InfyniSec

86 posts

InfyniSec banner
InfyniSec

InfyniSec

@InfyniSec

Safeguarding onchain assets by keeping your favourite protocol off https://t.co/RvbEHuUoMc

Offchain-Onchain sequence mode Katılım Temmuz 2025
45 Takip Edilen38 Takipçiler
InfyniSec retweetledi
Blockchain Developer Festival 2026 ✨
Gm gm.. web3 Engineers, devs, Time is closing up, just a few weeks to go Blockchain Devfest Kampala 2026, 5 th, come discover what has been transpiring over the last editions.. Visit: devfestkampala.com to register, apply to speak..
Blockchain Developer Festival 2026 ✨ tweet media
Kampala, Uganda 🇺🇬 English
0
5
19
346
InfyniSec
InfyniSec@InfyniSec·
AI makes the attack surface wider. The same AI makes the safety mechanisms much easier. Choose the latter now with infynisec.xyz
English
0
0
0
8
Dacian
Dacian@DevDacian·
Do you want this ?
Dacian tweet media
English
6
1
40
2K
InfyniSec
InfyniSec@InfyniSec·
🔥 Mythos might be launching today 🔥 We recommend revoking every approval across every wallet you own. That old wallet, the newest QR scan and every previously done sign request on an old connection or website. You wanna review that now. Better safe than sorry.
English
0
0
0
31
InfyniSec retweetledi
pashov
pashov@pashov·
Every day we see new people finding bug bounty vulnerabilities on web3 security platforms like Immunefi and HackenProof of $10k, $50k or more Web3 security really going through huge changes & great things are happening, the whitehats are becoming stronger than ever, beautiful🔥
English
14
10
226
7.7K
InfyniSec retweetledi
Logos
Logos@Logos_network·
What are activists up to in Logos Circles? Circles are grassroots meetups in cities worldwide, solving real issues at the intersection of activism + tech. They don’t wait for permission; they see a problem and act. Here are highlights from Circles initiatives last month ↓
Logos tweet media
English
5
7
54
1.8K
InfyniSec retweetledi
pashov
pashov@pashov·
🤯CODE4RENA SUNSETTING. THE END OF AN ERA Thank you for everything, code4rena, forever in our hearts <3
pashov tweet media
English
39
52
562
43.4K
InfyniSec retweetledi
Blockchain Developer Festival 2026 ✨
Africa has massive talent. Nigeria leads Solana devs globally in some metrics, and hubs in Kenya, South Africa, Uganda & beyond are rising. But myths hold many back. Here's the truth. 🧵 Myth 1: "Blockchain = Crypto speculation & scams. It's not for real developers." (Beginner)
English
2
9
18
592
InfyniSec retweetledi
CertiK
CertiK@CertiK·
Ethereum security is a public good. The people protecting the ecosystem — researchers, auditors, and builders — play a critical role in its long-term resilience. 🧵
Giveth@Giveth

BIG NEWS! @CertiK, the largest security firm in Web3, is contributing $50,000 to the Ethereum Security QF round. 🔥 Their contribution will be distributed through TIK - the CertiK Giveth QF Security Donation Token, giving each of @thedaofund Top 200 ETHSecurity badgeholders $250 to allocate across projects in the round. Huge thanks to @CertiK for supporting Ethereum security in such a meaningful way. Explore the round 👇 qf.giveth.io/qf/ethereum-se…

English
7
14
86
57.1K
InfyniSec retweetledi
Arsen
Arsen@arsen_bt·
4 steps to find bugs faster. Eliminate ideas. The typical audit flow is: • Understand the code • List observations • List suspicious parts Then, come up with all possible ideas based on it. Research every ideas deep. Ensure that idea is a dead end
English
0
3
32
1.1K
InfyniSec
InfyniSec@InfyniSec·
Hyperbridge rekt The Hyperbridge attack, which occurred on April 13, 2026, was a major security breach involving a cross-chain interoperability protocol built on Polkadot. While initial estimates placed the loss at roughly $237,000, subsequent forensic analysis revealed the actual damage was approximately $2.5 million across multiple chains. The incident is particularly notable because Hyperbridge marketed itself as a high-security, proof-based bridge designed to avoid the “multisig” vulnerabilities that led to previous historic hacks. ## The Technical Vulnerability The root cause was a flaw in the cryptographic verification logic within the protocol’s HandlerV1 smart contract. Forged Merkle Proofs: The VerifyProof() function failed to perform essential input validation (specifically checking if the leaf_index was less than the leafCount). The “Proof Replay”: This oversight allowed an attacker to submit a forged ISMP (Interoperable State Machine Protocol) message. By recycling data from previous legitimate transactions, they tricked the protocol into accepting a malicious state change without a valid cryptographic link to the source chain. Disabled Safety Nets: A built-in “challenge period” (designed to give “fisherman” nodes time to dispute forged state commitments) was set to zero on the Ethereum host, allowing the attack to execute instantly. ## How the Attack Unfolded The exploit was executed in two distinct phases: Phase 1: Liquidity Extraction (The “Quiet” Phase) The attacker first extracted nearly 245 ETH from incentive pools on Ethereum, Base, BNB Chain, and Arbitrum. This part of the attack went largely unnoticed for the first hour. Phase 2: Administrative Takeover & Minting Using the forged proof, the attacker triggered a ChangeAssetAdmin action. This granted them administrator and minter privileges over the bridged DOT token contract on Ethereum. The Mint: The attacker minted 1,000,000,000 (1 billion) DOT tokens out of thin air. The Dump: They immediately swapped these tokens through decentralized exchanges (DEXs). Because the supply was 2,800 times the legitimate circulation, the price of bridged DOT on Ethereum collapsed to nearly zero. ## Impact and Recovery Total Loss: Revised to $2.5 million, including the stolen ETH and the drained liquidity pools. Scope: The attack was limited to Hyperbridge’s gateway. Native DOT on Polkadot and other bridge protocols (like Snowbridge) remained completely secure. Current Status: Hyperbridge operations for the Token Gateway remain suspended. The team has committed to a recovery plan using native BRIDGE tokens to reimburse affected users if stolen funds (some of which were traced to Binance) cannot be recovered.
English
0
0
0
64
InfyniSec
InfyniSec@InfyniSec·
@RaveDAO , how come someone who submitted their address on plvr in the January airdrop can't see any of their tokens/points that were promised? For extra context: its a @coinbase wallet and its secure.
English
12
1
2
79
InfyniSec retweetledi
Shieldify Security
Shieldify Security@ShieldifySec·
| ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄ ̄| Ai will NOT protect your smart contracts |____________| \ (•◡•) / \ / —— | | |_ |_
English
3
12
77
3K
chrisdior
chrisdior@chrisdior777·
Web3 Security Nostalgia (2022):
chrisdior tweet media
English
6
1
90
2.3K
pashov
pashov@pashov·
Say the name of a web3 security company and I will say 1 good and 1 bad thing about it
English
83
5
148
24.1K