Rikisp | ....

The recent wave of protocol exploits is often misattributed to “AI automatically hacking smart contracts.” That framing is mostly wrong, but not fully. What AI currently changes is not that it magically discovers advanced exploit chains across complex architectures. The real leverage is scale: large numbers of live contracts can now be scanned very quickly for trivial, obvious, and historically survivable mistakes. Missing access control. Broken initialization. Unsafe admin paths. Simple accounting flaws. Exposed privileged functions. Weak architectural assumptions. These bugs have always existed. The difference is that deployed code is no longer protected by obscurity, low attention, or the fact that nobody had time to manually review it. Whether source code is published or not matters less and less. If value is deployed, it will be scanned. This has a direct consequence for protocols: Audits are becoming more important, not less. The baseline threat model has changed. Simple mistakes that previously might have survived for months can now be identified and exploited much faster. The market is entering a phase where low-quality deployments are systematically filtered out. The same applies to bug bounties and large codebases. If a protocol has hundreds of thousands of lines of code, AI-assisted scanning will almost certainly surface something. That does not mean AI replaced deep security review. It means shallow bug discovery became cheaper, faster, and more scalable. The real defense is still rigorous human audit work combined with AI: understanding architecture, invariants, privileged flows, cross-contract assumptions, accounting correctness, and edge-case behavior. AI raises the floor for attackers. Audits must raise the floor for protocols.

Ok let’s be very clear about the state of web3 security. I’m here since 6 years now and I’ve experienced and seen most hacks and in fact, most of the hacks were pretty dumb and simple. However, the last two hacks were extremely sophisticated and targeted vulnerabilities outside of smart contracts which required a planning and scheduling which is beyond anything imaginable. And no, this is not because of: „MyThoS hacKs EverYOne!!!“ Lazarus is increasing their resources to target protocols and new hacks become as carefully planned as advanced bank robberies. They don’t show any mercy and don’t expect there will be any negotiations. They are more rough than ever! Ladies and gentlemen, we have arrived at a new stage of web2 and web3 security and it will become only harder to protect protocols at this point.

The biggest flex you can ever have is that another auditor finds nothing after you

@eth_milano tbh don't think it's a good move to call yourselves mafia, especially considering you're fully aware of what it represents

if you have been to ethcc and haven’t met the italian defi mafia i don’t know what you were doing but you went to the wrong events btw your next chance to catch up with the gang is ethmilan

„We decided to move on with another auditor. Let’s stay in touch for the next time.“

I have around 15-20 reports where we have audited the same commit / after another company has finalized an audit. In all examples we find many many critical/high/medium issues. For a long time, I didn’t want to share this information. But I think it’s time soon. The truth will be revealed and many companies will face consequences from providing insufficient audit quality that puts clients at risk.

@Lady_Mania528 @MarieIsabellaB @ants__girl @ilChu21 I'm already used to duckwalk, I'm in

@MarieIsabellaB @RikispRikisp @ants__girl @ilChu21 You guys in? 🤣🤣🤣

Who comes up with something like this?🤣😂🤣

At @bailsecurity, it’s either the worlds-best security or nothing.

Blaming crypto because MetaMask takes almost 1% of your crosschain transfer is like blaming the Internet because you chose a bad provider. In the banking system, you only see 1:1 because the transfer cost is often charged separately. More than criticism, it is technical ignorance.

One of the worst things about stablecoins is slippage in value when transferring between tokens. I barely use them anymore due to this uncertainty and accounting nightmare. Banks are a mess to deal with but at least retain value when transferring. Stablecoins are not crypto.

@ShadowIntern @Equalizer0x @SwapXfi no

Can also LP for fees on Shadow. Lots of anger and complaints from competitor exchanges on Sonic lately, what’s the deal? @Equalizer0x @SwapXfi Can’t we all get along and push the Sonic network forward? 🖤

I see so many dexes launching... jumping chains without improving their model, and ngl if i can make some gains im all for it.... short term. If tokenomics are the same its just heading in the same direction as the last. Even quicker as users become more savvy. Make sure you take profits guys!

If you get an audit report with barely any issues, you should start asking questions.

Catching up on the current discussion around the state of Web3 security: For Tier-1 audit firms, the conversation should be partly about cost - but primarily about AUDIT QUALITY. If a client chooses a Tier-1 firm for top-quality security and pays premium fees, they should receive premium security reviews. In practice, some established Tier-1 firms no longer consistently meet that standard, and many clients treat any audit report they receive as the top benchmark in the space — then present it publicly as such. We’ve documented results like the one shown in the graphic across multiple audits against multiple traditional Tier-1 firms, and our clients are aware of it. That’s how BailSec has won many engagements and thats why clients continue working with us: we consistently deliver deeper, higher-quality reviews.

The single best marketing is finding advanced and impactful bugs that other reviewers do not find. If you can prove impact that others fail to prove, it seems only logical that this client will book you in the future again. And it doesn’t stop there, it is very likely that he recommends you to others as well. This is our mission at @bailsecurity

Genuinely curious after seeing results where other audit companies audited the same commit and somehow only found like 20% of all critical issues that we found. How the hell does it even look out there on all these deployed contracts where audit companies allocate 2 medium auditors for? Almost everything would be exploitable?????

Life when you finally experience Sonic.

@0xlukasinho seeing Hayden retweeting and dissin Aero is def a good sign lol

Aerodrome's model can't ever be sustainable for a simple reason: LPs get all token emissions. Token holders get all fees. If emissions were to ever be lower than LP fees earned, the LPs would be better off moving to a system where LPs earn the fees directly, as this would make them more money. Hence emissions MUST be bigger than LP fees earned. This means, Aerodrome has to run at a loss perpetually. It can never become profitable. It should be quite clear that running at a loss forever can't work.

My time building taught me this: products have to be built in silence, with people who share same vision. Most of all, you build when the market slows down, when nobody’s watching. Because the moment the market starts watching again, it’s already too late.

This one hits hard if you read between the lines: The new @SwapXfi product is built in: "an environment that truly believes in this vision and considers it central to its future development (...) provides resources, attention, and space to build" Another pillar protocol pivoting SwapX maintained: ✯ Top 3 native app in TVL ✯ Top 2 in daily volume ✯ Highest staked tokens on the chain ✯ Remarkable xNFT raise ($1.6M) with one of highest trading volume The team is talented, battle tested and have already proven themselves not just through metrics, but through how they’ve shown up for their community It’s teams like this, in moments like these, that deserve the community's trust and support looking forward to what comes next

@Lady_Mania528 car swerving on a straight road is because we’re fighting over the music

DAMNNNNNNNNN ... no one can do it better than this guy 🔥 🙌🏽 absolute legend