If you expect your protocol to hold 7, 8, 9, 10 figure amount of USD, you MUST get multiple audits done Also, doing an audit of a live protocol can dig up findings that would have costed you so much more otherwise. Continuous auditing will become the norm🫡

Blockchain technology cannot rectify compromised private keys, and projects cannot recover drained user funds.

It's incredibly impressive how Vercel has managed to become the defacto platform for deploying frontend sites over the last couple years. At this point I'm surprised if a startup doesn't use Vercel. Really shows that convenience and simplicity are top of mind for developers.

1/ So I began tracing the $230M+ WazirX hack back from the original exploiter address and was able to make some interesting observations.

🚨 Many thanks to Secure0x for identifying a potential vulnerability in one of our previous projects. Their detailed report helped us identify the issue and resolve it quickly. We appreciate their support and look forward to future collaborations! #SecurityCheck #secured

Thanks to Secure0x for helping to identify a critical vulnerability in the platform. Their well-detailed report helped us act swiftly, and implement necessary fixes. More information on our bug bounty program can be found on our GitHub. 🔐

what would be an appropriate bounty for reporting a critical bug draining 12,000 ETH

black hats said: “Exploit, don’t report” but here’s the game: if a project holds value and funds, you guide them right or watch it burn. Chasing self-profit over the project and its users. that’s how ecosystems die. Trust is the ultimate exploit.

1/ 💥💸Crypto losses in 2024 hit $1.49B—a 17% drop from 2023’s $1.8B. While this decline is encouraging, threats persist. Let’s break down the numbers and uncover key trends that shaped the year ⬇️

tier 1 audit firms miss bugs make sure you get a security review post audit if your project gets rekt it usually stays rekt preventative measures are always worth it

Thank you Scroll and mssassi for recognizing the value of white hat research. Despite the uniqueness of the issue, the team responded swiftly, appreciated the report, and handled the disclosure process with professionalism. Solid response from a solid team.

1 CRITICAL and #1 Remedy

Secure0xd Projects: It took years of contributing (: The `IMPACT` factors are based on the overall report's impact, not just isolated bug severity. Really! Awesome projects!! secure0x.com/#reports

Yes, this is how we monitor projects w bug bounty programs. Secure0x, always reporting the unexpected first ;-;

🎉 The $20,000 Invite Only Program with Zano has officially wrapped! All rewards have been distributed to the participating security researchers. 🏆 Winners: 1️⃣ Kunal – $7,194 2️⃣ Secure0x – $3,971 3️⃣ Corben Leo – $2,835 👏 Big congrats to all the winners! 🔗

Shout out to community members such as Secure0x that work hard to keep web3 safe. Together, we protect and fuel the future of DeSci!

If you’re running a BBP Someone reports to you a bug that puts your entire TVL at immediate risk And your number one concern is “how can I pay less for the bounty? 0.05% of funds at risk is too much!” Why do you have a BBP? Why are you even in web3 actually?