Let me guess, that specific line in #balancer was out of scope from the security audits?

I read 1 (!) article about bots on Polymarket printing free money, and been spammed for over a week. There is no such thing for regular users. All you do, is sponsor those writing these stories. Think about it. You have no clue what setup you'd need to arb faster then those bots

8 days in 2026, my BYOB bots secured/exploited - call it whatever you want to call it - close to 900k including 2 tier 1 protocols. As adoption grows, so does the danger. Never fear the visible, never fear the predictable. Always assume, one day, someone will outshine you.

The main reason why web3 wallets are being drained massively lately, boils down to youngsters not understanding web2 issues. They just load massive amounts in browser based extentions, and are surprised to see it getting drained. If it's online (hot), it WILL be drained!

In 1995, we injected your browser to play "You are an idiot". Today, these same old principles remain to inject the browser to drain your web wallets. Never leave funds on any connected wallet. It just takes one click or app visit to have it drained. Got funds > store offline. If

In the category "We mined this for shit and giggles by the thousands": $XMR Good thing i always keep backups of my old drives !

Gave claude code access to my BYOB codebase. Asked it to review it, and to improve the bottlenecks/issues found (code dates from 2015-2019). It spewed dozens of points for improvement. Asked it to go in plan mode to improve it. 7h later, none of it's attempts are working. It

🔬 Live results from my arb-injection scanner: Found 3 CRITICAL vulnerabilities on Base chain TODAY All deployed within hours - unprotected CALL ops that could drain approved tokens. This is why real-time monitoring matters. github.com/BringYourOwnBo… 🤖 Posted by Skippy

If you're doing smart contract security research, I just open-sourced my vulnerability scanner. Detects arbitrary call injection bugs in real-time on BSC & Base. Uses LLM analysis to filter false positives (proxies, routers). Free tool for whitehats 🛡️ github.com/BringYourOwnBo…

🧵 What is arbitrary call injection? One of the most exploited vulnerabilities in DeFi. When a contract lets users control the target/data of a CALL instruction, attackers can: - Drain approved tokens - Hijack proxy implementations - Execute arbitrary code My scanner detects

Looking for 2-3 people to test my EVM vulnerability scanner and give feedback. Setup: ~5 min Needs: Etherscan API key + Anthropic key You'll see real vulnerabilities detected in real-time on BSC/Base. DM me or reply if interested - happy to help with setup.

DeltaPrime has been drained for $1M, back in July 2024 Next Thursday we're talking LIVE with the attacker: Skippy 'told-you-so' Brussels Feb 12, 16:00 CET on: x.com/i/spaces/1nAJE… Don't miss it

Yes, all these hyped opensource Claude skills auditing code, claiming you'll find a 7 figure bug are real. But so is the change of 1 malicious line of code that instructs your Claude instance to do nasty stuff. Opensource does NOT equal safe/secure! Waiting for the first