securecheckio

The best time to build a defense-in-depth Solana RPC transaction security analyzer was 5 years ago. The next best time is now.

@kenton_cooley @solflare Let me know when they support custom RPCs 👍

Just use @solflare

@Justin_Bons Will agents be fooled into running on inadequate security infrastructure?

Agentic (AI) payments will soon drive the majority of crypto usage! Only highly scalable & programmable chains will benefit from this revolution Chains like SOL, HYPE, SUI & NEAR are ready now Unlike most human beings, AI agents will not be fooled into using inferior tech! 🔥

@redacted_noah But will Solana win security?

Solana will win perps Solana will win spot Solana will win lending Solana will win prediction Solana will win on every vertical, and each win will compound because users want everything in one place, not in dozens of disparate apps and chains. Bridges are where UX goes to die.

@tonnyrad Facts

Most Web3 teams don’t need “just an audit.” They need security thinking before the audit even starts. Because many critical issues are not born in the codebase. They start in: • rushed architecture decisions • unclear trust assumptions • weak access control design • missing threat modeling • “we’ll fix it later” logic By the time the audit begins, the protocol may already be carrying hidden risk. Security is not a final checkbox. It’s a process that should start while the system is still being shaped.

@PiyushShukla__ Dedicated researchers will find a way and prove to be the most valuable.

After the current trend, I’m really wondering how new researchers are expected to enter the Web3 security space. Only a few contests are left now, and even those come with high submission fees and massive competition. The same goes for bug bounty programs . many now require submission fees, and there’s very little room for mistakes because false submissions can put your account at risk of getting banned. Without these opportunities and experience, newcomers have almost no path to approach companies for private audits or even apply for security jobs. It’s becoming extremely difficult to build a portfolio strong enough for private auditing or full-time roles. So where are we heading as an industry? Will Web3 security eventually become a space dominated by existing whitehats and AI-driven solutions, with very few new researchers able to break in?

@Paladin_Shield @solana Nice job!

PaladinShield: The Runtime Enforcement Layer (REL) for @solana ✅ Real-time Interception ✅ AI Semantic Audit ✅ Default-Deny Policy ✅ Forensic Evidence Hub with Immutable SHA-256 hash for every blocked attack ✅Only if you click 'Trust' the request reach your wallet.

@Ahyammona Need more innovation like this, great job

Built a direct QUIC TPU sender in Rust this weekend. Looking for people to stress test it on devnet. The problem it solves: sendTransaction over RPC adds 1-3 hops through gossip before your tx reaches the leader. Under congestion that's where transactions die. What I built instead: → Resolves the current + next N leaders via getLeaderSchedule → Pre-warms QUIC connections to upcoming leaders before their slot starts (no handshake at send time) → Forwards directly to the validator's TPU QUIC port → Streams confirmation events back over the same QUIC connection: processed → confirmed → finalized → Drop watchdog: if the blockhash expires before confirmation, you get a Dropped event instead of silence Stack: Rust, quinn (QUIC), solana-pubsub-client for WebSocket confirmation, Helius RPC for leader resolution. Tried it? The key metric to watch is forwarded→landed time. On a quiet devnet it's ~2-3s. Curious what it looks like under mainnet load. @Helius @shyft_hq @mert @ERPCglobal @solana_devs @solana @getblockio @SuperteamNG @SuperteamSG @triton_one Up next: slot scheduling + AI-assisted send timing.

@faradaysigner @colosseum That's really neat.

Our @colosseum submission is in We built an air-gapped Solana signer on a Pi Zero. No WiFi, no Bluetooth, no network. Keys never touch the internet. QR in, QR out! These have been incredible weeks of building!

@Matty_Solana @solana Non crypto friends are not coming to the chain until we improve the security infrastructure.

We've lost our minds building on @solana. Like Van Gogh dedicated his life to his art and lost his mind in the process. That's what happened to us. But fuck it. When our non-crypto friends use our apps without knowing what chain they’re on, when Solana apps hit the top 10 in every store, and when Solana Mobile goes from “crypto phone” to “the phone everyone wants” then the madness will pay off. Then we’ll be happy we lost our minds. SOLANA.

@satorinakamoto Great question. One thing I notice is security is a form of censorship. I guess it's a matter of who's censoring whom? Regardless, it would be good if the community had its own North star

CROPS stands for censorship-resistance, open-source, privacy, and security If CROPS Ethereum’s North Star, what is Solana’s? Solana contracts are frequently not open-source, and its founder calls economic security a ‘meme’ - preferring the threat of a rollback over robust consensus I suggest the O and S be replaced with A, for Anatoly, right in the middle, just as he/it is in Solana: CRAP x.com/toly/status/17…

What consumer wallets support custom RPC ? I know of seedless, samui, backpack. Any others?

@degen_lounge @carbiumio @Onchaincc @CryptoMaltese @Cryptohalo1 @seedless_wallet Looking forward to it!

The Degen Lounge weekly space is brought to you by @carbiumio. Proudly sponsored by @onchaincc. Hosted by @CryptoMaltese & @Cryptohalo1 with our guests: > @securecheckio >@seedless_wallet Set your reminder and drop a comment below! 👇

@PatrickAlphaC We need better security infrastructure. Blind signing is just one issue that results when there's nothing between the wallet and the network

1 year ago, I made a video about how blind signing would cause massive pain. Since then, we've seen hack after hack (recently, Drift protocol for almost $300M), where clear signing could have helped mitigate. Today, we finally have a systemic upgrade to wallet UX 👇

@Thealphacruze We developed an open source capability like this for Solana. Baseline security should be free to all

@securecheckio 💯 Yes! It shouldn't be a paid add on, it should be the default

Clear signing should be the standard🥇

@martypartymusic @aaalexhl Are you suggesting DRIFT wasn't a wakeup call to reflect on the chain's security posture?

@aaalexhl Betamale

Drift was one of the worst defi hacks in history and Solana is like yeah let's run it back turbo

@DeFiConnoisseur @aaalexhl Prevention is also an appropriate adjective

@aaalexhl It's called resilience

@Calhoun2rob @aaalexhl A hacked protocol the size of DRIFT suggests there's a systemic weakness that needs to be addressed.

@aaalexhl This is a retard take . 1 protocol gets hacked means they should never try again ?

@aaalexhl My Frontier project demonstrated that if we had security infrastructure already in place the attack was much less likely. Solana is like driving fast on the highway without a seatbelt