MetaTrust Labs

#FindVulnerability It is amazing that @QuickNode wrote a collection of step-by-step guides to help developers build their own application. But, could you find bugs in the following `SwapLimiterHook` contract that use the Uniswap v4 hook to restrict the number of swaps a single address can perform within a certain time frame. Source: quicknode.com/guides/defi/de…

@KuanSun1990 Full analysis: metatrust.io/blogs/post/how… Credit: @DanielSlothx

4⃣ The hacker lost funds As noted earlier, the hacker uses his/her OWN 21 $BTC and 152k $XRP to carry out the hack. After liquidation, the hacker's own assets are also reduced to zero. Exploit TX: 0x4216f924ceec9f45ff7ffdfdad0cea71239603ce3c22056a9f09054581836286 Liquidation TX: 0xee9928b8d1a212f4d7b7e9dca97598394005a7b8fef56856e52351bc7921be43

#VenusRescuedFunds #HackerLostFunds The @VenusProtocol team rescued $13M, and the hacker lost $2.7M. How was that happened? 👇

#Grizzifi contract on #BNBChain was attacked with a loss of $61K. The hacker separated the attack into two steps, first creating news controlled wallets to amplify the `milestoneReward` through the `harvestHoney` function, then withdraw the `milestoneReward` with the `collectRefBonus`. Security report from #AgentLisa @AgentLISA_ai shows the root cause is that team milestones based on total investments (including withdrawn) instead of active investments. agentlisa.ai/scan/aecff939-… TX: bscscan.com/tx/0xdb5296b19…

Congratulations! #AgentLISA is a top-tier smart contract security tool, boasting precise detection of high/medium-risk vulnerabilities—proven by helping #Code4rena wardens secure bounties. It integrates seamlessly with #Claude, #VSCode, and #Cursor via #MCP, supports #GitHub repo scanning (public/private), and offers a user-friendly interface with private-by-default scans for data security. With ongoing updates (like upcoming #Rust support) and flexible credit options, #LISA streamlines audits, boosts productivity, and empowers #auditors, developers, and bug hunters to secure projects and earn rewards efficiently.

Security Alert: ResupplyFi Exploit 🚨 Attack Overview: on June 26, @ResupplyFi was exploited due to exchange rate manipulation attack, leading to a significant $9.3m loss. 🔍 Key Details: - Attackers manipulated inflated cvcrvUSD's price by the donation attack - Borrow huge amount of reUSD with tiny cvcrvUSD - The affected contract has been paused 💡 Takeaway: DeFi protocols must implement robust price oracle mechanisms to prevent manipulation. #ResupplyFi #DeFi #Stabkecoin #MetaTrust

🔐 Metatrust is proud to have completed the code #Audit for @catalyse_gg, a groundbreaking #AI platform transforming 3D creation! 🚀 Our team thoroughly reviewed their innovative codebase—ensuring security, scalability, and trust for creators worldwide. ✨ Why #Catalyse ? From game devs to artists, Catalyse empowers users to turn simple prompts into high-resolution 3D worlds in seconds. With AI-powered automation, blockchain integration, and seamless customization, they’re redefining creativity. 🤝 A smooth collaboration with a visionary team—grateful to support their mission of making immersive design faster, smarter, and accessible to all! #CodeAudit #AI #3DArt #GameDev #Web3 #Metatrust #Catalyse

🚨 Breaking: Cetus Protocol Hacked, $230M+ Exploited on Sui Chain On May 22, leading Sui-based DEX aggregator Cetus suffered a massive exploit, resulting in estimated losses exceeding $230M. Liquidity pools drained, token prices crashed, and the protocol was forced to pause all contracts for investigation. 🔍 Attack Details: Exploiter used a crafted overflow bypass in checked_shlw to trick the protocol into accepting 1 token for massive liquidity. Exploit began with a flash loan of ~10M haSUI, crashing pool prices by 99.9%. By exploiting a flaw in the way get_delta_a handled large values + bitwise shifts, the attacker added billions in "fake" liquidity, receiving real assets in return. Net profit: ~10M haSUI + ~5.7M SUI. 🛡️ Cetus has since halted smart contracts and launched a full investigation. This is one of the largest DeFi hacks in 2025 so far — a reminder that smart contract overflow bugs remain deadly in high-performance DEX environments. #Sui #Cetus #CryptoSecurity #Exploit #Web3Security #HackAlert

