Sorry, how is this a "standard" if it isn't accessible to anyone else? Publish the framework or call this what it is, a closed-source marketing gimmick.

Sad to see an organization that I know takes security very seriously getting hacked like this. I guess the takeaway from this is that hacks are not necessarily an if but a when, and preventative measures like on-chain firewalls should be a requirement for preparing for that day.

Roman Storm's trial starts in 5 days. Just like my lawsuit against the OFAC sanctions, Roman is fighting for our fundamental right to financial privacy. Unlike me, however, he is also fighting for his life. I wish him all the best and hope he emerges as a free man 💜

Wow, this is so wild and really demonstrates the importance of redundant data sources and invariant monitoring. Pretty spooky stuff to learn that a core piece of infra is vulnerable like this.

Good message. The unfortunate truth is that attackers very rarely return the money once they have stolen it. You have to hope it was just a dumb kid who is now scared and not DPRK agents who will never give a shit. Great to see GMX's huge bug bounty budget, though. What chads 💪

Another wild twist. Cross-contract reentrancy! Does anyone remember that Vyper bug that allowed cross-function reentrancy when using the built-in guard? Auditors should always verify the mutex scope when you see the 'nonReentrant' modifier, it can be deceptive 🧙‍♂️

Cooking up the design for our new Blogs page on Web3SecNews with navdeep.xyz that too contributor-friendly, so anyone can write, publish under their name, and help others stay sharp on the latest in web3 security and OpSec. DM if you’d like to collab and write articles!!! PS:

Hacks aren't just from vulnerable code. They happen because people use personal laptops for work, because a new dev hire was infected by malware, or because multi-sig ops were not perfect. We decided it was time to fix this, so we built Sentry, a platform that secures your OpSec

Ethereum core developer prestonvanloon.eth took the stand to testify in the defense of Roman Storm 🇺🇸 🌪️ This is why I love Ethereum - ETH is being built with a vicious commitment to values and freedom. Rainbows and unicorns in the front, but claws and teeth in the back.

⏳ Final push next week. Our lawyers and experts are working around the clock — we’ve forgotten what normal sleep feels like. Every hour counts, and so do the costs. If you believe in fairness, open-source, and freedom, please help us finish strong. 🙏 👉

Tomorrow, 12 jurors will decide whether writing open source code is a crime. This case is about Roman's future and it is also about whether developers can be held criminally liable for immutable smart contracts they can't control. The precedent here is terrifying. If Roman is

Jacob Creech Really wish to see static analysis growing with anchor as well We made radar not just understand rust but specifically Anchor ⚓ github.com/Auditware/radar Hardest part is community template contribution, we tried to make it as simple as possible but still hard to hype

Thrilled to be awarded an Ecosystem Support Program EF Ecosystem Support Program grant for Digibastion.com We're developing a public good security platform that offers a centralized hub for real-time security tools, actionable checklists for personal privacy and protection, threat

I can't believe this outcome. Everyone in crypto knows how wrong this is. A sad day for the American people. 💔

Same thing has happened to me once with a malicious npm package. This is exactly why I have a separate device for touching wallets. In my case, Little Snitch blocked the secondary payload and I safely wiped the laptop. This WILL happen to everyone eventually. Be prepared.

SECURITY THREAD: Your .env file WILL get you drained (here's how to not be next) 🧵 👇 Private keys in .env files will get you rekt. It's not if, but when. You're one extension away from $0. The time between my PK leak to drain: 27 minutes.