mr p

51 posts

mr p

mr p

@mr_________p

web3 Security Researcher | Bug Bounty Hunter

Katılım Ocak 2026
72 Takip Edilen6 Takipçiler
Sabitlenmiş Tweet
mr p
mr p@mr_________p·
On a move to become a great blockchain security researcher.
English
0
0
1
52
mr p
mr p@mr_________p·
@seunlanlege This is refreshing to see, right?
mr p tweet media
English
0
0
0
246
Web3 Philosopher
Web3 Philosopher@seunlanlege·
Real money has been lost & we're working with security teams & the relevant authorities to trace & recover the exploited funds. We will share more updates as more progress is made.
Hyperbridge@hyperbridge

Security Update: Token Gateway exploit On April 13, 2026, a vulnerability in Hyperbridge’s Token Gateway was exploited, resulting in approximately $237,000 in losses on Ethereum. Bridging operations were paused immediately after detection, and this is an update on the situation. 🧵

English
49
14
214
33.2K
mr p
mr p@mr_________p·
@Mwafreeka Bro trusted an AI generated image. The jokes keep writing themselves 😂
English
0
0
1
636
Mwafreeka
Mwafreeka@Mwafreeka·
Do you know this guy? 100k reward is still there
Mwafreeka tweet media
English
376
1.8K
5.8K
531.4K
mr p
mr p@mr_________p·
Aged like fine wine😂
English
0
0
0
61
mr p
mr p@mr_________p·
@Ibrahkiprotich @Frank_ethhh What are you ecen saying? I guess you've never used beter intel processors my G. PS: My laptop runs core Ultra 7 255H. PC runs core i9...can't hate for nothing
English
0
0
0
3
Ibrahim Koros
Ibrahim Koros@Ibrahkiprotich·
@Frank_ethhh Intel is for university students, who watch movies and does academic writting😅
English
2
0
0
41
Ibrahim Koros
Ibrahim Koros@Ibrahkiprotich·
Before buying a laptop, don’t just look at the price, check the specs 👇 CPU (i5/Ryzen 5+), RAM (8GB minimum, 16GB ideal), SSD (skip HDD), battery health, and build quality. Also confirm it’s not refurbished unless stated. Buy smart, not sorry
English
5
3
18
713
mr p
mr p@mr_________p·
@Rzizah_ Why hide the payout when the information is publicly available?
English
0
0
0
8
Rzizah
Rzizah@Rzizah_·
Not sure how to feel about this one tbh Life got in the way halfway through. wasn’t fully focused, submitted stuff last minute then results came out and… some of my findings got wrong duplicated. didn’t even notice until pjqa ended being too late to do anything about
Rzizah tweet media
English
2
0
8
1.9K
mr p
mr p@mr_________p·
@d0rsky @nem0thefinder I would like to join your team. How would I know of such an opportunity is ever open to apply?
English
0
0
0
19
sashko.eth🇺🇦
sashko.eth🇺🇦@d0rsky·
Please meet a new face on our team 👀 @nem0thefinder joining us as Triage Team Intern! You’ll start seeing him a lot in your tickets soon, so please be patient, supportive, and kind. And on the bright side, our security team just got stronger. Happy to have you with us!
sashko.eth🇺🇦 tweet media
English
10
2
47
1.8K
່
@sin4ch·
NYSC vibecoded their site! 😭😭😭
່ tweet media
English
250
75
1.7K
426.2K
mr p
mr p@mr_________p·
@zerocipher002 First make hackenproof and cantina two options. Then I can choose HackenProof
English
0
0
0
17
Zero Cipher
Zero Cipher@zerocipher002·
For a protocol with a bug bounty on multiple platforms, Which one would you use to submit your Crit/High? And Why?
English
5
0
15
1.9K
mr p
mr p@mr_________p·
@h0x88 @Hacker0x01 Hackerone Make It Right Fund....Contact support
English
0
0
0
31
sallam
sallam@h0x88·
What should a researcher do in this situationm @Hacker0x01? A valid vulnerability was reported, triaged, and marked as “fix pending release” — meaning it was confirmed and addressed. But now the company has shut down their bug bounty program and refuses to pay.... #bugbounty
sallam tweet media
English
13
4
113
13.4K
mr p
mr p@mr_________p·
@d0rsky Coupon's mine ser
mr p tweet media
English
1
0
2
90
mr p
mr p@mr_________p·
@thedawgyg These cases are quite common in the web3 space. Not a lot of people are always courageous enough to speak up.... Feels like web2 has got a lot of honest programs that are willing to pay for honest work than the web3 space
English
1
0
1
59
dawgyg - WoH
dawgyg - WoH@thedawgyg·
We all now know to not work with injective as they will screw over anyone to save face and money. They lie as bad as the Israelis.
Bojan Angjelkoski@bangjelkoski

