Very proud of the execution by the Rumpel Labs team on this!

Yesterday, Spectral Finance suffered a sophisticated hack resulting in ~$250k lost. Attackers manipulated an unintended infinite approval in the code to drain funds. Here's how it happened. 1/8

Eventually “Why didn’t you adopt Safe Harbor?” will carry the same weight as “Why didn’t you get an external audit?” when interrogating a project’s security posture.

⚠️ Reminder that if you ever stored your private keys or seed phrases in LastPass prior to 2023, your funds might be at risk. We've seen 15+ cases of potential LastPass-related hacks TODAY Move your assets before hackers move them for you. For more information, keep reading🧵

Number go up (the number is security competition rewards).

Had an out-of-date source for the quoted tweet, here's the actual current list (still gonna be reading EIPs, just not quite as many).

Just realized DOGE is basically gas optimizing the US government and I am little jealous ngl. Sounds fun.

If you're looking for examples of projects that are doing security correctly in terms of prioritization and process, add Napier to your list. (Source: it was one of the hardest codebases to find bugs in I've seen to-date.)

I like to think of DeFi development as a genetic search algorithm to find the ideal mathematical primitives for a trustless financial system, under the constraints of the underlying substrate (usually EVM blockchains). Auditing Uni v4 felt like observing a new step in that

Why am I always fully booked when stuff like this drops.

Huge and exciting milestone for formal verification tech!

There’s a lot of noise on the upcoming Pectra upgrade next month regarding batching/EOF, but besides that if you need to remember one thing (specially for your NFT launches) it’s that the beloved modifier **onlyEOA** is broken. Let’s explore 👇 (1/9)

PSA: a well-known "Blockchain Security Engineer" (@0xNickLFranklin) has turned out to be a DPRK operator...I notice a few of my own followers/mutuals follow him. Don't feel bad, he tricked everyone, just don't trust anything he sends you (at a minimum).

If you have smart contracts that control value, you should have a bug bounty. Great to see Coinbase setting an example here with a juicy Cantina bounty.

There’s nothing quite like napping in a hyperbaric chamber to make you feel like a new person.