Bitcoin is going corporate—fast. What started as a bold bet by Saylor is now becoming a blueprint for modern corporate finance. Last week, Twenty One Capital acquired $458M in BTC. Now, Strategy Inc. holds a staggering 568,840 BTC—2.7% of the total supply, worth nearly $60B. But it’s not just the size—it’s the structure that’s historic. In Q1 2025, Strategy outlined a roadmap for Bitcoin-native financial architecture: Raised $10B in 4 months: $6.6B via ATM equity offerings $2B via convertible debt $1.4B via preferred shares The company is now structuring BTC-collateralized debt instruments, redefining how corporate credit markets operate—with overcollateralized BTC bonds & equity. If successful, this unlocks a new market of BTC-backed debt, with Bitcoin positioned as a high-grade reserve asset. What this signals: ✅ BTC is no longer just for holding—it's a productive, yield-bearing treasury asset ✅ Institutions are engineering new capital markets around Bitcoin ✅ Strategy Inc. could be the BlackRock of Bitcoin-native finance We're not just witnessing adoption—we’re watching the rewrite of corporate capital strategy in real time. #Bitcoin #BTC #CryptoFinance #BTCATH

Over the past 5 months, Binance Alpha has evolved from a wallet feature to one of the most powerful price discovery engines in crypto. Originally launched as an alternative to broken launch mechanisms—where VCs dumped on retail at “listing peaks”—Alpha now balances project exposure, retail access, and market validation through onchain behavior, KYC, and gamified interaction. For projects, Alpha offers a fast lane to liquidity and attention without the uncertainty of full CEX listing. For users, it’s a battlefield of gas wars, lucky draws, and whitelist spots. For Binance, it’s a strategic move to regain onchain dominance after losing ground in product experience. But this shift isn’t without trade-offs. Many early ecosystem users and loyal contributors have found themselves left behind as projects prioritize Alpha participants for airdrops. Why? Because Alpha users come with onchain metrics, fresh wallets, and trading activity—data that Binance and teams now value more than OG support. In short: Alpha = lite CEX onboarding + liquidity bootstrapping Projects now optimize for Alpha metrics, not just hype Retail must play by new rules—or be sidelined Binance is no longer just listing—it's engineering a new power structure in Web3. #DeFi #Web3Strategy

The rise of Perp DEXs isn’t hype— It’s structural inevitability. FTX's collapse ended the era where traders accepted custody risk in exchange for speed. Now, the race is on to deliver CEX-grade UX with DeFi-grade security. New players like Ethereal, Lighter, and Ostium are redefining the space: sub-10ms matching engines, fully non-custodial, onchain settlement, and orderbook-based liquidity. The goal? Cross $1B–$5B in daily volume to attract arbitrage bots and copy traders, and build a real moat. But speed alone isn’t enough. The winners will go deeper—intent-based routing, verticalized UX, and plugging holes even Hyperliquid hasn’t solved. In the next 12 months, we’ll see separation: some will dominate liquidity; others will just inflate TVL with token bribes. Perp DEX is no longer a DeFi niche. It’s the new L1. #DeFi #PerpDEX #OnchainFutures #CEXvsDEX

Crypto lending remains one of the most critical yet opaque sectors in Web3. As of Q4 2024, total crypto lending market size stands at $36.5B, still down 43% from the $64.4B peak in late 2021, but recovering steadily from the 2022 lows. 🧵 1/ The breakdown: CeFi Lending: $11.2B DeFi Lending: $19.1B CDP Stablecoins (like DAI): $6.2B Tether leads the CeFi sector with $8.2B in loans — over 73% market share. Galaxy and Ledn follow. 2/ Since bottoming at $1.8B in late 2022, DeFi lending has grown ~959% across 20 protocols on 12 chains. The resurgence shows growing trust in on-chain lending models post-CeFi collapses like Celsius, Genesis, BlockFi, and Voyager. 3/ Key takeaways: CeFi’s rebound is slow but ongoing (+73% from bear market lows). DeFi is leading innovation in transparency, automation, and risk management. Galaxy provides rare insight into off-chain credit markets, a historically opaque segment. While crypto lending is no longer at its peak, it’s laying the groundwork for the next generation of DeFi credit markets.

💵 How Stablecoins Are Quietly Profiting from U.S. Debt Stablecoins like USDT and USDC have become the backbone of Web3, offering price stability in an otherwise volatile crypto market. But behind the scenes, these tokens are profiting massively from an unlikely source: U.S. Treasury debt. 👉 Their model is simple but powerful: Users deposit $1 → Stablecoin issuer mints 1 USDT/USDC That $1 is invested in short-term U.S. Treasuries yielding 4–5% Multiply that by tens of billions in circulating supply = billions in annual profits Tether alone made $6.2B in profit in just the first 3 quarters of 2024, rivaling traditional financial giants. But this model isn’t risk-free: 📉 If interest rates fall, profits shrink ⚠️ Regulatory pressure is mounting, especially around reserve disclosures 🪙 Depegging fears remain, especially during banking shocks (e.g. USDC during the SVB collapse) Now, decentralized alternatives and algorithmic stablecoins are rising, seeking to eliminate centralized risks — but they too face challenges in scalability and peg stability. As stablecoins grow from trading tools into global payment rails, their connection to U.S. debt raises bigger questions about monetary policy, decentralization, and financial sovereignty. Are stablecoins truly stable — or just riding the yield curve for now? #Web3 #Stablecoins #DeFi