I have the same i3lock version and I see that in /var/log/auth.log are information about granted or failed authentications.
E.g.:
/var/log/auth.log:Jan 13 09:09:22 **** adclient[1565]: INFO AUDIT_TRAIL|Centrify Suite|PAM|1.0|101|PAM authentication denied|5|user=dave(type:ad,dave@dave) pid=12337 utc=1484294962044 status=DENIED service=i3lock tty=(none) client=(none) reason=Authentication failure
/var/log/auth.log:Jan 13 09:09:29 *** adclient[1565]: INFO AUDIT_TRAIL|Centrify Suite|PAM|1.0|100|PAM authentication granted|5|user=dave(type:ad,dave@dave) pid=12337 utc=1484294969896 status=GRANTED service=i3lock tty=(none) client=(none)
So I think it would be easy to create simple deamon, that search for "status=DENIED service=i3lock" in /var/log/auth.log and take some action about it.
EDIT (Answer added by Jezor):
On Manjaro (Arch) doesn't have /var/log/auth.log enabled by default.
To enable logging:
journalctl SYSLOG_FACILITY=10
Logs can be found in /var/log/journal
It's tailable and failed logging with i3lock looks like:
Jan 31 22:22:37 manjarko i3lock[4135]: pam_unix(i3lock:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost= user=jezor