-

When i write point 2, i was assuming that the protocol isn't deployed yet, hence the 'whataboutism' if they have millions of dollar in TVL. Again, i agree with the underlying idea of being safer, but there are trade-offs. E.g. audit comp considerably cheaper but takes more time. Top tier audit firm takes less time but more cost etc. But maybe from protocol/team perspective considering e.g. Balancer V2, there are couple notes that they have to take (i doubt it too tho). Again this is just from what i think considering perspective of involved parties. I may be wrong

I agree with 1, but i don’t agree with 2, because currently there are many opportunities to secure your project with less money that we can think about, and if your project holds many million dollars, then it’s better for you to have some funds to make sure the funds on chain are safe right?

I feel sad seeing all these hacks these days. Sometimes I feel like I’m part of the reason this is happening, even though deep down I know I’m not. What do you think our community should do in this situation? solutions only, I’m not here to hear anything negative.

one of these days, there will be a major exploit. might be 30m, might be less. will not be more than that tho

lmao this bitches still moans about decentralization vs centralization? and we thought we're a "better" system? would you bitches choke when knowing the prerequisite of having "democracy" as a system? lmaooooooooooooooo

In March 2016, a team called DappHub deployed a token that would go on to govern over $8 billion in DeFi. MKR gave holders the power to vote on every parameter of DAI, the most important stablecoin on Ethereum. The source code has never been publicly verified. Until now. 🎉

@0xriptide more like 30

bet this man will have 3 offers in 24 hours

@xiaoming9090 @0xfluid @sherlockdefi one of the best~ nice work sir! 🫡

Glad to have secured 1st place in the Fluid V2 contest. Managed to find all H/M issues in the contest. Thanks to @0xfluid and @sherlockdefi for the opportunity!

@sisihacks Decentralization is process. Its not the dot in a sentence, its not the "no law applicable since anyone can do so", its not getting away from consequence and such

Okay, so... people are not complaining because funds were frozen. They’re reacting to who has the power to do it. Arbitrum didn’t just pause something, they identified specific address, stepped in and moved 30k+ ETH into a controlled wallet. From a security perspective, that was very useful for the situation at hand, it slowed things down, contained the damage and gave protocols a chance to respond instead of watching the funds disappear but let’s not pretend there isn’t a tradeoff. The moment a group can step in and move funds even with law enforcement involved you’ve introduced trust. It’s no longer fully “code is law.” There’s a human layer that can intervene when things go wrong and that’s the part people are reacting to. So yeah, it helped but it also proves that the system isn’t as trustless and decentralized as people thought it is. That’s the trade-off.

@ma1fan Is this Binance?

I reported a critical vulnerability to a top-tier crypto exchange—an exploit that could allow an attacker to crack and steal wallet private keys within minutes. By all industry standards, this was a severe, high-impact bug. Yet, they initially offered me a measly $4,000 bounty. I refused to accept it and pushed back hard. After a prolonged back-and-forth, they spent ages escalating it to their leadership. Following endless rounds of "approvals," they finally added a whopping $1,000 to the offer, bringing the grand total to $5,000. I am honestly "moved to tears" by their generosity, considering an exploit of this magnitude is easily worth at least $50,000. Seriously, my advice is to avoid participating in Bug Bounty programs run by certain Chinese teams. It seems they would much rather risk getting drained for tens or hundreds of millions of dollars by actual hackers than pay a white hat a single extra cent for protecting them.

@0xriptide Working poc got dismissed/abused by ghosting months, why would theoretical would appreciated

After this LZ incident, do you think project teams will now consider more "theoretical" bug bounty submissions?

@0xcuriousapple Oooh interesting!

wen chainlink infra compromise ?

Again, people dancing on top of the grave. What's with this? Security world seems to be mote and more bleak than ever. SRs being ridiculed as a "beg bounty" Protocol's rev drained as market activities went down User's money being drained because of point 1 2 (bh > wh now)

cow[.]fi (CoW Swap) UI (and probably DNS) is compromised. do NOT interact!

@0xfrsmln Cara lama ini sir malah, era sebelum bbp jadi new norm

Somehow this kind of PoC is: 1. You get to be called a white hat. 2. It solves the duplication problem. 3. It guarantees payout. Is this the norm now? Somehow if you do this, it is a white hat act. We skip the platform middleman and go straight to exploit? Seems so wrong for me tbh

@toby_solutions from the dev's/founder's tweet, seem so tho. painfully might be user's funds and not the protocol's

@benezuriel You rage-bait to beg for hackers’ attention?

So if you rage-bait hackers you will actually get hacked? Damn.

@chrisdior777 @hyperbridge again, the user pays for the arrogance. sad day

CAREFUL what you manifest. 🤯 On April 1st, @hyperbridge joked they got hacked for $37M. 12 days later, they actually got hacked - $237K gone. Damn 🤯

"Is anyone left in Aave?" ???? What?

devs said security killed innovation of defi apps because its too expensive. SRs got ghosted for months, silent fixed, banned unjustly, protocols are spamming `no fix no pay` rules, etc. Jong Un-Kim, laughing uncontrollably because it's goddamn easy to do so (billions alr)

@SolarEtherPunk Very bad take. If you want to mock/make fun of @DriftProtocol i would back you, since a protocol being fucking dumb is their vault and must held accountable by their idiotic mistakes. But blaming users of a chain because of their chain is not it

Solana just got its final reality check. Drift Protocol, one of the biggest perpetuals DEXes on the chain, just got drained for $270M+ in a massive exploit. On April 1. And they had to tweet “this is NOT an April Fools joke.” After years of pump.fun turning Solana into the biggest meme-coin casino and rug-pull factory in crypto… After Toly and Mert spent years gaslighting everyone about how “decentralized” and “battle-tested” the chain is while it kept having outages, validator concentration issues, and VC-controlled narratives… This is the bill finally coming due. The most toxic, arrogant, hype-driven, “number go up” ecosystem in crypto just hit the wall. Hard. $SOL less