Jeff Security

Made $60k last month from audit 😎 What about you?

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣￣| Need more bug bounty and contest platforms |＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

🚨PSA for anyone considering working with these guys, they don't pay for their audits. We've been chasing the invoice for months! Repost, so no one else wastes their time. @MuratLite @Fast_Protocol @primev_xyz

Auditors heads up on these guys! They don't pay for their audits. Repost it🫡

@ShieldifySec @MuratLite @Fast_Protocol @primev_xyz 🫥

@ua1552 😂

@jeffsecurity Looks fine to me

@ShieldifyMartin @Fast_Protocol @primev_xyz @MuratLite 🥲

First time getting scammed for providing an honest, on-time security service. 👏 Still, shoutout to @Fast_Protocol, @primev_xyz and @MuratLite - hope the help made a difference, even if it came at our expense. Hope the good gets passed forward to someone else 🙏

@code4rena gg wp

An important update from the C4 team. 🧵

@ShieldifySec 🫡🫡

|￣￣￣￣￣￣￣￣￣￣| Need More Auditors |＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_

December 2024. npm i @ solana/web3.js Supply chain attack. The program is immutable and secure. The signer isn’t. Sum everything and you will receive -160k USD loss in SOL. defendor.xyz/p/the-signer-y…

🚨 Another Hack @Aurellion_Labs was exploited on @arbitrum for ~$456k. Cause: uninitialized Diamond proxy, unprotected initialize(). The attacker added a malicious facet, abused existing USDC approvals and swept funds from users. Stay safe and take security seriously! 🙏

The Mom Test 📘 Most founders ask for compliments and call it customer research. I’ve seen too many teams spend months building, only to end up with a product nobody actually wants. Learn how to validate ideas properly 🫡

An LLM-ready index of 460 Solidity vulnerabilities across 31 protocol types. Scraped from 10,000+ Solodit findings 🤠 github.com/kadenzipfel/pr…

Audits aren't a "one and done." 🛡️ 🔍 Zealynx highlights on the importance of Post-Audit Security. 🔗 zealynx.io/blogs/post-aud…

A 100-page report with zero criticals isn’t a success; it’s a failure of imagination. If you’re just checking boxes, you’re not an auditor-you’re a proofreader. The "extra step" is where the exploits live.

A skill that: - turns a smart contract vulnerability finding into a submission-ready Foundry PoC - forks mainnet - exercises real deployed contracts end-to-end. github.com/cholakovvv/fou… 🚀

🚨 Blockaid's exploit detection system has identified an on-going exploit on TrustedVolumes (1inch market maker / resolver, @trustedvolumes ). Chain: Ethereum Victim contract: TrustedVolumes resolver — 0x9bA0CF1588E1DFA905eC948F7FE5104dD40EDa31 Exploiter: 0xC3EBDdEa4f69df717a8f5c89e7cF20C1c0389100 Exploit tx: 0xc5c61b3ac39d854773b9dc34bd0cdbc8b5bbf75f18551802a0b5881fcb990513 Total extracted so far: ~$5.87M (1,291.16 WETH + 206,282 USDT + 16.939 WBTC + 1,268,771 USDC). Same operator as the March-2025 1inch Fusion V1 incident; this is a different vulnerability, in a TrustedVolumes-controlled custom RFQ swap proxy (0xeEeEEe53033F7227d488ae83a27Bc9A9D5051756). More details will follow.

Time from vulnerability disclosure to exploit went from 10 months to just 10 hours. This and other dope vuln stats: 👇 zerodayclock.com

@ShieldifySec 😈

|￣￣￣￣￣￣￣￣￣￣￣￣￣￣| Web3 Security is the Future! |＿＿＿＿＿＿＿＿＿＿＿＿＿＿| \ (•◡•) / \ / —— | | |_ |_