Web3 Security
/web3security443
All things security focused - breaking news, exploitation breakdowns, and tips for staying safe while going full degen.
Time to dust off this account.
Solodit has merged our pull request, making over 1,200 of Zokyo's detailed findings from 92+ audits available to you
How to Access:
- Visit Solodit (The Home to Web3 Security)
- Select "Zokyo" from the Source dropdown
- Click 'Search' and start learning
How to Access:
- Visit Solodit (The Home to Web3 Security)
- Select "Zokyo" from the Source dropdown
- Click 'Search' and start learning
It always comes down to allowing no one access to your seed phrase....in whatever form.
https://x.com/the_smart_ape/status/1833437549643370795?t=Owbt0csSxsyf8TWeuzajcA&s=19
https://x.com/the_smart_ape/status/1833437549643370795?t=Owbt0csSxsyf8TWeuzajcA&s=19
why penetration testing is essential for mobile and browser extension crypto wallets and what the process involves
https://zokyo.io/blog/unlocking-security-the-power-of-penetration-testing/
https://zokyo.io/blog/unlocking-security-the-power-of-penetration-testing/
This got 9! votes on my Twitter with almost 9k following.
I need farcaster to crush that.
Would you rather watch an educational video with a Loom style facecam than a faceless one?
✅ Yes
❌ No
✍🏻 Doesn't matter if good
I need farcaster to crush that.
Would you rather watch an educational video with a Loom style facecam than a faceless one?
✅ Yes
❌ No
✍🏻 Doesn't matter if good
Have identified several teams using Helius that have failed to protect their API keys. Takes 30 seconds 🫡
https://t.co/zYpYTB7WCq
https://t.co/zYpYTB7WCq
Per coffeexcoin -
"The SSS_HQ $SSS LP was just drained on blast. The OOO - the balance for "from" and then sets the balance for "to" - if these are the same address, the "toBalance" does not take into affect the decrement of "amount" and just overwrites the balance with the initial balance + transferred amount."
"The SSS_HQ $SSS LP was just drained on blast. The OOO - the balance for "from" and then sets the balance for "to" - if these are the same address, the "toBalance" does not take into affect the decrement of "amount" and just overwrites the balance with the initial balance + transferred amount."
In crypto you don’t even need to steal users money, they’ll just give it to you
Per Zach, $122.5M USD sent to Solana "pre-sale" addresses since March 12th
i think a ridiculous amount about defi security, risk, and compliance
it’s why we birthed mamoru.ai last january after years of auditing sc’s
it’s time to solve defi security end to end
proactively detecting *and* reacting to security threats *before* they happen using custom agents
it’s why we birthed mamoru.ai last january after years of auditing sc’s
it’s time to solve defi security end to end
proactively detecting *and* reacting to security threats *before* they happen using custom agents
security reviewing smart contracts and blockchain protocols is not a scalable business
it doesn’t require vc funding nor a token
just passionate security engineers with a qa mindset and familiarity with languages used in web3 ie solidity, rust, golang, move
it doesn’t require vc funding nor a token
just passionate security engineers with a qa mindset and familiarity with languages used in web3 ie solidity, rust, golang, move
ai agents are changing the game in web3 security with their ability to detect threats and remediate them in real time
real-time threat detection and remediation is key in a landscape where threats evolve rapidly and constantly
real-time threat detection and remediation is key in a landscape where threats evolve rapidly and constantly
Within five years, AI’s role in cybersecurity will be indispensable, acting like a digital sentinel against cyber risks.
It’s not just about crunching data; AI will empower analysts, streamline threat detection, and boost response times.
It’s not just about crunching data; AI will empower analysts, streamline threat detection, and boost response times.
GM Farcasters. ☕
Ready for more web3 security content?
🟦🟥
Ready for more web3 security content?
🟦🟥
Lots of phishing chatter this morning. Friendly reminder to deploy the necessary mail security records to prevent impersonation and spoofing vectors (SPF, DKIM, DMARC).
ConcentricFi on Arbitrum was compromised through a contract manipulation exploit, losing about $1.6 million. The attacker upgraded Concentric vaults to malicious contracts they controlled, using an 'adminMint' function to mint and drain LP tokens from the LPStaking contract. Connections to OKX exploiter.
Wise Lending just compromised, 170 ether stolen.
In a 2024 report, Mandiant identified recent CLINKSINK campaigns using at least 35 different affiliate IDs and 42 unique Solana wallet addresses. Operators of the DaaS provide the drainer scripts to affiliates for ~20%.
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
https://www.mandiant.com/resources/blog/solana-cryptocurrency-stolen-clinksink-drainer-campaigns
SEC’s X.com account was compromised - resulting in BTC ETF premature pump. Maybe they should work with Upshield to end this nonsense 🤷♂️