CORE3

CORE3 methodology is probably the nerdiest in Web3, because $SKY scored “better” than $ETH on the probability of loss. Here's how 1 metric changes every subcategory score 👇 Comparison and explanation in thread 🧵

What's coming next? - In a week or two we expect to update the platform with new risk data for all ~1600 projects - We'll start working on risk insights right away - We hope to prevent at least one exploit by the end of Q2 2026 - API development in progress for aggregators TY!

@Giveth round concluded. ~$3300 is the total vote with your wallets (before matching). You donated to the Web3 industry that: 1. knows its risks 2. prices projects based on their risk exposure 3. don't ape into projects that are likely to collapse Thank you!

You're 80% of the way to a full risk framework we do. The two angles we'd add: Reputational: past incident response, wash trading, GitHub liveness, and founder track record. Cheap to fake individually, hard to fake across all of them at once. Dependency depth (beyond your #4): oracle redundancy, RPC privilege creep, CI/CD deploy lag on security fixes, bridge key custody. The most expensive DeFi attacks have all been dependency attacks. For "who covers what": fragmented. DeFiScan = admin. Chaos / Gauntlet = parameters for specific protocols. L2Beat = decentralization. Audits = code. We (core3.io) kinda integrate all the signals into one score. Nobody else does this Take a look at the probability of loss, a single comparable index across security, financial, operational, reputational, compliance, and dependencies built with over 85 parameters

DeFi big brains, need your opinions and knowledge: t.me/lobsters_chat/…

@taiyoo Forgo this one for prime $$$ vibes

List of all the apps you need to make money with crypto in 2026

The Ethereum Security QF round is officially closed! Huge thank you to every donor, project, badgeholder, contributor, and community member who showed up to support Ethereum security over the past weeks. More soon 💜

@kapsho_eth "trust me bro this one is special" "we're audited" (it expired 3 years ago) "Security was checked by AI and prompt [make no mistakes]"

list of phrases you need to know to survive in crypto: - we are postponing tge - investigation - engagement groups - f4f - gm/gn - prompt in the comment section - $POLY - not eligible - community first - current market conditions are unfavorable - listing soon - let's build together - hi we are looking for creators and we are ready to pay $2 per post - i've vibecoded an app did i miss something?

@Riowgmi Wait until we, as an industry, discover project/token utility and product market fit

crypto will mature the day people stop treating tokens like lottery tickets and start treating them like actual project token

@grapeprotocol Lots of hacks could be prevented, appreciate the post Industry must raise a bar of security with a shared risk standard Because hacks become too expensive

Hacks in crypto have become one of the most complex and recurring issues in the industry. Just last month alone, over $600 million was lost to different exploits. Many of these incidents could have been prevented with basic precautions. Simple measures like dedicated devices for treasury control, multisig wallets, and stronger social engineering defenses are often ignored. These oversights make it harder to convince everyday users that crypto is the future when headlines are filled with breaches and losses. The reality is clear hacks are ruining the DeFi experience. They erode trust, discourage adoption, and reinforce the perception that crypto is unsafe. For newcomers, this is especially damaging. Instead of treating hacks as “part of the game,” the industry should invest serious time and resources into security infrastructure. Protecting treasuries, educating teams, and enforcing best practices must become non‑negotiable. Crypto can only achieve mainstream adoption if users both seasoned and new feel confident that their assets are secure. Normalizing hacks undermines everything the space is trying to build.

@0xrahul You will be quite shocked by the capabilities of the security tools we already have Despite this, many companies have them configured wrong The problem is you can't measure which company has what. Most of Web3 projects have a fraction of the protection

we haven’t had a single day this month without an exploit just as retail users and institutions started coming onchain, the attacks started going up in numbers these aren’t small hacks either. the numbers are always in millions we need better security tools!!

