As you know, we have multiple security research projects with an open-ended scope on #web3 and #crypto. This 🧵is on *Software Wallets* (1/5)

Recently during our research on software wallet security, we came across a mobile wallet that was **automatically and silently** approving signature requests from connected DApps, which would allow an attacker to steal your all your favorite NFTs or tokens. 1/6 🧵

New post on using CodeQL to find C/C++ code patterns that lead to missed auto-vectorisation opportunities. sean.heelan.io/2023/03/01/fin… I couldn't find many static analyses for optimisation that I could use off-the-shelf on arbitrary C/C++, so I built one myself. Summary: (1/N)

"This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository. " oooooofffff github.blog/2023-03-23-we-…

The paid #ChatGPT offers 8 prompts an hour and I feel like this youtube.com/watch?v=Qf3xwm…

🔎Our ongoing research on wallets contributes to the security of the crypto ecosystem. 💪 🚀 Check out our latest finding, which impacted over 40 vendors! 😲 📡 Stay tuned for further updates. 🌐 coinspect.com/chainId-EIP-71…

Coinspect research 🔥🔥 Sorry for reporting on a friday 😬 dea5ad37fc03eb2c95336ebc089af3e67bb04a6d20896bd85754d956cb852a79

Guys at times like these, it’s very important to take a step back, breathe and remember how hilarious this really is

Yep

Buen día para tod... DKSKSJDLEJLLSHDKDJDLNXMDWP LE HICIMOS UN GOL A DINAMARCA, GOLINUCCI TE AMO 🇸🇲🇸🇲🇸🇲🇸🇲🇸🇲

Thanks easyJet for making us wait outside during snow while carrying a baby. Next time have the courtesy of letting us know in advance so we can at least dress for the occasion.

Chromium money tree A map of all the bug bounties paid for Chrome, mapped to source files, in a tree. By Rebane lyra.horse/misc/chromium_…

Two-time European weightlifting champion Oleksandr Pielieshenko died at war “Defending Ukraine from the invaders, Honored Master of Sports of Ukraine, two-time European champion and Olympic weightlifting participant Oleksandr Pielieshenko died heroically,” Viktor Slobodianiuk,

Has anyone else received Google Drive requests for files that are already public? Strangely, they’re asking for Editor access. Seems suspicious.

🚨Coinspect's dApp integrity monitoring tool captured Compound's front-end attack. We are analyzing the JavaScript payload, join our Discord for updates discord.gg/DuwywSQK

First results from Coinspect Security investigation into Compound Labs compromise:

🚀 Wallet Security Ranking Launched! 🔎After months of thorough testing, our comprehensive crypto wallet security framework is live. ⚠️Which wallet do you use, and how did it score? ➡️We test, you decide. coinspect.com/wallets/

iarce Yes, and a benchmark to measure bug-finding ability. OpenBSD qualifies as widely used software, at least among my friends.

Ever wondered what the Alt-Svc header is used for? Well, it can make you a MitM if you control it! I can finally publish the writeup to my GymTok challenge: control the header, become MitM, and perform a cross-protocol attack! blog.pspaul.de/posts/gymtok-b…

🚨 Curve Finance Frontend Hijack Still Active DNS hijack began ~2025-05-12 21:30 UTC. Users visiting the Curve frontend are being served malicious JavaScript wallet drainer code. Malicious dApp is hosted via Cloudflare infrastructure. We’ll keep this thread updated. 🧵