VINCHI

Be successful at anything, you don't have to be special. Just be consistent with the right mindset.

what happened with the @grok wallet: 80% of the funds have been returned the remaining 20% will be discussed with the $DRB community. bankr auto-provisions an x wallet for every account that interacts with us. grok has one. it's controlled by whoever controls the x account, not by the bankr team. there's no one from the xAI team managing the grok wallet. in light of this, the first version of our agent had a hardcoded block to ignore replies from grok, designed to stop llm-on-llm prompt-injection chains. that block didn't carry into the latest iteration of the agent (which was a complete rewrite). someone used that gap to prompt-inject grok into instructing bankr to transfer the wallet's funds. a more robust block on grok's account has now been added so this can't happen again. for everyone actively running an agent wallet, we've already shipped controls to harden against this class of risk, but they must be enabled by the account owner: > ip whitelisting on api keys > permissioned api keys (turn on only the capabilities you need) > per-account "disable on x" toggle so bankr won't act on x replies more on the way.

@ZeroK_____ Automate your manual process of findings bugs then that’s a good use. Else, it’s bs

A lot of people ask me how to become a Security Researcher. Here are 4 steps you can take 👇

@ayo_bamiiiiii @Furious_red_ Check dm boss.

@Furious_red_ I don’t care, I just want a Bruno assist

Man united fans, which of these matches do you think will be the toughest ?

Starting my bug bounty journey this week. No more rushing in contests time to go deep on one protocol at a time and find what others missed. 🔍 If you've landed a bounty before, what would you tell your beginner self? 👇 All advice welcome.

I have created a script and a skill for Claude Code that can clone contracts and projects from etherscan. This can be quite useful for cloning on-chain smart contracts for bug hunting. With the Claude skill, it can also be integrated into AI Bug Hunters. github.com/TheSchnilch/Cl…

Want to know if you actually understand an attack class? Write: - a 10-line explanation - a 5-line exploit path - a 5-line mitigation with tradeoffs If you can’t do that clearly, keep drilling.

Cloning deployed contracts used to be 30+ minutes of pain. @Schnilch killed it with a Claude Code skill: - 20+ EVM chains - Clones multiple contracts in one command - Auto-resolves proxies - Rewrites @-imports to relative paths Free, open source. github.com/TheSchnilch/Cl…

A few months ago, I was the one watching from the outside, thinking, "Everyone's winning, I'm still fighting." Now I'm the one with the win. People see a five-figure win, and that's all they see - the win. But nobody sees what it actually costs. For me, this win is: - 2+ years in the space - Multiple times, I almost gave up - Countless moments where I had no idea how to keep going - The thought "this isn't for me" on repeat And honestly? I'm grateful for the almost. That word is everything. A friend used to tell me: "You keep saying you're giving up. This is the third time I'm hearing it, but I don't care how many times you say it, I only care that I hear it, never see it." And yet, I don't know exactly what kept me going. Probably stubbornness. If you're somewhere in that spiral right now, thinking the same things I was thinking - keep going. Your win is waiting for you.

🚀 This month I got 3 bug bounties paid out and built an open-source Claude Code skill along the way. Finding the bug is the hard part, but what really determines the outcome is how well you demonstrate its impact. That's where the PoC matters most: if it's not a mainnet-fork end-to-end test on real deployed contracts at the current mainnet state, it doesn't really prove impact. I iterated a lot before figuring out what actually works. Now it's a skill anyone can install. Free & fully open source 👇 github.com/cholakovvv/fou…

@fuzious18 Congratulations!

🥉🦍

@bizarro0x13 @0xfluid @sherlockdefi Congratulations!

Just wrapped up the @0xfluid contest on @sherlockdefi. Secured 7th position with 75% coverage. Huge thanks to the Sherlock team for another great competition. On to the next one!

@soligxbt @pashov @PashovAuditGrp @immunefi Congratulations!

i came in 9th!!! $2.5k in rewards thanks once again @pashov @PashovAuditGrp ❤️ i just became a 2x audit winner (i was rank 41 in the olas code4rena competition) sad part for me is that my @immunefi account was permanently banned i got too excited when i started bughunting and submitted invalid findings had just 1 escalated report out of 5 which turned out to be a duplicate i appealed but unfortunately i’m banned permanently, sad but well i’ll keep hunting and doing my best on other platforms i guess

@0xpiramide @0xfluid @sherlockdefi Congratulations!

not the best coverage but still getting better every contest, thanks for the opportunity. @0xfluid @sherlockdefi

@LuxLode @sherlockdefi @0xfluid @AifosSi Congratulations!

Thanks to @sherlockdefi and @0xfluid for the opportunity. And a special thank to @AifosSi who’s truly the best judge around.

@maigadohcrypto @sherlockdefi Congratulations!

Masha Allah ranked 5th twice in 2026 , thanks @sherlockdefi for giving the opportunity to showcase my skill

@0xSilvermist @asen_sec Congratulations!

My biggest contest win since the start of my web3 journey. Let this be proof that perseverance always wins! #2 place on the largest paid out pot of this year with 1009 participants All this could not have happened without the collaboration with @asen_sec, thank you very much🔥

@Pelz_Dev @sherlockdefi Congratulations boss!

Happy to announce that i came top 4 amongst 1000+ researchers. Can’t lie, this was a tough contest on @sherlockdefi and a lot of battles had to be won but above all i’m glad i came out on top. More wins incoming!!! Expect a lot more from me this year..i’m all in..

Starting as a new Web3 security researcher in 2026 is challenging. The market is tough for newcomers. Still, you can crush. Your edge: obsession with delivering real results and value. If you use it right, you’ll outgrow people with more experience. Here’s what to do 👇

@ayo_bamiiiiii @_Ayoo_xx follow back bro

@_Ayoo_xx I studied Industrial Engineering and have a Cisco certification in Cybersecurity, I dey Access bank head office dey work like this 😪

Engineering and Tech boys don dey move to finance Wonder why