The Unseen Threat: Why Attackers See What Developers Miss by Bartosz Barwikowski from HackenProof! The main idea of this speech is to share some insights from Bartosz's experience and showcase the scenarios where a developer most likely can make a mistake. Full video below 👇🧵

⚡️ ETHDenver 🏔🦬🦄 is ON, and Booth #506 is the place to be! Come by for good vibes, great convos, and maybe a little something extra. See you there! 🔥

🔥 This week at #ETHDenver, our Bartosz Barwikowski took the stage to break down The Unseen Threat: Why Attackers See What Developers Miss. A deep dive into why vulnerabilities slip past devs but are crystal clear to hackers. Let’s recap some key insights! 🧵👇

Got another bug bounty on HackenProof! My bug bounty journey continues 😁 My goal for this year is to be no. 1 hacker on HackenProof leaderboard

I've found another issue on HackenProof! I'm getting closer to be in top 3 hackers on HackenProof 😁 One day I'll write what was the issue and how I found it, stay tuned!

On Feb 17 2025 I reported a critical vulnerability to Scroll. $100m+ in TVL was at risk for more than 2 months. Anyone could force Scroll L2 into an indefinite re-org, halting the chain so that no user transactions would be included in blocks and the chain would not move

While our bug bounty today focuses on Sui core infrastructure and does not cover protocols, applications, or smart contracts built on it, we’re expanding it over the next six months to pay additional bounties for any protocol with more than $50M TVL, helping incentivize bounty

I was recommending to do it during SuiSummit in Denver, I am glad they finally did it! I hope that other protocol will do the same.

Today HackenProof finally updated leaderboard so it includes my bugs from February. Top 3 secured 🥉. The goal is the same - #1 place, so lets wait for issues from March and April to be finally resolved 📷 I'll be posting about them soon, two criticals are waiting. Stay tuned!

Next week, our L1 Researcher & Auditor Bartosz Barwikowski breaks down a $1.1M bug that almost slipped by. Don’t miss the key lessons and expert tips to safeguard your own project. Save your spot 👉 hackenio.cc/inside-a-1m-bug

I’ve built a tool that will critique and challenge your project to help you uncover hidden threats. Made for investors, VCs and startup founders. From my experience, it’s very hard to get constructive criticism when you’re deep in a project. It’s much easier to hear that what

Hackers know your code better than you do 🕵️‍♂️ In 2 days, our security pro Bartosz Barwikowski will reveal your blind spots. 15+ years in ethical hacking, 70+ critical Web3 bugs found – Bartosz is here to outsmart the blackhats. Sign up 👉 hackenio.cc/top-10-attack-…

At 15:00 CET / 13:00 UTC I'm hosting a webinar about "Top 10 Attack Paths Your Devs Are Blind To". This webinar will be about places where I search for issues in the first place when I'm doing audits or bug bounties. I found over 70 critical issues during last 3 years while doing

My personal review of executing a hard, real-world programming task with different models. TL;DR: only gemini 2.5 pro with deep thinking is somehow useful. I’m working on a few AI projects that use Prefect, Laminar, and multiple LLMs. To simplify development, I recently merged

See you tomorrow at EthWarsaw! Just one thing, there was a change in plan because I was not yet allowed to publish story about my biggest issue which was allowing to steal $6M+. So I'll be doing presentation about "AI Audits - case study & more - 2,800 AI-Generated Tests, 22

Nemo experienced a security incident occurred last night, impacting the Market pool. We are investigating the matter and have suspended all smart contract activity for the time being. We plan to share when more information becomes available. All Vault assets remain untouched.

I'm looking for a person experienced with using LLMs and creating prompts. If you can do it better and faster than me then I won't have a problem to pay you $100/h. I created recruitment task with an example problem I'm dealing with, if you know how to deal with those problem

On August 11, we reported a Critical vulnerability (C-2) to Nemo regarding unauthorized manipulation of py_index_stored, an index variable which affects all interest, yield, and conversion calculations. We warned of potential "incorrect payouts, market disruption, and loss of