Akshay Srivastav (@akshaysrivastv) 's Twitter Profile
Akshay Srivastav

@akshaysrivastv

Independent Security Researcher | Smart Contract Auditor |
SR @SpearbitDAO | Top warden & lookout @code4rena

ID: 4757047765

linkhttps://akshaysrivastav.com calendar_today14-01-2016 07:53:30

903 Tweet

3,3K Followers

557 Following

Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

Most web3 security newbies are bombarding projects with invalid bug reports. We have upsold the 'web3 bug hunter' dream so much that - report triaging is a business offering now and, - bug triager is a job title

Daniel Von Fange (@danielvf) 's Twitter Profile Photo

Yesterday's complete hack of Wise Lending was far more complex than reported. Very worth examining. The protocol had added explicit defenses against this style of attack, which the attack then either bypassed or used against the protocol. 🧵 1/21

Yesterday's complete hack of Wise Lending was far more complex than reported. Very worth examining.

The protocol had added explicit defenses against this style of attack, which the attack then either bypassed or used against the protocol.    🧵 1/21
Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

It took just 3 weeks for the top 3 guys to earn $800K But it also took exceptional talent and years of hard work to find critical bugs that hundreds of other competitors missed Kudos to all the winners Fortunately I also found two medium severity bugs in this contest 🙏

Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

In the recent ZkSync contest on Code4rena the top guy made half a million dollars while the low rankers made less than 100 bucks The web3 security space is crazy There are no minimum or maximum wages Just bring your skills on the table, deliver results and earn payouts 🚀🚀

Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

Everyone is competing in Solidity based audit contests But $280,000 are up for grabs right now for non-solidity smart contract audits $100K Cairo contest on Code4rena $80K Rust contest on Hats.Finance 🦇🔊 $50K Rust contest on Cantina 🪐 $50K Rust contest on Secure3 🔜 Token2049 🇸🇬 LG anon.

Sapphire Dynasty (@sapphireweb3sec) 's Twitter Profile Photo

New post, new bug analysis! 🔍 Exploitable flaw found in Ondo’s lending protocol! Learn how an attacker can drain funds of initial depositors from the freshly deployed CToken contract. Our team member, Akshay Srivastav, uncovered a unique vulnerability in the CToken contract

New post, new bug analysis! 🔍
 
Exploitable flaw found in Ondo’s lending protocol! Learn how an attacker can drain funds of initial depositors from the freshly deployed CToken contract.
 
Our team member, <a href="/akshaysrivastv/">Akshay Srivastav</a>, uncovered a unique vulnerability in the CToken contract
Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

C4 just launched their Pro League🏆🏆 Top tier auditors collaborating to secure your protocol. You cannot ask for anything better. I am happy to be a part of it. Let's go chads🚀🚀

Lefteris Karapetsas | Hiring for @rotkiapp (@lefterisjp) 's Twitter Profile Photo

This was handed out for the press TL;DR seems to be: - Tool was used by criminals - Alexey did not do anything to stop it - Tool has no legitimate non criminal use - accuse him of criminal intent & arrogance - 64 months imprisonment - steal his car & crypto since he is so bad

This was handed out for the press

TL;DR seems to be:

- Tool was used by criminals 
- Alexey did not do anything to stop it 
- Tool has no legitimate non criminal use
- accuse him of criminal intent &amp; arrogance
- 64 months imprisonment
- steal his car &amp; crypto since he is so bad
Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

WazirX has been hacked for $230 millions It seems their multisig wallet was upgraded to a malicious implementation which simply lets the attacker pull out all ETH and ERC20 funds from the multisig

WazirX has been hacked for $230 millions

It seems their multisig wallet was upgraded to a malicious implementation which simply lets the attacker pull out all ETH and ERC20 funds from the multisig
Akshay Srivastav (@akshaysrivastv) 's Twitter Profile Photo

Official LiFi statement about the $10M attack “The incident was caused by an individual human error in overseeing the deployment process” Web3 industry needs to figure out secure deployment and upgrade standards for decentralised protocols