Your account got compromised at 2am. You'll know by 2:05.
Most users find out their crypto account was compromised hours after the bleeding starts — when they wake up, when they check the balance, when the exchange finally emails. Guardian watches every account you've connected and tells you the moment something doesn't look like you. Press and hold to confirm, and Perpblock automatically stops every trade, closes every position, and pulls the keys.
Three things can go wrong with your crypto.
One —the market crashes. You bought at the top, you get liquidated, you lose. That's market risk. Cascade Guard handles this — it monitors your margin and closes positions before a cascade takes everything.
Two —the exchange fails. The platform goes insolvent, freezes withdrawals, or gets hacked at the infrastructure level. Non-custodial architecture handles this. We never hold your money. Platform failure can't take you out.
Three —someone gets into your account. Not a market event, not a platform event — a person with your password, your API key, or your session token. Phished credentials. Malware on your machine. A SIM swap that bypassed your SMS 2FA. A leaked key from a data breach you didn't know happened.
Guardian is problem three.
Watch. Notice. Stop the bleeding.
It watches your account, all the time, for things that don't look like you. When it notices, your phone buzzes. You read the alert. If it really wasn't you, you press and hold a button for three seconds. Perpblock automatically stops every trade, closes every position, and revokes the API key from the exchange. The whole thing — from the moment Guardian sees something wrong to the moment your account is locked down — takes under a minute.
That's it. That's the whole product.
✦ The five-minute story
What the experience actually feels like.
You're asleep. It's 2:00am on a Tuesday. Someone — an attacker who phished your exchange password a month ago and waited — logs into your Coinbase account from a laptop in Lithuania. They start a withdrawal of 1.4 BTC to an address you've never seen before.
Without Guardian, this story ends at 7:30am when you wake up, check your phone, and find the BTC gone.
Attacker initiates withdrawal of 1.4 BTC from Lithuania.
Guardian's scan fires. IP mismatch. Volume anomaly. Unknown destination address. Three signals simultaneously.
Your phone buzzes. Push notification and email at the same moment.
You're up. You look at the alert. You press and hold for three seconds.
Every strategy stopped. All positions closed. API keys revoked.
Exchange account locked. The attacker can't do anything else.
Trades that don't match your strategies
Logins or API calls from unfamiliar locations
Request rate too fast or slow for your strategies
Trading volume bigger than your usual
Trading in assets you never touch
Activity from two places that are physically impossible simultaneously
Balance drop that doesn't match any trade
Withdrawal outside your normal pattern
Positions opening or closing in cascading sequences
Multiple withdrawals in quick succession
Multi-exchange activity outside your cross-venue behaviour
✦ What it watches for
Eleven signals. Two categories of attack.
Guardian watches for eleven specific patterns that suggest someone other than you is using your account. “Doesn't match” is measured against your own history — your unusual is different from someone else's.
The patterns are specific because the attacks are specific. Generic “suspicious activity” alerts produce so much noise that users disable them.
✦ The press-and-hold
Three seconds. Conscious. Hard to spoof.
When Guardian fires, you confirm the response with a press-and-hold gesture. Three seconds. Not a checkbox, not a tap. Buttons can be clicked accidentally. A three-second hold requires conscious physical action.
What if I can't confirm?
Alert stays open. Confirm from any logged-in session within 24 hours.
What if my finger slips?
Holding less than three seconds doesn't trigger anything.
What if the attacker tries to dismiss the alert?
Dismissing doesn't undo it. Detection is logged. The next scan fires again.
Withdrawal of 1.4 BTC initiated from an IP in Lithuania. You've never withdrawn from there.
2026-05-15 · 02:04:31 UTC
Press and hold · 3 seconds
Every strategy stops
No new trades open.
All positions close
Margin positions close first to prevent forced liquidations.
API keys revoked
Exchange enforces immediately. Even if an attacker is in the system, they can't act through our connection.
Emergency contacts appear
Exchange phone number, urgent-ticket form, account-lock page.
Everything logged on-chain
Timestamped, anchored, immutable — evidence for the exchange, insurance, and forensics.
✦ What happens when you confirm
Five things happen automatically.
The moment you complete the press-and-hold, Perpblock executes a fixed sequence. Every step is automatic. You don't have to remember the order. You don't have to be at a desk.
Total elapsed from Guardian fires to account locked down: under a minute.
✦ Honest disclosure
What Guardian doesn't do.
This page would be easier to write if Guardian solved everything. It doesn't.
Guardian doesn't prevent the compromise.
If someone phishes your password, that's already happened. Guardian's job is to make the damage small. Your password discipline, hardware MFA, operational security — those are still yours.
Guardian can't see what it's not connected to.
If your seed phrase is leaked and the attacker uses it on a platform not connected to Perpblock, Guardian doesn't see it.
Guardian can't get stolen funds back.
The panic flow stops the bleeding. It doesn't reverse withdrawals that already completed.
Guardian can't fully prevent false positives.
Real users do unusual things. You might travel to a new country or make a larger-than-normal trade. The alert is informational — you decide whether to confirm.
We tell you the limits because the alternative is selling you something you'll resent when you discover them later.
✦ Where Guardian fits
The third layer.
The architecture
Non-custodial. We never hold your money. Platform failure can't take you out.
Wallet defense
Transaction simulation, approval scanner, address poisoning defense — for threats inside our signing flow.
Guardian
When something gets through anyway — compromised password, stolen API key, malware — Guardian sees it on your account and contains it.
Most platforms have nothing in layer one (custodial), nothing in layer two, nothing in layer three. A few have layer one. Almost none have layer three.
✦ Common questions
What users ask about Guardian.
✦ Ready
Compromise to containment in five minutes.
You can't prevent every attack. You can make sure none of them go unnoticed long enough to matter.
Guardian on every Core+ account. No add-on, no upcharge.