short-term crackdowns caused dips. Multi-layered, sustained pressure drove the real fall. #ThePhalconReport

We identified labor guarantee platforms turning human trafficking into a platform business. Deposit + final payment. Mediated by a "guarantor." Settled in USDT on TRON. Buying and selling people, packaged as e-commerce. #ThePhalconReport · Chapter III · The Scam Compound

ALERT! Our system detected a suspicious transaction targeting the MT–WBNB pool on #BSC hours ago, resulting in an estimated loss of ~$242K. The root cause stems from a flawed buyer-limitation mechanism: in deflation mode normal buys revert while router/pair are whitelisted, allowing the attacker to bypass restrictions via router swaps and liquidity removal to obtain MT from the pair. The attacker then sold MT to accumulate pendingBurnAmount and called distributeFees() to burn MT directly from the pair, artificially pumping the price before swapping MT back to WBNB for profit. Additionally, a referral rule allowing the first 0.2 MT transfer to bypass buyer limits enabled the attacker to bootstrap the attack. Attack TX: app.blocksec.com/phalcon/explo...… 🟦 Found by #PhalconSecurity, 🟦 Analyzed via #PhalconExplorer.

#ThePhalconReport Chapter II — The Freeze In 2025, stablecoins crossed a threshold: from passive payment rails to active enforcement infrastructure. Tether @tether blacklisted 4,163 addresses and froze ~$1.26B in USDT. Full chapter ↓ twitter.com/Phalcon_xyz/status...

The @SolvProtocol BitcoinReserveOffering contract was reportedly exploited, resulting in a loss of ~$2.7M. The root cause is a reentrancy issue caused by an unintended interaction between mint() and the ERC721 receiver callback. When redeeming the entire value of an ERC-3525 SFT, the contract transferred the SFT via safeTransferFrom (doSafeTransferIn), triggering onERC721Received. The callback immediately minted BRO based on the SFT value. After returning, mint() resumed and minted BRO again for the same value, effectively double-counting the asset. By repeatedly cycling burn → mint, the attacker amplified their BRO balance, inflating a small initial amount into a large supply and ultimately exchanging it for SolvBTC to realize the profit. Attack TX: app.blocksec.com/phalcon/explo...… twitter.com/Phalcon_xyz/status...

Crypto crime funds are diverse at source but concentrated at destination. Despite vastly different laundering paths, most illicit money still converges on a small number of centralized exchanges. #ThePhalconReport · Chapter I · The Money Map

Loading..