The fastest way to get from junior to senior web3 security researcher is to build out your portfolio however, there's a huge difference between 100 audits of no-name AI agents, NFT marketplaces, uniV2 forks, etc. and, stacking team audits for tier-1 projects and scoring well

biggest cheat code in life is making swift decisions frees up so my time to do actual stuff

there's a very good litmus test to know if malware has infected your machine > store private keys from a test wallet with $50 in a plain text file on your machine as bait > set up a trigger to notify you if a transfer occurs from that wallet boom, if your money is gone, you've

We're starting another security review for our friends at Centrifuge today. This time with an extended team!

"you found how many critical bugs today?"

AI is a synonym for sloppy, bad quality code, while causing nerve-wrecking paranoia for some about taking our jobs it’s such a paradox

Crosschain messaging protocol integrations we have reviewed so far with BurraSec: - LayerZero - Axelar Network - Across - Wormhole - Relay - Garden 🌸 Many more to come, keep an eye on our auditing portfolio page github.com/burrasec/Secur…

web3 security Twitter lately: > Company A, B, C: Our AI tool outperforms all the bad security companies on the market > Pashov shows up at ETH Bulgaria in a Lamborghini > Certora onboarded the nation of Bulgaria to do audits for them crazy time to be alive

Does anyone know a tool to alert when the USDC balance changes on multiple addresses on multiple networks? trying out Tenderly, but it seems you have to configure per address / per chain

It's no secret that certain audit groups prefer competitive while others prefer collaborative private audits. Each model has its downsides, and if the client has a fat budget, then perhaps the best of both worlds is something like Guardians competing teams. Take 4 auditors

Podcast episode with the legendary pablito.eth 🦇🔊 ♢ drops in a few days He shares a lot of 🌶️hot takes I've become 10x more paranoid after our conversation

It's busy season with BurraSec We're starting a 4-day audit of Gnosis Safe modules with a team of 2 senior researchers + 3 interns/juniors We're seeing great results with having more eyes on the codebase, even if it's junior SRs

AI written code is a god given gift for profit maximizing web3 security firms AI spits out 5x code more than a decent engineer would, while being 2-3x less complex

Remember folks, always get a manual security review

look at this chart boys Gold went from $2k -> $4k in 2 years you know what this means if you've been stacking cash in your bank account or crypto wallet, you lost half of it due to inflation whenever you think you should have grinded more it's actually that you should have

OMG so much drama and ego on CT again

Cookbook on how to get more clients for your web3 security biz > post something outrageous on CT > convince a bunch of people to quote your original tweet like sheep with 0 understanding of the subject matter > here kicks in your competition and angry researchers who will

i'd love to be a part of dev meetings where teams decide that paying for $50k+ audits after vibecoding their protocols is the best way forward