In this talk we will share our experience of creating a transaction monitoring solution for the EVM-compatible networks. Starting from a standalone Rust application that queries the blockchain RPCs, and ending with a scalable solution that can handle thousands of transactions per second, we will cover all the steps that will explain how to catch the DeFi exploits before they happen. The technology stack is based on Apache Flink, a popular framework to perform stateful computations on streaming data. We believe it hasn't found yet widespread usage in the blockchain security, while it has solid capabilities to process the transactions, logs, traces and all the available on-chain information in real-time. We will also share a set of detection rules that can be used to spot potential exploits, as well as the techniques to prevent attacks on the DeFi protocols. And of course we will share our experience of running this solution in production for the last months, starting from findings and ending with the operation costs and lessons learned.