ControlZ

Just reached rank 30 on @immunefi all-time! This also marks the halfway point on the road to $1 Million! ▓▓▓▓▓░░░░░ $527k / $1M

Popular Chrome Extensions Caught Stealing AI Chats - Two malicious Chrome extensions were caught exfiltrating browser data and users’ conversations with ChatGPT and DeepSeek - securityweek.com/chrome-extensi…

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2

Security researcher ily2 has just earned a staggering $3,000,000 from submitting a critical smart contract bug via Immunefi. That's the largest single payout in web3 security in recent memory. In total, he's submitted 3 reports. All 3 were paid. 100% accuracy. His leaderboard update is coming soon, but you can pledge IMU to him now and earn when he finds the next one: immunefi.com/pledge/ily2

The @_blockian team just received a 30,000 IMU pledge after winning a $40,000 bounty. More wins, more IMU pledged, more security.

The dynamic duo @_blockian is at it again. They just found a blockchain/dlt crit, earning them $40,000. Their AI tool clearly works. 2026 is going to be a race: who can build the best AI tool and prove it by posting wins on the Immunefi leaderboard? In the meantime, you can earn IMU rewards whenever Blockian finds a bug by pledging IMU here: immunefi.com/pledge/Blockia…

We're thrilled to finally reveal: oct0pwn is Octane 10% of the year has passed and we're still at the top of the 2026 @immunefi leaderboard. And #4 in the last 90 days behind three truly elite auditors. Is this the first time an AI has held top spot?

⚠️ Message to who executed the GYD bridge security incident To 0x7DD4075A6eAe9f18309F112364f0394C2DfA8102: This is Gyroscope governance. We propose a resolution to the GYD smart contract incident. You can return 200 ETH that you hold from this incident. Gyroscope is then in a position to consider the remaining over 100 ETH as a fixed whitehat settlement credit. This generous of a settlement is possible because it gives the protocol a chance of making users whole by canceling GYD’s system surplus. If you take this offer, Gyroscope will cease investigations and consider you as a whitehat who performed an emergency recovery of funds and made users whole. It’s a win for all. You will be taking a big everlasting risk if you take all of the funds, which isn’t even that much in total. With this offer, for the same order of magnitude of reward, your risk would be reduced massively and users would be made whole. If the funds are not returned, Gyroscope will alternatively offer the same deal to the public for anyone for information that leads to prosecution and full recovery of funds. Security researchers have already found significant leads that could aid in this direction. We believe it doesn’t have to go that way though, and we believe you can be a whitehat. To accept this settlement, return 200 ETH to the Gyroscope GovernanceManager contract 0x78EcF97572c3890eD02221A611014F30219f6219 on Ethereum by 18:30 UTC on February 5th. If you would prefer to communicate in private, you can contact security@gyro.finance.

I've created a site to share some ideas. My first post is about being a professional whitehat, and how I evaluate potential rewards to decide where to hunt. whitehatmage.github.io/posts/bug-hunt…

Just a few days ago, the legends behind @_blockian found a max critical that earned them $250,000. Merry Christmas!