devs that forks these protocols should read this post. Inherited vulnerability is real.

AI: 'You're absolutely right!' Dev: 🥶

People who refuse to use AI to code, should also not use IDE. They are both tools to help you work faster. Period.

The HOUSE Always Wins: They sold you 'neutral exchanges' where users bet against each other. Then they quietly hired market makers to trade against you. Prediction markets - same game, different century.

A bit negative though on the use of AI and Security. $3.1B lost to smart contract hacks in 6 months. Still, people deploy code from AI without a second look. The code works. That's not the issue. Never want to kill the vibe. Just saying the numbers are rough.

Depending on 1. how much you love what you are doing 2. how well you manage your time. 3. how different people define 'balance' differently

it's just a different language. We used to work with C/C++/Python/Rust..., and now we can start using human language (e.g., English). Why hating it, then. Evolution taking place, catch up

This is wild. What are the alternatives then?

2025 recap — building Cybring. - Launched cybring.xyz - Audited 30+ Web3 projects - Largest engagement: ~57k LoC - Focus: Rust (Solana) & Solidity (EVM) - Spoke on a panel at Conviction 2025 - Started building in public and growing on X Quiet year. Heavy

Trust Wallet just lost users $6M+ in 48 hours. A supply-chain hack that 99% of crypto holders ... probably don't understand. What happened and how to protect your assets: Malicious code slipped into browser extension v2.68, hidden in fake analytics scripts (sending seed phrases

working hypothesis (not concluded) should not be thrown like this. This is not how responsibility is handled. If the hypothesis is true, question is: who own that API key. Anyhow, this is bold statement from top level.

must read. AI is a tool, and tools help us work more efficiently.

The topic of trading bots (with AI) is getting attention (again). You know that bots scraping crypto news headlines and executing trades off them in seconds. Problem? Most of those "news" articles are just paid press releases. No journalist. No editor. No fact-checking. An

I've been thinking a lot about the "AI replacing auditors" narrative. Indeed, AI will replace a lot of smart-contract auditing work, but mostly the bottom layer. LLMs are clearly strong at: reentrancy, access control, ERC misuse, upgrade diffs, config bugs. However, from my

Audits check if the code is correct today. Not who can change it tomorrow. Beanstalk: attacker flash-loaned voting power, passed a proposal, drained $182M. Tornado Cash: malicious proposal passed, protocol control seized. No code exploited. Just authority, exercised. Found the

AI-built DeFi is shipping fast. Pattern I keep seeing when I audit on-chain/off-chain projects: Code works. Control layer doesn't. - Missing access control - Upgradeable = 1 tx takeover - Safety checks silently removed Not new bugs. Just replicated at scale. AI writes code,

Again, not contract issue but simply key security, a well-known issue in web2.

The Drift (largest Solana DEX) exploit (200M+) wasn't a code failure. It was a control failure. One compromised key. One transaction. ~15 seconds. $200M+ gone. No multisig. No timelock. No delay. Effective delay: 0. Audits check if the code is correct. The harder question is

If Web3 wants to go mainstream, regulation isn't optional. Not "slow innovation" regulation but enforceable accountability. Users expect basics: clear responsibility, limits on claims, consequences for misrepresentation. Today, those are inconsistent. Failures get labeled

another showcase for “admin is human, does not always make the correct decision”