Secure0x

If a web3 project has a revenue model but can’t fund basic security, do they even care about users funds at all?

Thanks to @Secure0x for flagging a misconfiguration on an old, unused legacy subdomain from the pre-rebrand Idle era. No active Pareto infrastructure or production user flow was affected, but we appreciate the responsible disclosure and have taken care of it.

Secure0x. Same team. Still hunting. Last year’s vulnerabilities didn’t stop us. Neither will this year’s. Projects we touched stayed off the breach headlines. That’s the only metric.

@lonelysloth_sec majority them don’t know how to handle situations… panic rules highlight

If you’re running a BBP Someone reports to you a bug that puts your entire TVL at immediate risk And your number one concern is “how can I pay less for the bounty? 0.05% of funds at risk is too much!” Why do you have a BBP? Why are you even in web3 actually?

Shout out to community members such as @Secure0x that work hard to keep web3 safe. Together, we protect and fuel the future of DeSci!

@sandypeng bounty + $33k extra from pockets 🌛👍

Not financial advice but I found an infinite money glitch. A few steps and you'll never need to pay rent again. Here is how:

🎉 The $20,000 Invite Only Program with @zano_project has officially wrapped! All rewards have been distributed to the participating security researchers. 🏆 Winners: 1️⃣ @0xiamkunal9 – $7,194 2️⃣ @Secure0x – $3,971 3️⃣ @hacker_ – $2,835 👏 Big congrats to all the winners! 🔗 Leaderboard: immunefi.com/audit-competit…

Yes, this is how we monitor projects w bug bounty programs. Secure0x, always reporting the unexpected first ;-;

Secure0xd Projects: It took years of contributing (: The `IMPACT` factors are based on the overall report's impact, not just isolated bug severity. Really! Awesome projects!! #reports" target="_blank" rel="nofollow noopener">secure0x.com/#reports

1 CRITICAL and #1 @xyz_remedy

Users aren’t test subjects. Fund security or don’t build.

If a web3 project has a revenue model but can’t fund basic security, do they even care about users funds at all?

Thank you @Scroll_ZKP and @mss4ssi for recognizing the value of white hat research. Despite the uniqueness of the issue, the team responded swiftly, appreciated the report, and handled the disclosure process with professionalism. Solid response from a solid team.

@pashov you earned it ser 🫡

Nowadays, almost nobody signs contracts with me for anything. People send me 6 figures pre-payments. My word is sufficient and they know it. My reputation is flawless and it will remain this way.

tier 1 audit firms miss bugs make sure you get a security review post audit if your project gets rekt it usually stays rekt preventative measures are always worth it

@pashov That’s awesome, seriously cool to see you putting so much back into security. With the top web3 players on board, doubling in 2025 feels totally doable. Keep crushing it and making web3 safer!

In 2024 my web3 security company has paid ~$1.5M to the great auditors we work with. Feels great to say this. Looking to double this in 2025. The biggest DeFi and crypto players now trust us, I expect much more work coming. Doing our best, every day🫡

1/ 💥💸Crypto losses in 2024 hit $1.49B—a 17% drop from 2023’s $1.8B. While this decline is encouraging, threats persist. Let’s break down the numbers and uncover key trends that shaped the year ⬇️

black hats said: “Exploit, don’t report” but here’s the game: if a project holds value and funds, you guide them right or watch it burn. Chasing self-profit over the project and its users. that’s how ecosystems die. Trust is the ultimate exploit.

what would be an appropriate bounty for reporting a critical bug draining 12,000 ETH