@RektHQ @cyfrin @sigp_io @Grego_AI @officer_secret @humntech 🤝

Following up on our team initiative, Rekt News team members ended up supporting 14 different projects across the Ethereum Security QF Round. Some of the most selected by our team: @tanuki_42, @Cyfrin, @sigp_io, @Grego_AI, @Core3io, @officer_secret, and @humntech. Investigations, education, threat intel, opsec, open-source tooling. The unglamorous work that keeps this ecosystem safer. @thedaofund @Giveth

thorchain:native pre-incident risk posture: Moderate risk Probability of loss: 47/99 Fetching data on missing risk management parameters 🥸

@HHorsley mixed vibes in question: despite regulation/adoption any founder can raise $300M liqudity and get it hacked/extracted to North Korea twice before any liability Plus a casino meta that onboarded more gamblers than DeFi summer ever did

crypto is no longer one industry — it's at least 4: 1. stablecoins + payments 2. Bitcoin, crypto asset class 3. tokenization + onchain financial services (defi) 4. blockchain infrastructure they are of course inter-related. but increasingly divergent in context which is part of the mixed vibe right now

@sayinshallah There’s zero reason to build in crypto cause gamblers encouraged a culture when hype > product we distinguished projects that buidl with risk management they use, where dumb products are more exposed to hacks looks like this, hope it might help find those who buidl

I think the beauty of crypto was being able to invest in projects early but over the past few years everything is just memecoins and a scam There’s zero reason to build in crypto

@sjdedic Sorry, but so much wrong about this. crypto was never about fair play: airdrop → fake users → VC funding → inflated FDV → team + VC dump at TGE → protocol exploited a year later Killing airdrops fixes step 1. Steps 2-5 still work if market won't set a bar to end it

The best thing happening in crypto right now that nobody talks about: Airdrops are dying. The fact that we spent years paying people to pretend to be users and then wondered why every token dumped -90% after TGE will be one of those ridiculous things where people look back in hindsight shaking their heads. Now projects are finally forced to stop optimizing for their token and actually focus on building a product that people want. This gives us real users, real demand, real retention. Even if some metrics on paper might not look as exciting as they did a few years ago based on fake data, this is probably the most bullish shift this industry has made in years, because it’s real. And the best part: we’re finally getting rid of all the pseudo builders and fake users who were only here to extract as much as they could. That alone should create a positive feedback loop that lifts the entire industry long-term. The industry is healing, even if it just doesn’t look like it on a chart yet.

@0xNairolf No security or risk infra....

current narrative watchlist: - privacy - stocks perps - consumer apps you only really need exposure to those three

@Glenn6 Polymarket proved that we're now a betting house. Buidl gambling atop defi and you'll probably be fine

polymarket proved one thing no one cares what blockchain you're built on just make a great product

@tundra_greentea @mywebacy @bluechip_org @l2beat @HackenProof @defiscan_info When the industry bleeds like this, security definitely does not work as intended Appreciate the post 🫂

Backing six projects in this Security QF Round. Don't always post about this, but glad to see this mechanic applied to risk & security. People usually only recall us when they are in trouble.. right when it's too late, in other words. Despite that, it's motivating to see people analysing, propagating, warning proactively, and not reactively. Also OSing their methodology, their know-how, their brainchilds, which is worth another praise. @kaereste @sekubalias @l2beat @buda_kyiv @Core3io @HackenProof @d0rsky @DmytroMatviiv @defiscan_info @TokenBrice @marcxvlad @maikaisogawa @mywebacy @bluechip_org @levitben @GarettJones @AmeyOnX Keep it up, for web3 anons and institutional buyers alike.

@ShieldifySec @HackenProof 👀

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣| Need more bug bounty and contest platforms |＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

@0xJonnyDee probably when projects started spending on marketing more than on development

When did crypto go from verify everything to believe everything posted on here?

@pebloescobarSEI We know the risks

If you had $1,000 and had to go all in on one of these coins, which would you choose? 1. $HYPE 2. $TON 3. $SEI 4. $ETH Which one are you picking?