Security is paramount at @injective and we take our bug bounty program very seriously. First and foremost, the figures referenced in the post are entirely misleading. There was no impact realized from this issue. Zero user funds were affected and zero addresses were compromised. For the stated vulnerability to work in practice, it would require execution of several suspicious transactions that would have an extraordinarily limited impact. Injective has dynamic rate limiting functionalities which are applied automatically based on our live monitoring systems. This functionality has been live on mainnet since last year and is publicly available in our code base. In addition to all of the above, this report was reviewed against the clearly defined terms of our Immunefi program. Based on those terms, issues such as those raised in this report that DO NOT impact block production or consensus are categorized outside of the Blockchain/DLT tier and carry a maximum payout of $50,000. If the poster had requested a mediation we would explain to him the dynamic rate limiters and monitoring systems we have in place and why his stated figures are misleading. However, he did not do so. We always follow the procedures set forth by the Immunefi program and expect the submitter to do so as well. We remain committed to fair, transparent, and consistent handling of all reports, and to maintaining the highest standards of security for the ecosystem. Injective has done so since its mainnet inception in 2021 and will continue to do so in perpetuity, always putting builders and security first.

English
3
4
72
11.3K
mr p retweetledi
Martin Marchev
Martin Marchev@MartinMarchev·
Just trying to make web3 a bit safer. One finding at a time.
Martin Marchev tweet media
English
12
2
111
4.8K
mr p retweetledi
f4lc0n
f4lc0n@al_f4lc0n·
I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…
English
524
513
4.5K
1.8M
mr p
mr p@mr_________p·
@dani3l526 How will they agree to escrow when they're never planning to pay at all
English
1
0
2
112
Daniel526
Daniel526@dani3l526·
Web3 security needs an On-Chain escrow with auto-release rules where projects should lock the full maximum bounty amount in a transparent smart-contract escrow before the program goes live; the contract automatically releases the agreed percentage once severity is confirmed by...
f4lc0n@al_f4lc0n

I Saved Injective's $500M. They Pay Me $50K. I like hunting bugs on @immunefi . I'm decent at it. - #1 — Attackathon | Stacks - #2 — Attackathon | Stacks II - #1 — Attackathon | XRPL Lending Protocol - 1 Critical and 1 High from bug bounties (not counting this one) Life was good. Then I found a Critical vulnerability in @injective . This vulnerability allowed any user to directly drain any account on the chain. No special permissions needed. Over $500M in on-chain assets were at risk. I reported it through Immunefi. The next day, a mainnet upgrade to fix the bug went to governance vote. The Injective team clearly understood the severity. Then — silence. For 3 months. No follow up. No technical discussion. Nothing. A few days ago, they notified me of their decision: $50K. The maximum payout for a Critical vulnerability in their bug bounty program is $500K. I disputed it. Silence again. No explanation for the reduced payout. No explanation for the 3 month ghost. No conversation at all. To be clear: the $50K has not been paid either. I've seen others share bad experiences with bug bounty payouts recently. I never thought it would happen to me. I can't force them to do the right thing. But I won't let this be forgotten. I will dedicate 10% of all my future bug bounty earnings to making sure this story stays visible — until Injective pays what I deserve. Full Technical Report: github.com/injective-wall…

English
3
1
2
1.3K
Guardian
Guardian@GuardianAudits·
🚨 The Guardian x @LimitBreak AMM Defender Contest is now live! 45 days to hunt for $150,000 in rewards across Critical, High, and Medium severity findings. Details on how to participate available below 👇
Guardian tweet media
English
5
16
82
20.3K
mr p retweetledi
kaden.eth
kaden.eth@0xKaden·
here's an index of 460 common solidity vulnerabilities across 31 unique protocol types scraped from over 10000 solodit findings optimized for LLMs github.com/kadenzipfel/pr…
English
16
36
362
22.5K
Nyakio
Nyakio@nyakiomaina11·
elliptic curve discrete log problem (ECDLP) Given points S and T on an elliptic curve over a finite field E(F(q)), find an integer m such that T = mS
English
2
2
22
990

Keşfet

@seunlanlege @Mwafreeka @Ibrahkiprotich @Frank_ethhh @Rzizah_ @d0rsky @nem0thefinder @codewithmercy