the founder 0xlaw openly admitted on the Taiki Maeda podcast that their bug bounty strategy is to: 1. exploit the protocol first 2. negotiate afterwards 3. still call yourself whitehat after hearing that I stayed far away from this protocol

I made $50k last month from Web3 Security 🤯 I’ll write how I did it below:

Who We Are? It started in 2022 when two partners began auditing together. In 2023, they founded CD Security to handle the rising demand and built a team of elite auditors. Almost three years later, our mission stays the same - securing and strengthening Web3.

guys, the Web3 security thing didn’t work out… first shift at McWages. wish me luck 🤞

your house if you started finding bugs in smart contracts instead of whining about AI replacing you.

I’m approaching 10k followers. 🔥 Been posting for 4 years already. If you’ve been following me for a while, you know I’ve shared a lot of value and helped plenty of newbies. Gotta celebrate that 10k. What should I do? AMA, giveaway, free audit? Comment if u have ideas

If you can’t afford premium risk management, do this 👇 - Hire a finance brain for your tech team - Add real-time monitoring for assets & exposure - Plan for black swans (depegs, contagion, liquidity crunches, etc.) Building in DeFi without modeling risk = gambling.

Auditing feels impossible at first. Here’s what progress actually looks like: 0–100h -> lost most of the time 200–300h -> start spotting patterns 500–700h -> can handle big codebases 1000h+ -> it clicks, bugs stand out instantly The skill compounds over time. Keep going🙏

Beginner-friendly, short breakdown of Hyperliquid: 1. What it is 2. How it works 3. What makes it stand out 4. Risks to watch Includes a simple overview of its Layer-1 design, HyperBFT consensus, on-chain order book, and main risks to watch for anyone exploring the ecosystem.

We only work with teams who are serious about their security. If your mindset is: - “We forked a project that’s already audited.” - “Our devs know security, we’re good.” - “We just need the audit stamp.” Then you should probably work with someone else.

When a potential client says: “We don’t need an external audit, our devs are super experienced and we’ll just do an internal one.”

Holy fuck. I was going through some Sherlock contests and found this: - 819 submissions - 735 invalid - Sherlock only accepts Medium+ severity - There were just 4 valid Mediums, 0 Highs, 0 Criticals. That’s 90% invalid. What’s happening, AI-generated submissions or what?