If I had $1.5B sitting in a single wallet, I would have at least 20 experts fly out and verify the transaction data in person for a couple of days before signing anything, each time. Crazy.

After observing the 1.5 Billion ByBit hack yesterday. Myself and sammy decided to dive deeper into all the bug bounties on top 10 centralized exchanges. What I've found is SHOCKING and Scary. Let's go through each one in the thread and callout the terrible and good

No amount of bug bounty could have prevented ByBit from getting rekt. However, there’s a strong correlation between these numbers and the overall attitude towards funds safety. Considering the amount of money that is usually on the line, the amount being invested in keeping it

It’s been an year since I stepped into the arena. Since then I’ve, 1. Placed top 2 in multiple contests 2. Joined Blackthorn as a founding member 3. Made 6 figures from Web3 One thing I love the most about this space is that no matter who you are or where you come from,

While tackling a massive or complex codebase, it helps to be a little delusional—to force yourself to believe that you will eventually understand every single line of code if you spend enough time on it. This mindset is especially useful when auditing a large codebase for the

💯

👁️

A lot of researchers still don’t incorporate AI into their workflow, but it’s a game-changer. Over the past few months, i’ve sped up my auditing process significantly by leveraging AI, going from spending hours on writing a single bug report or PoC to wrapping them up in just

real

already 90+ security researchers confirmed for today’s event. hop into the Discord and set a reminder to catch sammy in the chat.

Starting in approximately 45 minutes. Do not miss out!

How to use AI (specifically LLMs) in your web3 security workflow. Yesterday I atended a discord livestream hosted by Remedy interviewing sammy Here is what I learned: 🧵

Veteran SRs absolutely crushed this one👏 This contest introduced me to Cosmos SDK and the learnings from it helped me find some valuable issues in a recent private engagement with CosmWasm Happy to help secure Story 🫡

Thanks to everyone who joined our latest Discord event where sammy showed how LLMs can be used in audits. For the researchers who missed it, here’s the recording: youtube.com/watch?v=E0_TK6…

Finally touched grass🙏

By far the most common set of bugs I've come across while reviewing new blockchain projects over the past 6-7 months are random panics in the VM part. These can be out of bounds memory access in Go, unwraps, expects without error handling in Rust. Extremely easy to spot, yet so

Controversial productivity tip Don’t use AI during the first few days of the review Get a good understanding of the codebase first and then try using it

So deep in blockchain clients at the moment that I looked at a smart contract and my head started hurting