Sabitlenmiş Tweet
We decided to test @xyz_remedy glider tool and found a critical vulnerability in a privacy protocol.
Tldr: Broken Groth16 deployment leads to proof forgery, allowing to withdraw full TVL.
Read more below 👇
English
SC Audit Studio
1.2K posts
SC Audit Studio
@SCAuditStudio
Expert cybersecurity consultation for decentralized finance. Over $100,000 in public bug bounty earnings.
ETH Katılım Mayıs 2023
385 Takip Edilen451 Takipçiler
Great opportunity for anyone non technical in web3.
@CantonNetwork knowledge is a huge plus!
SC Audit Studio@SCAuditStudio
We’re hiring: Business Development (BD) Looking for a driven, relationship-focused professional to help grow partnerships, be chronically online, and keep up with the latest trends. What we’re looking for: • Strong communication & networking skills • Strong network in Web3 • At least 12H screen time • High-level technical knowledge of Web2 / Web3 software Interested or know someone who’d be a great fit? DM us!
English
@A_Leutenegger Agree, but the second part is by far the hardest to get right. Sometimes it feels also like teams just do not care (or do not have the resources to care)
English
The security market in crypto is divided into 3 pillars. The 2nd has been ignored and is a huge opportunity because it's the co-result of 83% of hacks along with opsec:
1. Code security -> $820 million market size
(audits, invariants, bugs)
2. Execution control -> (?)
(how onchain access is controlled and state changes)
3. Opsec -> 15-20% of web 3 eng team costs
(Keys, devices, infra)
There's a clear opportunity for a winner to emerge in this space both in tooling and services.
English
@SCAuditStudio Nice work guys👏 Pentests have huge demand currently, and it's recurring as soc2 type 2 is annually renewed.
Lock in that retainer agreement 😉
English
We just completed a pentest for a CEX.
Even without smart contract integrations, pentesting is often required for SOC 2 compliance, and SOC 2 is increasingly mandatory when working with institutional partners.
If you’re preparing for compliance, audits, or institutional onboarding, reach out to us for a security assessment.
English
@ShieldifyMartin @Fast_Protocol @primev_xyz @MuratLite Sad, now I know who I should not work with :)
English
English
First time getting scammed for providing an honest, on-time security service. 👏
Still, shoutout to @Fast_Protocol, @primev_xyz and @MuratLite - hope the help made a difference, even if it came at our expense.
Hope the good gets passed forward to someone else 🙏
English
@CantonNetwork We are happy to help anyone who needs security advise on daml 🫡
English
Five pathways into Canton, from multi-party financial workflows to exchange and wallet integration.
The Protocol Development Fund is open, with 5% of all canton-network:native emissions allocated to builder grants.
↓ Start building.
English
Working on the influx of auditor submission on @procur3 for the first hour of this morning.
Cool announcement coming soon
English
@RangaSquared Unfortunately not for this specific offer, but you can link our about page which contains contact details!
scauditstudio.com/about
English
@SCAuditStudio would love to add this to my newsletter! Is there a form link/email for the same?
English
SC Audit Studio retweetledi
We’re hiring: Business Development (BD)
Looking for a driven, relationship-focused professional to help grow partnerships, be chronically online, and keep up with the latest trends.
What we’re looking for:
• Strong communication & networking skills
• Strong network in Web3
• At least 12H screen time
• High-level technical knowledge of Web2 / Web3 software
Interested or know someone who’d be a great fit? DM us!
English
@stacy_muur @milky_way_zone @niftygateway @SlingshotCrypto @PolynomialFi @zerolandxyz @parsec_finance @StepFinance_ @DataHaven_xyz @tallyxyz @DeFiCarrot We are currently looking for BDs, if anyone worked at these companies before, feel free to reach out🫡
English
DeFi protocols that shut down in 2026 ↓
Jan 15: @milky_way_zone
Jan 24: @niftygateway
Jan 27: @SlingshotCrypto
Feb 13: @PolynomialFi
Feb 16: @zerolandxyz
Feb 19: @parsec_finance
Feb 23: @StepFinance_
Mar 4: @DataHaven_xyz
Mar 17: @tallyxyz
April 30: @DeFiCarrot
May 4: @phi_xyz
May 12: @legendapp
May 13: @code4rena
Two protocols shut down in two days. Rough.
Keeping you updated.
Code4rena@code4rena
An important update from the C4 team. 🧵
Indonesia
@YuvalRooz @SocieteGenerale @CantonNetwork At this point: which of the largest finance institutions are not an SV?
English
I’ll say it again, collateral movement on-chain is probably one of the best use cases for public chains. Super excited that @SocieteGenerale is joining @CantonNetwork to become an SV and be the first to enable prime on-chain. Big milestone.
businesswire.com/news/home/2026…
English
@alicejrigby Haha, yes its a bit overstated for attention, but the reality is in current market full commitment is expected.
On the other hand we believe people who fulfill this are the top 0.1%, and will win in the long term.
English
@SCAuditStudio so glad to finally see an honest JD for a web3 BD and outlining how long they need to be online for 😅
English
@haileyhmt I assume a16z. All their public facing content is about needing to win an inevitable future war with China whilst they fund gambling and slop apps
English
I just interviewed with t1 accelerator (yc/a16z speedrun), and one of the final topics they asked about was my visa status. I shared that I’m currently based in Hong Kong and plan to get O1 visa. During the pre-interview process, they had also asked about my country of citizenship.
They mentioned that due to political changes, they’re unable to fund me at this stage.
They told me they were positive about me/my video and encouraged me to stay in touch.
English
@StaniKulechov Very nice to see, even if we never doubted great recovery
English
The attacker’s rsETH on Arbitrum has been burned. As the last step is to refill the rsETH bridge lockbox. Meanwhile withdrawals for rsETH into ETH will start within the next 24 hours to normalize the markets.
The past few weeks, including weekends, have been incredibly intense. None of this would have been possible without the entire team working around the clock on this recovery effort. We're building a new level of resiliency and a post mortem will follow with new learnings.
Aave@aave
The first set of steps in the rsETH technical recovery plan are complete, including burning the exploiter's rsETH on Arbitrum. Progressively refilling the LayerZero OFT adapter and reopening rsETH operations will follow over the coming days.
English
Private chains like @CantonNetwork do not protect you against attacks like this:
Managing customer funds = Security first priority
SC Audit Studio@SCAuditStudio
We decided to test @xyz_remedy glider tool and found a critical vulnerability in a privacy protocol. Tldr: Broken Groth16 deployment leads to proof forgery, allowing to withdraw full TVL. Read more below 👇
English